How to Secure Your Dropbox and Google Drive Files

Who doesn't appreciate the convenience of storing your important files online? Popular cloud storage services like Dropbox and Google Drive make it easy to access and share documents and files with anyone anywhere anytime. But with convenience comes risk.

Knowing how to protect your valuable files as well as the people you're sharing your files with should be part of your company's security plan.

Here are 5 practical tips to help you safeguard your online file storage.

1. Dropbox and Google Drive Virus Scanning

Dropbox doesn't scan your files for viruses when you upload or download them. This means that an infected file can live indefinitely in Dropbox.

Google Drive does some scanning but not enough to provide the protection you need. Google scans files smaller than 100mb before they are downloaded. Like Dropbox, Google Drive doesn't scan files when they are uploaded.

If a file is infected, Google will warn your users when they attempt to download the file. However, your user can ignore the warning and continue the download. You know what this means.

Why is this important?

One of the benefits of online file storage is that changes are automatically synced to all devices associated with the account. One infected file quickly spreads to all your company's devices when they sync.

The most effective defense is proactive advanced endpoint security running on every desktop, laptop, mobile device, and server. Relying on legacy reactive antivirus solutions like Windows Defender is not adequate malware and virus protection today.

2. Sharing Dropbox Links

A Dropbox file can be shared with anyone who has a link to it. This link can be freely passed along through email, text, social media, whatever tool is handy. By default, the shared file is view only, but anyone can download it.

Protecting who has access to your valuable files and what they can do with them are obvious. One way to wrap more security around file sharing is by enforcing link passwords. The Dropbox Business plans allow for both passwords and password expiration.

Adopt a strict user access permissions on both individual files and entire folders approach. Create user groups in Dropbox Business Standard and Business Advanced versions to manage who has file access and what they can do.

Dropbox operates under the Shared Responsiblity Model. This means that the customer is responsible for protecting their information and implementing a user access policy. If data is lost or stolen, the customer is solely responsible for recovering all data. This is a significant burden that customers are often unaware of.

3. Monitor Employees' Online Activity

Continuously monitoring your company's online file activities is the role of your Dropbox or Google Drive administrator.

Make sure notifications are enabled. It's important your admin receives a notification when files change or are accessed. This allows for immediate action when an unexpected or questionable event occurs.

Continuous monitoring is especially important when employees can access online storage using public wi-fi. The potential for unauthorized access to your valuable data is high.

4. Manage Terminated Employees' Dropbox and Google Drive Access

Immediately delete a terminated employee from the online account and wipe the account from their devices. This includes company-owned devices as well as all personal devices that have access to your company's Dropbox and Google Drive accounts. It seems obvious enough, and yet it's easy to overlook this step, especially when employees use their own devices to access company files.

This includes their phones and other mobile devices too.

5. Be Careful What You Upload

Google Drive allows users to upload executables (such as .exe, .sh) and compressed files (with extensions like.zip, .gz). While these are standard file types for installing and executing the software we use every day, they can also be potentially dangerous.

These file types immediately run when clicked so an unsuspecting user can easily launch a piece of malware.

We strongly recommend that you do not allow users to upload or download these file types in Google Drive.