Technology Blog »

Risks Of Using DropBox In a Small Business

Image depicting some of the risks Of Using DropBox in a small business
Improper Implementation of DropBox in a Small Business Could lead to serious Data Leakage
posted by DCS Security Team

October 31, 2020

What seems like an innocent enough collaboration and file-sharing tool could be potentially leaving your company open to serious data breaches, potential lawsuits, and embarrassment as well as in some cases criminal enforcement if some compliance laws are broken While Dropbox might look convenient for a business there are several issues that you shoud be aware of from a security standpoint.  Dropbox does not have an excellent security record in our opinion as it has been the victim of various security incidents over the years.

You Could be Opening Your Company up to a Potential Lawsuit

DropBox may be an excellent platform for sharing pictures of your vacation with your friends and family, but it may not be a secure as you think.  Dropbox had a unique model when they hit the market known as "Freemium" which really worked well for them.  But if it's free, is it for me? You may want to think long and hard about this because an application like DropBox may not be as secure as you think, and with "Free" Solutions, there is a very high likelihood that your people may be using it. Most likely, you never even gave it another thought. Still, you could be potentially facing security and legal threats from data theft, corruption of data, and the leaking or hacking of privileged client data.

Confidential Data May Be Floating Around Cyberspace for Everyone to See

While great for non-confidential data, solutions like DropBox don't really offer much control and oversight, and you have very little control over what devices it is installed on.  You may wind up with DropBox being a back door right into your secure environment with employees mixing it from personal to work machines. Dropbox lets employees permanently delete files without your knowledge? Did you know employees are also able to share files without your knowledge? This leaves you at risk for breaking privacy agreements, data protection laws, industry compliance regulations, to name a few reasons.

I'm Using DropBox to Backup My Important Information

Every small business faces the potential for important files to become corrupted.  You may not even be aware of this, nor did you probably think to worry about this.  Typically 1 out of every 1500 files becomes corrupted at some point in time, and Dropbox is no exception.  Most consumer-grade file-sharing tools don't offer data integrity assurance systems that businesses need to guarantee protection against corruption.   Imagine if your QuickBooks File was deleted, and you thought, "I will just go and download it from DropBox" You download it, and lo and behold, the file is no good, corrupted!   DropBox is not a file backup solution and should not be used for important data.

DropBox was hacked in 2016 exposing 68 Million RecordsSome of the Risks associated with Using an improperly configured DropBox Account

According to multiple sources including an article in CPO magazine, Dropbox was hacked exposing some 68,000,000 records including passwords.  And to make things worse, some people have had the dame passwords on DropBox accounts for years.  Just think about this for a second, your username and password is available on the DarkWeb for the taking and many people never change passwords at all or reuse passwords accross multiple solutions or don't have an adequate password policy in place at all.

What Should I Do instead of DropBox?

First things first, use a PasswordManager and CHANGE YOUR PASSWORDS ASAP!

Most importantly, any solution you use, if not implemented properly, can be a disaster.  Work with a Managed IT Services Provider and discuss what you are trying to do to make sure that your solution is implemented properly and securely by IT professionals.  Discuss your end goal with your MSP so they can work with you to make sure you've picked the right solution. Our advice is to stick to known standards that work like Microsoft Office 365's OneDrive.  OneDrive has a powerful end to end encryption and works properly in most modern environments, and can be implemented with Multifactor Authentication. The biggest mistake that some companies make is not involving their MSP or letting them guide the technical solution instead of driving the solution.  With a proper MSP, IT support relationship, you may already own these tools and need to get some guidance to use them. Please take 10 minutes out of your day and call them to discuss your goal and ask them the best way to achieve your goal.