How to make Dropbox more secure without spending a cent

Most of what you need to defend your data is right inside Dropbox.

Dropbox has had its share of security woes over the years. While the cloud storage provider has done much to beef up its defenses, there's still plenty you can do on your own to improve the safety of your files. Here are a few ways to get started.

Use two-step verification

Thanks to increasingly ambitious hackers and users' tendency to rely on comically weak passwords, one--factor authentication has become something of a joke. (Bonus tip: Get the last laugh by using a password manager on your computer or as a mobile app.) In light of this, most major services, including Dropbox, have implemented two-step verification. This system requires you to enter both your password and a security code sent to your mobile phone, and it's the easiest way to increase the security of your account.

To enable two-step verification, log into your Dropbox account, click your username in the upper-right corner and select Settings from the drop-down menu. Click the Security tab, then click Enable under "Two-step verification." Follow the prompts to set up this feature.

Unlink old devices

Much of Dropbox's power lies in the ability to use it across multiple devices. But considering most of us upgrade our smartphones, tablets, and computers every few years, you're likely you have some old devices still attached to your Dropbox account. That poses a security risk.

To unlink any devices you don't use or no longer have, follow the above steps to get to the Security tab and scroll down to "Devices." Here you'll find a list of devices that currently have access to your Dropbox account, along with the date of their most recent Dropbox activity. To unlink a device from your account, click the X at the far right of its name.

Manage app access

A wealth of third-party apps integrate with Dropbox to extend its capabilities, most of which require full access to your account. An app retains its access even if you don't use it anymore, and if that app's developer stops supporting it or it otherwise becomes compromised, it may give hackers an easy entrée into your account. To prevent this, you need to revoke the access of any apps you don't regularly use.

Return again to the Security tab and scroll down to the "Apps linked" section. You'll see a list of all the apps you've authorized to access your Dropbox account, along with the extent of access. To remove any app, click the X at the far right of its name.

Monitor web sessions

In addition to devices and apps, Dropbox also tracks web browsers that are logged into your account. This is an easy way to monitor for any unauthorized activity.

Go to the Security tab, and scroll down to "Sessions." This is a list of all the browsers currently logged in to your account, along with their country of origin and the time of the activity. If you see any you don't recognize, you'll know your account has been breached. It's also a good idea to go in from time to time and remove any of your old activity--just click the X next to the entries you want to delete.

Encrypt your files

While these measures will minimize any holes in your Dropbox security, none of them will safeguard your data if someone does break into your account. In that event, encryption remains the best protection for your files.

While Dropbox encrypts your data in transit and at rest, you can add an extra layer of protection with a third-party solution like Boxcryptor. This service encrypts your files before you upload them, then places them in a special Boxcryptor folder within your Dropbox. Boxcryptor offers free, Personal ($48/year) and Business ($96/year) licenses, as well as a selection of mobile apps for anywhere-access to your encrypted files. It's also "zero-knowledge" software--Boxcryptor doesn't have access to your encryption keys or passwords, so the security of your data remains in your hands, where it belongs.

Join the CSO newsletter!

Error: Please check your email address.

Tags dropboxsecurityproductivitycloud storage

More about ClickDropbox

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Ansaldo

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place