Danger of Sharing Files on Dropbox with Customers


We love Dropbox and Dropbox for Business. It is an amazing team collaboration tool including excellent features such as Online-Only file sync with your Desktop Computer, and full File Version History. However, Dropbox may not be the best choice for sharing files with customers outside of your Team.

Post by
Bryan Stouffer
Publish Date:
December 10, 2020

1. Shared File Links Open to the World

When creating a shared file link, anyone who gets a copy of this link can access this file without needing to be authenticated or “Logged In”. This means that the shared file is in effect open to the world and depending on your industry, you may not want to do that with customer files.

2. Auditability

Dropbox files can be shared with customers several ways. First by creating a “Shared File Link”, and second by inviting a customer access to a folder on Dropbox. In order to determine which files any given customer has access to, you would first need to navigate to each folder and check the settings. Next you would need to produce an administrator report showing all shared file links and attempt to determine who has been sent each one based on the file name. Since the shared link is not specific to a user there is no clear auditability of who received the link, or who has since accessed the file.

3. Accidental Sharing of Parent Folder

One major risk to allowing your employees the ability to share folder access with customers is that sharing a Parent or Root folder that contains all customer folders can happen on accident simply by having the wrong folder highlighted. This would be a major accidental data breach and depending on the situation would need to be communicated as a security occurrence to all affected customers.

4. Automatic File Syncing from Customer Uploads

If a folder on Dropbox is shared with a customer, all files the customer ads to folder are automatically downloaded and synced onto your company desktop. This may not be a flow of uncontrolled data and access you intended to open just because you needed to securely transfer a file with your customer.

5. Unclear Activity Notifications

When your customer uploads new files to your Dropbox folder, you do not receive an actionable email because of that activity. These activity notification emails sent to your team when a customer uploads or downloads a file can be a great mechanism to build reliable business workflows based on that activity. Additionally, since Dropbox would not email your customer when you upload a file either a follow-up email would need to be sent every time a new file is shared.

How Zapa Portal Compliments Dropbox for Business

Zapa helps to solve these problems by providing a Secure Customer File Sharing Portal where you can upload files from Dropbox into Zapa and allow your customer easy and safe access to their shared files.

Bryan Stouffer is a software architect who has spent his career in the Healthcare and Legal field. His passion for software comes from his desire to see professionals accelerated by computers, not hindered.