
Security culture, the Dropbox way - apu
https://blogs.dropbox.com/tech/2018/06/security-culture-the-dropbox-way/
======
pvg
I'm sure Dropbox takes security seriously and works hard at it but this piece
doesn't tell me a lot more than that except in much longer form. You can
find/replace 'trust' (and 'security') with 'truck' and come away as informed
and potentially slightly more amused.

~~~
tlb
Some informative parts that keep their meaning under s/trust/truck/g include:

"... daylong social engineering workshop designed and led by internal experts
that immersed them in a hypothetical scenario involving a malicious insider."

"... a hands-on workshop where Dropbox employees researched, crafted, and
presented their own phishing schemes."

"... our annual Capture the Flag"

It's interesting the emphasis on social attacks. You only have to get the
cryptography right once, but every employee needs to defend against social
engineering.

~~~
pvg
You forgot the really important ones, I think. Trucktober and tailgating. It
does raise the interesting question of why Dropbox does not celebrate Trarch.

------
dokem
The harder a company tries to sell their philosophy the less I'm inclined to
believe them. Words are cheap.

------
java-man
a better approach would be implementing a zero-knowledge storage
infrastructure, like tarsnap.

~~~
mehrdada
which prevents issues like [https://techcrunch.com/2011/06/20/dropbox-
security-bug-made-...](https://techcrunch.com/2011/06/20/dropbox-security-bug-
made-passwords-optional-for-four-hours/)

~~~
java-man
as well as [https://techcrunch.com/2014/10/11/edward-snowden-new-
yorker-...](https://techcrunch.com/2014/10/11/edward-snowden-new-yorker-
festival/)

~~~
mattm
Thanks for this. I'm going to look at moving away from Dropbox.

