These are certainly an improvement albeit with drawbacks. File sharing provides very swift means of delivering data but there are traditional alternatives such as e-mail, Encrypted USB / CD for larger files, etc. IT usage policies and technical solutions can be used to simply avoid the use of Dropbox and similar, therefore remove the associated risk. Stop the use of file sharing services.For the majority of law firms this is simply not a realistic choice once they are aware of the situation but may choose to ignore it. Hope the data is not leaked or compromised and there is no financial or reputation damage to the business. Carry on allowing individuals within the business to use public cloud storage, ie Dropbox, Google Drive, etc in an unregulated manner. They “always have used Dropbox” and so will carry on until change is forced upon themĪs there are numerous risks and compliance issues associated with using public cloud storage, what are the options?.They have forgotten or just ignored their IT training which specified not to use Dropbox, Google Drive etc to share data.
Network Admins are not or cannot restrict users and struggle to provide a credible easy to use alternative.Users needed to share something urgently, but it was too big to email.Users already have personal Dropbox accounts, so it is very easy to use these and “legitimately” share corporate data quickly.So, with many reasons not to use, why are so many people still using it? From our research, we have discovered there are a number of key reasons: For personal use this is not such an issue but when it is sensitive corporate information this could be a huge issue for law firms. Like Google (and almost all public cloud services) Dropbox has been criticised over its T&Cs at times, which have granted it access to the user data it stores. Then there is the question of data ownership. It’s a very simple and highly effective piece of social engineering on the part of the attackers, which works time and time again and should really be driving network security administrators to block Dropbox outright in corporate networks As users see Dropbox as a trusted brand, they are more inclined to click links in random e-mails assuming they are safe and genuinely believing Dropbox have somehow “checked” the files are safe. Dropbox public file links are commonly used to deliver Ransomware, such as CryptoLocker, and other Malware to users. In addition to these security issues Dropbox has found itself in the spotlight time and time again, as it’s ability to share files so easily has been put to use by cyber-criminals.
0 kommentar(er)
