View more on these topics

Comment: Personal data? Don’t drop the ball

johnson_marlon

When planning to store personal information on a cloud, do your homework first by identifying potential risks

Personal data from over 68 million users of Dropbox, the popular cloud storage company, has been posted for sale online. The details were stolen during a previously disclosed breach in 2012 but Dropbox discovered the sale only a few months ago when carrying out routine security checks.

The popularity of Dropbox for storage and file sharing has led to it becoming the cloud service most targeted by cyber criminals. The hack highlights the need for tight security, with the use of unique and complex passwords as well as two-step authentication.

Hacking is not the only concern for Dropbox users. The service also suffers from bugs (many businesses were affected in 2014 when it released an update with a bug that deleted user files) and from open doors, which leave open sensitive files that can be viewed.

The service offers server-side encryption for files but this is insufficient if there is a security breach. This is because Dropbox provides and controls your files’ encryption keys. It accesses them to provide a preview and this weakens security.

It has also changed its privacy terms to give itself the right to share collected data.

The following questions should be asked to identify potential risks of non-compliance or vulnerabilities that may fall outside the Data Protection Act:

  • In which country is the cloud provider located?
  • Is the provider infrastructure in the same country or elsewhere?
  • Will the provider use companies whose infrastructure is outside those countries?
  • Where will its data be physically located?
  • Will any of the provider’s services be contracted out?
  • How will data provided by the controller to the provider be collected, processed and transferred?
  • What happens to data sent to the provider upon termination of the contract? and
  • What happens to data sent to the provider when there is a dispute between the parties?

Marlon Johnson is managing director at JMS Secure Data

Recommended

MAB promotes staff in commercial and marketing roles

Mortgage Advice Bureau has promoted two of its staff to more senior roles. Donna Brenchley has been promoted from her current role as director of e-commerce to the newly created position of commercial director. In the past, Brenchley was responsible for the creation of the new broker platform and business re-engineering strategies and leading MAB’s […]

Teachers-Building-Society-TBS-700.jpg

Teachers BS adds new help to buy and 95% mortgages

Teachers Building Society has launched two new fixed rate mortgages: a help to buy offering and a 95 per cent LTV deal. The help to buy product is a three year fixed rate mortgage at 2.59 per cent available on loans up to 75 per cent LTV. The loan switches to Teachers’ SVR, which is […]

CML: Mortgage lending hits nine year peak for September

Gross mortgage lending fell 7 per cent in the month to September, according to figures from the Council of Mortgage Lenders, but reached a nine year high for the month. The monthly study found that gross mortgage lending reached £20.5bn in September, a fall of 7 per cent from the £22.5bn seen in August but […]

Thumbnail

Trust me, I’m a provider

By Craig Paterson, Underwriting and Claims Philosophy Manager, Royal London Hard-hitting headlines “Dying mother of two is refused life insurance payout.”1 “What a way to treat a dying man: Grandfather refused life insurance claim.”2 “A widow betrayed by a life insurance company.”3 With headlines like these, it’s no wonder some consumers don’t trust providers. Trust […]

Insurance - thumbnail

Consumer attitudes to protection

Royal London commissioned Opinium to run our State of the Protection Nation research to find out how people felt about their own protection needs and the industry as a whole. By Ross Jackson, Senior Protection Marketing Manager We surveyed people who had already taken out some kind of protection insurance and those who didn’t have […]

Newsletter

News and expert analysis straight to your inbox

Sign up