I love DropBox and use it daily, usually several times a day. I have also written often about the need for online security; so, I was disappointed to read that DropBox had a major security problem yesterday. The company installed a software update and, nearly four hours later, discovered that anyone could log into any DropBox account without a password. As soon as the problem was discovered, the company reverted back to the previous software version and tested the process heavily. For those four hours, anyone who was aware of the glitch could have accessed your data stored on the DropBox servers without restriction. Details may be found at http://goo.gl/wdJuM.
While inexcusable, the problem isn't rare. Errors will happen anywhere. This problem happened at DropBox, but it could have happened most anyplace else.
The quick reaction will always be, "I won't give my data to anyone. I'll keep it safe and secure on my own hard drive." Of course, that is about as effective as an ostrich sticking its head in the sand. In fact, data stored on your own computer's hard drive is probably as much at risk or even more at risk than data stored on a remote online service.
The world seems to be full of hackers, online thieves, and other miscreants who wish to steal your passwords, bank account information, credit card numbers, or anything else they can convert to cash. Some people around the world are scanning your computer on the Internet right now, attempting to gain access. Yes, miscreants are scanning your computer anytime it is connected to the Internet. If they find a security hole (and all operating systems have security holes), they will attempt to steal information from your hard drive. Others install viruses or other malware (malevolent software) by any of a number of methods. Many of these malware programs are designed to steal your personal information and send it to the thieves.
NOTE: Installing a firewall is a big help at blocking remote access, but it is not perfect. If you have a router installed in your home, it PROBABLY also is an effective firewall. In addition, software firewalls can be installed although they generally are not as effective as hardware firewalls.
I don't have any statistics to prove it, but I suspect more information gets stolen from individuals' hard drives every day than from all the online web sites combined. In fact, your information is probably SAFER when stored on a professionally-managed web service than it is when stored on the hard drive of your own computer. Thieves can theoretically steal data from the computer sitting on your desk at home. And, if you have a laptop computer or a smartphone, what happens when it gets lost or stolen?
NOTE: To read my account of my laptop being stolen from the locked trunk of my automobile a few years ago, read my article at http://goo.gl/7OfvN. Yes, thefts do happen. I can attest to that!
So, the only "safe" method of storing information is to never computerize it, right? Just write it on paper and nowhere else. Oh, wait a minute... What if the paper is lost, destroyed, or stolen?
In fact, there is no such thing as "perfectly secure." All of us should strive to make things more secure than ever; but, the reality is that no method of storing information on a computer or on paper or on clay tablets is ever 100% safe. I would suggest, however, that we can attain 99.999% security.
I wrote about one solution a few weeks ago: encrypt the data immediately when it is stored on your own hard drive. If the information is sensitive and something you don't want to share with potential thieves, never store that info in your own computer in plain text. Who knows who will see it?
Encrypting data on your own computer's hard drive not only protects it from hackers around the world, but it also protects it from what I think is the biggest risk of all: visitors to your home. Do you trust EVERY delivery person, plumber, electrician, carpenter, or other tradesperson who spends time in your home? How about the babysitter who has full access to everything when you leave home for a few hours?
Encrypting your data locally protects you from all sorts of problems. Not only does it give extra protection from babysitters and tradespeople, but encrypted files also can be backed up and will remain encrypted. Yes, even if some online service accidentally allows access to your (encrypted) data without passwords, the data will still be unreadable to anyone else if you encrypted it BEFORE being backed up. An inexcusable problem such as that at DropBox becomes a minor embarrassment if the information was encrypted before being placed on DropBox's servers.
I wrote about this solution a few weeks ago in The Ultimate Security for Your Data and that article is still available at http://goo.gl/bXju5. I mentioned DropBox by name in that article, along with a number of other online backup services. I don't know if I had a premonition or not, but it is quite a coincidence that I wrote about a potential problem that has now occurred less than three weeks later. I shouldn't write, "I told you so" but, in this case, I will. See? I told you so!
I also wrote about several encryption programs for Windows and Macintosh. If you are concerned about the safety of your information, whether on your own computer or elsewhere, I suggest you read that article at http://goo.gl/bXju5.
Nothing is ever perfect. No computer is ever 100% secure and even writing on paper is no better. However, taking a few simple precautions can reduce your risks significantly. I'll settle for "significantly reduced risks."
If you enjoyed this article, Tweet it, share it on Facebook or on your preferred social network. Republishing of this article in newsletters, blogs, and elsewhere is allowed and encouraged. Details may be found at http://goo.gl/hoHH1.
Of course, if you haven’t done so already, you should join my email newsletter mailing list to stay current on my latest articles and announcements. You can also cancel at any time within seconds. I promise to never, ever send you any unrequested e-mail, other than newsletter updates.
