Solved

risks of using YouSendIt & DropBox & GoogleDrive

Posted on 2016-08-16
12
113 Views
1 Endorsement
Last Modified: 2016-08-18
Q1:
Are files exchanges risky (ie data got leaked, data got corrupted or infected with malware) using above mentioned?

Q2:
I noticed that google drive don't allow files zipped with password to be uploaded (not even to attach to
gmail): purpose of zipped with passwd is to protect sensitive data (& convey the password to trusted
party via phone or other channels) but if encryption is disallowed, then we have risks of data leaks
(eg: Wiki Leaks?)
However, if we allow encryption, there's a chance a malware is inside the zip.  So this is a chicken &
egg issue or those tools mentioned provides encryption without risk of malwares being uploaded
/transferred?
1
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
12 Comments
 
LVL 96

Expert Comment

by:Experienced Member
ID: 41757824
Dropbox is secured by password for access. I have a strong password and no issues at all.

Gmail, and indeed most mail, is encrypted now. I do not think a virus can get into legitimate mail, but you need a strong spam filter to filter out bad emails.

As always, do not open emails from strange people or go to dodgy website.

The tools, Dropbox, Gmail, most Mail, Google Docs are protected, but you still have to keep your wits about you.
0
 

Author Comment

by:sunhux
ID: 41757849
Some of my much older gmail are still using very simple passwords :
I suppose this means the same for my GoogleDrive that are 'tagged' to
my gmail.

Suppose my 'simple' passwords got hacked (ie hacker could go into
my googleDrive) & encryption of attachments is disallowed,  then we
have risks of data leaks

 However, if we allow encryption, there's a chance a malware is inside the zip.

So how do we go about the above?
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 41757857
I always use encrypted ports and strong passwords.

Some of my much older Gmail are still using very simple passwords :   Remember I said keep your wits about you.

However, if we allow encryption, there's a chance a malware is inside the zip.  I have not seen this at all, Again, good passwords are a good defense.

If you are not properly secured, anything could happen.
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 19

Accepted Solution

by:
Serena Hsi earned 350 total points
ID: 41758256
A1 - There is always a risk when users are involved. Malware can come from anyone's system, even from a vendor sharing files using YouSendIt (what I've used before with ad agencies transferring really freakin big digital asset files); on the flipside, there is little risk if there are file upload/download screening tools (Avast, Norton, etc) that are scanning the Zip files coming into and out of the file sharing site.

A2 - Don't use encryption as the only fail safe to protect your digital assets. You could instead use zip tools with password expiration and access time limits; then it might not matter if there is a data breach or not, it'd be a second or third step for a hacker to hack the locked zip file.

If you're using Google Drive with Google Apps for Work, you as the administrator should be able to set user rights on the folders and files that are being shared within and externally outside of your network.
0
 

Author Comment

by:sunhux
ID: 41758749
>Some of my much older Gmail are still using very simple passwords :   Remember I said keep your wits about you
I was trying to give a scenario that if I could use simple passwords in Gmail, my users could do likewise (for
File Sharing services/tools) & recently we have a case that despite regular educational broadcasts & screen savers
(& we have a policy in place) not to send out sensitive info, users still do so.  Sorry did not elaborate my point earlier

>A2 - Don't use encryption as the only fail safe to protect your digital assets. You could instead use zip tools with
> password expiration and access time limits
Thanks, good point;  I was checking WinZip & 7Zip but did not see any option to set expiration or access time limits.
QuickCrypt could do this (but it encrypt 1 file at a time only).  I'm looking for a tool which could self-destruct the file
if there are multiple (say 3) attempts to crack/brute-force the encryption password and will self-destruct (say 5-
pass secure erase) after the encrypted file has been copied.
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 41758750
WinZip has good encryption (I use it). Email encryption is a must-have even if not the only thing you depend up.

Common sense remains (by yards) the very best defense.

My Windows 3.1 machine in 1994 came with a simple virus from the vendor which was easily cured. I have not have any virus since in over 20 years.
0
 

Author Comment

by:sunhux
ID: 41758773
Right, WinZip & 7zip both have encryption feature.

I'm looking for a zip tool that "could self-destruct the file if there are multiple (say 3) attempts to crack/brute-force
the encryption password and will self-destruct (say 5- pass secure erase) after the encrypted file has been copied"
0
 
LVL 96

Assisted Solution

by:Experienced Member
Experienced Member earned 150 total points
ID: 41758775
I have not seen such a Zip tool. So far only Apple will wipe out a phone after 3 (or 5) attempts at logging onto the phone. I have not seen self destruct files. Good encryption will keep most anyone at bay.
0
 

Author Comment

by:sunhux
ID: 41759871
Quick Crypt will sort of self-destruct or expire after a specified amt of time but not upon being copied or
failed attempts to decrypt it
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 41759897
I have not seen what you want and truly I have no need . I make sure files and connections are secure
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 41760014
In addition, I just got an email from a (likely) legitimate company that I do not do business with and who said I requested an invoice from them. I did not.

Giveaway: The email was addressed to several unrelated people all with the same "invoice".

Delete immediately. Virus document for sure .
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 41761351
Thanks, and be sure to keep your wits about you :)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question