Is Dropbox secure? Here are 9 ways to enhance Dropbox's privacyFile Sharing
When it comes to cloud storage, it’s not out of the ordinary for privacy concerns to come up.
But as far as file sharing tools go, Dropbox is known for its solid reputation and stands strong against its competition.
Dropbox has been a staple for businesses and freelancers for over a decade. Most of us know and love the file sharing service as one of our primary business tools for collaboration. Not to mention, Knoji users have given Dropbox some good ratings for their features and capabilities.
However, there are some caveats…
They don’t have a perfectly clean record (we’ll get to this in a moment), but they’ve made some notable strides to tighten their security.
In this article, we’ll be going over any Dropbox privacy concerns, starting with their lengthy security history. Then we’re going to tell you the best ways to secure your cloud files for you or your business.
- Dropbox Security Breaches — A Complete Timeline
- Current Dropbox Security Vulnerabilities
- Dropbox Privacy Issues
- Dropbox Security Features
- 9 Ways To Make Dropbox More Secure
- Dropbox Alternatives
Dropbox Security Breaches — A Complete Timeline
In 2012, Dropbox notified its users that there had been a breach of security. At the time, nobody was aware of just how massive the problem was.
Four years later (facepalm moment), Dropbox revisited the issue when a file of 68 million Dropbox users’ personal data, including usernames and passwords, was discovered for sale on the dark web.
The worst part? All 68 million usernames and passwords were for sale for a little more than a thousand bucks.
In response to this issue, Dropbox reset the passwords of those who were affected by the breach, but the damage had already been done.
One year later, users’ deleted files mysteriously reappeared in their Dropbox accounts. What seemed like a magic trick, left users baffled. This caused many to wonder if their files are ever truly deleted from Dropbox’s cloud storage. If not, what kind of security risk might that pose for their files that they want to be deleted?
Current Dropbox Security Vulnerabilities
So, what about now? Is our data completely safe and locked away with military-grade encryption that not even Zuckerburg himself could hack?
Not exactly. There are still some vulnerabilities in Dropbox’s security that informed users should know about. Like with most cloud services, nothing is 100% secure.
Let’s go over the three main vulnerabilities that Dropbox users should be aware of (but don’t forget to stick around if you want to learn how to minimize those risks).
- Lack of control. The owner of a file loses control of their files once it’s shared. This means that anyone who can access the file can download it on their cellphone using Starbucks wi-fi. Public wi-fi networks are notoriously sketchy, and they pose a serious risk for file sharing tools like Dropbox. This little chink in Dropbox’s armor should be a concern for any remote worker that trusts this cloud storage service.
- Sharing files might be too easy. It’s very easy to access and share files that have been shared with you. Sharing files with ease is all fun — until someone grants access to your files with a competitor.
- Data is extra vulnerable to corruption. Files stored in many cloud storage programs are susceptible to data corruption. Even though this type of data loss isn’t malicious, it is still harmful to the user.
After the whole Facebook privacy debacle of 2019, more and more users are interested in how file-sharing programs handle their data.
But did this new “privacy” policy make our data safer? Let’s find out.
Data being collected
For those of us who don’t speak the legalese of privacy documents, don’t worry. This basically means that Dropbox collects information about how we use their service to enhance the user experience.
This data includes your IP address, data from the website you visited before Dropbox, cookies for marketing purposes, and location data.
Data being shared
These people include “others working for and with Dropbox” (third parties that work with Dropbox), other Dropbox companies, other users, other applications, business team administrators, and as needed to comply with the law or out of public interest.
Dropbox doesn’t sell your data. However, they do share it with several different third parties, applications, and users so they can offer services like integration and business teams.
Control your data
That’s right! You got the power (most of the time)!
Below are four controls you have over your Dropbox data.
- You can delete the files you have stored in your Dropbox account.
- You can change the information that you provide Dropbox by editing it in your account settings.
- Dropbox will provide the data they’ve collected and why they’ve collected it at your request.
- You can object to the specific processing of your data. To request your data information or object to data processing, you can email email@example.com.
Dropbox Privacy Issues
While using Dropbox, users can sleep peacefully at night while knowing they have an ample amount of control over how the service uses their data. There are no major privacy concerns, and most users won’t feel the need to make any requests to limit Dropbox’s data permissions.
Dropbox Security Features
While privacy deals more with the intentional use and sharing of personal data, security deals with the likelihood that our data will be maliciously accessed or stolen.
