Employees are using insecure solutions to share sensitive private data, and the security cracks are getting bigger every day. It is now known that Box and Dropbox have exposed documents such as tax returns, mortgage applications, and personal finance information due to weak default security configurations combined with user error.
Noted security blogger Graham Cluley recently stated, “If you are using file-sharing systems like Dropbox and Box without proper care and attention, there is a risk that you could be unwittingly leaking your most private, personal information to others.”
The fact that large quantities of personal documents have been uploaded by individuals makes it seem pretty likely that these same people are uploading corporate documents to cloud-based file sharing solutions to accomplish the same goals. Those bad habits could lead to costly security snafus.
You can eliminate – or at least reduce – the human error factor by simply warning employees of the risks they face. Here’s a simple template letter that can be used to help employees clean up their online habits:
You may be aware of recent security developments with online file collaboration software like Box and Dropbox. It has been discovered and verified that sensitive documents uploaded to these and similar cloud-based services are not secure and are in many cases accessible to the public.
Documents such as tax returns, mortgage applications, and personal finance information have been leaked and the leak has been reported on by multiple media outlets. Needless to say, we advise against using these types of services to store your personal information. We also must insist that no company data be stored in cloud-based solutions like Box and Dropbox without prior approval.
While it is tempting to use these services to backup old files, store large files when they need to be sent to someone else, or collaborate on large documents from the same hub we felt it important to notify you that the risks outweigh the rewards.
We’re here to help, and if you have questions about this notice please let us know.