Content management platforms are something all businesses have come to rely on in order to collaborate more efficiently and effectively. But there are gaps in this collaboration that can be costly to CISOs as they open the door for those not invited to steal valuable information and trade secrets. Considered “safe” by many security experts, these services restrict the sharing of files within a specified company or with specified users. However, it’s not as restricted as several companies thought.
Recently dozens of major tech companies and corporate giants found that using a file-sharing platform left their sensitive data available for malicious collusion. Using Box, a cloud-based content management platform, organizations discovered last week that their sensitive data had been left wide open on the internet, including passport photos, social security and bank account numbers, financial and IT data, customer lists, and high-profile technology prototype and design files.
What starts as sharing a file link from one user to another can soon compound with that link being shared over and over again, traversing other networks. Though these accounts were set to “private” by default, the files and folders shared by users were accessible using the link provided. It was also discovered that Box staff had leaked data and that some public folders were scraped and indexed by search engines, making the data even more accessible.
And if you’re not a Box user, don’t think that the security of your shared data fares any better. This problem can also affect Dropbox and Google Drive accounts. With these privacy- and security-related incidents coming to light, these platforms are taking the steps to identify and patch vulnerabilities in their systems, but it’s up to the organizations that utilize these platforms to do their due diligence.
It’s important for companies to review and strengthen their file-sharing permission settings and policies. All organizations should at a minimum,
- Discover their sensitive data, know where it resides, and who has access to it
- Classify that data by understanding how it’s used in correlation to policies and privacy laws
- Monitor that data, and use automated protection policies, workflows and notifications to prevent future risks
Collaboration is essential to drive innovation and success, and sharing ideas, files and folders is part of the process. With a leading edge solution for rapid discovery, accurate classification and automatic remediation, it is possible to collaborate freely, while still protecting your sensitive data.