Dropbox is a popular online storage service that has been around for more than a decade. But just because this storage service is popular, it doesn’t mean that it's secure.
Luckily, there are secure alternatives to using Dropbox that might be more secure and are less likely to share your data with third parties.
In this article, I will share why Dropbox isn’t a secure storage service for your business’s data. I'll show you how you can make Dropbox more secure and I’ll recommend alternative solutions to Dropbox, such as Sync.com, pCloud, and Boxcryptor.
- Why Dropbox isn't secure ⇣
- History of security issues and breaches ⇣
- How you can make Dropbox secure ⇣
- Best secure alternatives to Dropbox ⇣
Dropbox is popular – but Dropbox isn’t secure
Dropbox has millions of users all over the globe that use it for personal and professional reasons. But unfortunately, their storage services aren’t secure. Your business will need to know about a few security issues using Dropbox.
Stores your personal information
Before signing up for Dropbox services, businesses should know that Dropbox will store their social media information, credit card details, contact numbers, physical address, email addresses, and usernames.
Even though this is common with online services and companies, you should be aware of this if you want to use it for your business.
Dropbox hangs on to your data even after you delete your account
Dropbox shares your personal information
While Dropbox says that it won’t ever sell your information, this doesn’t mean Dropbox won’t share your information with other parties. For example, if you sign in to your Dropbox account with Facebook, Dropbox will share your information with Facebook.
Dropbox also shares your data with companies such as Amazon because the company uses the online retailer’s S3 service for storing files. Dropbox is obligated to your data with Amazon as part of this deal.
In some situations, Dropbox will share your information if the company feels there is a danger to the company or other users. But the storage service doesn’t clearly state what these dangers are.
Dropbox can track your location
Dropbox can easily track your location. It can do this by using the GPS information sent from the PC or smartphone accessing the Dropbox account. Dropbox claims that it doesn’t do this because it doesn’t want to be seen as tracking its user’s location.
Instead, Dropbox uses the information embedded in the uploaded files, such as videos and photos. Dropbox can also use your IP address to get a general location of your business.
Not secure (no zero-knowledge / end-to-end encryption)
For Dropbox to work with other apps, information needs to move effortlessly between two different companies. In this process, first decrypting the files will take a long time. To avoid this, Dropbox keeps users’ encryption keys to access your files when they need or want.
Dropbox is different compared to other online storage services that have zero-knowledge encryption. With zero-knowledge encryption, a user’s password is a secret, and not even the host can access your files or information.
Zero-knowledge makes it more difficult for hackers and even governments to get access to your information. It also prevents your host, Dropbox in this case, from knowing what you’ve stored on their system. But it also slows down most processes when handling your data.
Not private (US Headquarters – the Patriot Act)
Because Dropbox has its headquarters in San Francisco, California, USA, there’s another security risk when using their services. In the US, there is the Patriot Act. Because of this act, law enforcement can demand that Dropbox give them access to your information and files.
What is the Patriot Act?
After the terrorist attack in the US, the government passed the Patriot Act to give law enforcement power to investigate, indict and bring suspected terrorists to justice. This law has led to increased penalties supporting and committing acts of terrorism.
With the Patriot Act, there’s the acronym for “Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism.” This was for the primary purpose of allowing law enforcement to obtain warrants for citizens who are suspected of being terrorists, spies, and enemies of the US.
The Patriot Act means that if law enforcement suspects that you’re a terrorist or that you’re supporting a terrorist, Dropbox will give them access to your files and data. Government investigators will be able to sift through files and check your data.
Dropbox’s history of security issues and breaches
In 2007, MIT students Drew Houston and Arash Ferdowsi launched Dropbox, and as of 2020, there are as many as 15.48 million paying users. Dropbox has a long list of security problems despite being around for more than a decade.
Hackers caused some of these security problems, but these breaches show how poorly Dropbox handles users’ data.
The first security issue happened in 2011. There was an error when Dropbox had an update that allowed anyone to access Dropbox accounts as long as they had the email address. Even though Dropbox fixed the problem in a matter of hours, the company should have properly tested the upgrade before going live.
