More and more companies are looking to harness the cloud as a part of their business. For many this starts out with centralizing all files on a cloud based service. Of all these services, Dropbox is the most widely known, but is it suitable for use within your business?
The most important thing to consider is the kind of content that you are planning to store in Dropbox. If you’re a consumer facing company, or deal with a lot of personal and financial information, then you need to make sure that any information you save on the cloud is properly protected. If you’re just looking to store files in a centralized location, security is less key, but it’s worth keeping in mind anyway.
Dropbox has a couple of features included with its service that help you to secure any data stored on it. First among these features is two-step verification, also known as two-factor authentication, which requires a user to provide both a password and a security code before being granted access to Dropbox. This security code is provided by the user’s mobile device.
If you’ve used Google’s two-step verification before you should have a good idea of how this process works. If you want to avoid having a bunch of apps on your phone, you can also receive the code via SMS. When you enable two-step verification you also receive an ‘emergency backup code’ which is 16-digits long and can be used to log into Dropbox if you’re unable to generate a code at all. It goes without saying that you should store this code somewhere safe, and not let anyone else see it.
Dropbox can be set up so that, whenever a new device or app connects to it, the manager of the account is sent an email. This gives you up-to-date information about any new or unauthorized access to your Dropbox account, and allows you to respond accordingly should someone other than an employee or other authorized personnel access your storage.
If you detect that there have been some unauthorized connections, or are unsure about whom a new connection belongs to, it’s possible to manually ‘unlink’ these devices from your Dropbox. Obviously if you’re a large company with hundreds of devices and apps connecting to your storage this can become unwieldy very fast, and you should probably be looking into other cloud options. If you’re a small business however, it shouldn’t be too difficult to manage.
Too often the reason files are accessed without permission is because the password used simply wasn’t strong enough. There are some very simple steps that you can take that will ensure that your password is stronger than average (and for goodness sake, don’t use Password or 12345678, they’re the two most common passwords on the internet.)
Make it long
– The longer a password, the harder it is to break. The minimum password length is usually 8, but you want to go above that and as high as is allowed while still being memorable.
Make it random
– There are password generators out there that can create something pretty random for you to use. But they can also be extremely hard to remember. Often you can create random passwords by starting out with a few words that are completely unrelated to one another. For example, howitzerJudicious. This is a good start.
Use numbers and symbols
– At the moment your password just consists of letters, but by adding numbers you can make it a lot harder to crack. It’s popular to replace letters with numbers or symbols that look similar to the letter they’re replacing, (h0w!tzerjud1cious). But there is an argument that it’s better to pick an unrelated number (5howitzer8judicious?)
Make it complex
– As well as creating complexity with a variety of symbols, you can also create complexity with higher and lower cases. So, in the case of our example password: 5hoWitZer8jUdiCiouS? At this point, it’s a much more secure password than you started out with, and much less at risk to attack.
Dropbox doesn’t offer encryption with its service, but there are plenty of third parties who make it possible. SecretSync is a popular solution for Windows users that encrypts any files placed into a specific folder before sending them to Dropbox. It’s a pretty painless solution and works well for those who are lacking in tech savvy and are comfortable putting the security of their cloud-based files in the hands of another cloud-based service. If you’re more tech savvy, however, or have an IT department available, you could also consider manually encrypting specific files that you want to have that extra protection.
Secure For Some
Dropbox is certainly not the Fort Knox of cloud storage providers, but for businesses only looking to store non-essential documents or ease the difficulty of sharing files with one another, it is likely secure enough. However, if your business regularly deals with personal and financial information, we would recommend you look elsewhere for a service to store this information. That is, unless you’re planning to seriously invest a lot of time into correctly encrypting and monitoring all of the files you store on it.
Dropbox isn’t an enterprise level cloud storage system. It’s really designed for consumers to share things like photos online. While it can be useful for sharing files easily across different departments, this is only the case for non-confidential material.
There have been many incidences of employees using Dropbox without authorization which has put company (or worse, customer) data at risk, so if you don’t want workers using it, include this in your IT policies. Employees that are poorly trained and don’t understand the risks associated with unprotected data could after all end up costing the company a good amount of cash. This is especially the case when it comes to PCI DSS requirements, although in theory not every employee should be able to access sensitive customer information, let alone save it to a different location.
What are your feelings toward business use of Dropbox. Do you use it? Do you use something else? Let us know below.