4-Step Computer Security Upgrade
Learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.
Just because it’s popular, however, does not mean it’s right for your practice.
If you are considering using Dropbox for your practice, here are some things to consider.
Dropbox is not a backup system/program/etc.
Dropbox syncs files between your computer(s) and the cloud. If you delete something on your computer, it gets deleted on the cloud and every other computer linked to that Dropbox account. If you login into Dropbox through a browser and delete/alter/move files, they are deleted/altered/moved on every computer synched with that account. Think of it as a two-way street.
A “hard” backup is a one-way street. It receives information, it does not provide information (unless you specifically request it). A cloud-based backup like Backblaze works similarly. Instead of your data being copied onto an external drive, it’s copied into the cloud. Both of these options, however, do not sync your data. They just create a duplicate, hence the term backup.
The main draw of Dropbox is allowing simultaneous access to multiple users
Dropbox is awesome for attorneys that need to share files with other members of their firm or co-counsel. Rather than worry about creating different versions or overwriting someone else’s work, Dropbox will keep everything instantly synced. Which is rad. It makes it extremely easy for multiple people to access and work on a file.
However, if you are a true solo, you don’t share files with anyone. So that particular function of Dropbox should have little appeal to you. Of course, you could still use that function if you regularly work from different computers. For example, you have a desktop computer at your office and use a laptop at home. Assuming both computers are synced to your Dropbox account, everything in the Dropbox folders will be synced on both computers. That’s pretty nifty.
If, however, you are a solo practitioner with one laptop that you carry back and forth, and you don’t share files, Dropbox’s utility is greatly diminished. Under those circumstances, the benefits of Dropbox are that you can access your files from any computer using the web-based interface, and you can access files using an iPad and Goodreader, or using the iPhone app.
For me, I don’t even have Goodreader on my iPad for security reasons, and I rarely, if ever, use the Dropbox app on my phone. On rare occasions I need to look at a file and I don’t have my computer. But that happens maybe 3-4 times a year.
In other words, the utility can be fairly minimal, which means you have to consider the potential downside of using Dropbox, such as . . .
The biggest downside to Dropbox is the potential security risk. The sky is not falling.
Files are encrypted, but certain Dropbox employees can access your files and they will release your files under very specific circumstances (more on both below). If you want, you can use a separate program like TrueCrypt to encrypt your data before it goes to Dropbox (which means they cannot decrypt the files).
Warning: TrueCrypt is not secure. See this post for details and information on migrating to Bitlocker or FileVault.
Or you could use a different cloud-based sync or backup, like Backblaze. Backblaze allows you to set a passcode for your files, but only you know that passcode.
I said it above, and I’ll say it again. The sky is not falling. I use Dropbox, and I think it’s security precautions are reasonable. But I also think you need to evaluate that for yourself and your firm.
Compliance with Laws and Law Enforcement Requests; Protection of Dropbox’s Rights. We may disclose to parties outside Dropbox files stored in your Dropbox and information about you that we collect when we have a good faith belief that disclosure is reasonably necessary to (a) comply with a law, regulation or compulsory legal request; (b) protect the safety of any person from death or serious bodily injury; (c) prevent fraud or abuse of Dropbox or its users; or (d) to protect Dropbox’s property rights. If we provide your Dropbox files to a law enforcement agency as set forth above, we will remove Dropbox’s encryption from the files before providing them to law enforcement. However, Dropbox will not be able to decrypt any files that you encrypted prior to storing them on Dropbox.
Concurrent with that policy, certain employees can access your files:
Do I like that policy? No. Do I think it’s an unreasonable security risk? No. Am I thinking about moving my files out of Dropbox? Yes.
Why I may drop Dropbox
I used to frequently share folders with other attorneys, but in the near future, I will no longer have that need.
I don’t use multiple computers. I don’t access my files from another computer through the web-based interface. I rarely access my Dropbox account using my iPhone.
Which means I really just use Dropbox as a backup. And there are more secure backup options out there.
Although, the second I need to share files with another attorney, I would use Dropbox again. So, as I compromise, I will likely move anything out of Dropbox that does not need to be there.
And for the tenth time, the sky is not falling.