How to Secure Your Dropbox and Google Drive Files
Who doesn't appreciate the convenience of storing your important files online? Popular cloud storage services like Dropbox and Google Drive make it easy to access and share documents and files with anyone anywhere anytime. But with convenience comes risk.
Knowing how to protect your valuable files as well as the people you're sharing your files with should be part of your company's security plan.
Here are 5 practical tips to help you safeguard your online file storage.
Dropbox doesn't scan your files for viruses when you upload or download them. This means that an infected file can live indefinitely in Dropbox.
Google Drive does some scanning but not enough to provide the protection you need. Google scans files smaller than 100mb before they are downloaded. Like Dropbox, Google Drive doesn't scan files when they are uploaded.
If a file is infected, Google will warn your users when they attempt to download the file. However, your user can ignore the warning and continue the download. You know what this means.
Why is this important?
One of the benefits of online file storage is that changes are automatically synced to all devices associated with the account. One infected file quickly spreads to all your company's devices when they sync.
The most effective defense is proactive advanced endpoint security running on every desktop, laptop, mobile device, and server. Relying on legacy reactive antivirus solutions like Windows Defender is not adequate malware and virus protection today.
A Dropbox file can be shared with anyone who has a link to it. This link can be freely passed along through email, text, social media, whatever tool is handy. By default, the shared file is view only, but anyone can download it.
Protecting who has access to your valuable files and what they can do with them are obvious. One way to wrap more security around file sharing is by enforcing link passwords. The Dropbox Business plans allow for both passwords and password expiration.
Adopt a strict user access permissions on both individual files and entire folders approach. Create user groups in Dropbox Business Standard and Business Advanced versions to manage who has file access and what they can do.
Dropbox operates under the Shared Responsiblity Model. This means that the customer is responsible for protecting their information and implementing a user access policy. If data is lost or stolen, the customer is solely responsible for recovering all data. This is a significant burden that customers are often unaware of.
Continuously monitoring your company's online file activities is the role of your Dropbox or Google Drive administrator.
Make sure notifications are enabled. It's important your admin receives a notification when files change or are accessed. This allows for immediate action when an unexpected or questionable event occurs.
Continuous monitoring is especially important when employees can access online storage using public wi-fi. The potential for unauthorized access to your valuable data is high.
Immediately delete a terminated employee from the online account and wipe the account from their devices. This includes company-owned devices as well as all personal devices that have access to your company's Dropbox and Google Drive accounts. It seems obvious enough, and yet it's easy to overlook this step, especially when employees use their own devices to access company files.
This includes their phones and other mobile devices too.
Google Drive allows users to upload executables (such as .exe, .sh) and compressed files (with extensions like.zip, .gz). While these are standard file types for installing and executing the software we use every day, they can also be potentially dangerous.
These file types immediately run when clicked so an unsuspecting user can easily launch a piece of malware.
We strongly recommend that you do not allow users to upload or download these file types in Google Drive.
We're continually listening to the cybersecurity questions and concerns from company leaders like you. We've answered 11 frequently asked cybersecurity questions in this blog post.
Knowing how to protect your valuable files as well as the people you're sharing your files with should be part of your company's security plan.
Here are 5 practical tips to help you safeguard your online file storage.
1. Dropbox and Google Drive Virus Scanning
Dropbox doesn't scan your files for viruses when you upload or download them. This means that an infected file can live indefinitely in Dropbox.
Google Drive does some scanning but not enough to provide the protection you need. Google scans files smaller than 100mb before they are downloaded. Like Dropbox, Google Drive doesn't scan files when they are uploaded.
If a file is infected, Google will warn your users when they attempt to download the file. However, your user can ignore the warning and continue the download. You know what this means.
Why is this important?
One of the benefits of online file storage is that changes are automatically synced to all devices associated with the account. One infected file quickly spreads to all your company's devices when they sync.
The most effective defense is proactive advanced endpoint security running on every desktop, laptop, mobile device, and server. Relying on legacy reactive antivirus solutions like Windows Defender is not adequate malware and virus protection today.
. . .
2. Sharing Dropbox Links
A Dropbox file can be shared with anyone who has a link to it. This link can be freely passed along through email, text, social media, whatever tool is handy. By default, the shared file is view only, but anyone can download it.
Protecting who has access to your valuable files and what they can do with them are obvious. One way to wrap more security around file sharing is by enforcing link passwords. The Dropbox Business plans allow for both passwords and password expiration.
Adopt a strict user access permissions on both individual files and entire folders approach. Create user groups in Dropbox Business Standard and Business Advanced versions to manage who has file access and what they can do.
Dropbox operates under the Shared Responsiblity Model. This means that the customer is responsible for protecting their information and implementing a user access policy. If data is lost or stolen, the customer is solely responsible for recovering all data. This is a significant burden that customers are often unaware of.
. . .
3. Monitor Employees' Online Activity
Continuously monitoring your company's online file activities is the role of your Dropbox or Google Drive administrator.
Make sure notifications are enabled. It's important your admin receives a notification when files change or are accessed. This allows for immediate action when an unexpected or questionable event occurs.
Continuous monitoring is especially important when employees can access online storage using public wi-fi. The potential for unauthorized access to your valuable data is high.
. . .
4. Manage Terminated Employees' Dropbox and Google Drive Access
Immediately delete a terminated employee from the online account and wipe the account from their devices. This includes company-owned devices as well as all personal devices that have access to your company's Dropbox and Google Drive accounts. It seems obvious enough, and yet it's easy to overlook this step, especially when employees use their own devices to access company files.
This includes their phones and other mobile devices too.
. . .
5. Be Careful What You Upload
Google Drive allows users to upload executables (such as .exe, .sh) and compressed files (with extensions like.zip, .gz). While these are standard file types for installing and executing the software we use every day, they can also be potentially dangerous.
These file types immediately run when clicked so an unsuspecting user can easily launch a piece of malware.
We strongly recommend that you do not allow users to upload or download these file types in Google Drive.
Frequently Asked Cybersecurity Questions
We're continually listening to the cybersecurity questions and concerns from company leaders like you. We've answered 11 frequently asked cybersecurity questions in this blog post.
Discover Practical Knowledge Sharing for Business & Technology Leaders
If you've ever searched for a place to connect with business leaders without the ads, sales pitches, and usual social media clutter, you know how hard that can be.
That's why we created Studio CXO. We're business leaders like you who know there can be a better way.Explore Studio CXO Now
Free Online Cybersecurity Risk Appetite Assessment
Start with these 20 no-wrong-answer questions to guide your cybersecurity planning.
Then get your free ebook After the Risk Assessment Next Steps
Free Online Cybersecurity Risk Tolerance Assessment
Discovering how much risk you're comfortable taking is smart strategic thinking.
Then receive your free ebook After the Risk Assessment Next Steps
. . .
Linda Rolf is a lifelong curious learner. She loves discovering the unexpected connections among technology, data, information, people and process. Quest Technology Group believes that lasting value and trust are created through continuously listening, sharing knowledge freely, and delivering more than their clients even know they need. As the CIO of their first startup client said, "The value that Quest brings to Cotton States is far greater than the software they develop."