Yesterday we published the latest update to our twice-annual Transparency Report, sharing details about the government requests for user information we received and how we responded to them. It’s only one of the ways we protect the privacy and security of your data, whether its personal or business information. On top of our government transparency advocacy, we’ve designed Dropbox with multiple layers of security controls, and we work behind the scenes to keep everything protected.
But it doesn’t end there — we empower Dropbox for Business account administrators with even more control and visibility through our admin security tools. Here are four tips for you and your users to make sure your business data stays private.
1. Use permissions and visibility settings when sharing confidential data
When you’re sharing information that only a select number of people should be able to edit, view-only permissions for shared folders ensure that only the people you choose can modify folder contents. And if you’re sending sensitive files through a shared link, it’s easy to add expirations or passwords to the link for even further control over who can see the content.
2. Protect lost or stolen devices
If your phone, tablet, or laptop is lost or stolen, you can remotely wipe the contents of your Dropbox for Business account for that device. All the files will be removed the next time that device comes online, while all your data remains safely stored in Dropbox. (Admins can do this for team members, too, through the admin console.) This feature is also useful if someone leaves the company; admins can easily remove the user from the team account and remotely wipe their devices, even transferring the person’s files to someone else on the team if they choose. And to protect devices even further, we recommend enabling full-disk encryption and setting passwords or PIN codes on all laptops, mobile phones, and tablets.
3. Enable two-step verification
This is an optional — but highly recommended — security feature that adds an extra layer of protection to your account. Once two-step verification is enabled, Dropbox will require your password and a six-digit security code sent via text message or a separate authentication app when signing in or linking a new device. Admins can also choose to enforce that two-step verification stays enabled for members of their Dropbox for Business accounts.
4. Monitor account activity
Dropbox for Business admins can easily keep an eye on team activity through the admin console. It allows you to view and generate reports about account activity including logins, sharing activity, device linking, app additions, and more. And with the Dropbox for Business API, you can get even deeper insights and alerts. For example, integrating with SIEM and DLP solutions Splunk or Cloudlock allows you to set up automatic alerts about suspicious account activity or data policy compliance.
For further information on how Dropbox for Business keeps your data protected — and for more about the control and visibility tools we provide to admins and users — check out our Dropbox for Business Trust Guide.