If you’re like most professionals, you’re familiar with dropbox.com, a cloud storage company that offers a variety of free and paid storage accounts for personal and business use.
Many professionals have even had a Dropbox account or two over the years. In fact, for many people the world over, Dropbox was one of the first cloud-based businesses they invested their trust in besides their personal and business email accounts.
In a shocking turn of events, company officials have confirmed that the company’s database has been hacked. User information on over 68 million accounts is now for sale on the darknet via a website called TheRealDeal, selling for about $1,141. Apparently, no one has purchased the information yet.
According to reporter Karen Turner of the Washington Post, in 2012, a hacker gained access to Dropbox user email addresses and encrypted passwords. However, Dropbox didn’t make users aware of the breach until last week when they let users know they would be:
“… proactively resetting their passwords. They informed users that their accounts were being reset because the company had been notified about a possible threat. But the full extent of the massive breach was reported by Motherboard, and was confirmed to The Washington Post by a Dropbox official.”
What Can All this Teach SMB Owners About Data Protection for their Small Businesses?
Some experts believe that the Dropbox breach, (and others like it), have occurred because of simple reasons, like people not setting strong enough passwords.
Make sure your staff understands exactly what you expect from them. Give them simple instructions that are easy to follow.
Vague advice like, “Make sure to choose a strong password” and “Keep safety in mind when you’re accessing files outside of the office;” is confusing and vague. These types of instructions also mean different things to different people. Instead tell staff to:
- Choose passwords with 3 symbols, 2 lower-case letters, 1 capital letter and a pet’s name.
- Do not use the same password for every program.
- Use a program like Password Safe to keep track of all your passwords.
- Do not access company data on your mobile device.
- Do not access company data over public WiFi Connections etc.
Specificity is the only way to make sure everyone is on the same page. Management must sit down and determine what cybersecurity best practices they must make part of the company’s day-to-day business.
Have a Plan for Disaster Recovery and Backup Provisions
The best way to do this is to hire a professional managed services team. Every company has different needs when it comes to disaster recovery and how they need to handle their data. Some companies even have financial, HIPAA and other compliance protocols they need to follow. Some companies need a dedicated server; others don’t.
Start today. Decide what steps you need to take to meet your company’s IT security goals.
Then, contact Whole IT. You can feel comfortable placing your businesses’ cyber security needs in our hands.