SaaSID celebrates company milestones » Basingstoke, UK: Web application security provider, SaaSID, is celebrating a number of company miles... ALVEA infrastructure services chooses Flexiant Clo... » London, UK: Flexiant, a leading international provider of cloud management software, has announced t... A10 Networks and Brocade reach settlement of legal... » SAN JOSE, CA: A10 Networks™, the technology leader in Application Networking, has announced that it ... CESG and Cellcrypt to develop MIKEY-SAKKE technolo... » London, UK: Cellcrypt, a leading provider of encrypted voice calling and messaging for smartphones a... Attack in London » Acting Deputy Spokesperson, Office of the Spokesperson Washington, DC May 22, 2013 Denunciation of the Woolwich - London Horrific Mur... » As a Muslim leader representing many Muslims around the World, especially the UK, I want to express ... What happened yesterday in Woolwich has sickened u... » Statement on Woolwich incident Organisations: DAVID CAMERON, BRITISH PRIME MINISTER Cabinet Office... What happened in Woolwich was a sickening and bar... » I have been briefed by the Commissioner of the Metropolitan Police and the Director General of the S... "It is completely wrong to blame this killing o... » Boris Johnson, Mayor of London makes this statement in response to yesterday's tragic incident in Wo... Woolwich incident: Police Statement » Today our shock at what happened on the streets of our city remains. The investigation into the sho...

Sub Menu

Advertise with Vigilance

Got News?

Got news for Vigilance?

Have you got news/articles for us? We welcome news stories and articles from security experts, intelligence analysts, industry players, security correspondents in the main stream media and our numerous readers across the globe.

READ MORE

Subscribe to Vigilance Weekly

Information Security Header

Cryptzone: Dropbox breach could have been a lot worse - but it’s still time to wake-up-and-smell-the-coffee

Print PDF

Written by HANNAH RAFFERTY | 03 August 2012

“If that account also has your work stuff on it, you’re dead in the water as far as the boss is concerned.”

-- Grant Taylor, VP Europe, Cryptzone

Reacting to admission by Dropbox’s Vice President of engineering that the spamming of many of the cloud service provider’s clients in recent weeks has been traced to an employee password re-use breach, Cryptzone says this highlights the dangers of using the same password for both business and personal usage.

 

“Most governance experts – ourselves included – will tell you to use different passwords for different systems, but this case is one of those `wake-up-and-smell-the-coffee’ moments for IT security professionals, as it shows the need to also keep passwords separate for work and personal internet activities,” said Grant Taylor, European Vice President of the IT threat mitigation specialist.

“We would go further and argue that people should not be using Dropbox for many business purposes. CISOs and compliance managers would be horrified to know that confidential data was being moved out of the organisation’s sphere of control. Free services by their very nature don’t have the features to facilitate corporate control and management.

The problem here, the Cryptzone European VP says, is that members of staff, particularly the young, tend to blur the lines between work and play – and whilst it is perfectly understandable for them to use the convenience of a service like Dropbox to access work files at their leisure, their managers need to explain that when it comes to corporate data, such practices simply are not acceptable in today’s regulatory environment.

If corporate information is moved to personal accounts in contradiction to corporate policies, you’re dead in the water as far the boss is concerned. Apart from disciplinary action for the individual, their employer could be looking at investigation from regulatory bodies possibly resulting in severe fines. So when seeking to improve work/life balance, don’t just think convenience, think risk, he says.

 

< Prev   Next >

Add comment


Security code
Refresh