Sharing Files Can Put Lives at Risk
Story: An organization in Uganda was using Dropbox for file sharing. It was a collaborative project and everyone working on the project had access to all the files and folders, including sensitive information. No one was keeping track of what was in the shared folder, who had access to specific files, and which of the many members could share or had shared which folders with other individuals not connected to the project.
During the course of the project, one of the team members was asked to leave the news organization. As he left, he returned all the hardware (including laptop, camera, and flash drives) that he had in his possession. However, no one remembered to revoke his permission to the Dropbox folder.
The outgoing team member joined another organization and released all the information that his former colleagues had so painstakingly collected. In the process, he also revealed the identity of a source that wished to remain anonymous and sensitive information that could be traced to the source. The source had to be spirited out of the country.
The trainer asks participants what they think the organizations could have done differently.
•What could the organization have done to ensure that they did not lose control of their information and to reduce the chances of damage?
•Could a policy of updating the list of people with access to shared folders have helped?
•What would you do in a similar situation?
The trainer can make the following points:
- Depending on the security environment, any file can be considered sensitive.
- Control where information is shared and sent. Information should not be shared with anyone outside of a need-to-know basis, and controls should be in place to ensure that people receiving information do not share it repeatedly.
- Reviewing access and changing passwords at regular intervals is a good idea.
Additional case studies
Risk of cyber attacks increasing, says report Cybercrime shoots up during the Covid-19 lock-down