Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 141
  • Last Modified:

risks of using YouSendIt & DropBox & GoogleDrive

Q1:
Are files exchanges risky (ie data got leaked, data got corrupted or infected with malware) using above mentioned?

Q2:
I noticed that google drive don't allow files zipped with password to be uploaded (not even to attach to
gmail): purpose of zipped with passwd is to protect sensitive data (& convey the password to trusted
party via phone or other channels) but if encryption is disallowed, then we have risks of data leaks
(eg: Wiki Leaks?)
However, if we allow encryption, there's a chance a malware is inside the zip.  So this is a chicken &
egg issue or those tools mentioned provides encryption without risk of malwares being uploaded
/transferred?
1
sunhux
Asked:
sunhux
  • 7
  • 4
2 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
Dropbox is secured by password for access. I have a strong password and no issues at all.

Gmail, and indeed most mail, is encrypted now. I do not think a virus can get into legitimate mail, but you need a strong spam filter to filter out bad emails.

As always, do not open emails from strange people or go to dodgy website.

The tools, Dropbox, Gmail, most Mail, Google Docs are protected, but you still have to keep your wits about you.
0
 
sunhuxAuthor Commented:
Some of my much older gmail are still using very simple passwords :
I suppose this means the same for my GoogleDrive that are 'tagged' to
my gmail.

Suppose my 'simple' passwords got hacked (ie hacker could go into
my googleDrive) & encryption of attachments is disallowed,  then we
have risks of data leaks

 However, if we allow encryption, there's a chance a malware is inside the zip.

So how do we go about the above?
0
 
John HurstBusiness Consultant (Owner)Commented:
I always use encrypted ports and strong passwords.

Some of my much older Gmail are still using very simple passwords :   Remember I said keep your wits about you.

However, if we allow encryption, there's a chance a malware is inside the zip.  I have not seen this at all, Again, good passwords are a good defense.

If you are not properly secured, anything could happen.
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
Serena HsiMarketing ConsultantCommented:
A1 - There is always a risk when users are involved. Malware can come from anyone's system, even from a vendor sharing files using YouSendIt (what I've used before with ad agencies transferring really freakin big digital asset files); on the flipside, there is little risk if there are file upload/download screening tools (Avast, Norton, etc) that are scanning the Zip files coming into and out of the file sharing site.

A2 - Don't use encryption as the only fail safe to protect your digital assets. You could instead use zip tools with password expiration and access time limits; then it might not matter if there is a data breach or not, it'd be a second or third step for a hacker to hack the locked zip file.

If you're using Google Drive with Google Apps for Work, you as the administrator should be able to set user rights on the folders and files that are being shared within and externally outside of your network.
0
 
sunhuxAuthor Commented:
>Some of my much older Gmail are still using very simple passwords :   Remember I said keep your wits about you
I was trying to give a scenario that if I could use simple passwords in Gmail, my users could do likewise (for
File Sharing services/tools) & recently we have a case that despite regular educational broadcasts & screen savers
(& we have a policy in place) not to send out sensitive info, users still do so.  Sorry did not elaborate my point earlier

>A2 - Don't use encryption as the only fail safe to protect your digital assets. You could instead use zip tools with
> password expiration and access time limits
Thanks, good point;  I was checking WinZip & 7Zip but did not see any option to set expiration or access time limits.
QuickCrypt could do this (but it encrypt 1 file at a time only).  I'm looking for a tool which could self-destruct the file
if there are multiple (say 3) attempts to crack/brute-force the encryption password and will self-destruct (say 5-
pass secure erase) after the encrypted file has been copied.
0
 
John HurstBusiness Consultant (Owner)Commented:
WinZip has good encryption (I use it). Email encryption is a must-have even if not the only thing you depend up.

Common sense remains (by yards) the very best defense.

My Windows 3.1 machine in 1994 came with a simple virus from the vendor which was easily cured. I have not have any virus since in over 20 years.
0
 
sunhuxAuthor Commented:
Right, WinZip & 7zip both have encryption feature.

I'm looking for a zip tool that "could self-destruct the file if there are multiple (say 3) attempts to crack/brute-force
the encryption password and will self-destruct (say 5- pass secure erase) after the encrypted file has been copied"
0
 
John HurstBusiness Consultant (Owner)Commented:
I have not seen such a Zip tool. So far only Apple will wipe out a phone after 3 (or 5) attempts at logging onto the phone. I have not seen self destruct files. Good encryption will keep most anyone at bay.
0
 
sunhuxAuthor Commented:
Quick Crypt will sort of self-destruct or expire after a specified amt of time but not upon being copied or
failed attempts to decrypt it
0
 
John HurstBusiness Consultant (Owner)Commented:
I have not seen what you want and truly I have no need . I make sure files and connections are secure
0
 
John HurstBusiness Consultant (Owner)Commented:
In addition, I just got an email from a (likely) legitimate company that I do not do business with and who said I requested an invoice from them. I did not.

Giveaway: The email was addressed to several unrelated people all with the same "invoice".

Delete immediately. Virus document for sure .
0
 
John HurstBusiness Consultant (Owner)Commented:
Thanks, and be sure to keep your wits about you :)
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

  • 7
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now