Keep your Dropbox secure

The next time you visit Dropbox.com, you may be asked to create a new password. Why? Back in 2012 the cloud storage firm was hacked, and while it thought only email addresses had been stolen, new evidence has come to light that user passwords were compromised, too. So if you’ve been using Dropbox since that time but haven’t updated your password, the company advises you to do so ASAP.

Despite the unfortunate incident, Dropbox has implemented a thorough threat-monitoring analysis and investigation, and has found no indication that user accounts were improperly accessed. However, this doesn’t mean you’re 100 percent in the clear.

What you need to do

As a precaution, Dropbox has emailed all users believed to have been affected by the security breach, and completed a password-reset for them. This ensures that even if these passwords had been cracked, they couldn’t be used to access Dropbox accounts. However, if you signed up for the platform prior to mid-2012 and haven’t updated your password since, you’ll be prompted to do so the next time you sign in. All you have to do is choose a new password that meets Dropbox’s minimum security requirements, a task assisted by their “strength meter.” The company also recommends using its two-step authentication feature when you reset your password.

Apart from that, if you used your Dropbox password on other sites before mid-2012 — whether for Facebook, YouTube or any other online platform — you should change your password on those services as well. Since most of us reuse passwords, the first thing any hacker does after acquiring stolen passwords is try them on the most popular account-based sites.

Dropbox’s ongoing security practices

Dropbox’s security team is working to improve its monitoring process for compromises, abuses, and suspicious activities. It has also implemented a broad set of controls, including independent security audits and certifications, threat intelligence, and bug bounties for white hat hackers. Bug bounties is a program whereby Dropbox provides monetary rewards, from $216 up to $10,000, to people who report vulnerabilities before malicious hackers can exploit them. Not only that, but the company has also built open-source tools such as zxcvbn, a password strength estimator, and bcrypt, a password hashing function to ensure that a similar breach doesn’t happen again.

To learn more about keeping your online accounts secure, or about how you can protect your business from today’s increasing cyber threats, give us a call and we’ll be happy to help.

Published with permission from TechAdvisory.org. Source.

Takeaways from the Ashley Madison hack

Regardless of what you think about the Ashley Madison hack, it is big news when it comes to data security. While your company may not be as big or deal with such a sensitive topic like Ashley Madison, you can still be at risk. This scandal can serve as a springboard to improving security throughout your company. Here are three lessons from the Ashley Madison hack your business should pay attention to.

1. Make sure your company’s security data is actually secure

You probably tell clients their information is secure, but just about every company makes that claim. One of the biggest mistakes made by Ashley Madison was the failure to know if its data was truly secure. The company publically lauded its security, but it now seems like those claims were rather hollow. In fact, it appears as if no one at Ashley Madison knew a whole lot about its security practices until it was too late.

Don’t simply pass off your business’s security to the IT department. Being involved will allow you to see how it works. You don’t need to be a tech expert to understand how your data is being secured. Your security provider, whether it be in-house or via a managed services provider, should be able to explain security practices in layman’s terms. This will allow you to ask questions and be proactive because chances are if you see a weakness, others will notice it as well.

2. Beware of your employees and their email and Internet activities

Another takeaway from this scandal was the fact many employees, both from private companies and government offices, were using business email accounts to sign-up for Ashley Madison and office Internet connections to access the site. Putting the ethical questions aside for a moment, public sentiment is undoubtedly negative and companies with employees who used Ashley Madison at work have been exposed to the scandal’s backlash.

By placing the appropriate email and Internet security solutions in place at your business, you can reduce the amount of risk your company is exposed to by employees. No one really wants to put restrictions on their employees’ Internet and email access, but it is important to be smart. Being connected to scandals like this can bring unwanted publicity to your business. Worst of all, your employees might not even realize they are putting your company in harm’s way when they access this type of content at work.

3. Be prepared for data loss

As the Ashley Madison case has shown us, massive data theft or loss can be the end of your business. When clients trust your business with their data, they are confident in your ability to protect it. Of course, things do happen and if your data does go missing, it’s important to have a plan of action ready. While it’s unlikely your company’s data breach is unlikely to garner the attention of Ashley Madison, it means a whole lot more to you, your company and your employees. Just because your company isn’t big doesn’t mean it’s invincible.

A disaster recovery plan can help your company ensure it has backups and even backups of your backups. If you believe your data has been stolen by hackers, it is important to act immediately. You’ll need to quickly assess what information has been stolen and inform the appropriate parties so they can take the necessary steps to protect themselves. From there, you will want to re-secure your company closing any security loopholes that have been found. Finally, access your backups and make sure your business continues to operate as close to normal during the crisis.

Worried about your security? We can show you how to protect yourself. Contact us today for more information on how to keep your company safe.

Published with permission from TechAdvisory.org. Source.