Dropbox 'hack' highlights risk of free online services

Another mass theft of usernames and passwords

This week we got yet another reminder of the mass security risks posed by the internet. Security of online storage website Dropbox was allegedly compromised by the theft of 7 million username and password combinations. The service is widely used to share content and business information.
Dropbox established itself as one of the first services that made it easy to share information across different platforms, including mobile. Although the hack claim is technically disputed by Dropbox, the event once again raises an important issue for businesses.

Risk from free services

Two aspects of free online services and software invite risk for businesses:
1. The ‘freemium’ business model is well established. Giving away low level services and selling premium ones is practised throughout the tech sector.  Online storage is one major segment where it is used, and other examples include anti-virus and office productivity. Free services do need to be provided in keeping with regulatory standards. However, it is likely that they conform at the minimum acceptable standard. Service levels or the SLA are also likely to be prioritised below chargeable services.
2. A free tools culture is not appropriate for business. Online storage may carry some risk. However, take the case of free software tools that help employees to be more productive. Examples include mind mapping software, Excel Add-ins and templates with macros. A culture where employees feel free to search the internet and download at will is unacceptable. Any of these could have a malicious payload inserted that could introduce spyware, ransomware or a virus into your business environment.
Raise security standards for internet storage and sharing with Paralogic
If you need to put data in the cloud, we recommend a service that offers security in line with best practice. Importantly for business there are a couple of essential elements to look for:
1. Two-stage authentication – is an excellent way of ensuring your employees can store data in the cloud and share it with colleagues or authorised external collaborators. As well as username and password, authorised users have a small device that enables another unique passcode to be entered. This is not stored with username and password, so it can’t be stolen.
2. Retention & recovery policies – check the retention and recovery elements of the SLA. The service needs to keep and let you recover your data within a timeframe that is acceptable to your business. Typically you want something that is the same as if you were storing the data on your own servers.
For advice on this or on any other aspect of reducing the risk of IT security breaches, simply fill in the form on the right or call us on 01844 293 330.


Paralogic named one of Britain’s Best Managed IT Companies for second year running

1st February 2021

For more than 20 years, Paralogic has been working with small and medium sized businesses, providing outstanding IT support that they can rely on. We’re thrilled, therefore, to be named among the best MSPs in…

Read More

Equifax security breach: What if it happened under GDPR?

9th October 2019

The European Union’s General Data Protection Regulation (GDPR) is the most significant shake up of information security for many years. Despite the toughening of rules and the harsh treatment of companies by regulators and the…

Read More