Solved

risks of using YouSendIt & DropBox & GoogleDrive

Posted on 2016-08-16
12
88 Views
1 Endorsement
Last Modified: 2016-08-18
Q1:
Are files exchanges risky (ie data got leaked, data got corrupted or infected with malware) using above mentioned?

Q2:
I noticed that google drive don't allow files zipped with password to be uploaded (not even to attach to
gmail): purpose of zipped with passwd is to protect sensitive data (& convey the password to trusted
party via phone or other channels) but if encryption is disallowed, then we have risks of data leaks
(eg: Wiki Leaks?)
However, if we allow encryption, there's a chance a malware is inside the zip.  So this is a chicken &
egg issue or those tools mentioned provides encryption without risk of malwares being uploaded
/transferred?
1
Comment
Question by:sunhux
  • 7
  • 4
12 Comments
 
LVL 92

Expert Comment

by:John Hurst
ID: 41757824
Dropbox is secured by password for access. I have a strong password and no issues at all.

Gmail, and indeed most mail, is encrypted now. I do not think a virus can get into legitimate mail, but you need a strong spam filter to filter out bad emails.

As always, do not open emails from strange people or go to dodgy website.

The tools, Dropbox, Gmail, most Mail, Google Docs are protected, but you still have to keep your wits about you.
0
 

Author Comment

by:sunhux
ID: 41757849
Some of my much older gmail are still using very simple passwords :
I suppose this means the same for my GoogleDrive that are 'tagged' to
my gmail.

Suppose my 'simple' passwords got hacked (ie hacker could go into
my googleDrive) & encryption of attachments is disallowed,  then we
have risks of data leaks

 However, if we allow encryption, there's a chance a malware is inside the zip.

So how do we go about the above?
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 41757857
I always use encrypted ports and strong passwords.

Some of my much older Gmail are still using very simple passwords :   Remember I said keep your wits about you.

However, if we allow encryption, there's a chance a malware is inside the zip.  I have not seen this at all, Again, good passwords are a good defense.

If you are not properly secured, anything could happen.
0
 
LVL 18

Accepted Solution

by:
Serena Hsi earned 350 total points
ID: 41758256
A1 - There is always a risk when users are involved. Malware can come from anyone's system, even from a vendor sharing files using YouSendIt (what I've used before with ad agencies transferring really freakin big digital asset files); on the flipside, there is little risk if there are file upload/download screening tools (Avast, Norton, etc) that are scanning the Zip files coming into and out of the file sharing site.

A2 - Don't use encryption as the only fail safe to protect your digital assets. You could instead use zip tools with password expiration and access time limits; then it might not matter if there is a data breach or not, it'd be a second or third step for a hacker to hack the locked zip file.

If you're using Google Drive with Google Apps for Work, you as the administrator should be able to set user rights on the folders and files that are being shared within and externally outside of your network.
0
 

Author Comment

by:sunhux
ID: 41758749
>Some of my much older Gmail are still using very simple passwords :   Remember I said keep your wits about you
I was trying to give a scenario that if I could use simple passwords in Gmail, my users could do likewise (for
File Sharing services/tools) & recently we have a case that despite regular educational broadcasts & screen savers
(& we have a policy in place) not to send out sensitive info, users still do so.  Sorry did not elaborate my point earlier

>A2 - Don't use encryption as the only fail safe to protect your digital assets. You could instead use zip tools with
> password expiration and access time limits
Thanks, good point;  I was checking WinZip & 7Zip but did not see any option to set expiration or access time limits.
QuickCrypt could do this (but it encrypt 1 file at a time only).  I'm looking for a tool which could self-destruct the file
if there are multiple (say 3) attempts to crack/brute-force the encryption password and will self-destruct (say 5-
pass secure erase) after the encrypted file has been copied.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 41758750
WinZip has good encryption (I use it). Email encryption is a must-have even if not the only thing you depend up.

Common sense remains (by yards) the very best defense.

My Windows 3.1 machine in 1994 came with a simple virus from the vendor which was easily cured. I have not have any virus since in over 20 years.
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:sunhux
ID: 41758773
Right, WinZip & 7zip both have encryption feature.

I'm looking for a zip tool that "could self-destruct the file if there are multiple (say 3) attempts to crack/brute-force
the encryption password and will self-destruct (say 5- pass secure erase) after the encrypted file has been copied"
0
 
LVL 92

Assisted Solution

by:John Hurst
John Hurst earned 150 total points
ID: 41758775
I have not seen such a Zip tool. So far only Apple will wipe out a phone after 3 (or 5) attempts at logging onto the phone. I have not seen self destruct files. Good encryption will keep most anyone at bay.
0
 

Author Comment

by:sunhux
ID: 41759871
Quick Crypt will sort of self-destruct or expire after a specified amt of time but not upon being copied or
failed attempts to decrypt it
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 41759897
I have not seen what you want and truly I have no need . I make sure files and connections are secure
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 41760014
In addition, I just got an email from a (likely) legitimate company that I do not do business with and who said I requested an invoice from them. I did not.

Giveaway: The email was addressed to several unrelated people all with the same "invoice".

Delete immediately. Virus document for sure .
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 41761351
Thanks, and be sure to keep your wits about you :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now