Dropbox is a cloud space service that lets you save files and share them with whoever you want. With over 500 million active users, Dropbox is one of the most widely used cloud storage platforms worldwide.
The storage capacity it offers for free to registered users is 2 GB. However, saving files in the cloud usually contains users’ private information, so these types of accounts must always be secure, and there must be simple ways to verify that there is no problem around unwanted access to prevent data theft.
Read along, and do not forget to follow the tips featured in this article to make Dropbox more secure.
Best ways to make Dropbox more secure – Quick list
- Use a strong password – This will help to prevent third parties from accessing your sensitive data, like bank information. Also, use a different password for each account.
- Use a password manager – It will enable you to manage multiple strong passwords to improve your accounts’ security.
- Use your own encryption – Although Dropbox employs encryption protocols, you should also use a third-party encryption application. This will give you double encryption and prevent cloud services from snooping on your data.
- Enable selective sync – This is an organizational and convenience feature that helps to free up space on your hard drive. Also, it minimizes accidental data exposure.
- Use a VPN – While Dropbox is a secure service, a VPN will add layers of encryption to protect your connections when using a public Wi-Fi network. Also, it changes your IP address to prevent Dropbox from collecting your location information.
- Set up email notification – This will enable you to receive alerts whenever changes happen on your Dropbox account.
- Manage your linked apps – Devices and applications with permission to access your Dropbox account can compromise your security. Thankfully, you can manage them on the security tab.
- Check web sessions – It is advisable to check your Dropbox web sessions continually to ensure your account isn’t compromised.
- Delist linked devices – Remove the connected devices you no longer use to protect your personal information.
- Enable two-factor authentication – This is an essential security feature to protect your account. Besides a username and password, you will need a six-digit code to access your account.
- Use an alternative to Dropbox – If Dropbox does not meet your needs, many alternatives have better features.
What is cloud security?
Cloud security is the set of technology, policies, applications, and software that protect your professional and personal data stored online.
This protection applies to the rigor of local data centers, protecting the cloud infrastructure without causing any maintenance costs for the hardware.
These solutions simplify IT management with software and applications to control and remotely track data in this environment.
The right cloud service provider makes it easier for teams and organizations to store data securely and scale quickly.
How Dropbox file-sharing service works (security-wise)
By design, the cloud integrates multiple layers of protection spread over a scalable and secure infrastructure, and Dropbox is designed to protect your files. Here are the different levels of protection Dropbox boasts:
- Its SSL (Secure Sockets Layer) / TSL (Transport Layer Security) protocol creates a protected tunnel secured by AES (Advanced Encryption Standard) encryption on at least 128 bits.
- The SSL / TLS protocol is also used to keep data safe that gets transferred between Dropbox servers and apps.
- The 256-bit AES encrypts files stored in Dropbox.
- Only people with a link to public files can view them.
- The 2-step verification provides an additional level of security when connecting.
- Using 2-step verification, you can receive security codes via SMS or a TOTP (temporary one-time password) authentication application.
- Dropbox regularly tests its apps and basic structure to identify possible security vulnerabilities, strengthen its defense, and keep them from attack.
Is Dropbox safe?
For Dropbox, the security of your data kept in the cloud is a priority. It uses multiple layers of protection in a distributed and reliable cloud infrastructure.
For that reason, whether you have an individual or team account, this cloud storage service promises to offer the same protection standard for all your online data.
Individual account users can confidently and securely use Dropbox’s cloud to store files, share documents, and request access.
Besides, organizations can rest easy with cloud storage, thanks to its enterprise-level encryption that meets the customers’ compliance requirements and follows the data security policies of major businesses and international regulations such as the HIPPA and GDPR.
So yes, regarding how Dropbox is built, it is safe. But, regarding security, you can never be too sure.
Dropbox encryption
The giant file-hosting service Dropbox seems to have beefed up its encryption in the last few years.
That means that when a user stores or sends files via Dropbox, the whole process is protected, and only the authorized party can access them.
Dropbox uses one of the most robust ways of protecting stored files, which is the advanced 256-bit encryption. The service uses an Advanced Encryption Standard (AES) to secure files.
On the whole, when it comes to encrypting its system, the cloud storage giant has done an excellent job.
However, you may not be too sure that only because of the stealthy Dropbox encryption, your data cannot reach any third party.
Why are my files not 100% secure even if Dropbox boasts data encryption? I hear you ask.
Remember that encryption does not protect data from employee error or misuse. A 2018 study concluded that employees’ mistakes and negligence are vast sources of data breaches.
Apart from the potential risk of employees causing data breaches, agencies asking companies to hand over user information is a problem worth noting, too.
It is no secret that law enforcement agencies send data requests to Dropbox from time to time.
What that means is even though they require a legal search warrant and report things transparently to users, they might give your information to a government in the future if asked.
