Daily Dispatch

Cloud Storage

Dropbox 102: Security Steps

By | Mar.18.13 | Cloud Computing, Daily Dispatch, Law Practice Management, Legal Technology, Mobility, Power User

Power User Vivian Manning

A long time ago, in a life far away—November 2012—I wrote a Dropbox 101 post for Attorney at Work. Commenter Jeffrey Brandt suggested a “Dropbox 102″ version to address security issues when sharing data in the cloud. It was a good suggestion, so here it is.

Now, I tend to be in the camp that takes the position that the only way to fully maximize security is not to use the Internet. At all. For anything. In the past few weeks, we’ve all seen how many of the biggest players have suffered security breaches: Microsoft, Facebook, the New York Times and Washington Post, Tumblr and more. If you are connected to the Internet (and at this point, it’s impossible not to be) you’re vulnerable.

The best you can do is take all necessary steps to reduce vulnerability as much as possible. Fortunately, there are some ways to work with Dropbox and other cloud services that will increase security and reduce the vulnerability of your cloud-based data.

Set a Secure Password

Dropbox is not the place to use a weak password. Don’t make it easy for a snooper to guess by using a dictionary word, your name or any other information associated with you. Yes, it’s a pain to remember yet another password, but think of the negative consequences of confidential client information making it out into the wild. That thought should be enough to convince you to use a strong password—one that’s not used to log into any other online account. Eight-character passwords no longer cut it—instead, go for a password with the following:

  • A minimum of 16 characters
  • A combination of numbers, symbols, uppercase letters, lowercase letters and spaces
  • No repeated words, no dictionary words (alone), no names (including spouses, kids or pets)

So how do you remember such a password? The easiest way is to use a phrase memorable to you. For example, “I can’t wait to retire and weed and garden all the day long!” becomes “Icw2r&w&gatdl!” if you use the first letter of each word and swap in a few symbols where appropriate to the meaning.

Enable Two-Factor Authentication

Two-factor authentication increases login security because it requires you to use something more than just your login credentials (your account name and password). That means if someone else obtains your login credentials, that person still won’t be able to access your Dropbox account. For Dropbox users, two-factor authentication requires both your login credentials and your mobile phone for receiving a text message with a six-digit code that you’ll also use as part of the sign-in process. So unless someone grabs both your login credentials and your phone (which also is password-protected, right?), they won’t be able to access your account.

For instructions, see Dropbox’s help article, “How do I enable two-step verification on my account?” And take this advice: Once you’ve enabled two-factor authentication on your desktop computer, be sure to check the “Trust this Computer” option, so you don’t have to use the second factor (six-digit code) every time you log into Dropbox from your own desk!

You should be using two-factor authentication everywhere it’s available. Here’s a list from Lifehacker with helpful info: “Here’s Everywhere You Should Enable Two-Factor Authentication Right Now.”

Password-Protect Microsoft Office and Adobe Acrobat Files

Microsoft Office and Adobe Acrobat will let you password-protect files created with their software. (Other programs will as well, so if you are working with something besides Office and Acrobat, investigate the software’s ability to password-protect a file.) Plus, their password-protection actually provides encryption with protected Office 2010 files.

So if you aren’t encrypting your Dropbox, you can at least password-protect the sensitive files stored there. All too often, people overlook their software’s ability to password-protect files on a one-off basis. If a file is password-protected and unauthorized persons gain access to Dropbox, they won’t be able to open the file unless they also crack that password. Share the password with your client verbally prior to sharing files using Dropbox.

As an aside, this is also a good practice for emailed files. Lawyers freely exchange documents as email attachments, essentially making a “postcard” of those documents. In general, people seem pretty lax about their email—a password-protected document will provide some protection.

Encryption Tips

This is where everyone’s eyes either glaze over or widen in terror, but encryption is a necessary fact of life when dealing with sensitive data. At its simplest, encryption is the encoding of data so that the data looks like gibberish to anyone who doesn’t have the secret decrypting key. In other words, even if a bad guy gets your file and opens it, no useful data can be retrieved from it unless the bad guy also has the secret key.

It’s important to understand that Dropbox does now encrypt data at its end, but there are additional ways to ensure that your files are encrypted before they head from your computer to the Dropbox website and sync with other connected computers. Some alternatives are:

A couple of caveats here: Unless you are very technically inclined, it’s best to grab your techie to help you through setting up and using the encryption process. Dropbox does not officially support third-party encryption and its discussion forums attest to this. Also, if you attempt to open the encrypted container on more than one computer at the same time, you risk losing all the contained data. So you need to know what you’re doing, and you’ll also need to help your clients understand the encryption process if you share data with them using Dropbox.

“Power User” columnist Vivian Manning is the IT Manager at Barriston Law LLP in Barrie, Bracebridge and Cookstown, Ontario. Prior to moving into IT, Vivian practiced law at Barriston (formerly Burgar Rowe PC) primarily in the area of Municipal Land Development, with 17 years in private practice before switching to the IT side of the law office. She currently indulges her love of teaching tech through her blog Small City Law Firm Tech, where she provides “tips of the day.” Follow her on Twitter @vivianmanning.

More Tech Tips from Vivian Manning

Sponsored Links
»Simplify your practice with legal practice management in the cloud.
»Attorney flies solo—and soars—with online practice management.
»Quality attorney leads. Reach prospects online. 10 free leads.
»Learn more about the easiest way to get paid.
»Top cloud-based practice management software: Free 30-day trial!
»Lawyernomics 2013 Conference: Generate more business online.
»
Attend the ALA Annual Conference & Exposition, April 14-17, National Harbor, MD.
»Manage my legal practice from anywhere on any device—HoudiniEsq.

Illustration ©ImageZoo


4 Responses to “Dropbox 102: Security Steps”

  1. Bob Ambrogi
    18 March 2013 at 7:57 am #

    These are excellent tips. I would add something I posted about last year, which is not to forget which folders you’ve shared. Once the purpose for sharing the folder has expired, remember to “unshare” it. And be careful to check that the folder you’re loading documents into is your own, not one someone else created and shared with you. See my post here: http://www.lawsitesblog.com/2012/06/shared-a-dropbox-folder-dont-forget.html


Comment