In 2012, an alarming data breach with Dropbox was due to an employee’s hacked Dropbox account. This breach led to millions of users’ passwords and emails being leaked. It was only in 2016 that Dropbox discovered that the upgrades had leaked the emails and passwords of users. Before then, Dropbox believed that the upgrades leaked only the email addresses.
Dropbox added more security upgrades and created a public blog post to fix this problem. The security upgrades included the two-step verification process and the security tab so users can log out of other devices.
Users with compromised information got emails that asked them to change their passwords. Today, we still don’t know how many accounts were hacked.
In 2014, Dropbox was criticized for allowing its employees access to encryption keys. Unfortunately, the storage service hasn’t changed its policy on this. Allowing employees to have the encryption keys means that Dropbox employees can decrypt user files and view them at any time.
The following major security breach took place in 2017. Many users had deleted files show up in their accounts. An error in Dropbox’s system has allegedly caused a security breach that didn’t remove some deleted files.
When Dropbox tried to fix this issue, the service sent the deleted files back to its users. As a result, Dropbox never removed any data you deleted was never removed, and hackers or Dropbox employees can access your data.
Ways you can make Dropbox more secure
If your business still wants to use Dropbox, there are plenty of ways that you can make your Dropbox account more secure.
1. Make sure you check your web sessions
If you’re worried that a hacker has accessed your Dropbox account, there’s a way that you can check. You can go to the Dropbox security page to narrow down your list of devices linked to your account.
You will be able to check the current web sessions and what browsers are logged in at that particular moment. This list will be helpful to check which web sessions should be there and that there are no unauthorized users with access to your Dropbox account.
2. Delist old devices from your Dropbox
When your business has used the same Dropbox for a long time, there’s a good chance you’ve changed your PC or smartphone a few times. If you haven’t checked on your list of linked devices, you’ll need to check on your list regularly and delist old devices.
Scroll down to the Device list under (where you can enable the two-step verification). The list will give you the names of all the devices connected to your Dropbox account. It will also tell you the last time the device used your Dropbox account.
Next to each device listed, there is an “X.” You can click on this “X” to delist the machine you don’t want to have access to your account. Before you do this, make sure the device is no longer used by you or anyone else to access your Dropbox account.
3. Manage linked apps
When you access your Dropbox account with a third-party app, your information with the app, if you do this regularly, Dropbox will share your information with all of the apps you’re still using and even the apps you’ve stopped using.
You can check on the apps linked to your Dropbox account by going to the bottom of the security page on your account. There you’ll be able to see all the apps that have permission to access your Dropbox account. You’ll be able to remove the permission you gave the app quickly.
4. Use email notifications
With Dropbox, you have the option of getting email notifications whenever something happens on your account. You’ll get notifications whenever there are changes and when someone logs into your account from a new browser or device.
You will also get email notifications when a large number of files are deleted or when a new app gets access to your Dropbox account. You can manage the email notifications from the Profile panels in the settings menu.
5. Activate Two-Step verification
The “two-step” verification tool is a powerful way to ensure that unwanted users will get access to your accounts. This method is also used for Facebook and Gmail.
With this tool, you can have a specific code sent to your phone whenever someone tries to access your Dropbox from a new device.
To switch on this tool, all you need to do is find the drop-down menu on the top right-hand corner of your home page and click on “settings.” When you do this, a new window will open, and you’ll be able to click on the security tab.
Here, you’ll notice if your two-step verification is either enabled or disabled. If it’s disabled, you can click on the enable link to activate it.
Just remember that you’ll need to enter your password again when you do this. After that, you’ll get asked if you want the codes to be sent to you as a text message or to a secure app like Google Authenticator.
When you’ve made your choice, you will need to enter your phone number where Dropbox can send the code. You will also need to give a backup number if you lose your phone.
The last step involves you being given ten backup codes, which you’ll need to keep in a safe place. Finally, you’ll be able to click on the “Enable Two-Step Verification” button to end this long process.
6. Use a secure password and a password manager
Using a strong password with a secure password manager is the first step in ensuring that your information is protected online. Using a strong password doesn’t just apply to using Dropbox.
