Is dropbox secure enough

File sharing

Didn't find your answer?

What are the opinions regarding using dropbox to receive clients data and send accounts / returns etc

Functionally it seems fine but what about security?

Replies (16)

Please login or register to join the discussion.

By Moonbeam
04th Sep 2018 15:55

I've never heard of security issues with it. There are concerns from the GDPR point of view as your data won't necessarily be stored in the EEA.
On top of that clients who already use Dropbox have found it difficult to access my own Dropbox. That could be because I'm hopeless at IT of course.
I'm moving everyone to Iris Open Space over the next few months and only keeping Dropbox for backing up my website.

Thanks (1)
Glenn Martin
By Glenn Martin
04th Sep 2018 16:49

I use it for same things you do but ,moving away from it as my IT bods reckon its not secure enough and not GDPR compliant.

Clients do find it easy to use though so things will probably be more difficult going forward.

I was on the paid for version which is supposed to be more secure than the free one.

Thanks (2)
Replying to Glennzy:
blue sheep
By NH
05th Sep 2018 07:26

what reason did they give for saying that Dropbox is not secure and not GDPR compliant? Sounds like nonsense to me but I stand to be corrected

Thanks (0)
Replying to NH:
Glenn Martin
By Glenn Martin
05th Sep 2018 14:33

They advised me that as also have a professional Office 365 subscription that sharepoint within that would be free and it is also more secure.

I have no idea if it is or isn't which is why I pay a professional to look after it all, so it one less thing I have to worry about.

Thanks (0)
avatar
By johndon68
04th Sep 2018 18:03

I've used the paid for version for a number of years to send and receive client backups and never had any issues with security.

Only issue I've had is, as Moonbeam mentioned when I create a folder for a user who already has Dropbox they don't always end up where you think but easily sorted by the client sending a link.

Thanks (1)
avatar
By johndon68
04th Sep 2018 18:04

As for GDPR, Dropbox seem to think that they are compliant: https://www.dropbox.com/security/GDPR

Thanks (4)
Locutus of Borg
By Locutus
05th Sep 2018 11:15

I have been using Dropbox for many years together with BoxCryptor, which provides client-side encryption (i.e. the files would be unreadable to anyone within Dropbox or anyone who hacks Dropbox).

Thanks (1)
Sarah Douglas - HouseTree Business Ltd
By sarah douglas
05th Sep 2018 12:15

Thought this might help I asked Dropbox to clarify GDPR on our GDPR audit . This is a email from Dropbox support.

From: "Mark (Dropbox Support)"
Date: 30 May 2018 at 17:26:31 GMT+1
To:
Subject: TEAMS: GDPR Urgent
Reply-To: Dropbox Support

Mark, May 30, 9:26 AM PDT:
Hi there,

Thank you for reaching out about this.

Dropbox will meet the requirements of the GDPR by May 25, 2018 as required across all its services, including Dropbox Basic, Plus, Professional, and Business.

You can read about our GDPR preparation, as well as our approach to safeguarding your data at our GDPR guidance center:

https://www.dropbox.com/security/GDPR

Please let me know if I can help you with anything else!

Regards,
Mark

Thanks (2)
Replying to sarah douglas:
RLI
By lionofludesch
05th Sep 2018 15:44

sarah douglas wrote:

Thank you for reaching out about this.

"Reaching out"?

Jaysus !!

Thanks (0)
Replying to lionofludesch:
Glenn Martin
By Glenn Martin
05th Sep 2018 16:32

Whilst this AI and machine learning is great, what would be much better is if you could send a punch to someone over the internet.

I don't mean a virtual punch either.

Top of my list for the punch emails would be any one who uses "Reaching Out"

How good would it be if someone who uses these ridiculous phrases opened an email and received a smack in the kisser.

Thanks (3)
Replying to Glennzy:
RLI
By lionofludesch
05th Sep 2018 16:50

I'm up for that, pal.

Thanks (0)
Replying to Glennzy:
avatar
By Dib
05th Sep 2018 16:53
Thanks (1)
Replying to Glennzy:
By pushtheriver
05th Sep 2018 16:58

Reach and punch somebody's mush,
Make this world a better place if you can

Thanks (0)
Sarah Douglas - HouseTree Business Ltd
By sarah douglas
05th Sep 2018 18:27

Double post

Thanks (0)
avatar
By PERMON
05th Sep 2018 21:53

I looked at Dropbox recently re GDPR. The problem I identified was that for Dropbox Basic , Professional and Plus a data processor addendum is not available . They will only provide a DPA if you are using the Business Team version which for smaller practices may not be an option ( per the same Mark in Sarah's post above).

Where we as accountants (data controllers) engage a service like Dropbox ( data processors) my reading of GDPR is that article 28 section 3 requires a contract ( either as a separate item or as part of the main terms and conditions) which gives certain very specific assurances e.g. about subprocessors . It seems to me that Dropbox are not doing this ( unless you opt for the Business Team edition).

They are not alone in this - I had similar problems with Adobe sign and I have come across other providers who seem to be blissfully unaware of the requirements.

Thanks (2)
avatar
By dgilmour51
06th Sep 2018 19:06

I remain to be convinced that 'security' can exist at all other than as a figment.
HMG is intent on legislating the concept out of existance.
All '365' systems depend on Azure, owned by Msft. Albeit Microsoft Ltd is a UK registered company, they are (owned by)/(in thrall to) a USA corporation and, as such, are obligated to give Homeland Security [sic] unfettered access on request.
I think 'pretty secure' is the best we can hope for in the 'cloud' - or perhaps 'adequately secure' or 'insurably secure'.

Thanks (0)