Whether it happens to your data or your business’s data, data theft could be devastating.
Like most consumer-grade file-sharing services, Dropbox implements several security measures to bring down the odds of someone gaining malicious access to our data.
Testing for security vulnerabilities
On an annual basis, Dropbox has a third-party auditing firm doing a comprehensive security test of their services. According to their security page, Dropbox tests their security against global standards such as ISO 27001 and SOC 2.
Not only do they get third-party security audits, but Dropbox also regularly performs automated and manual checks for security vulnerabilities in their service.
If you don’t speak the language of online security, basically what that means is that Dropbox regularly makes sure there aren’t any holes in their security that hackers might be able to exploit. If there are, they can fix them quickly and report any issues to their users.
Sound annoying to you? No worries.
If you feel cookies are an invasion of privacy or present a possible security threat, you can opt-out of third-party services collecting your information for use in personalized interest-based advertisements.
Even just saying the word “encryption” makes me feel like a hacker, but it’s actually a super important part of keeping your files and data safe online.
To ensure that your files are safe on Dropbox, they use 256-bit AES encryption for all files in their cloud storage.
What exactly does that mean?
Essentially, it means that there are more possible security combinations than the number one, followed by seventy-seven zeroes. Experts consider that so secure that not even the fastest computers can break it.
The encryption is strong with this one.
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
When your data transfers between the Dropbox servers and their applications, they’re encrypted using SSL and TLS encryptions.
For a more detailed read on SSL and TLS encryption, check out this article that takes a more in-depth look at how these encryptions work.
To the average Joe Shmoe, those terms sound like they have to be complicated.
But for those of you who just need the basics, here they are:
SSL and TLS encryption use two mathematically generated codes to encrypt data transfers. One of the codes is private and generates intense mathematical formulas to ensure the data is secure while simultaneously being moved between the servers and the apps.
(Don't forget to check out Knoji's community reviews on Dropbox's data encryption — or even add a review yourself!)
Lost device protection
If you’re anything like me, you’ve lost a phone or two (or three). My phone was even stolen just a few months ago!
So what happens to the stored Dropbox files on that phone? Could whoever picks it up just immediately gain access to any private files?
Thankfully, paying Dropbox customers can choose to wipe files from a lost or stolen device by accessing their security settings. This is also practical for those of us who share files with employees, contractors, or clients. When our working relationship ends, we can make sure that we delete any shared data from their devices.
Standards and regulations
Dropbox complies with a ton of different security standards and regulations.
For real, there are a ton. And this is great news for Dropbox-ers.
Suffice it to say — Dropbox complies with the major standards and regulations in both the US and the European Union. This includes child protection policies, credit card security regulations, and even FDA regulations.
Now that we cleared things up with how Dropbox’s security features work — let’s learn how to lockup your Dropbox even better.
9 Ways To Make Dropbox More Secure
Maybe you’re the type of person that has no personal data anywhere on the internet. You might be a virtual ghost that has nothing to worry about if your online presence isn’t secure.
Since I’m not that kind of person, I like to look at ways to maximize the security of my online file-sharing services like Dropbox.
Let’s take a look at nine different ways to make sure that your Dropbox files stay private and secure.
1. Enable two-step verification
Even though two-step verification can sometimes be extremely annoying, it’s best just to go ahead and turn it on, especially for sensitive accounts like Dropbox.
By enabling two-step verification, you’ll link a phone number that’ll receive a six-digit code from Dropbox when you’re signing in from an unknown device. This extra security step drastically reduces the likelihood of someone being able to access your account unauthorized.
2. Use strong passwords
I have a confession to make:
I used the exact password for about 90% of my online accounts for a long time. A year or so ago, I started to get several emails with unauthorized connections to several of my accounts.
Moral of the story? Just create a unique, strong password for every single service you sign up for. Having one universal password is great until you have ONE security breach — then all of your accounts will be at risk.
Your browser probably recommends a strong password for every account you make. If it doesn’t, you can just get a service like Keeper that creates and keeps track of your invulnerable passwords to every online account you have.
3. Manage linked devices
From the security tab within your Dropbox account settings, you can manage any device that has access to your Dropbox folders.
We discussed this a bit earlier when we talked about lost & stolen devices, but there are more situations where this comes in handy.
You can look at the IP address of any device that has access to your Dropbox account. This helps you determine what devices are fishy and which are legitimately yours. If there’s an unknown device with access to your files, it’s easy to remove its access in the security tab.
