The news this morning that Google Docs users have been subjected to a phishing scam highlights once again the importance of securing your shared documents and files.
Google stopped the scam within an hour of it breaking, but it is reported to have reached up to one million people.
The purpose of this scam was to get people to hand over their Gmail login details. It’s not a huge leap to think that the next step is to gain access to confidential documents stored on shared drives.
There’s a massive security risk here. If a hacker gains access to a shared drive such as Google or Dropbox, you’ve lost control of the content on that drive. Your confidential documents could be downloaded, screenshot, or forwarded across the world in seconds.
They are held on the servers of a third party, over which you have no control.
It was exactly this problem that Pushfor was set up to solve. Of course, there is always a risk that someone will engineer a scam that convinces you to release your login credentials. But what if you could control what happens to the documents you’re sharing? What if they couldn’t be screenshot, forwarded or downloaded by anyone, even if they did have your login information? What if you could pull access from those documents so no one could see them at all?
Pushfor does all these things. It is based on the concept of projecting content, rather than uploading it to a third-party service. It solves the problem of securing confidential information. Currently, with file sharing applications or messaging services – from Google to WhatsApp – you can’t guarantee what will happen to those files in the event of a security breach. Nor do you have any control over the security of those external sites. (Email is an even bigger security problem for businesses, as we talk about on our blog on using email to send confidential information.)
But with Pushfor, the content remains on your server, within your security boundaries. It never leaves your control. And if you spot unauthorised access (our analytics show when and where content has been accessed, and by whom), you can simply pull the content. At no point can it be downloaded, forwarded, or screenshot without specific authorisation.
It puts you back in control of your content.