鶹ýEnterprise Dropbox and 鶹ýFileDrop Best Practices

This article is aimed at users who are utilizing the 鶹ýEnterprise Dropbox for storing and sharing sensitive & regulated data, and FileDrop for sharing sensitive & regulated data. The best practices mentioned below highlight what users can do to limit the exposure of this data.

Table of Contents

鶹ýEnterprise Dropbox

鶹ýFileDrop

鶹ýEnterprise Dropbox

Best Practice #1: Use The Dropbox Online Application

The online Dropbox application can be used to accomplish tasks that would normally involve the use of other local applications(Microsoft Word, Microsoft Excel, etc.). For example, it’s possible to edit files in Dropbox with Google Applications(Docs, Sheets, etc.), and Microsoft Office Online. These cloud applications are fully integrated with Dropbox, therefore, duplicate files are not created in the corresponding “Cloud Drive”(Google Drive/OneDrive). This is important to note because this keeps the sensitive/regulated data stored in one place(Dropbox) rather than storing a local copy of the data on endpoints as well. Keeping the data in one place limits the exposure and risk of the data in question. Thus, if your device were to ever be compromised in any way, the data may still be safe. Due to this, if it’s possible to use the Online Dropbox Application to accomplish your task, we recommend using it over the Desktop Dropbox Application. If the Dropbox Desktop application must be used, follow the steps in best practice #2 to ensure files are not stored locally. For assistance with creating and editing files in the Online Dropbox Application, view the sections below.

Creating Files in the Online Dropbox Application

To create a file in the Online Dropbox Application, either Office Online or Google Applications can be used, it’s just a matter of which platform you prefer. To create a file, follow these steps:

  1. Navigate to the and login.
  2. Click the Create button, and select the file you want to create.

  3. After creating the document, you can now begin working on your document collaboratively.

    4. Note: While the Microsoft Office Online application is being used to work on the file, the file will only be saved to Dropbox. A corresponding document will not be created in Office Online.

Editing Files in the Online Dropbox Application

Editing a file in the Online Dropbox Application is similar to creating a file, as Office Online applications can be used for editing. To edit a file, please follow the steps below.

  1. Navigate to the and login.
  2. Right Click on the file you would like to edit, select Open in, and click on the respective Microsoft editor (Word for web, Excel for web, PowerPoint for web, etc.)

  3. You can begin working on the document collaboratively and any changes you make will be reflected in Dropbox as changes are automatically saved.

Best Practice #2: Ensure Files are “Online-Only”

This best practice only applies to the Desktop Dropbox Application. This best practice builds off best practice #1 to keep the sensitive and regulated data all in one place(Dropbox).

  1. Open the desktop dropbox application and navigate to your dropbox folder by clicking the Folder icon.

  2. Files that are Online Only will have a cloud icon at the bottom right of the file. If you see a green checkmark similar to the image below, Do the following: Right click on the file, select Smart Sync, and click Online Only.

Since files that are “Online-Only” are still viewable locally if the Desktop Dropbox Application is open, it’s important to quit out of the app when you don’t need to access those files stored in Dropbox. Please follow the instructions below if you require assistance with this process.

  1. Click on the Dropbox Icon in the top right of the screen (Mac) or on the bottom right of the screen (Windows).

    2. Mac:

    Mac taskbar with Dropbox icon

    Windows:




  2. Click on the Circle Icon in the top right of the Dropbox window.




  3. Click Quit.

    4. Dropbox window quit button

Best Practice #3: Securely Sharing Files

There are multiple ways to share files within Dropbox however, you should take the following precautions prior to sharing any sensitive/regulated data that is stored in Dropbox:

Direct Sharing for Collaboration

Direct sharing of file and folders allows those with a Dropbox account to directly view and edit files in the Dropbox environment. Since a Dropbox account is required, it is not recommended to share files directly with participants outside of UH. For external non-鶹ýparticipants, it is recommended to use Dropbox Transfer to send files.

  1. Ensure the person you’re sharing the files with NEEDS to view this information. Do NOT share sensitive/regulated data with others that don’t have a “need to know”. Extra precaution should also be taken when sharing files externally.


  2. Share folders instead of individual files. This makes it easier to manage permissions, especially when working with multiple files.


  3. Think about using the options below to enhance the security of the data.
    1. Settings to consider enabling when sharing folders:

      2. Dropbox recommended folder sharing settings


    2. Settings to consider enabling when sharing files:

      3. Dropbox recommended file sharing settings

Dropbox Transfer for External Sharing

For sharing files to those without a 鶹ýEnterprise Dropbox account including non-鶹ýparticipants, it is recommended to use the Dropbox Transfer feature to send files. Below are some settings for securely transferring files:

  1. Set an expiration date that is as short as possible and expire / delete the transfer once files are downloaded by the recipient. Dropbox transfer links are accessible to anyone with access to the link therefore it is important to close the link as soon as possible.
  2. Include a password if possible to prevent unauthorized access to the files. Passwords should be communicated over a separate channel such as a phone call or in-person
  3. Enable download notifications to see when your recipient(s) have downloaded files and expire the link accordingly.

    4. Screenshot of Dropbox transfer settings

鶹ýFileDrop

Best Practice #1: Protect and Expire the FileDrop Link

鶹ýFileDrop is a tool provided by ITS to securely share files to 鶹ýand non-鶹ýrecipients using a download link. When sending sensitive or regulated data, it is important to enable the following settings to ensure that files cannot be downloaded by unauthorized recipients:

  1. Require authentication on files (only available when sending to 鶹ýrecipients). If authentication cannot be enabled for your FileDrop, it is recommended that your files be password protected before sharing. Passwords should be communicated over a separate channel such as a phone call or in-person.

    2. Filedrop authentication required setting

  2. Set an expiration date that is as short as possible and expire the FileDrop link after downloading. Both the sender and recipient may expire the FileDrop link so it is recommended to let recipients know to expire links immediately after downloading.

    3. Filedrop link expire setting