4. Make files private
Shared files can have several different levels of security. You can set files to view-only, which keeps others from changing them.
Private files should be used for any sensitive information, and they can be password protected. You can designate files to only be accessible by members of your team, and you can even set links to expire so all shared access to files will be lost after a while.
5. Recover files
Worried if you’ll be able to recover those accidentally deleted files?
You can recover deleted files for 180 days if you’re a paying Dropbox customer.
If a file was deleted or edited by someone else with shared access to your Dropbox file, this option keeps the originals of your files secure. You can even rewind your whole account to a previous date, preventing any loss in the case of a malicious edit or deletion.
Simply click on the deleted file you want to restore and click “Restore.”
6. Encrypt uploads
Some people are concerned that Dropbox has access to their files. Dropbox is even allowed to share files with the government under certain circumstances. On their website, Dropbox states they may also have to access customers’ files under rare circumstances.
If that makes you uncomfortable, you should consider encrypting your uploads before you load them into Dropbox. This means that Dropbox will have no access to the file itself — just an encrypted version.
Using a service like Boxcryptor gives you complete control over your files on Dropbox.
7. Keep files safe on a team
Teams need to make sure they’re all on the same page when it comes to keeping shared files secure. It helps to establish best practices for your team’s interactions on Dropbox or other file-sharing services.
Sharing permissions and access
Make the expected sharing permissions clear for your team. Do you want all files password protected? Or maybe do you want all links to expire after one week?
Well, no problem. Dropbox has an arrangement of sharing settings to allow you to choose who can, view, edit, and manage files. And according to one Knoji user, Dropbox's permission settings are quite easy to navigate.
Most of these settings can easily be found by clicking on your desired file and going to “Share” where you can manage members.
To further manage sharing and access settings, from “Share,” you can go to settings through the gear icon, and then go to “Manage access.”
If your team knows how to set permissions for the shared files, you can be more confident that all your files will stay secure.
People are eventually going to leave your team. Does that mean all their work files are going to go with them?
You can transfer the files from their account to a new team member’s account. This option keeps your files secure as your employees and team members change because you can remove their access to team files and give it to the new team member.
8. Protect your data if it’s been compromised
If at any point, an unknown user gains access to your Dropbox, you should go ahead and make sure that you take steps to limit the damage.
These steps include changing your password, setting up two-step verification, and disconnecting any integrations or apps that might be connected to your Dropbox.
Once you take these steps, you can reset the passwords to your integrated apps and the email used for your Dropbox account before reconnecting.
9. Safeguard yourself from phishing attacks
You’ve most likely received an email with an official-looking request from a service you use. They usually say that your account is at risk or that some action is necessary to make sure you don’t lose access to a particular feature.
These are known as phishing attacks, and they usually aim to get you to send them sensitive info about your online accounts or to install a virus on your computer. Fortunately, spam filters catch most of these, but some make it through.
This will keep your account secure from malicious attacks and keep you from having to constantly reset your passwords online.
There are a ton of file-sharing services out there, but how many of them are truly secure?
If you’re looking for a Dropbox alternative, try checking out some of these file sharing sites that prioritize the security of their users’ files.
Top secure file sharing tools
We’re going to look at five of Dropbox’s biggest competitors to see how they compare in terms of features and security.
These top five alternative tools are:
- Google Drive
How well they rank in terms of security
Each of these services offers something unique to their user base, which is how they’re all able to coexist without putting each other out of business.
1. Google Drive
Google Drive offers 256-bit encryption for files in motion compared to Dropbox’s 128-bit encryption. Since files are more vulnerable when they are transferring, Google’s security for files in transit is actually better than Dropbox.
On the other hand, Dropbox offers 256-bit encryption for files at rest, whereas Google only provides 128-bit encryption. Since files at rest are naturally more secure, Google has Dropbox beat on the strength of their encryptions.
Stand out features
One great feature of Google Drive is its usability. Not only is it super intuitive, but almost everyone already uses it.
As far as its security is concerned, Google Drive offers great permissions options to the owner of the files, meaning that you can choose who can open, edit, or share a file that you own. The intuitive permissions make this an indispensable feature of Google Drive.
Smaller businesses could use Google Drive completely free of charge if they aren’t interested in the extra features offered on the paid version. In my opinion, Google’s free version is slightly more comprehensive than the other tools on this list.
