Cloud Storage

Dropbox 102: Security Steps

By Vivian Manning

A long time ago, in a life far awayโ€”November 2012โ€”I wrote a Dropbox 101ย post for Attorney at Work. Commenter Jeffrey Brandt suggested a “Dropbox 102” version to address security issues when sharing data in the cloud. It was a good suggestion, so here it is.

Now, I tend to be in the camp that takes the position that the only way to fully maximize security is not to use the Internet. At all. For anything. In the past few weeks, we’ve all seen how many of the biggest players have suffered security breaches: Microsoft, Facebook, the New York Times and Washington Post, Tumblr and more. If you are connected to the Internet (and at this point, itโ€™s impossible not to be) youโ€™re vulnerable.

The best you can do is take all necessary steps to reduce vulnerability as much as possible. Fortunately, there are some ways to work with Dropbox and other cloud services that will increase security and reduce the vulnerability of your cloud-based data.

Set a Secure Password

Dropbox is not the place to use a weak password. Donโ€™t make it easy for a snooper to guess by using a dictionary word, your name or any other information associated with you. Yes, itโ€™s a pain to remember yet another password, but think of the negative consequences of confidential client information making it out into the wild. That thought should be enough to convince you to use a strong passwordโ€”one that’s not used to log into any other online account.ย Eight-character passwords no longer cut itโ€”instead, go for a password with the following:

  • A minimum of 16 characters
  • A combination of numbers, symbols, uppercase letters, lowercase letters and spaces
  • No repeated words, no dictionary words (alone), no names (including spouses, kids or pets)

So how do you remember such a password? The easiest way is to use a phrase memorable to you. For example, “I canโ€™t wait to retire and weed and garden all the day long!”ย becomes “Icw2r&w&gatdl!” if you use the first letter of each word and swap in a few symbols where appropriate to the meaning.

Enable Two-Factor Authentication

Two-factor authentication increases login security because it requires you to use something more than just your login credentials (your account name and password). That means if someone else obtains your login credentials, that person still wonโ€™t be able to access your Dropbox account. For Dropbox users, two-factor authentication requires both your login credentials and your mobile phone for receiving a text message with a six-digit code that youโ€™ll also use as part of the sign-in process. So unless someone grabs both your login credentials and your phone (which also is password-protected, right?), they wonโ€™t be able to access your account.

For instructions, see Dropboxโ€™s help article, “How do I enable two-step verification on my account?”ย And take this advice: Once youโ€™ve enabled two-factor authentication on your desktop computer, be sure to check the “Trust this Computer” option, so you donโ€™t have to use the second factor (six-digit code) every time you log into Dropbox from your own desk!

You should be using two-factor authentication everywhere itโ€™s available. Hereโ€™s a list from Lifehackerย with helpful info: “Hereโ€™s Everywhere You Should Enable Two-Factor Authentication Right Now.”

Password-Protect Microsoft Office and Adobe Acrobat Files

Microsoft Office and Adobe Acrobat will let you password-protect files created with their software. (Other programs will as well, so if you are working with something besides Office and Acrobat, investigate the softwareโ€™s ability to password-protect a file.) Plus, their password-protection actually provides encryption with protected Office 2010 files.

So if you arenโ€™t encrypting your Dropbox, you can at least password-protect the sensitive files stored there. All too often, people overlook their software’sย ability to password-protect files on a one-off basis. If a file is password-protected and unauthorized persons gain access to Dropbox, they wonโ€™t be able to open the file unless they also crack that password. Share the password with your client verbally prior to sharing files using Dropbox.

As an aside, this is also a good practice for emailed files. Lawyers freely exchange documents as email attachments, essentially making a “postcard” of those documents. In general, people seem pretty lax about their emailโ€”a password-protected document will provide some protection.

Encryption Tips

This is where everyoneโ€™s eyes either glaze over or widen in terror, but encryption is a necessary fact of life when dealing with sensitive data. At its simplest, encryption is the encoding of data so that the data looks like gibberish to anyone who doesnโ€™t have the secret decrypting key. In other words, even if a bad guy gets your file and opens it, no useful data can be retrieved from it unless the bad guy also has the secret key.

Itโ€™s important to understand that Dropbox does now encrypt dataย at its end, but there are additional ways to ensure that your files are encrypted before they head from your computer to the Dropbox website and sync with other connected computers. Some alternatives are:

A couple of caveats here: Unless you are very technically inclined, itโ€™s best to grab your techie to help you through setting up and using the encryption process. Dropbox does not officially support third-party encryption and its discussion forums attest to this. Also, if you attempt to open the encrypted container on more than one computer at the same time, you risk losing all the contained data. So you need to know what youโ€™re doing, and youโ€™ll also need to help your clients understand the encryption process if you share data with them using Dropbox.

“Power User” columnist Vivian Manning is the IT Manager atย Barriston Law LLPย in Barrie, Bracebridge and Cookstown, Ontario. Prior to moving into IT, Vivian practiced law at Barristonย (formerly Burgar Rowe PC) primarily in the area of Municipal Land Development, with 17 years in private practice before switching to the IT side of the law office. She currently indulges her love of teaching tech through her blogย Small City Law Firm Tech, where she provides โ€œtips of the day.โ€ Follow her on Twitter @vivianmanning.

More Tech Tips from Vivian Manning

Illustration ยฉistockphoto

Categories: Cloud Computing, Daily Dispatch, Legal Technology, Managing a Law Firm, Mobility, Power User
Originally published March 18, 2013
Last updated May 7, 2018
share TWEET PIN IT share share
Vivian Manning

Vivian Manning retired from Barriston Law LLP in Barrie, Bracebridge and Cookstown, Ontario in 2019. For more than 16 years she served as the firm’s IT manager, office manager and technology trainer. Prior to moving into IT, Vivian practiced law at Barriston LLP (formerly Burgar Rowe PC) primarily in the area of Municipal Land Development, with a total of 17 years in private practice before switching to the IT side of the law office.

 

More Posts By This Author

Sponsored links

MUST READ Articles for Law Firms Click to expand

One of a Kind: A Proven Path to a Profitable Law Practice
By Jay Harrington

Lawyer-turned-legal marketer, Jay Harrington explores how lawyers can harness creativity... Click for More

Cloud Computing
Ready Set Scale 370 AAW ad
The positive planner
Resources
Attorney At Work Partners
envelope

Welcome to Attorney at Work!

ย  ย  ย  ย 

Sign up for our free newsletter.

x

All fields are required. By signing up, you are opting in to Attorney at Work's free practice tips newsletter and occasional emails with news and offers. By using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.