535 Connecticut Ave. Suite 104
Norwalk, CT 06854
Empire State Building
350 Fifth Avenue, 59th fl.
New York City, NY 10118

Featured Article

January 10, 2017

Critical Security Flaw Discovered at Box.com

Using the cloud for file sharing and collaboration seems like a no-brainer. Cloud storage services are extremely cost-effective (and in some cases free), they will allow your users to access files from any location, and they put zero strain on your network infrastructure.

Despite these amazing benefits, though, cloud storage services have an ugly downside: They are highly vulnerable to security threats. Take the recent fiasco at Box.com as an example.

Sharing files on Box.com is similar to doing so in Google Docs, as users need to be invited to individual documents. To enable sharing, Box.com creates special landing pages containing document URLs. Unfortunately, some of these documents were indexed by search engines like Google and Bing — meaning any user could access them by typing in a similar query.

The security flaw was discovered by researcher Markus Neis, who is a threat intelligence manager at Swisscom. According to Neis, he accessed invites to more than 10,000 public or collaborative Box.com accounts or documents. Neis claims Dell Technologies, Illumina and Discovery Communications were all affected by the data leak, as were many personal accounts.

Box.com is now in the process of removing public links from Google’s index.  All pages have been restructured to ensure that they will not be indexed by Google moving forward.

This is a great example of what can happen when you use the public cloud for data sharing and storage purposes. Data leaks could occur for any number of reasons. So before you store another document in the cloud, remember: It may wind up being indexed!

Businesses should strongly consider using proprietary file sharing services using secure, onsite storage equipment. This way, IT can keep a close watch on the system to ensure security and operational efficiency.  

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York CityWhite Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

In addition, our new Cybersecurity Compliance Certification for law firms will help keep your legal practice from becoming the next Panama Papers victim. This baseline cybersecurity audit for the legal industry should be considered seriously by all law firms.

Related Articles