How to Improve Your Dropbox Security: Tips and Techniques

With 700 million users worldwide, Dropbox is one of the leading file hosting services. It works with almost every available operating system and enables users to sync files between devices and the cloud, allowing easy and secure file sharing.

But in June this year, co-creator of animated series Rick and Morty Justin Roiland discovered that Dropbox had deleted his account and files without warning because he had apparently violated one of Dropbox’s Terms of Service.

This incident raises serious questions about Dropbox file security – for two reasons: firstly, it reveals that Dropbox can view what users store on the platform. Secondly, if users are found to have breached Dropbox’s Terms of Service, it’s not clear whether they receive advance warning before they lose access to their files.

The Dropbox Terms of Service state:

“We reserve the right to suspend or terminate your access to the Services with notice to you if: you’re in breach of these Terms… We’ll provide you with reasonable advance notice via the email address associated with your account to remedy the activity that prompted us to contact you, and give you the opportunity to export Your Stuff from our Services”.

But in the case of what Dropbox calls a “material” breach of the terms, they don’t give advance warning:

“We won’t provide notice or an opportunity to export Your Stuff before termination or suspension of access to the Services where:
1. you’re in material breach of these Terms,
2. doing so would cause us legal liability or compromise our ability to provide the Services to our other users, or
3. we’re prohibited from doing so by law.”

The incident involving Justin Roiland’s data suggests that there is no certainty that users will be warned before their data is deleted. If Dropbox mistakenly identifies content as violating its terms of service, the user won’t get the opportunity to back up their files before they lose access to them. This should set alarm bells ringing for anyone who uses Dropbox but does not have separate backup for what they store on the service.

What Dropbox says about user data

Once again, in its Terms of Service, Dropbox states:

“Dropbox may review your conduct and content for compliance with these Terms and our Acceptable Use Policy. We are not responsible for the content people post and share via the Services.”

By their own admission, Dropbox can see what you’re storing on the platform, which is an immediate concern if privacy is your top priority. Dropbox does not operate ‘zero-knowledge’ encryption, which is where the user is the only person with the key to the data and not even the cloud storage provider can view user content. If privacy and security are your main concerns, then you should be looking for a cloud storage provider that does operate on a zero-knowledge basis. If Dropbox can see your content, what happens if they decide your content has violated their Dropbox Acceptable Use policy?

Dropbox says:

“We reserve the right to take appropriate action in response to violations of this policy, which could include removing or disabling access to content, suspending a user’s access to the Services or terminating an account.”

There is nothing in the Dropbox Acceptable Use policy about warning users before they lose access to the service. So, to eliminate the risk of losing your data without notice, you need to back up what you store on Dropbox with a different platform or service.

How to improve your Dropbox file security

If you’re using Dropbox for backup and file-sharing, the best approach to take is to regard it simply as a file sync system. In fact, this applies to all cloud storage providers – you need to treat them as if they could fail at any time, and put measures in place to ensure the protection of your files and data.

When using Dropbox for backup or secure file-sharing, here are some steps you should take to improve the safety of your content and data:

• Enable 2-factor authentication (2FA). This will allow you to receive a code on your smartphone every time someone accesses your account from a new device. 2FA won’t protect your data from every threat but it’s good practice to have it enabled everywhere you can.
• Enable ‘Selective Sync’. This is a feature of Dropbox that allows you to select which files on a device you have synced with your account. It’s easy to automatically sync everything on a device with your Dropbox account, but if there are any files you don’t want to risk losing without notice, don’t sync them.
• Unlink any devices or apps that don’t need access to your Dropbox account. Doing this as well as making use of the Selective Sync function gives you much more control over which files will be synced to your account.
• Encrypt your Dropbox files before uploading them. It’s relatively easy to find encryption software to do this – Boxcryptor is one paid option, while Cryptomator is a free alternative. Remember that whoever you’re sharing files with will need a log-in for the encryption service you use.
• Back up your files with a third-party backup provider. The most effective way to guarantee the security of your data is to back it up with a third-party provider – ideally one that operates a zero-knowledge policy. Even if you do lose access to your Dropbox files, a third-party backup service will be able to restore your data immediately, minimising stress and disruption.

BackupVault encrypts your data both during the transfer process and at rest using the highest-grade encryption, and not even BackupVault staff can see your data. You are the only person with the encryption key, which means your files are safe and won’t be accessed by anyone except yourself.

For automatic, hassle-free UK-based backup for your business, contact us today.

BackupVault: what have you got to lose?