Ask LH: Is It Safe To Use Dropbox For Collaboration?

13 years ago

June 17, 2011 at 1:00 pm

Hi Lifehacker, My company is thinking about using Dropbox for daily file transfers (such as working from home and not needing to email the document to another email), but some people are concerned about the possible access the general public would have to the files. Do you guys have any suggestions of how to keep the info as secure as possible using Dropbox? Or is it not advisable to use Dropbox if we’re planning on using it for confidential information? Thanks,
Laura

Dear Laura,

It’s a good question (and one which actually popped up in a comment but which merits a broader answer).

We’re big believers in using Dropbox for collaborative work, and the US Lifehacker team offered a detailed guide a while back on how to make that work. The approach outlined there is worth checking out for some general ideas, so I won’t repeat them here. In terms of security, the answer to your question is: Dropbox is fine as long as you approach it the right way.

The wrong way is to drop them in the ‘Public’ folder on a Dropbox account, since that creates a web link which is accessible to anyone who gets hold of it.

As we’ve suggested before, a better idea is to set up a work Dropbox which everyone can log into. That means there are copies of vital files on multiple machines, and the newest versions are automatically replicated. If someone wants to grab a file for use on an unfamiliar machine (perhaps an emergency presentation), that’s also possible by logging in via a web browser.

Not that whole they are shared, those files aren’t available to the general public; only people who have the relevant login address and password can get to them. Make sure to use a strong password and change it regularly (including whenever a team member leaves or takes on a new job).

That approach isn’t foolproof: if the password leaks, then those documents will be accessible. But that applies to virtually any collaboration system. Given its ease of installation and availability on a wide range of platforms (including via a web browser), Dropbox is still a great solution for where you want to exchange files or have them available to multiple members of a team but don’t need actual, real-time interaction.

Cheers
Lifehacker

Got your own question you want to put to Lifehacker? Send an email to [email protected], and include ‘Ask Lifehacker’ in the subject line.

Comments

9 responses to “Ask LH: Is It Safe To Use Dropbox For Collaboration?”

READ THE COMMENTS

Michael

June 17, 2011

There is also this method from LH if you are super paranoid/have specifically sensitive information http://bit.ly/kgPjaV.

Log in to Reply
Magnus

June 17, 2011

I think Waula is a GREAT option, since it’s encrypted all the way. And I want to remember that Dropbox isnt.
Please correct me if I’m wrong, have a nice friday 🙂

Log in to Reply
Alex

June 17, 2011

Except as per an email I’ve forwarded to LH (and hope you guys investigate further) There’s a significant security hole in the way Dropbox authenticates to registered devices.
More at this link: http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/

Log in to Reply
3rddesign

June 17, 2011

I am using Dropbox. I have a desktop computer and a laptop. Every time I travel I sync my working files to Dropbox so that I could still continue my online job while on travel. I don’t put my files into the ‘Public’ folder because obviously it’s for the public. I have employers who share their files to me via Dropbox and so far we have no problem.

Log in to Reply
Grim

June 17, 2011

If your information/resources are valuable and you’re putting them online assume it’s going to be public (but take measures to make sure it’s not) and anyone – including the hosting company – can access it. As people already commented, Dropbox has known flaws in its security; other systems may too.

It’s a little more hassle but a lot less risk of being compromised:

Encrypt your files before uploading them.

Log in to Reply
1. Josh
  
  June 17, 2011
  
  I think encrypting them even when they’re on your own network is important if they’re sensitive enough. Anything that goes out online should be encrypted, even if that online space is supposedly “private.” I only use Dropbox for personal stuff, and encrypt stuff that could prove problematic if someone got hold of it (e.g. I have a PDF of my birth certificate and drivers license in there somewhere, but strongly encrypted with a 20+ character password with True Crypt.) Everything else, whilst I don’t expect it to get into other people’s hands, it doesn’t matter if it does (if they really want my Uni assignment from last semester, they can have it!)
  
  I think a general rule of thumb is, if it’s confidential and/or for a business (and in the case mentioned in the post, it would be) always encrypt it no matter what service you’re using. For personal stuff, not quite as important except for personally identifiable information (such as drivers license, birth certificate, passport etc).
  
  Log in to Reply
w0qj

June 22, 2011

Good article – here is another cloud storage solution that is fully encrypted:
With SugarSync, you get 5GB of cloud storage space with the FREE version, but now there is no restriction to the number of computers you can sync/backup (up from 2).
It gives you the ability to upload and sync any folder on your computer.
It is the only service that offers such a broad device and OS support with apps for BlackBerry, Android, iPhone/iPad, Symbian, not to mention your computer!
You can also stream MP3 music files to your smartphone or computer.

Log in to Reply
nxb3942

March 20, 2012

It depends on what you want to do. For many regulated industries, DropBox is not compliant. Their website clearly states this:
https://www.dropbox.com/help/238
Dropbox Enterprise File Transfer from Thru is the secure solution for businesses and enterprises. Their solutions have been working for large businesses for ten years without a single security breach. http://www.thruinc.com/solutions/dropbox-enterprise-file-transfer/
http://www.thruinc.com/products-services/secure-file-transfer/

Log in to Reply
Aiden

September 8, 2012

Laura, I hope you have found a solution by now. There are many ways to have shared folders for multiple people each with their own account (think audit trails from a PCI perspective). I would be scared to have too many people with a single login. How do you communicate the new password when it needs to be changed? Not email I hope! I’ve been suggesting this solution (GoAnywhere Services) to my customers. It allows remote file access, shared team folders, virtual links to network shares, AND all the files stay on your corporate networks! http://www.goanywheremft.com/products/services
It is definitely worth a few thousand quid to know that everything you are doing is secure and meets the compliance requirements of your locality.

Log in to Reply

Why Your Kitchen Still Needs a Toaster (Even If You Have an Air Fryer)

How to Know It’s Time to Say Goodbye to a Kitchen Appliance

Why Lettuce Belongs on the Outside of Your Taco

What People Are Getting Wrong this Week: AI-powered Gadgets

These Are My 8 Favourite Air Fryer Recipes

Optus Is Offering a $300 Discount on the iPhone 14 This Month

Here’s Everything You Need To Know About The Upcoming Click Frenzy Mayhem Sales

Swoop Is Knocking up to $240 off Its Fastest NBN Plans

Here Are Amazon Australia’s Best Deals of the Week

TPG Has Changed the Prices for Almost All of Its NBN Plans

Ask LH: Is It Safe To Use Dropbox For Collaboration?

Comments

9 responses to “Ask LH: Is It Safe To Use Dropbox For Collaboration?”

Leave a Reply Cancel reply