News
Dropbox hack leaks passwords and emails
05/09/2016
Important! - ensure good digital housekeeping!
In light of the recent announcement about the extent to which DropBox has been hacked and the leaking of passwords and email addresses onto the internet, we are prompting all customers to double check that they are on top of their digital housekeeping. For further details of the hack and our top tips for protecting your IT, read below:
The DropBox Hack - what happened?
Last week, the online cloud storage and share platform, DropBox, announced that the hack, dating back to 2012, which was believed to have had only a small impact, was in fact considerably worse than they realised. The hack placed users at risk by leaking over 68 million passwords and email addresses. Dropbox have subsequently reset all passwords on user accounts, and Patrick Heim, head of trust and security for DropBox told reporters at technology magazine 'Motherboard':
"Last week's password reset likely covered all users who would have been impacted by the breach. Additionally, no malicious activity has been discovered on the accounts"
I use Dropbox, what should I do?
Change your Dropbox password!
It is believed that the impact is minimal since no email addresses have been detected on the 'dark web' and the passwords that were stolen were all encrypted rendering them useless to hackers. However, if you're a user and especially if you have a business account it is advisable to change your Dropbox password!
In addition, it's often that users will have the same password across multiple applications therefore we urge you to also change your password if this is used elsewhere, just in case it is no longer secure.
Three simple measures to protect your IT:
It's impossible to be completely safe from risk, evidentially even with maximum security systems in place the hackers can still sometimes find a way through. However, don't despair! prevention is the best defense and below we have suggested a number of simple measures you can put in place to help protect your business, customers and data.
This basically means implementing a number of good business practices which, although appear obvious, can sometimes be neglected and leave your systems vulnerable.
Passwords - Avoid using the same password for multiple email accounts and select a strong password that is made up of at least three random words. Using lower and upper case letters, numbers and symbols will make your passwords even stronger.
Opening emails - If you're not sure about the origin of an email and it looks dubious then do not click to open it. Any suspicious emails should be deleted as they may contain fraudulent requests for information or links to viruses.
Protect and encrypt all devices - ensure that all computers including laptops are secure. Plus, check and protect all mobile devices including removable media such as USB's as well to minimise any damage to data if they are stolen or when they connect to the corporate network, these are one of the key routes crackers use to breach the system.
Your IT provider is so much more than a supplier, they can be a virtual strategic partner who can assist with risk and vulnerability assessment, policy development, strategic planning and the provision of a continued service in the event of any complications or threat breaches.
It is not always enough to invest in an off-the-shelf anti-virus product which is then neglected; not maintained, monitorerd or updated, and therefore not effectively doing it's job in protecting the business.
Cyber threats are evolving at breakneck speed so having a steady partner on-board, and the processes in place to manage a fail safe backup can offer more than just peace-of-mind, it can be a life and business saver!
Firewall - this will act as a barrier to protect the company's network when connecting to the internet. In addition, ensure that the firewalls of software programs being used are installed and activated whether via Windows, Linux or MacOS.
Antivirus - ensure that anti-virus software is updated to protect the company adequately from any viruses, spywares or malwares.
Backup and disaster recovery - with a systematic and automatic backup process all important company information is stored safely and a plan can be implemented to quickly recover data in the event of any threat breaches or disasters, such as a fire, theft or flood thus, minimising the impact on business continuation.
Website filtering - consider restricting and managing user access to certain sites to minimise the effects of malware and other threats.
Creating a safety culture and awareness of cybersecurity should be promoted to all users of the company’s information systems. Encouraging esafety-conscious processes and practices and establishing standards and security protocols regarding the use of computers, email servers, databases, own devices, personal applications, downloads etc. will protect the business at the grass roots.
More employees are using their own devices to access company information on or off-site and this is encouraged by businesses who wish to benefit from the opportunities of remote and flexible working. The BYOD (bring your own device) or BYOT (bring your own technology) practices include both hardware and software and will require proper measures to prevent information leakage or the introduction of malicious software.
If you would like one of our team to support you in your security review, identifying areas of vulnerability, offering recommendations and a variety of managed solutions for reduced risk, then please do GET IN TOUCH. We’re happy to assist. Speak to an expert on: 01326 379 497
Share
Comments
Leave a comment below