cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 
Community
English
Announcements
Want to learn some quick and useful tips to make your day easier? Check out how Calvin uses Replay to get feedback from other teams at Dropbox here.

Dropbox tips & tricks

Learn how to get the most out of Dropbox with other users like you.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
ShowĀ Ā onlyĀ  | Search instead forĀ 
Did you mean:Ā 

Re: Biz admin security and alerts

Biz admin security and alerts

Amy
Community Manager
ā€Ž03-02-2021 01:54 AM
Security alerts is a feature available to Dropbox Business teams on an Enterprise plan, and means that admins will receive email notifications if suspicious behavior, risky activity, and potential data leaks are detected. As a Biz Admin, you have visibility and access to a lot of information, so itā€™s important to know when something really needs your attention. Here is a roundup of alerts and security for you to be aware of. 
 

What kind of actions will trigger an alert? 

 
  • Mass deletion - A team member deleted an unusually large amount of data over a short period of time.
  • Mass data move - A team member moved an unusually large amount of data over a short period of time.
  • Sensitive content shared externally - A team member shared a file labeled as personal information outside of your team.
  • Malware shared from outside your team - Someone outside your team shared a malware file with team members.
  • Malware shared with your team - A team member shared a file containing malware.
  • Too many sign-in attempts - A team member tried to sign in unsuccessfully too many times.
  • Sign-in from a high-risk country - A team member signed in from a location that could be considered high-risk. 

How to take action on an alert

 

From the alert details page, you can take the following actions:
  • Restore in activity page - If you were sent a Mass deletion alert, this will take you to the activity page where you can restore the deleted files.
  • Email team member - This will allow you to email the team member who triggered the alert.
  • Suspend team member - This will suspend the team member responsible for the alert.
  • Acknowledge - This will mark the alert as acknowledged and remove it from the main alerts list.
 

Set alert sensitivity

Donā€™t worry, if you are  getting too many alerts, you can change the sensitivity of Mass deletion and Mass move alerts. If moving and deleting a lot of things at once is part of your teamā€™s day to day, you donā€™t need to be bombarded with emails. 
 
If you want any more info about alerts and security settings you can check it out at here. Now you can carry on with peace of mind.
  • 1 Likes
  • 3 Replies
  • 2,902 Views
3 Replies 3

xtolchinskii
Explorer | Level 4
ā€Ž06-04-2021 06:49 AM

while good in theory, this isn't very practical.  in order to make this practical/useful, the following changes should be made :

- communicate the specific criteria used to trigger alerts [what constitutes a 'large' amount of data or 'too many' sign in attempts ?  what are the thresholds of 'informational', 'low', 'medium', 'high' ?  ...etc.]

- allow admins to configure these values so they're appropriate to their specific use cases.  for example, an admin may want to place an especially high priority on the malware alert [which is currently impossible].

- when an admin does make a change to an alert, reflect that change in the control panel. currently, changing the sensitivity of the mass-deletion or mass-move alerts is possible, but the alerts policies page still displays the old severity levels [probably a bug, as revisiting the alert edit page shows the new values].

0 Likes

Amy
Community Manager
ā€Ž06-08-2021 10:07 AM

Hi @xtolchinskii, thanks for that feedback, I've shared that with the team who takes care of alerts, and I'll let you know if they have any further info on it.

Amy
Community Manager
ā€Ž06-09-2021 09:36 AM

Hi again @xtolchinskii, I spoke to the team and they have given me a little more info on this. We needed to adjust the calculation which triggers the alerts to deal with anomalies in customers environment, for example to deal with really large files that can each trigger an alert, so we can scale down big files. That is why it is inefficient to translate threshold to specific size or number of files. We found that from our testing this is the most logical way of doing this to allow for the alerts to work intuitively for all teams. Having a strict set of rules for these thresholds for all teams would mean some teams would not have the best experience if they use a much smaller, or much larger amount of data on a daily basis. We feel this approach is more inclusive for all teams, and makes the most sense. 

0 Likes
Need more support?