Why It's Not OK to Use Personal Dropbox Accounts for Work

One of the biggest threats to a business’s cybersecurity is the drive for convenience. People want to do their jobs efficiently, and sometimes necessary measures for data security seem to slow them down. This happens at every level within companies, including the C-suite.

One common instance of the drive for convenience leading to poor security—and poor business practice—is the use of personal file syncing accounts, such as Dropbox, for work purposes. Perhaps an employee uses his personal Dropbox account to access work files at home. Or a CEO uses her personal Dropbox account to share a file for review with an important potential client.

While it may seem like the employee is simply taking praiseworthy initiative and that the CEO is taking necessary steps to grow the business, the use of personal file-syncing accounts is highly problematic from a technical perspective for at least two reasons.

1. Data Security

For a number of reasons, the free personal accounts offered by vendors such as Dropbox, Box, Citrix (ShareFile), Google (Drive), and Microsoft (OneDrive) are not nearly as secure as the paid business versions of the same solutions. For one thing, the encryption offered is in some cases not as strong.

But perhaps more importantly, if members of an organization are using separate personal accounts to access and share company data, syncing it to who knows how many devices, the opportunity for that data to be compromised—say, through a stolen phone or laptop—increases exponentially. Plus, the fact that company data is siloed in various personal Dropbox accounts means that the company has no centralized visibility of that data. If a breach were to happen, they wouldn’t have an audit trail of the data involved. Which also brings us to our next point.

2. Control of Company Assets

Allowing users to store and access company data in personal file syncing accounts essentially amounts to a release of control over company assets. Not only does management not have visibility over where data is stored and who is creating, editing, and sharing it, but they also lack the ability to oversee or remove access to data.

In other words, management can’t choose whether to grant or withhold privileges to access certain company data, which opens the company up to legal liability, especially when the data concerned belongs to customers. Furthermore, the company would have no recourse in a situation of a hostile or rogue employee. If that employee has been using a personal Dropbox account, there’s nothing stopping him or her from taking and releasing confidential business information or customer information.

Security Doesn’t Have to Diminish Efficiency

The good news is that while the seemingly convenient use of personal file syncing accounts is patently insecure and bad for business, it’s relatively easy to put measures in place to allow file syncing in a secure manner. By properly configuring and managing a paid, business-grade version of file-syncing solutions like Box or ShareFile, businesses can tighten up security and boost efficiency. Having a centralized spot for all company files is, after all, more convenient than spreading company files over disparate employee Dropbox accounts. This does require some investment and a degree of technical know-how, but the added security is certainly worth it.

Have questions, or wonder whether a business-class file-syncing solution is right for your business? Contact us, or comment below!