Dropbox users: Reset your passwords

The recent debate on AccountingWEB about the pros and cons of Dropbox for exchanging client documents took a worrying twist last week when the online storage service admitted it had been hacked.

The problem came to light after Dropbox investigated the rising incidence of spam to some of its users.

In a subsequent blog post, blog post, Dropbox said it had discover that a stolen employee password had given hackers access to a Dropbox account containing a project document with user email addresses.

The developer said that only a small number of accounts had been affected and that it had contacted them to help protect their data. But the incident confirmed some of the warnings put forward by AccountingWEB members, who urged accountants not to entrust confidential documents to the consumer-oriented service.

Log in to AccountingWEB to see further commentary and advice from IT security specialists and rival online storage providers.

Continued...

» Register now

The full article is available to registered AccountingWEB members only. To read the rest of this article you’ll need to login or register.

Registration is FREE and allows you to view all content, ask questions, comment and much more.

Comments

Secured Cloud Storage

louisVW4 | | Permalink

The use of the Cloud to store content will go in one direction only ...UP! So, we have no choice but to put the necessary governance in place to manage that growth, or suffer from the inevitable hiccups we have seen recently.

For example, the use of Microsoft SharePoint is exploding, and is forecast to be the largest content repository solution in the next 2 years. It's already causing companies to run out of database resource requiring them to deploy additional servers, which compounds the problem. If it's there, it will be used! Also, we have seen the fiascos where staff at e.g. NHS Hospital Trusts copy confidential patient information to data sticks, which is about the most insecure way of working and rightly deserves the fines they have been given.

Consequently, companies are looking to exploit the Cloud to reduce their storage costs yet provide capacity on demand to support growth, securely handle larger and larger amounts of data and requests wherever staff work (and mobility is increasing rapidly), reduce complexity and management overheads, and provide a non-intrusive experience to the business user. A tall order!

Admittedly, I am talking here about larger companies, and maybe the likes of LinkedIn and Dropbox should take note of this.

I recommend you take a quick look at a new offering from software innovator, Stealth Software (www.stealth-soft.com), which I believe is game-changing technology. It does all the things above, and more.

It will reduce total cost of ownership by 30%-50% and deliver a return on investment within 12 months. Welcome news to hard pressed CFOs and IT management. What's more, it addresses the security issues by seamlessly encrypting data before it leaves SharePoint and leaves the metadata in the on-premise server, and offers built-in backup and content failover (the extent of my technical knowledge!). It has already been endorsed by Microsoft, who can actually sell the offering for Stealth Software, packaged up with a significant chunk of their Azure Cloud storage... at a very attractive price... for a limited time.

Of course, I have an interest in this because we represent Stealth in the UK, but it really is a game-changer, and we have put our reputation on the line to take it on when there are plenty of long established 'market leaders' out there we could have looked at.

I will be happy to discuss Stealth with anyone who's interested... no hard sell! lou.valdini@stealth-soft.com

 

 

 

advertising - all the same ! .....

JC | | Permalink

irrespective of whether it is 'hard sell' or not

what has it added to the specific Dropbox debate - nothing discernable

...what has it added to the Dropbox debate?

louisVW4 | | Permalink

JC - Sorry you don't perceive any value in my contribution.

It may be advertising, but there are quite a few 'advertisers' in John's article, and I simply wanted to address the main concern everyone has with securely storing data in the Cloud; the main reason for the Dropbox debate. 

Stealth Software is the only solution of its kind which offers companies a cost-effective and secure approach to storing data in the Cloud.

As ex-Dropbox users, we share those concerns, and being a finance-oriented website, I had hoped saving money combined with security, would be of interest to readers, and give them something to suggest to their clients as being worth a look, if nothing else.

daveforbes's picture

dropbox debate    1 thanks

daveforbes | | Permalink

I think the lesson to learn from this particular security scare is, don't use the same userids and passwords for multiple sites.

 

Without mentioning names, a different website lost a bunch of userids and passwords a few weeks back. Some enterprising individual realised that many drop box users would use the same userids and passwords for dropbox as for this other website and therefore gained access to various drop box accounts.

 

What compounded this is that one of these accounts belonged to a dropbox employee who had a big list of dropbox users email addresses.

 

Oops.

 

Cloud Security

Billbill100 | | Permalink

The cloud is a GREAT development.  We like.

But as long as someone, somewhere, knows your password, then it can never be secure.

2 solutions:

1a) Never, ever share your password.  (But that's simply not possible, with Cloud servers, as its part of the logon process.) 

1b) Use a unique 20 digit alpha-numeric assword for each site.  Such as MP*1a22#lLI0Mt174hq.......  (Good luck remembering that!)  And change it each month

1c) But never write down your password. 

1d) Nor use your house name/number, nor your nephew's name, nor your wife's birthdate backwards.... (All obvious, but how many people do that...?)  It's too easy for the 'Bad Guys' to trawl through all data linked with your presence on the web (registrations, posts, blogs, Likes, address details etc etc), and use those findings, to foocus a brute force attack, to "guess" your password, all while they are drinking their first coffee of the morning...

So use a password that absolutely NO-ONE knows...

 

2) And/or: Make sure that Encrypyt all data, before it goes to the cloud.  Using a private channel for your encryption Key (That NO-ONE cn get to...).

 

Only then can the Cloud be safe.

Then 'enjoy' it...and all the benefits it brings.

 

 

Vested interest>  We currently provide exactly this solution, to judges, lawyers, accountants military, and many other professionals across Europe and US.

Tell me (via Accounting Web?), if you want to know more.