File Sharing services like Dropbox and Google Drive are potential vulnerabilities to the security of your company because lower standards of security on the other ends of filesharing can allow for infected files to bypass a secured network.
File Sharing over the internet seems like the best thing since microwave popcorn (or Star Wars, whichever came first). Tools like Dropbox, Google Drive, Sugar, Microsoft OneDrive, and others allow you to sync with other users and not only share documents, pictures, and other files, but you can do it remotely, and access them from anywhere, from any desktop, laptop, tablet, or phone. For smaller amounts of storage it’s free (but 5-10GB isn’t exactly small). It doesn’t get better than that, right?
Except when malware uses it to bypass your corporate cyber security and infect your business.
This is actually becoming a more and more common occurrence. It’s due to the different levels of security on devices that share the files with each other. For example, it could be company policy to maintain a high-security profile at the office, with PCI compliance, mandatory security software on every computer, and a firewall to rule all firewalls. You could be R2-D2 and still wouldn’t be able open the blast doors. But reading this article at work caused an employee to need to finish a project at home, where he left the garage door open and his laptop password is “password”.
If malware infects a document anywhere, and it’s shared via a file sharing tool, downloading it somewhere else could infect that computer as well, even if it’s on a protected network. This could cause real problems for any company, and a lot of frustration, especially one that has a good security system in place. Just like a virus can be downloaded easily accidentally from a website visited, so can one be easily piggybacked from a shared file.
Doesn’t seem plausible? An escrow group lost 1.1 million dollars and later was shut down by the State of California because of a malware infiltration. A Pennsylvania oil company lost almost 4 million dollars when a keystroke logger (a program that can record keystrokes, and potentially mimic passwords and record interactions) was accidentally downloaded. They didn’t realize the mistake until it was too late. Don’t let that be you.
Leave falling into traps to Admiral Ackbar, and be wary of malware infection on not just your office computers, but your home computers as well. Encourage employees to maintain and update security software at home, and be wary of downloading anything that doesn’t seem correct. Malware infection grows more common every day. Millions of cyber attacks happen every day, and one of them could target your company. Being aware could be the difference, so educate yourself, use the force, whatever you need to do.