A Dropbox cyberattack has compromised the accounts of more than 68 million users, security experts revealed.
The attack occurred in 2012, and it was confirmed just this week that hackers had access to and leaked the email addresses and passwords of these millions of users online. As a preventive measure, the file hosting company emailed customers informing them of a mandatory password reset, advising them to login and create new passwords.
For small business owners, a cyberattack against Dropbox is a very serious concern. If a giant like Dropbox can be hacked, many providers are also at risk. To help you keep your data safe, here are three ways to protect your business on Dropbox and other cloud services. [See Related Story: 13 Security Solutions for Small Business]
1. Turn on two-step verification
Besides changing passwords, Dropbox highly recommends that customers enable two-step verification on their accounts. Two-step verification is available on most cloud platforms and apps, adding an extra layer of security to prevent unauthorized access.
It works by requiring both a password and a token to access accounts. For instance, in addition to entering a password, the service will also require a six-digit code that was sent by text, email or its mobile app. Without both credentials, the service will not allow anyone to log in to your account.
Two-step verification also keeps accounts safe by verifying new devices the first time they log in. Many services also alert users when an unrecognized device or browser is being used, so you know when a third party is attempting to access your account.
2. Don't reuse passwords
One of the main reasons the Dropbox cyberattack is particularly alarming is that hackers didn't just get access to passwords to millions of Dropbox accounts. Worse, they obtained email and password combinations.
This means that if you used the same email address and password to log in to Dropbox and other services, those accounts have also been compromised. Because many people use the same login credentials for everything — and many services use your email address as your username — it's an effective way for hackers to gain access to inboxes, apps and even bank accounts simply by trial and error.
To keep your data safe, make sure to use a unique password for all of your accounts. This way, when one service suffers a breach, the rest of your accounts stay safe. (In light of recent events, Dropbox has also advised customers who used the same Dropbox password on other services to change their passwords on those accounts.)
3. Use a password manager
Although it's easier to use the same password for all your accounts, it's also very risky. But being safe by using strong, unique passwords doesn't have to be complicated.
Password managers take the headache out of storing passwords, so you don't have to remember all of them and to which account each password belongs. All you need to remember is a single master password and the password manager takes care of everything else. Features include auto-logins to accounts, device syncing, multi-user access and more. Most password managers also offer password generators that lets you create strong password combinations consisting of upper- and lowercase letters, numbers and symbols.
Two password managers we like are RoboForm and LastPass. Both of these services are accessible anytime, anywhere, whether you're on your computer (Windows, Mac and Linux) or on a mobile device (iOS, Android and Windows Phone). They're also very affordable for small businesses. RoboForm costs $9.95 and LastPass costs $12 to start.