Posts

Dropbox Software Glitch: Lost Files May be Restored, What About Lost Confidence?

Mr. Murphy (of Murphy’s Law fame) has a way of seeing to it that data is lost when you need it most, and he is apparently undeterred by the Cloud Computing Revolution.

Still reeling from the iCloud breach, the Cloud Computing industry faces another PR hit – lost files due to a software glitch in the popular Dropbox application. The glitch is the latest in a series of incidents involving Dropbox, including an August 2012 security breach in which customer email addresses were stolen from Dropbox employee’s accounts, and recent concerns about Dropbox’s approach to addressing security vulnerabilities and notification of breaches.

Kudos to Dropbox for their response to this latest incident: a prompt mea culpa, a succinct explanation of the problem and who is affected, a quick software patch, and a free upgrade to the Dropbox Pro product. According to a company post on Hacker News, the file loss occurs if you use the Selective Sync features and the application is shut down or restarted when a selective sync is in progress. Dropbox has patched the desktop client, retired older versions of the Dropbox client, and ensured that users have the patched version. Affected users may receive a free one year subscription to the Dropbox Pro product which offers basic collaboration features and 1 TB of storage (normal pricing is $9.99 a month or $99 a year).

Some users report years of lost data. One case in particular has gone viral; that of Jan Čurn, co-founder and CTO at photography software platform VirtualRig Studio. Čurn has used Dropbox since 2009 and reports losing 8,343 files stored over that five year period. While the whereabouts of Čurn’s files have yet to be determined, Dropbox has been able to restore some user files, contacted affected users, and provided listings of restored files. It remains to be seen how much data can be restored.

It is important to note that the software bug is not related to security or malicious hacking, and that the bug affected personal users and not business users. Cloud storage products for Business Use require flexible user and file permissions setup, state of the art encryption standards, history logging, and remote administrative features. An example is the Secure.Share product from ComputerSupport.com. Aimed at small to medium sized business, it offers military grade, 448-Bit Blowfish encryption. Data is encrypted both in transit and at rest using SSL, and two factor authentication can be utilized. Accounts are managed from a single dashboard, and versioning and update notification features similar to Microsoft SharePoint are available for document collaboration. Additional security and administrative features include File History Sharing and remote data wiping.

Unfortunately for the affected Dropbox users, many used Dropbox as their sole document repository. The takeaway (painfully learned by the affected Dropbox users) is that personal cloud storage is not a substitute for regular backups.  You’ve heard it before (and like me, have ignored it and paid the price) – regularly back up critical data and ensure it is two separate locations. This was true in the era of 5 ¼” inch Floppy Disks and is true today.

5 Million Gmail Usernames, Passwords Hacked! What to Do Now?

 

Gmail Hacker

The news that five million Gmail usernames and passwords were stolen alarmed many in the industry. If Google’s servers aren’t safe, whose are? But Google quickly followed up the news with an announcement that the information was taken from a website not belonging to Google. The company has searched its own systems for signs of a compromise and have found nothing.

What to Do Now

Since Gmail powers many workplace email accounts, it’s important that businesses first protect any email accounts that might contain company data. Even if one employee is using a Gmail account for work duties, that employee should take measures to ensure his account is protected. To be safe, business leaders should send instructions to all employees on safeguarding their Gmail accounts, even if they don’t use them for work purposes.

Protecting your Gmail account is easy. The first step is to change your password, which can be done by clicking the down arrow next to the gear in the top-right corner. Choose Settings, then Accounts and Import. Change Password is at the top. You’ll be prompted to enter your old password and your new one twice. Try to shoot for a “Strong” password rating. Once you’ve changed your password, you’ll be taken to another settings screen. If 2-Step Verification is disabled, click the link to set it up and go through the steps. You’ll be notified via phone call or text message every time someone tries to access your Gmail through an untrusted device.

User Security

To help their own systems remain secure, businesses should urge employees to use passwords that are difficult to guess. Administrators can set this up as a requirement on all applications and file servers, making each employee have a combination of letters, numbers, and special characters in every password.

Another trap business users fall into is that of using password keepers. This is a solution to the many passwords we’re all required to keep up with, letting users remember one strong password to access all sites and applications. While acknowledging the usefulness of such tools, it’s important that businesses explore the encryption being used by the particular password keeper being used. If your administrator is responsible for keeping up with everyone’s master password through a console, the security on the console should be investigated, as well.

The Gmail breach is yet another reminder of how vulnerable electronic systems are. If your business employs the best industry-standard software for security and encourages safe password polices, your users can stay safe during large-scale hacking attempts.

Take This Checklist to Avoid Hollywood Hacking Scenario!

Leaking private photos of Hollywood’s top celebrities strikes the warning alarm of cloud security again. While arguing and discussions around cloud vulnerabilities never cool down, this time the Hollywood sensation is more a lesson about how to use cloud adequately rather than a “to use, or not to” debate, especially for business users.

Why? Simple, we are living in the cloud epoch and the world is just not heading back! So, what can we learn from the disaster this time?

First of all, use cloud attentively and carefully! Keep it in mind that you are on cloud, right now and almost for every second! No matter what you do, what devices you use and what’s the size of your business, hardly you do not use cloud – as a matter of fact, you may be part of the cloud already!

Well then, simple NO.1, DO NOT use simple, easy-to-hack-down passcode – something like a birthday, street number or phone number, or even combinations of them. Sounds easy and common sense? – Yet 70% business cloud users are not following this NO. 1, simple password policy!

Second, always consider additional security methods to further safeguard your data! Secondary encryption and two-factor authentication are among the top options.

“Secondary encryption” enables the account’s owner to take matters in his/her own hand to protect the data. Rather than relying on built-in encryption or SSL transfers that cloud providers have within their infrastructure, you can leverage other encryption programs such Box Cryptor or TrueCrypt. These programs essentially encrypt your files on the fly prior to storing it on the cloud so that your files remain unreadable even if a hacker manages to steal your password or breach your cloud provider’s normal defense mechanisms.

“Two-factor authentication” may sound jargony and unfamiliar, but it’s actually something you use all the time nowadays. Remember those requests asking for a four or six digits verification code in addition to your username and password, which are usually sent to you via text message? Those random generated, time sensitive codes are “two-factor authentication”. For business users, it can be a lot more varied and strengthened and it can be both virtual and physical, which enforces another powerful defense line for your data security.

Well, as short as this checklist is, it may save you from big trouble and loss! And if you want to learn more, check our IT Security blogs and fuel you up with more professional data-protection tips!

And share this Infographics with you IT management team:

data-security