What SMBs Can Learn from Dropbox Password Breach

Paul Mah
Slide Show

Safe Password Tips

Five aspects of good password management that employees should know.

A programming mistake in an update to popular online storage site Dropbox made it possible for users to log into any of the 25 million accounts without a password. The mistake was discovered and swiftly rectified about four hours later, though not before the lapse was noticed, culminating in sensationalist headlines around the globe. Thankfully, the damage appears to be limited to less than a hundred accounts - a far lower number than was originally hinted at by the beleaguered company.

 

The unfortunate aspect of this password breach is that the compromised accounts were not the result of mistyped passwords or usernames; rather, a single individual apparently made use of the bug to deliberately access every single one of the affected accounts. It may be that the unidentified assailant did nothing more than rifle through the directory listing of the files, though it is entirely possible that compromising and confidential data were accessed and downloaded.

 

As reported by TechCrunch, it is understood that Dropbox CEO Drew Houston has written to all those affected to apologize, leaving a contact number and also offering to drop a line. As the dust settles, proponents and opponents of the great cloud storage debate have come out in full force, as expected, to adjoin the umpteenth session of the great cloud debate, albeit with the latter having the upper hand this time around.

 


Rather than polarize the entire incident into an argument against or for the use of cloud storage, I reckon it would be far more productive to highlight a couple of lessons that small- and mid-sized businesses can draw from the ordeal.

 

Encryption Not Optional

 

I've said it before and I'll say it again: Data encryption is no longer an optional activity and setting up an encrypted volume isn't really that difficult. Indeed, I documented my experiences with Microsoft's BitLocker disk encryption almost two years ago, and also presented some arguments for SMBs to adopt full-disk encryption last year. Moreover, the case of the misplaced BP laptop containing more than 13,000 personal records should serve as a more recent reminder to the value of data encryption.

 

Cloud Storage Is Public

 

In my opinion, the fact that cloud storage has to be accessible from any location on the Internet places it at greater risk. It is entirely possible, for instance, that hackers may attempt to brute-force or guess their way into your account without IT administrators being the wiser. Obviously, private storage silos can also be hacked into, though unlike cloud storage services, businesses are at liberty to enact additional measures to secure or at least make it dramatically harder to break into their LAN-based storage appliances.

 

Does your SMB store its business data in the cloud?



Add Comment      Leave a comment on this blog post
Jun 28, 2011 12:45 PM Ash E Ash E  says:

I think the Dropbox fail really highlighted the glaring security risk that comes with storing any important document in the cloud. I'll stick with HomePipe and just use their technology to access my documents without creating extra copies floating around. Much more secure.

Reply
Jun 29, 2011 6:45 AM genemarks genemarks  says:

great piece Paul

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.