Can my Dropbox account get hacked?
Because of the stored data’s value and the service’s popularity, Dropbox history has an accountable number of hacking incidents.
Given its reputation, it is understandable that Dropbox is (and will always be) a supreme target for hackers.
In 2016, the digital storage company acknowledged that it had suffered massive hacking and urged its users to change their passwords.
The hacking occurred in 2012 and affected 68.6 million accounts after hackers stole credentials from a company employee (the employee used company passwords on other sites).
At first, in 2012, Dropbox only acknowledged that there had been an email leak.
But finally, in 2016, the cloud storage giant admitted that hackers also stole the passwords of millions of its users.
Those incidents give us two vital takeaways.
- The service remains a prime target for cyber assaults.
- Personal information breaches can occur as Dropbox does not look fully equipped to deal with them.
Dropbox privacy concerns
Alongside security issues, the Privacy Policy page of Dropbox itself hints towards several problems users must take into consideration seriously:
- Dropbox Knows Wherever You Are: The service uses GPS data to locate the user’s location. However, Dropbox claims that it does not use the collected data except to get the geolocation information of your photos and a general idea of where on the planet you are.
- Sharing Personal Data: Dropbox affirms that it will never trade your data; however, the system does not mind sharing it with a third party. If you sign in to your Dropbox account via a third-party app like Instagram, then Dropbox will provide your private data to Instagram.
- Your Data Can Still Remain with the Service Even If You Delete Your Account: As per the explanation provided on its site, while users can delete their account, Dropbox holds the right to keep your information for fulfilling legal obligations, enforcing their agreements, or resolving disputes.
- Data Preservation: The cloud storage company clearly states that they retain and save all the user information when someone signs up. Such information includes physical addresses, usernames, emails, social IDs, credit card information, and phone numbers.
Is Dropbox syncing a sufficient enough backup tool against ransomware?
Ransomware remains one of the most active threats on the internet and among the most formidable for your data and files. Even your files saved in the cloud are the target.
Many users see cloud storage solutions like Dropbox as backup solutions. Certainly, your data is relatively sheltered there and is protected against a possible crash or failure of your hard drive or SSD.
Ransomware is a serious threat, but Dropbox has your back.
Ransomware encrypts all or part of your files and then asks you to pay ransom to obtain the key to regain access to your files.
Unfortunately, paying does not always guarantee file recovery. And your disk organization is usually wiped out (ransomware often moves all files to the same folder and destroys the original names) even if the content is restored.
Fortunately, with Dropbox cloud services, file recovery is much easier. The service backs up each of your individual files (including the early versions of them) by default for both free and Business users.
With Dropbox data recovery and version history features, you can easily restore previous versions or restore your deleted files.
Some important notes:
- Dropbox Business and Professional accounts can recover file deletions or edits made in the last six months.
- Basic and Plus accounts can recover any deleted or edited file within a month of deletion or edits.
- Dropbox Plus users can no longer have extended version history, but if you purchased this extra feature previously, you could restore your files to their older versions within a year.
- If you happen to be a Dropbox Business team member who has purchased an extended version history of the service, you can recover any files that were changed or deleted in the past 10 years.
11 Ways to Make Dropbox More Secure
Until this far, we have covered all the basics about Dropbox security and the privacy issues it boasts and debunked several other Dropbox security myths.
Now, it is time to learn how to make your files and data on Dropbox more secure using the best practices. We tested these methods for security vulnerabilities and got the best results. So, let’s discuss what they are.
1. Use a strong password
You need to keep this tip in mind for Dropbox and all the online services you use.
Choosing an easy password with simple combinations can make it easy for a third party to decrypt it and access your secret information, such as bank account credentials or personal data.
A secure password must include at least 8 random alphanumeric characters and at least one special character (such as @ $ &). Ideally, a password that is difficult to guess or decrypt must have at least 12 characters.
Also, stop reusing passwords once and for all. You should set a complicated one and a different password for each online account.
2. Use a password manager
The safest bet is to choose unique passwords for each service you use and guard them by taking all the necessary precautions. Creating a unique one for each is advisable if you have used the same password for multiple websites.
But a question comes in: how do you remember multiple passwords? The answer is password managers.
Free password managers such as 1Password and LastPass (I use them if you ask me) can help you manage strong passwords on different sites and improve the security of your accounts.
That way, you can save all your passwords securely without remembering each one.
3. Use your own encryption
Perhaps the most powerful way to increase Dropbox security is to use third-party data encryption applications.
Dropbox encrypts network traffic with SSL / TLS protocols and uses the idle 256-bit AES algorithm to protect your business data.
However, you gain two advantages if you use your encryption tool.
Firstly, your data will have double protection. At first, your encryption app will encrypt it, and then when you upload it to Dropbox, the service’s encryption will come into play to secure it, too.
