How secure is Dropbox? This can be an uncomfortable question for Dropbox users who save sensitive files or other valuable data in their accounts. Think of business plans, legal documents, financial projections and, er, personal photos that you wouldn’t want to fall into unfriendly hands. This data is stored in “the cloud” — remote Internet servers that neither you nor Dropbox fully controls.
While Dropbox goes through great lengths to reassure users that it takes security seriously (it points to technologies such as Secure Sockets Layer and heavy-duty encryption, and claims employees are prohibited from viewing the content of users’ files) there have been security incidents, including a bug that allowed any Dropbox account to briefly be accessible without passwords a few years ago. The company quickly fixed the problem and claims additional safeguards were put in place. The company now offers the option of using two-factor identification. Nevertheless, there is no guarantee that some other bug, error, or hack might expose Dropbox user data in the future.
In addition, Dropbox users themselves may be the source of problems. If you are sharing a folder with 100 users, a couple of them are bound to be using easily guessed passwords to guard their accounts (the names of pets or first-born children, “password”, etc.). Sharing links can also lead to problems, if the wrong link is shared or someone posts the link online or in some other public forum.
Despite these issues, millions of people use Dropbox every day. They’re aware that there’s a risk, but are basically making a tradeoff. They are putting more value on the convenience of accessing and sharing files over the Internet for free (or for a low cost), and discounting the chances that the data may be lost, stolen, or exposed.
As I said earlier, it’s an uncomfortable feeling for some people. If it’s too much for you, don’t use Dropbox — or only use it for non-sensitive data. Also be sure to set a passcode lock on the Dropbox mobile app, be careful of who you share links with, and regularly delete old Dropbox links by following these steps.
In addition, be very cognizant of local laws and workplace regulations governing storage of files. I recently received an email from a reader who asked about sharing sensitive workplace files. He claimed he worked for a local state agency. In my response, I said:
“If this is truly sensitive or valuable data, I urge you to think carefully about putting it on Dropbox. As I pointed out in the book, there have been security breaches affecting Dropbox in the past, and when it comes to sharing confidential state financial information, there may be rules or laws that govern how it can shared/transmitted electronically. Making a call to the state CIO or senior IT manager to see how they recommend handing this situation would be an advisable move.”
Even if your company allows Dropbox in the workplace, it may forbid ex-employees from keeping old files. If you leave the job, be sure to go into Dropbox and leave shared folders and delete copies of files as required.