April 3, 2017

How secure is your cloud-based storage?

We’ve all struggled with digital storage, whether it be for family photos or important business files. That’s why free cloud storage solutions like Dropbox and OneDrive have become so popular.

They offer a limited amount of free cloud storage that can be used as a backup for files, as well as for file synchronization. For example, multiple people can make changes or edits to the same file and have those changes synced in real-time. Instead of being stored directly on your own personal device, cloud-based data is stored elsewhere on servers and made accessible via the internet.

But there’s a small problem to consider: security. These cloud-based storage options have become a gateway for malicious cyber attacks.

Even some of the top cloud storage options have vulnerabilities. For example, Dropbox has left local authentication protection up to its users. Amazon Cloud Drive declares its right to access a user’s files and disclose account information to offer support and to ensure compliance with that agreement.

Danish-speaking users were recently hit by malware spread through Dropbox. The messages claimed to provide shipping details and an invoice, but the attached file was actually a .zip archive that contained a JavaScript file with Trojan dropper in it. These emails were sent out for about 12 hours. Luckily, Dropbox responded quickly, with many of the links were disabled in about an hour.

The attack hit Denmark, Germany and several surrounding countries through a language-based list of email addresses. Dropbox is an attractive avenue for malware because it is a popular service, and because email providers are increasingly putting stringent limits on the kinds of files that can be sent as attachments.

Despite these security concerns, cloud storage remains one of the more convenient ways to store some of your data today. So what can businesses do to prevent cyber attacks through these cloud-based storage solutions? Aside from using spam filters and anti-virus tools and training employees to recognize malicious emails before making a damaging click, organizations can ban inbound Dropbox content links. Or, you could tweak your company’s spam filter or the web filter to block access to Dropbox entirely.

Keeping data secure is also the responsibility of the consumer. Poor password security can give cyber criminals an all-access pass to your private data. Avoid using the same password over multiple platforms — add letters, numbers and symbols to your password. Don’t use a password that’s related to your personal life.

Cloud-based storage solutions will continue to grow and evolve, so it’s important to be aware of the security challenges of storing precious memories and important documents in the cloud.