A long time ago, in a life far awayโNovember 2012โI wrote a Dropbox 101ย post for Attorney at Work. Commenter Jeffrey Brandt suggested a “Dropbox 102” version to address security issues when sharing data in the cloud. It was a good suggestion, so here it is.
Now, I tend to be in the camp that takes the position that the only way to fully maximize security is not to use the Internet. At all. For anything. In the past few weeks, we’ve all seen how many of the biggest players have suffered security breaches: Microsoft, Facebook, the New York Times and Washington Post, Tumblr and more. If you are connected to the Internet (and at this point, itโs impossible not to be) youโre vulnerable.
The best you can do is take all necessary steps to reduce vulnerability as much as possible. Fortunately, there are some ways to work with Dropbox and other cloud services that will increase security and reduce the vulnerability of your cloud-based data.
Set a Secure Password
Dropbox is not the place to use a weak password. Donโt make it easy for a snooper to guess by using a dictionary word, your name or any other information associated with you. Yes, itโs a pain to remember yet another password, but think of the negative consequences of confidential client information making it out into the wild. That thought should be enough to convince you to use a strong passwordโone that’s not used to log into any other online account.ย Eight-character passwords no longer cut itโinstead, go for a password with the following:
- A minimum of 16 characters
- A combination of numbers, symbols, uppercase letters, lowercase letters and spaces
- No repeated words, no dictionary words (alone), no names (including spouses, kids or pets)
So how do you remember such a password? The easiest way is to use a phrase memorable to you. For example, “I canโt wait to retire and weed and garden all the day long!”ย becomes “Icw2r&w&gatdl!” if you use the first letter of each word and swap in a few symbols where appropriate to the meaning.
Enable Two-Factor Authentication
Two-factor authentication increases login security because it requires you to use something more than just your login credentials (your account name and password). That means if someone else obtains your login credentials, that person still wonโt be able to access your Dropbox account. For Dropbox users, two-factor authentication requires both your login credentials and your mobile phone for receiving a text message with a six-digit code that youโll also use as part of the sign-in process. So unless someone grabs both your login credentials and your phone (which also is password-protected, right?), they wonโt be able to access your account.
For instructions, see Dropboxโs help article, “How do I enable two-step verification on my account?”ย And take this advice: Once youโve enabled two-factor authentication on your desktop computer, be sure to check the “Trust this Computer” option, so you donโt have to use the second factor (six-digit code) every time you log into Dropbox from your own desk!
You should be using two-factor authentication everywhere itโs available. Hereโs a list from Lifehackerย with helpful info: “Hereโs Everywhere You Should Enable Two-Factor Authentication Right Now.”
Password-Protect Microsoft Office and Adobe Acrobat Files
Microsoft Office and Adobe Acrobat will let you password-protect files created with their software. (Other programs will as well, so if you are working with something besides Office and Acrobat, investigate the softwareโs ability to password-protect a file.) Plus, their password-protection actually provides encryption with protected Office 2010 files.
So if you arenโt encrypting your Dropbox, you can at least password-protect the sensitive files stored there. All too often, people overlook their software’sย ability to password-protect files on a one-off basis. If a file is password-protected and unauthorized persons gain access to Dropbox, they wonโt be able to open the file unless they also crack that password. Share the password with your client verbally prior to sharing files using Dropbox.
- To password-protect an MS Office 2010 file, readย How to Password Protect and Encrypt Microsoft Office 2010 Documents.
- To password-protect an Adobe Acrobat file, readย Securing Documents with Passwords.
As an aside, this is also a good practice for emailed files. Lawyers freely exchange documents as email attachments, essentially making a “postcard” of those documents. In general, people seem pretty lax about their emailโa password-protected document will provide some protection.
Encryption Tips
This is where everyoneโs eyes either glaze over or widen in terror, but encryption is a necessary fact of life when dealing with sensitive data. At its simplest, encryption is the encoding of data so that the data looks like gibberish to anyone who doesnโt have the secret decrypting key. In other words, even if a bad guy gets your file and opens it, no useful data can be retrieved from it unless the bad guy also has the secret key.
Itโs important to understand that Dropbox does now encrypt dataย at its end, but there are additional ways to ensure that your files are encrypted before they head from your computer to the Dropbox website and sync with other connected computers. Some alternatives are:
- Secret Sync
- BoxCryptor
- TrueCrypt
A couple of caveats here: Unless you are very technically inclined, itโs best to grab your techie to help you through setting up and using the encryption process. Dropbox does not officially support third-party encryption and its discussion forums attest to this. Also, if you attempt to open the encrypted container on more than one computer at the same time, you risk losing all the contained data. So you need to know what youโre doing, and youโll also need to help your clients understand the encryption process if you share data with them using Dropbox.
“Power User” columnist Vivian Manning is the IT Manager atย Barriston Law LLPย in Barrie, Bracebridge and Cookstown, Ontario. Prior to moving into IT, Vivian practiced law at Barristonย (formerly Burgar Rowe PC) primarily in the area of Municipal Land Development, with 17 years in private practice before switching to the IT side of the law office. She currently indulges her love of teaching tech through her blogย Small City Law Firm Tech, where she provides โtips of the day.โ Follow her on Twitter @vivianmanning.
More Tech Tips from Vivian Manning
- Adobe Reader XI: A Worthwhile Download for Lawyers
- Donโt Touch That Typo!
- A Better Way to Start Your Outlook Email Day
- A Few of My Favorite Things
- Silencing Email Read Receipts
Illustration ยฉistockphoto