Using Dropbox for your board documents? They have probably been hacked.

Security issues of boardroom documents

Most people know that Dropbox is not a secure way to store sensitive documents; it is better suited for storing and sharing all those holiday snaps of you holding a cocktail – not boardroom papers. But for some the lure of a free platform that is relatively simple to use is just too attractive.

It is now time to think twice about those sensitive documents you store on Dropbox, as the company comes clean over its recent security breach with over 68 million users email addresses and passwords laid out bare on the internet. This would be bad enough, but this isn’t their first security incident.

The hack

The initial breach actually occurred in 2012, but the incident was downplayed by Dropbox and brushed under the ‘carpet’. It wasn’t until this week that the full details have been released, four years after our data has been drifting around hacker forums, that we have finally found the full extent of the breach.

The cause of the hack was simply due to a Dropbox employee using the same company password that he also used for Linkedin (which had also been hacked in a separate breach). This meant that an individual obtained the employee’s password from the Linkedin breach data and went onto to use it to gain access to the Dropbox files. As is common practice, the data discovered in Dropbox was then released and shared online for other hackers to use.

Worried you are affect by the breach? A useful website, haveibeenpwned.com, exists that allows you to check if your email has been part of the Dropbox hack, or any other breach from large organisations (of which there are many).

A history of security flaws

This hasn’t been the first time Dropbox have shown a weakness in their security.

The main issue with the Dropbox hack is not just that the hack exposed weaknesses in their security, but rather the fact it has taken four years for the truth to come out. It begs the question – what else has happened with our data that we aren’t being told about?

It also isn’t the first time Dropbox has been involved in data security drama. Last year, an independent organisation found a flaw in Dropbox file sharing system due to its use of links. Dropbox creates a link for your files so you can send it to others to access – but when you put that URL in your search bar that link essentially became public, as everything you search for in a browser can be tracked. Again, little was publicly disclosed about the situation but Dropbox has assured users the issues has since been fixed.

Dropbox is a great tool for sharing photos with your friends and family, but what if you want to share document with secure access? When you send your board documents with Dropbox, you are losing control over who can access it.

Sensitive information in safer hands

The information shared around the boardroom and amongst its members can be sensitive. It is critical that the method of communication has an adequate level of security. If you are storing documents containing information such as financial reports or strategy documents – it is a necessity for them to be protected. Dropbox’s limited encryption and security features can leave that information exposed. Your documents are sitting in a public storage area without the adequate isolation.

Don’t risk having your board documents being made part of a hacker’s playtime, by using a secure board portal such as BoardPacks that encrypts your data and stores it in a secure database.

BoardPacks is built using the Microsoft Active Directory, which is a standard that demonstrates the stability and security of our infrastructure. If you choose to have our hosted solution, you will be glad to know your confidential data and the infrastructure behind it is secure. Located in a former nuclear bunker, our data centre is compliant with ISO 27001, the highest standard possible.

For more information on how BoardPacks could be used to secure your boardroom documents, visit the website for more information.

posted on & filed under Updates.

Tags: