Keeping your dropbox safe: 11 ways to make the cloud service more secure
Yes, the most popular cloud storage service around the world is not completely safe but you do not need to give up on it yet. You can make Dropbox more secure with a little effort.
Dropbox is a cloud space service that lets you save files of any kind and share them with whoever you want. With more than 500 million active users, Dropbox is one of the most widely used cloud storage platforms worldwide.
The storage capacity that it offers for free to the registered users is 2 GB, but the service allows you to increase the space relatively easily through certain actions, such as inviting friends to use Dropbox or installing the application on your mobile.
Saving files in the cloud usually contains private information of the users, so these types of accounts must always be secure and there must be simple ways to verify that there is no problem around unwanted access – to prevent data theft.
If you are already a Dropbox user or plan to be soon, then continue reading this piece and also do not forget to follow the tips featured in this article to make Dropbox more secure.
Let’s cover some basics, first, though.
What is cloud security?
Cloud security is the set of technology, policies, applications, and software that protect your professional and personal data stored online.
This protection applies the rigor of local data centers, protecting the cloud infrastructure without causing any maintenance costs of the hardware.
These types of solutions simplify IT management with software and applications to control and remotely track data in this environment.
Understandably, having the right cloud service provider also makes it easier for teams and organizations to store data securely and scale quickly.
How Dropbox file sharing service works (security-wise)
By design, Dropbox integrates several levels of protection, is spread over a scalable and secure infrastructure, and designed to protect your files. Here are the different levels of protection Dropbox boasts:
- Its SSL (Secure Sockets Layer) / TSL (Transport Layer Security) protocol creates a protected tunnel secured by AES (Advanced Encryption Standard) encryption on at least 128 bits.
- The SSL / TLS protocol is also used to keep data safe that gets transferred between Dropbox servers and apps.
- Files stored in Dropbox are encrypted by the 256-bit AES.
- Only people with a link to public files can view them.
- The 2-step verification provides an additional level of security when connecting.
- If you are using 2-step verification, you can opt to receive security codes via SMS or a TOTP (temporary one-time password) authentication application.
- Dropbox regularly tests its apps and basic structure to identify possible security vulnerabilities, strengthen their defense, and keep them from attack.
Is Dropbox safe?
For Dropbox, the security of the data kept in the cloud is a priority. It uses several layers of protection in a distributed and reliable cloud infrastructure.
For that reason, regardless of whether you have an individual or team account, this cloud storage service promises to offer the same protection standard for all your online data.
This means that individual account users can confidently and securely use Dropbox’s cloud to store files, share documents, and request access.
Besides, organizations can rest easy with the cloud storage, thanks to its enterprise-level encryption that meets the customers’ compliance requirements and follows the data security policies of major business and international regulations such as the HIPPA and GDPR.
So yes, as far as how Dropbox is built, it is safe. But, when it comes to security, you can never be too sure.
The giant file hosting service, Dropbox, seemed to have beefed up its encryption in the last couple of years.
What that practically means is when a user stores or sends files via dropbox, the whole process is protected and only the authorized party can access them.
Dropbox uses one of the robust ways of protecting stored files, which is the 256-bit encryption. To secure files, the service uses an Advanced Encryption Standard (AES).
On the whole, when it comes to encrypting their system, the cloud storage giant has done an excellent job.
However, you may not be too sure that only because of the stealthy Dropbox encryption your data cannot reach any third party.
How come my files are not 100% secure even if Dropbox boasts data encryption? I hear you ask.
Keep in mind, encryption does not protect data from stuff like employee error or misuse. A 2018 study concluded that employees’ mistakes and negligence are a huge source for data breaches.
Apart from the potential risk of employees causing data breaches, agencies asking companies to hand over user information is a problem worth noting, too.
It is no secret that law enforcement agencies send data requests to Dropbox from time to time.
What that means is even though they require a legal search warrant and report things transparently to users, they might give your information to a government in the future if asked.
Can my Dropbox account get hacked?
Courtesy of the stored data’s value and the popularity of the service, Dropbox history has an accountable number of hacking incidents.
Given its reputation, it is understandable that Dropbox is (and will always be) a supreme target for the hackers.
In 2016, the digital storage company acknowledged that it had suffered a massive hacking and urged its users to change their passwords.
The hacking occurred in 2012 and affected 68.6 million accounts after hackers stole credentials from a company employee (the employee used company password on other sites).
At first, in 2012, Dropbox only acknowledged that there had been an email leak.
But finally, in 2016, the cloud storage giant admitted that hackers also stole the passwords of millions of its users.
Those incidents give us out two vital takeaways.
- The service remains a prime target for cyber assaults.
- Private information breaches can occur as Dropbox does not look fully equipped to deal with them.
Dropbox privacy concerns
Dropbox Knows Wherever You Are: The service uses GPS data to locate the user’s location. However, Dropbox claims that it does not use the collected data except to get the geolocation information of your photos and a general idea where on the planet you are.
Sharing Personal Data: Dropbox affirms that it will never trade your data; however, the system does not mind sharing it with a third-party. If you sign in to your Dropbox account via a third-party app like Instagram then Dropbox will provide your private data to Instagram.
Your Personal Data Can Still Remain with the Service Even If You Delete Your Account: As per the explanation provided on its site, while users can delete their account, Dropbox holds the right to keep your information for fulfilling legal obligations, enforce their agreements or resolve disputes.
Data Preservation: The cloud storage company clearly states that they keep all the user information retained and saved with them when someone signs up. Such information includes physical addresses, usernames, emails, social IDs, credit card information, and phone numbers.
Is Dropbox Syncing a Sufficient-enough Backup Tool against Ransomware?
Ransomware remains one of the most active threats on the internet and among the most formidable for your data and files. Even your files saved in the cloud are the target.
Many users see cloud storage solutions like Dropbox as backup solutions. Certainly, your data is relatively sheltered there and is, in fact, protected against a possible crash or failure of your hard drive or SSD.
Ransomware is a serious threat but yes, Dropbox has got your back.
Ransomware do they encrypt all or part of your files and then ask you to pay ransom to obtain the key to regain access to your files.
Unfortunately, paying does not always guarantee file recovery. And your disk organization is usually wiped out (ransomware often moves all files to the same folder and destroys the original names) even if the content is restored.
Fortunately, with Dropbox cloud services, file recovery is much easier. The service backs up each of your individual files (including the early versions of them) by default for both free and Business users.
With Dropbox data recovery and version history features, you can easily restore previous versions or restore your deleted files.
Some important notes:
- Dropbox Business and Professional accounts can recover file deletions or edits made in the last six months.
- Basic and Plus accounts can recover any deleted or edited file within a month of deletion or edits.
- Dropbox Plus users can no longer have extended version history, but if you purchased this extra feature previously, you can restore your files to their older versions within a year.
- If you happen to be a Dropbox Business team member that has purchased extended version history of the service, you then can recover any of your files that were changed or deleted in the past 10 years.
11 Ways to Make Dropbox More Secure
Till this far we covered all the basics about Dropbox security, the privacy issues it boasts and debunked a couple of other Dropbox security myths.
Now it is time to learn how you can make your files and data available on dropbox more secure. Let’s start:
1. Use a strong password
Not only Dropbox, but you also need to keep this tip in mind for all the online services you use.
Choosing an easy password with simple combinations can make it easy for a third party to decrypt it and gain access to your secret information such as bank account credentials or personal data.
A secure password must include at least 8 random alphanumeric characters, as well as at least one special character (such as @ $ &). Ideally, a password that is difficult to guess or decrypt must have at least 12 characters.
Also, stop reusing passwords once and for all. You should opt for setting not only a complicated one but a different password for each of your online accounts.
2. Use password manager
The safest bet is to choose unique passwords for each service you use and guard them by taking all the necessary precautions. If you have used the same password for more than one website, it is advisable to create a unique one for each of them.
But a questions comes in, how do you remember multiple passwords? The answer is password managers.
Free password managers such as 1Password and LastPass (I use it if you ask me) can help you manage strong passwords on different sites and improve the security of your accounts.
That way you get to save all your passwords securely without needing to remember each one.
3. Use your own encryption
Perhaps the most powerful way to increase Dropbox security is to start using third-party data encryption applications.
Dropbox encrypts network traffic with SSL / TLS protocols and uses the idle 256-bit AES algorithm to protect your business data.
However, if you start using your very own encryption tool, you gain two commendable advantages.
Firstly, your data will have double protection, at first, your encryption app will encrypt it and then when you upload to Dropbox, the service’s encryption will come into play to secure it, too.
Secondly, by using your own encryption application, you get to kill even the cloud service giant’s ability to snoop on your data.
Since you will have all the data encrypted before uploading to Dropbox, the encryption keys needed to unlock files will only be with you.
That way not only your data will be safe in case of a company data breach but also, no employee misuse could happen to your information.
One free encryption app that I use and can recommend is boxcryptor.com.
4. Enable selective sync
Selective Sync or also referred to as Smart Sync is more of an organizational ad convenience feature of Dropbox rather than a security one.
It is a feature designed to help you free up space on your hard drive. But it can minimize the accidental exposure of your data in some situations.
As the name suggests, with this feature, you can keep selective folders synced with your Dropbox account instead of a whole device. That is something you can use to mitigate your Dropbox security risks.
Let’s assume if all of your devices including desktop, tablet, and laptop are synced with the service, then in case only one of them gets stolen, all your data could be with the thief to access and use.
However, if your desktop keeps only a specific folder synced with Dropbox while you selected a different folder on the tablet to sync, only your data kept sync of the stolen device will end up with the thief.
Below is how you can turn the selective sync feature on:
- Open the Dropbox application on your desktop (if you log into dropbox.com, you will not see the selective sync feature).
- Locate and click on the Dropbox icon available in your menu bar or system tray.
- If you are using Linux OS, to see the service icon, you might need to click on the up arrow (↑) first.
- Click your initials or profile picture.
- Linux users can skip this step.
- Tap on Preferences from the menu.
- Then click Sync.
- Next, click on Selective Sync (Windows and Linux) or select folders to sync (on Mac).
- You will see the boxes of all your folders on the left-hand side. Simply uncheck folders boxes that you do not wish to have on your desktop’s hard drive (in your account on dropbox.co, all of the folders will still be available).
- Note: If you see any folders having a green checkmark, it means that it is being downloaded on your computer currently.
- Once done, click on Update.
5. Use a VPN
Even though it is a secure service but there are some strong reasons why you must use a VPN to protect your Dropbox privacy.
The first one being, if you are on a WiFi connection, there is always the risk of someone monitoring your activities as cybercriminals are always on the watch to snag unsuspecting users’ data.
By connecting to a quality VPN such as ExpressVPN, you create layers of encryption that makes it almost impossible for anyone to get hold of your Dropbox files.
Secondly, while Dropbox can not track you accurately, the cloud storage giant can still get a rough idea of your location.
The service uses GPS to collect your location information and can pinpoint your location precisely based on how your IP address gets assigned to the GPS data.
Since a VPN enables you to hide your real IP address alongside re-routing your browsing and making your internet traffic travel through encrypted tunnels, your actual IP (hence location data) won’t be seen by anyone let alone Dropbox.
6. Set up Email notifications
Extra notifications from cloud services are deemed annoying by almost everyone, and rightly so.
But you should keep Dropbox as an exception here, as it is really necessary.
With email notifications, you can receive email alerts whenever a change happens to your account.
You can set email alerts for conditions such as whenever a new device or application connects to your account, files get deleted in large numbers or logins from new browsers and devices.
Below is how you can change Dropbox email notifications:
- Go to dropbox.com.
- Click your avatar (you could spot it at the top).
- Click Settings.
- Then, click Notifications.
- Now uncheck or check the box next to each email alert you would like to change.
7. Manage your linked apps
Whenever you use a third-party app to log into your account, Dropbox shares your information with that application.
On the Security tab of your account, you can view a list of all devices and applications that currently have permissions to access your Dropbox account.
It is normal for one to forget which applications they authorized permission for accessing their account and perhaps not use those apps altogether anymore.
If you ever authorized an app that you no longer use or think might not be good for your privacy now, you must revoke its permission in your Dropbox account.
The feature can also come in handy if your smartphone, tablet, or laptop is lost or stolen.
You can remove the stolen device (or any device about whom you have doubts) from the list of trusted devices immediately to prevent your personal data from getting into the hands of the thief.
8. Check web sessions
You can find your current web sessions on the Security page of your account that shows which browsers are presently logged into your particular Dropbox account.
It is good practice to check your Dropbox web sessions now and then to make sure your account does not get compromised.
9. Delist linked devices
It is essential to delist all your linked devices (that you no longer use) from Dropbox to avoid any misuse of personal information.
If you have been using the cloud storage service for quite some time, chances are you might have changes smartphones and PCs several times.
In that case, your Dropbox account will more likely have multiple devices linked to it even though you do not use them all.
Luckily, it is very straightforward to see when you last used a particular device with Dropbox and to remove that.
Follow the steps provided below to unlink a device from your Dropbox account:
- Log into your account at Dropbox.com.
- Click your avatar/name (in the top-right) menu.
- Go to Settings, and then Security.
- There you will see the Devices section. All the devices currently linked to your Dropbox could be there. Simply click the cross sign (X) next to the linked device you wish to unlink.
10. Enable two-step verification
Two-step verification (also known as 2FA, multi-factor authentication, or double authentication) adds an additional layer of security to your account.
Not only to keep your Dropbox safe, but 2FA is also an extremely powerful tool to help you protect any account.
Most of the popular online services available today including Gmail, LastPass, Facebook, and Xero (to name a few) offer this feature.
With this feature activated, you will need a six-digit code (as well as your username and password) to log in to your account every time you want to login.
You can make the service to send codes to your phone as text messages or they can be generated by a mobile application such as Duo Mobile or Google Authenticator.
Dropbox also allows you to use a security key instead of six-digit codes for two-step verification. Security keys offer more protection against phishing attacks and are easy to use.
11. Use an alternative to Dropbox
Not a single thing in this world is perfect, that stands true for Dropbox, too.
There are certain flaws in Dropbox (such as end-to-end encryption absence and only 2 GB of free cloud storage) that might urge someone to look for its alternative.
Or you may simply not settle for one and the only option, it is always better to try different choices.
So, even though Dropbox is the most famous cloud storage provider, there still are competing services that are worth having a look at.
Below is a list of secure Dropbox alternatives for you:
- Google Drive.
Do not keep all your eggs in a single basket
Top-notch cloud services like Google Drive and Dropbox take several steps for ensuring user content security; however, cybercriminals also remain on their toes always to find new vulnerabilities and weak points.
If you truly care about your data safety, you should not put all your trust in a single service.
Add an extra layer of third-party encryption to your file with a tool like boxcryptor.com to ensure your files won’t be exposed to the bad guys because of a cloud storage service vulnerability.
Also, diversify your options and create multiple backups for your valuable data and information.
Admittedly, Dropbox is not the most secure cloud hosting service available today but it is the most user-friendly one with balanced security.
Probably that is why it is the most popular cloud storage provider out there (I am a Dropbox user, too).
The tips above really are all you need to lock your Dropbox account uptight and keep files secure.
It will probably take about thirty minutes to take all the recommended steps and make Dropbox more secure — so I would highly recommend taking the time to ensure your data safety.
Is there any other method you use to maximize your Dropbox security? Have you ever run into a hacked account incident? Share your experiences and thoughts in the comments!
Images via Pixabay.
About the author
Ali Qamar is the founder of PrivacySavvy, which he started out of the sheer passion for making every internet user privacy savvy. Ali has always been concerned about security and privacy for the general public and is very libertarian. Even before Edward Snowden appeared, he has been a privacy advocate even before Edward Snowden appeared with his revelations about NSA's mass surveillance.
Ali graduated with a computing degree from the leading IT college in Pakistan, so he boasts a background in this area. He has an accountable understanding of the technical sides of encryption, VPNs, and privacy.
Ali is regularly quoted in the privacy and security reports by the local press. His contributions have been featured in SecurityAffairs, HackRead, Ehacking, Livewire, Intego, Business.com, InfosecMagazine, and many more publications online. Ali is naturally attracted to transforming things.