“If that account also has your work stuff on it, you’re dead in the water as far as the boss is concerned.”
-- Grant Taylor, VP Europe, Cryptzone
Reacting to admission by Dropbox’s Vice President of engineering that the spamming of many of the cloud service provider’s clients in recent weeks has been traced to an employee password re-use breach, Cryptzone says this highlights the dangers of using the same password for both business and personal usage.
“Most governance experts – ourselves included – will tell you to use different passwords for different systems, but this case is one of those `wake-up-and-smell-the-coffee’ moments for IT security professionals, as it shows the need to also keep passwords separate for work and personal internet activities,” said Grant Taylor, European Vice President of the IT threat mitigation specialist.
“We would go further and argue that people should not be using Dropbox for many business purposes. CISOs and compliance managers would be horrified to know that confidential data was being moved out of the organisation’s sphere of control. Free services by their very nature don’t have the features to facilitate corporate control and management.
The problem here, the Cryptzone European VP says, is that members of staff, particularly the young, tend to blur the lines between work and play – and whilst it is perfectly understandable for them to use the convenience of a service like Dropbox to access work files at their leisure, their managers need to explain that when it comes to corporate data, such practices simply are not acceptable in today’s regulatory environment.
If corporate information is moved to personal accounts in contradiction to corporate policies, you’re dead in the water as far the boss is concerned. Apart from disciplinary action for the individual, their employer could be looking at investigation from regulatory bodies possibly resulting in severe fines. So when seeking to improve work/life balance, don’t just think convenience, think risk, he says.