Following the news that people have been uploading highly sensitive documents to a Microsoft cloud sharing service, seemingly unaware the material is public by default and so could be vulnerable to online criminals. Leo Taddeo, Chief Security Officer at Cryptzone commented below.
Leo Taddeo, Chief Security Officer at Cryptzone:
“While there is no evidence of a security flaw in docs.com, the default setting exposed the user to significant risks. A better option would be to require the user to opt out of a more secure setting after acknowledging the potential for exposure to the public. The lesson here for organizations is that their employees won’t always pay enough attention to security when sharing sensitive information. There are a number of ways to reduce the potential for this type of data leakage, including training, and adaptive data loss prevention (DLP) tools that secure a file’s mode of transport between authorized users.”