It is human nature to be attracted by offers of free services. But when it comes to storing critical information, free may not always be the best way to go. Consider the news about Dropbox, a popular online document storage and sharing website that is free of charge. Recently, password authentication for its 25 million users was inadvertently shut down for about four hours. During that period, all documents of the affected users were accessible by anyone who typed a username – no password was needed.
Dropbox eventually reinstated authentication services; it’s difficult to ascertain how many accounts were accessed improperly. Dropbox said only a few accounts were affected.
To expect a free provider to protect your data with high security might be unrealistic. At the same time, users of Dropbox probably expected that only they would be able to access their files. Dropbox asserts that they will encrypt all stored data; however, customers should know this information will be decrypted if Dropbox receives a subpoena for information.
The Office of Information Security would like to remind all CU employees that storing sensitive information on a third-party providers’ service should be avoided. If there is a need to do so, please contact the Office of Information Security or the IT Security Principal on your campus for more guidance before putting anything on such a website.