Storage and Price
Google Drive’s paid plans begin at only $6/mo with 30GB of cloud storage, and the recommended plan for businesses is only $12/mo with unlimited cloud storage for accounts with more than five users. Accounts with fewer than five users get 1TB of cloud storage per user.
One alternative that shouldn't be ignored is Box. Box’s security page is very comprehensive and reassuring. Many large companies choose them specifically for their security.
They provide 256-bit encryption for all files, whether at rest or in transit. They also offer user permissions that increase the security of any files shared on their service.
Stand out features
While all of these applications take security very seriously, Box seems to go above and beyond to keep your files safe. Several security features make Box stand out from the competition.
Box’s system integrates with several different partners that are focused on security. These partners boost the protection of the system and make sure that your files stay safe.
Their Box Shield program gives you the control to label secure documents, change viewing permissions, and ensure classified or private information stays secure.
KeySafe gives you more control over encryption keys and allows you to see when content was accessed and to cut off access to any encrypted content anytime. This option will most likely go unused by everyone but those dealing with highly sensitive data.
Storage and Price
Box starts at $5/user/mo with 100GB of storage. For businesses level plans, it starts at $15/user/mo with unlimited cloud storage. All plans must have at least three users per account.
Hightail’s security is not quite as clearly stated as the other services. They only say that they offer “up to 256-bit” encryption for files in transit. Since “up to” is a very vague phrase, I’m led to believe their security is lacking compared to the others in this list. Afterall — transparency is key.
Stand out features
Hightail offers some great personalized security options in addition to its encryption. Users can specify what each recipient can do with their content, and set access codes and expiration dates for their links.
We talked about some of the problems that arise when an admin loses control of their Dropbox files after sending them. Hightail aims to curb these problems by allowing users to turn on notifications when anyone downloads files.
Using these extra options allows users to keep a little more control over their shared files.
Storage and Price
Hightail’s paid plan starts at $12/mo, and the team plans start at $24/user/mo. One great feature of Hightail is that all paid plans get unlimited storage.
OneDrive provides 256-bit AES encryption for files at rest, but it’s unclear what level of SSL/TLS they use for files in transit. They do, however, redirect to HTTPS, which adds one extra level of security.
Stand out features
OneDrive’s additional security features are what make it stand out from some of the other Dropbox competitors.
One of my favorite security features that OneDrive offers is its suspicious activity monitoring. This feature notifies the user if there is any login that looks like it was unauthorized. When the user gets the email, they can respond quickly by changing their passwords and unlinking third-party integrations.
OneDrive also automatically scans new shared files for viruses to save you from headaches in the long run. Similarly to Dropbox, you can restore old versions of lost, edited, or deleted files.
Finally, OneDrive notifies you if a large number of files were deleted. This notification could protect you if you accidentally delete your files or if someone else attacks your account.
Storage and Price
OneDrive starts at $5/user/mo (billed annually) and offers unlimited cloud storage for accounts with 5 or more users. If there are fewer than five users, each user gets 1TB of cloud storage.
WeTransfer offers 256-bit encryption, but they allow anyone with a link to open the file, which could lead to security issues if the link gets into the wrong hands. In addition, they had quite a big oopsie last year when they sent files to the wrong recipients.
Stand out features
WeTransfer is unique compared to these other services because of how lean it is. With a WeTransfer account, you can send and receive files up to 20GB without zipping them.
In addition to their encryption, they also offer security features like link expiration, download tracker, transfer management, and access controls.
With the link expiration tool, you can set a link to expire after a set amount of time. This tool works just like the link expiration tool on the other programs we’ve examined.
The download tracker can help you make sure that your file is only getting into the right hands. So, if you share it with one teammate and it’s downloaded 100 times, something might be up.
Transfer management and access controls give you a little more control over the files once they’re shared. You can kill a file link or set a password before someone can view a file.
Storage and Price
WeTransfer is only $12/user/mo, but there is no way to add more than one person to an account, so admin controls are limited. The pro plan comes with 1TB of storage.
Even though Dropbox has had its fair share of security scandals over the years, it offers security that meets or exceeds standards in all areas.
Dropbox may not offer all the control, security integrations, or file management tools you’d like. If that’s the case, I would recommend trying to beef up your security by following the tips presented here or trying out one of their top competitors.
At the end of the day: just make sure your files are secure — you don’t want yours to be the next ones floating around on the dark web for sale!