Dropbox has become almost the de-facto standard in file sharing among the masses. It’s a wonderful file sharing resource allowing friends and family members to easily share photographs, files and videos, particularly when they’re too large to be shared by email or text message.
It’s incredibly tempting to use such a file sharing service for your business since it works so well personally, particularly if you’ve become accustomed to using it. However, without even knowing it you could be putting your firm’s data and that of your clients’ at risk.
If you stop to think about it, there are a number of ways in which using Dropbox could harm your Investment Advisory firm, let alone permanently mar its reputation. Here are but a few:
A high risk of data loss
Dropbox was never designed to be used by businesses or to handle such an incredible level of sensitive data. For this reason, its security checks are almost non-existent and it’s completely possible for any device with Dropbox installed to access your data. Whether you’ve been targeted by hackers or not, it’s pretty easy to lose the files you have saved or to lose them between your account and that of the client you’re attempting to reach.
An increased risk of data “leakage”
File “sync” services like Dropbox make a local copy of the file on your machine. Now think about everyone one of your staff using this same technology to share files. In addition to the copy of the file on the network (which I would assume has some sort of a security built into your network file and folder structure), you now have a copy of the file on the local machine. And if this local machine happens to be a laptop or a remote computer it’s on there and out in the world ready for anyone to access if you lose it – and WITHOUT the file security that you’ve put in place on your network. While you may have had the best of intentions, these files have now “leaked” out of your control. This is a HUGE no-no when it comes to an SEC review.
An increased risk of data theft
We all like to think we’re pretty tech-savvy, and that we can navigate our way around numerous platforms, but have you ever stopped to think about how reliant you are upon technology? There’s a good chance that you have tied a number of your accounts and social media platforms together, and you may even use the same passwords for each – just how safe is your data? The same can be said for Dropbox as there are so many possible points of entry for the service. Recently compromised when a hacker managed to obtain some seven million user email addresses, Dropbox was quick to blame the breach on a weakness in one of the other services it supplies. Is this the kind of network you want to be sharing your clients’ sensitive data on?
Lack of data encryption and file history audit trails
While we’ve covered the importance of data encryption in previous blog posts, the fact is Dropbox’s capabilities simply don’t add up to anywhere near enough protection for RIAs. Ask any Compliance Officer and they’ll tell you to stay away. As I’m sure you’d agree, an RIA is a service business often built on its reputation. And while Dropbox makes it so easy to share files, it’s that ease of use that will come back to bite you. While you could be confident sending images to a friend or non-sensitive documents to a colleague, we’d go so far as to say the rule of thumb should be Dropbox should not be used to send anything that could damage your company or its clients should it fall into the wrong hands.
Dropbox is also rather lax on the audit front as it’s impossible for administrators to know when a document was created, edited or deleted. This means that anybody could be accessing your files and making changes and nobody would be any the wiser.
If you’ve been using Dropbox to store your firm’s details or to share documents with clients, now’s the time to explore alternatives that are available. While its user-friendly interface and navigation make Dropbox a fantastic personal solution, it’s not the appropriate tool for a business to be using.
As we’ve always said, ensuring the security of your firm starts with your approach. And knowing the difference between what makes for a successful personal solution and a successful business one is often the difference between apples and oranges. Again, ask any Compliance Officer - your approach to file syncing and sharing for your business should not include Dropbox.
Have you experienced issues with using Dropbox? Were they ever resolved and if so, how? We’d love to hear about your experiences, so please share it in the Comments box below.
And to follow-through on the concepts introduced here, be sure to download your free guide, Investing in High Net Worth Clients: The LA Investment Advisor's Guide to Using Technology to Manage and Grow Your Firm.