| Author |
Message |
Robin E. Snyder
Senior Member
Username: robin
Post Number: 690
Registered: 08-2004
| | Posted on Friday, July 28, 2017 - 12:04 pm: |    |
more and more of my clients are using shared dropbox folders for job file management. My concern is about being linked to other teams and the heightened risk of exposure to virus, ransomware etc. Anyone else considered this or explored this. One of my projects has 93 team members on the shared folder. I feel like I am at an orgy without any condoms. |
Guest (Unregistered Guest)
Unregistered guest
| | Posted on Friday, July 28, 2017 - 12:39 pm: | |
Yeah...my clients (not only my A/E clients, but also A/E's clients) thus far are using Dropbox and ProjectWise...with FTP going by the wayside. My issue with Dropbox is I need to subscribe, at my expense, to be able to upload any specs files. While paying for one cloud service is reasonable, how many other potential cloud services could future clients require subscribing to? My guess A/E's/client's are shifting the some of "true/total" cost of hosting data storage by using cloud services and forcing collaborators to "sign-up" for same?
Anyways, to answer your initial question/statement, unless I'm presuming incorrectly (legally), wouldn't whoever team member introduces the "problem", is "responsible"? Do our consulting agreements need to "assign" responsibility, indemnity, etc. for such instances? Yes, while it doesn't proactively resolve the problem before it occurs (I don't know what else one can/could do...other than "trust" all team members to be very diligent, i.e., practice safe "computing"). The "prime"/"lead" entity that is driving the use of cloud services, needs to establish specific (binding?) criteria for file accessing/uploading, and otherwise using cloud service? |
Lisa Goodwin Robbins, RA, CCS, LEED ap
Senior Member
Username: lgoodrob
Post Number: 322
Registered: 08-2004
| | Posted on Friday, July 28, 2017 - 03:42 pm: | |
Robin,
Nice analogy for a Friday afternoon!
- |
Phil Kabza
Senior Member
Username: phil_kabza
Post Number: 589
Registered: 12-2002
| | Posted on Monday, July 31, 2017 - 05:11 pm: | |
Guest: When a client who "owns" a Dropbox account shares a folder with you, you are able to download from it, and upload to it, without a Dropbox account. You just cannot delete from it (and there are likely some other limitations). You also can and should have your own free Dropbox account, with which you can keep your client shared folders organized. You won't need to pay unless you need considerable capacity or need the team organization of Dropbox for Business.
Check with your IT person about how your own anti-virus protection applies to files moving from the cloud to the Dropbox folder on your hard drive; incoming traffic should be being scanned by your security software.
I feel your pain concerning the array of cloud-based services we encounter in a consulting practice. We currently utilize FTP, Dropbox, GoogleDocs, Basecamp, and ShareFile with various clients. |
Anne Whitacre, FCSI CCS
Senior Member
Username: awhitacre
Post Number: 1425
Registered: 07-2002
| | Posted on Monday, July 31, 2017 - 08:18 pm: | |
I work in a large office and we also communicate with contractors (mostly) using file sharing services -- I've used every one that Phil named except ShareFile, and that's probably going to show up on some project.
Phil's advice is what I've seen here too -- the scanning occurs when you download a document onto your own computer. You'll need to make sure your own computer is appropriately protected. |
Robin E. Snyder
Senior Member
Username: robin
Post Number: 692
Registered: 08-2004
| | Posted on Monday, July 31, 2017 - 08:29 pm: | |
my understanding is that Ransomware is difficult, if not impossible, to catch. There is also a difference between file-sharing on an ftp site, where you pull of what you need, and dropbox which is sync'd w/ 93 other computers (and all the computers they are all synced with and so on) |
J. Peter Jordan
Senior Member
Username: jpjordan
Post Number: 984
Registered: 05-2004
| | Posted on Tuesday, August 01, 2017 - 10:11 am: | |
I got hit with a ransomware "virus" several years ago and learned some difficult lessons. One of the reasons it is difficult to catch is that when activated (e.g., opening a message in which it is embedded), it "messages" the ransom site for the code to hold your stuff hostage. I got a Barracuda system that not only looks at incoming stuff, but outgoing stuff as well. If your "virus protection" systems don't catch it coming in, Barracuda will prevent it from activating.
Not an advertisement, just a report.
J. Peter Jordan, FCSI, AIA, CCS, LEED AP, SCIP
|
Curt Norton, CSI, CCS
Senior Member
Username: curtn
Post Number: 247
Registered: 06-2002
| | Posted on Tuesday, August 01, 2017 - 10:17 am: | |
Prior to arriving at my current firm, we had a serious issue with dropbox being installed on a local computer and a virus. Our system currently blocks all access to dropbox. I believe that from a security standpoint, you will be much better protected by using the browser access and download/upload as needed. This gives your anti-virus a chance to scan the files. |
|
4specs.com Home Page