People rave to us about how useful cloud services like Dropbox are for work, but not many say to us that they are worried about whether it’s safe.
So it was interesting to hear a reminder recently that it’s the simple, mundane, day-to-day mistakes you can make in Dropbox that might expose your data. These risks aren’t to do with popular concerns about government spying or hackers – they’re primarily to do with “losing control” from within.
What is the risk of using Dropbox?
The warning comes from Ali Moinuddin from Workshare, which provides software designed to help businesses stop accidentally exposing sensitive data online.
The way he sees it, there is the risk that someone within your business could share a link to a file with someone outside the company. Or one of your staff could be storing sensitive company files within a password protected personal Dropbox account. When they leave the company you might lose any chance of accessing the files.
“If one of my employees started to walk and they were using a Dropbox personal account, they could basically take that information with them. You have no control over it, ” Moinuddin said.
Emailing or sharing an attached file can be a mistake if it’s hiding sensitive information – Word documents can contain information you mightn’t want anyone to see if you’ve turned on “track changes”, and Excel spreadsheets could contain hidden columns. Information about who created the document and when it was last modified could be something you don’t want people to know in certain situations.
“99% of the time it’s done without malice. They’re creating a document, then sharing the document, and they’ve not seen the hidden metadata”, said Moinuddin.
Do you know where your data is?
If you haven’t stopped to think about all this, here’s another reason – changes to the privacy laws coming into effect in Australia in March next year. If your business stores sensitive personal information about your customers, it’s up to you to make sure that information doesn’t fall into the wrong hands. If that data goes offshore, you will be required to tell your customers. In the worst case, your business might be held accountable if a third party (and our reading of the draft guidelines is that this includes cloud service providers) does the wrong thing and exposes the information.
There are various details (for example, some businesses with a turnover of less than $3 million won’t be subject to the requirements) but overall, the push is on to make businesses pay attention to where personal information about their customers is going, and to make sure it’s protected.
Sterling IT can provide a backup service with versioning for $275 per year for 50GB. We use this with dropbox so if there is the case of losing files in dropbox, there is a second copy elsewhere. Contact us to discuss further and provide a trial.