Is Dropbox Safe for Canadian Law Firms?
Nowadays more and more companies, including law firms, store their files and data in the cloud. A popular option is Dropbox, whose servers are located in the U.S. Thus, it raises a legitimate concern for Canadian firms: Is Dropbox safe to use?
Unboxing Dropbox
Dropbox is a file hosting service that allows people to keep their files in the cloud and share them with other individuals. For large organizations there’s Dropbox Business and Dropbox Enterprise, which allow teams to collaborate and manage their files online. The beauty of cloud storage is that when a file is updated in Dropbox, it is automatically synced to all devices that share the same account.
Dropbox stores two types of data:
- files, photos, video, and all other data you store in Dropbox, which collectively can be called “your stuff”
- profile information about you (name, email address, etc.), how you use their services, and information about the devices you use
With the rise of cyberattacks, it’s more important than ever to protect your data stored in the cloud. The question though is: Safe from whom?
Illegal Access of Data
Hackers, phishers, and anyone seeking illegal access to your information can come from anywhere, so it doesn’t matter where Dropbox’s servers are located.
To thwart hackers, Dropbox has been improving and updating its security measures. It uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) to prevent hackers from listening in or “sniffing” your data while in transmission during sync. And Dropbox encrypts files using 256-bit Advanced Encryption Standard (AES), a sophisticated encryption algorithm that has become a global standard for sending information securely. A secret key is required to decrypt the files in the server, doubling the security for account owners. This level of security is available for free accounts, while Business and Enterprise users have increased levels of security, including admin controls.
Phishing is also a big threat. It is a cybercrime in which an attacker tries to get you to reveal valuable personal information, like passwords or access numbers, through email and other forms of communication that seemingly come from reputable companies. Dropbox’s vulnerabilities are often due to user behavior. If you use Dropbox, you need to take extra steps to protect yourself from phishing attempts:
- Be suspicious of an email that asks you for personal information. Double-check before you click on any link.
- Change your password regularly.
- Set strong passwords. Mix letters and numbers, upper and lower case, and use special symbols.
- Set up the 2-step verification.
- Check the IP address of the last known device connected to your account.
- Whenever you can, unlink devices, web sessions, and apps from your Dropbox account.
Should you end up uploading a file with malware in Dropbox, there’s a nifty feature that can save you. Whenever you sync your files, Dropbox keeps the older version for 30 days (for free accounts; other accounts can extend this period). So long as you know which version of your file was infected, you can recover the earlier uninfected version. Better yet, install an anti-malware program to prevent malware from latching onto your files.
Thinking Outside the Box
When it comes to preventing unauthorized access to your profile information and stuff, Dropbox has stringent security measures in place. But it is still vulnerable to the following examples of security breach:
- A rogue Dropbox employee
- Hackers getting their hands on your encryption key
- Dropbox voluntarily providing your information
The first two examples are highly unlikely to happen. And those kinds of breaches aren’t exclusive to Dropbox; they can also happen to other file hosting services. The third example is possible because of the difference between U.S. and Canadian privacy laws.
Legal Access to Your Data
Should Canadian law firms be concerned that Dropbox’s servers are located in the U.S.? Compared with U.S. privacy laws, Canada’s are stricter. Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) states that an organization that has your data is fully responsible for its protection. This law also requires companies to seek the consent of individuals first before sharing their personal information (with very few exceptions, especially those related to national security).
But Dropbox’s servers aren’t under the jurisdiction of PIPEDA. Prior to 9/11, U.S. laws granted the U.S. government access to someone’s personal information if it was in the custody of U.S. companies, like Dropbox. After 9/11, the U.S. implemented the USA Patriot Act, which made it a lot easier for authorities to conduct searches and compel companies to disclose information of individuals even without their consent.
Box It Or Drop It?
The bottomline is that Dropbox continues to be one of the most popular cloud-based file hosting services. Because of its size and market dominance, you can rest assured that it will keep its service as secure and private as possible. But if a greater concern for you is the ability of the U.S. authorities to access your data, then you should think twice before using Dropbox.
It is important for your law firm to partner with an IT service provider that’s on top of what’s happening in the world of information technology and in the legal industry. We at Vertex Solutions are experts in more than a dozen law applications, and we’re recognized as one of the best managed services providers in Canada. If you’re in the Greater Toronto Area and want to know more about specialized IT services, call our experts today.
Related Blogs.
-
Read more
Frequent Employee Errors Leading to Data Security Breaches in Law Firms
As organizations grow, they collect, process, and store large volumes of data and become soft targets for cyber attacks if they don’t keep up with the latest cybersecurity measures.A law firm security... -
Read more
Top Information Security Strategies for Paperless Law Firms
Law firms traditionally deal with massive amounts of paperwork daily. So is it feasible for law offices to go paperless? Absolutely! Information is so critical to the business of law firms that they m... -
Read more
Legal Technology Trends all Firms Should Consider in 2022
The COVID-19 pandemic revolutionized the working of the legal industry. In-person attendance at courts was ruled out, face-to-face meetings between lawyers and their clients came to a halt, and new cl... -
Read more
Essential Steps for Your Law Firm's Successful Cloud Data Migration
The pandemic took the world by storm, and businesses were forced into an accelerated digital transformation. As a result, workers and senior executives across various industries had to shift to remote... -
Read more
Safeguarding Your Firm from Common Data Breach Techniques in Canada
Did you know that a hacker tries to steal data from a business once every 39 seconds? Moreover, 60% of small businesses will close down within 6 months if a cyber attack succeeds. These numbers must r... -
Read more
Key Advantages Every Law Firm Should Know
The Truth About CybersecurityCybersecurity has become a major concern for businesses across the globe. Every day, over 25,000 malicious applications are detected and blocked across the globe. As hacke...