A strong password will use a combination of symbols, numbers, and lower and upper case letters in your password. You shouldn’t use the same password for everything or the same combination of letters and symbols. Some password managers can even generate a unique and strong password for you.
Having a long password with a different combination of letters and symbols can be overwhelming. Because remembering different passwords can be overwhelming, it’s handy to have a secure password manager. A secure password manager will help you keep your passwords all in one place, so you don’t have to remember them all.
You can check out our choice for the best password managers for 2022
7. Use a Virtual Private Network (VPN)
Dropbox can get a general idea of where you are in the world. Also, depending on your IP address, Dropbox will accurately locate where you are. But you can get around this by using a Virtual Private Network (VPN).
A VPN is a web of connected computers that form an encrypted channel that diverts your online activity from the public server to the server on your VPN network. Thanks to this, Dropbox won’t be able to track your location.
You can check out some of the best VPNs to protect your location.
8. Backup your files to other storage services
You can use other storage services similar to Dropbox to backup your company’s files. They each have their own built-in security features. Creating a backup will strengthen your security.
Backups are a necessity when it comes to your company’s data security. This necessity makes it essential to use a strong storage service to protect your data.
You have the option of setting up your Dropbox account with another file storage service such as Files.com. You can use the integration of Dropbox with Files.com option.
This option will let you connect your accounts to ensure that your files are synced from the first storage service to the second one. This process will be done automatically, so you don’t have to worry about this.
9. Consider using alternatives to Dropbox
If you still feel unsafe using Dropbox, choose from some alternatives. There are alternative encrypted storage services that can protect your information.
These alternatives will have the same features as Dropbox. There’s the extra advantage of these alternatives being unable to see what’s stored on their servers.
Use a more secure cloud storage alternative
What is pCloud?
You can use pCloud to store your data on your PC securely. It’s a desktop app that builds a safe virtual drive on your PC. With pCloud will be able to effortlessly keep and work with the files you’ve stored in the cloud.
You drag and drop your files and data to your virtual drive or copy the files to your pCloud Drive. You shouldn’t copy and paste the files with big files or large amounts of files.
You should sync your files for big files or large amounts of information. You should also stop the syncing process when all the files have been successfully uploaded.
There are added benefits to using a pCloud Drive that include file sharing integrations and synchronization throughout your PC.
Best of all, pCloud is secure. pCloud Crypto is the simplest and most secure way to encrypt data. Using unique client-side encryption your files are safely hidden from any unauthorized access.
What is Sync.com?
If you have a small to midsize business, you might want to consider using Sync.com. This service is a solution that assists companies with backing up and recovering data and collaboration. Sync.com is available in on-premise and cloud-based deployment options.
This solution also includes apps that companies can use on Android devices and iPhones.
With Sync.com, you will be able to control who has access to shared files by using expiry dates and passwords, email notifications, and uploads. You can also give small access permissions with read-write and read-only controls.
In case of a ransomware or malware attack, the data recovery and backup will assist you with getting access to an earlier version of your files. You can also use this function to recover a deleted file.
With Sync.com, Vault Storage also allows your business to archive documents straight to the cloud from your hardware or system.
Consider using Boxcryptor
With Boxcryptor, you’ll have an extra layer of security for storage that’s easy to use. This Windows desktop app will encrypt your folders locally on your PC.
Boxcryptor is an add-on encryption integration for Dropbox – (and for OneDrive and Google Drive)
Since it was founded, Boxcryptor has been designed for cloud storage. This design means that Boxcryptor will encrypt each file independently from the other files. This is on top of supporting features such as selective sync.
With Boxcryptor, you can create a folder with a password. Then all you need to do is drag and drop the files you want to protect. This app will immediately encrypt your files with AES-256 encryption.
So the question remains, is Dropbox secure? The simple answer is that Dropbox is not very secure. The storage service may have been founded with the best of intentions, but there have been significant security breaches that led to passwords and emails being leaked since then.
I recommend that if you have any private documents and want to stay private, you should use another cloud storage service or add an extra bit of security using Boxcryptor's add-on encryption.