Secondly, using your own encryption application can kill even the cloud service giant’s ability to snoop on your data.
Since you will have all the data encrypted before uploading to Dropbox, the encryption keys needed to unlock files will only be with you.
That way, not only will your data be safe in case of a company data breach, but no employee misuse of your information could happen.
One free encryption app that I use and can recommend is boxcryptor.com.
4. Enable selective sync
Selective Sync, also called Smart Sync, is more of an organizational and convenience feature of Dropbox than a security one.
It is a feature designed to help you free up space on your hard drive. But it can minimize the accidental exposure of your data in some situations.
As the name suggests, with this feature, you can keep selective folders synced with your Dropbox account instead of a whole device. That is something you can use to mitigate your Dropbox security risks.
Let’s assume all your devices, including desktop, tablet, and laptop, are synced with the service. Then, in case only one of them gets stolen, all your data could be accessed and used by the thief.
However, if your desktop keeps only a specific folder synced with Dropbox while you selected a different folder on the tablet to sync, only your data kept in sync with the stolen device will end up with the thief.
Below is how you can turn the selective sync feature on:
- Open the Dropbox application on your desktop (if you log into dropbox.com, you will not see the selective sync feature).
- Locate and click the Dropbox icon in your menu bar or system tray.
- If you are using Linux OS, you might need to click the up arrow (↑) first to see the service icon.
- Click your initials or profile picture.
- Linux users can skip this step.
- Tap on Preferences from the menu.
- Then click Sync.
- Next, click Selective Sync (Windows and Linux) or select folders to sync (on Mac).
- You will see the boxes of all your folders on the left-hand side. Simply uncheck folder boxes that you do not wish to have on your desktop’s hard drive (in your account on dropbox.co, all of the folders will still be available).
- Note: If you see any folders with a green checkmark, they are currently being downloaded to your computer.
- Once done, click on Update.
5. Use a VPN
Even though it is a secure service, there are some strong reasons why you must use a VPN to protect your Dropbox privacy.
The first one is if you are on a WiFi connection, there is always the risk of someone monitoring your activities, as cybercriminals are always on the watch to snag unsuspecting users’ data.
By connecting to a quality VPN such as ExpressVPN, you create layers of encryption that make it almost impossible for anyone to get hold of your Dropbox files.
Secondly, while Dropbox can not track you accurately, the cloud storage giant can still get a rough idea of your location.
The service uses GPS to collect your location information and can pinpoint your location precisely based on how your IP address gets assigned to the GPS data.
Since a VPN enables you to hide your IP address while re-routing your browsing and making your internet traffic travel through encrypted tunnels, your actual IP (hence location data) won’t be seen by anyone, let alone Dropbox.
6. Set up Email notifications
Extra notifications from cloud services are deemed annoying by almost everyone, and rightly so.
But you should keep Dropbox as an exception here, as it is really necessary.
With email notifications, you can receive email alerts whenever a change happens to your account.
You can set email alerts for conditions such as whenever a new device or application connects to your account, files get deleted in large numbers, or logins from new browsers and devices.
Below is how you can change Dropbox email notifications:
- Go to dropbox.com.
- Click your avatar (you can spot it at the top).
- Click Settings.
- Then, click Notifications.
- Now uncheck or check the box next to each email alert you want to change.
7. Manage your linked apps
Whenever you use a third-party app to log into your account, Dropbox shares your information with that application.
On the Security tab of your account, you can view a list of all devices and applications that currently have permission to access your Dropbox account.
It is usual to forget which applications they authorized permission to access their account and perhaps not use those apps anymore.
If you ever authorized an app you no longer use or think might not be suitable for your privacy now, you must revoke its permission in your Dropbox account.
The feature can help if your smartphone, tablet, or laptop is lost or stolen.
You can immediately remove the stolen device (or any device about whom you have doubts) from the list of trusted devices to prevent your personal data from getting into the hands of the thief.
8. Check web sessions
You can find your current web sessions on your account’s Security page, which shows which browsers are presently logged into your particular Dropbox account.
It is good practice to check your Dropbox web sessions now and then to ensure your account is safe.
9. Delist linked devices
It is essential to delete all your linked devices (that you no longer use) from Dropbox to avoid any misuse of personal information.
If you have been using the cloud storage service for quite some time, you might have changed smartphones and PCs several times.
Your Dropbox account will likely have multiple devices linked to it even though you do not use them all.
Luckily, it is very straightforward to see when you last used a particular device with Dropbox and to remove that.
Follow the steps provided below to unlink a device from your Dropbox account:
- Log into your account at Dropbox.com.
- Click your avatar/name (in the top-right) menu.
- Go to Settings and then Security.
- There you will see the Devices section. All the devices currently linked to your Dropbox could be there. Simply click the cross sign (X) next to the linked device you wish to unlink.
10. Enable two-step verification
Two-step verification (also known as 2FA, multi-factor authentication, or double authentication) adds a layer of security to your account.
Not only to keep your Dropbox safe, but 2FA is also an extremely powerful tool to help you protect any account.
Most popular online services available today, including Gmail, LastPass, Facebook, and Xero (to name a few), offer this feature.
With this feature activated, you will need a six-digit code (as well as your username and password) to log in to your account whenever you want to.
You can make the service send codes to your phone as text messages, or they can be generated by a mobile application such as Duo Mobile or Google Authenticator.
Dropbox also allows you to use a security key instead of six-digit codes for two-step verification. Security keys offer more protection against phishing attacks and are easy to use.
11. Use an alternative to Dropbox
Nothing in this world is perfect; that is true for Dropbox.
Certain flaws in Dropbox (such as the absence of end-to-end encryption and only 2 GB of free cloud storage) might urge someone to look for its alternative.
Or you may simply not settle for one and the only option; it is always better to try different choices.
So, even though Dropbox is the most famous cloud storage provider, there still are competing services worth looking at.
Dropbox Alternatives
We selected the best Dropbox alternatives after rigorous tests and analysis of various cloud storage services.
Sync.com
- Private encryption
- Clear privacy policy
- Excellent security
- Slower synchronization speeds
Sync.com is an excellent Dropbox alternative that offers advanced private encryption. The platform has three subscription plans: Free, Solo Personal, and Pro Solo Basic, which offer up to 5GB, 200GB, and 2TB storage, respectively. Also, it has impressive file-sharing and versioning features.
Unlike Dropbox, Sync.com implements zero-knowledge encryption and does not collect your data. Additionally, the platform has a secure vault, which serves as a cloud backup for your account.
Overall, Sync.com is a decent Dropbox alternative, especially for those seeking a private cloud storage service.
Free Plan | Solo Personal | Pro Solo Basic |
---|---|---|
5 GB storage | 200 GB storage | 2TB storage |
$5/month | $8/month |
pCloud
- EU & US data centers
- Fast syncing
- Zero-knowledge
- No document integration
- Private encryption costs extra
pCloud is almost identical to Dropbox. Both platforms have similar security features for storage and transmission of data. The platform has three subscription plans: Free, Premium, and Premium Plus, which offer up to 10GB, 500GB, and 2TB of storage space, respectively. pCloud’s zero-knowledge feature charges extra costs regardless of your subscription plan.
It is important to note that pCloud is a Swiss company, a country known for the best privacy laws in the world. The company has data centers in the EU and the US, but you can always choose the region where you want to store your data when signing up.
Free Plan | Premium | Premium Plus |
---|---|---|
10 GB storage | 500 GB storage | 8TB storage |
$5.53/month | $11.08/month |
Mega
- Large free storage volumes
- Encrypted sharing links
- Zero-knowledge encryption
- Not good for collaboration
- Expensive for paid plans
With 20 GB storage space, Mega’s free plan is ten times bigger than Dropbox’s. Another distinguishing feature that makes Mega stand out is its private encryption features. It even encrypts your sharing links. The platform has three subscription plans: Free, Pro I, and Pro II, offering 20GB, 2TB, and 8 TB storage space respectively.
However, Mega does not have many third-party integrations compared to Dropbox, which is understandable because of its strict privacy approach. The platform’s focus on privacy is also why it performs poorly in collaboration and productivity. Mega is not a cheap Dropbox alternative but desirable for those seeking a private cloud storage service.
Free Plan | Pro I | Pro II |
---|---|---|
20 GB storage | 2TB storage | 8TB storage |
File transfer: 24 TB Annual Plan and 2TB Monthly plan. | File transfer: 96 TB Annual Plan | |
$9.06/month | $18.12/month |
Do not keep all your eggs in a single basket
Top-notch cloud services like Google Drive and Dropbox take several steps to ensure user content security; however, cybercriminals always remain on their toes to find new vulnerabilities and weak points.
If you genuinely care about your data safety, you should not put all your trust in a single service.
Add an extra layer of third-party encryption to your file with a tool like boxcryptor.com to ensure your files won’t be exposed to the bad guys because of a cloud storage service vulnerability.
Also, diversify your options and create multiple backups for your valuable data and information.
Conclusion
Admittedly, Dropbox is not the most secure cloud hosting service available today, but it is the most user-friendly one with balanced security.
Probably that is why it is the most popular cloud storage provider out there (I am a Dropbox user, too).
The tips above are all you need to lock your Dropbox account up and secure files.
It will probably take about thirty minutes to take all the recommended steps and make Dropbox more secure, so I highly recommend ensuring your data safety.
Is there any other method you use to maximize your Dropbox security? Have you ever run into a hacked account incident? Share your experiences and thoughts in the comments!
Images via Pixabay.