cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Back again with another edition of 'How we use Dropbox', so find out how Emma uses to-do lists to get it all done here!

Business Tips & tricks

Discover new ways to use Dropbox or share your tips with other Admins.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: Biz admin security and alerts

Biz admin security and alerts

Amy
Community Manager
Security alerts is a feature available to Dropbox Business teams on an Enterprise plan, and means that admins will receive email notifications if suspicious behavior, risky activity, and potential data leaks are detected. As a Biz Admin, you have visibility and access to a lot of information, so it’s important to know when something really needs your attention. Here is a roundup of alerts and security for you to be aware of. 
 

What kind of actions will trigger an alert? 

 
  • Mass deletion - A team member deleted an unusually large amount of data over a short period of time.
  • Mass data move - A team member moved an unusually large amount of data over a short period of time.
  • Sensitive content shared externally - A team member shared a file labeled as personal information outside of your team.
  • Malware shared from outside your team - Someone outside your team shared a malware file with team members.
  • Malware shared with your team - A team member shared a file containing malware.
  • Too many sign-in attempts - A team member tried to sign in unsuccessfully too many times.
  • Sign-in from a high-risk country - A team member signed in from a location that could be considered high-risk. 

How to take action on an alert

 

From the alert details page, you can take the following actions:
  • Restore in activity page - If you were sent a Mass deletion alert, this will take you to the activity page where you can restore the deleted files.
  • Email team member - This will allow you to email the team member who triggered the alert.
  • Suspend team member - This will suspend the team member responsible for the alert.
  • Acknowledge - This will mark the alert as acknowledged and remove it from the main alerts list.
 

Set alert sensitivity

Don’t worry, if you are  getting too many alerts, you can change the sensitivity of Mass deletion and Mass move alerts. If moving and deleting a lot of things at once is part of your team’s day to day, you don’t need to be bombarded with emails. 
 
If you want any more info about alerts and security settings you can check it out at here. Now you can carry on with peace of mind.
3 Replies 3

Re: Biz admin security and alerts

xtolchinskii
Explorer | Level 4

while good in theory, this isn't very practical.  in order to make this practical/useful, the following changes should be made :

- communicate the specific criteria used to trigger alerts [what constitutes a 'large' amount of data or 'too many' sign in attempts ?  what are the thresholds of 'informational', 'low', 'medium', 'high' ?  ...etc.]

- allow admins to configure these values so they're appropriate to their specific use cases.  for example, an admin may want to place an especially high priority on the malware alert [which is currently impossible].

- when an admin does make a change to an alert, reflect that change in the control panel. currently, changing the sensitivity of the mass-deletion or mass-move alerts is possible, but the alerts policies page still displays the old severity levels [probably a bug, as revisiting the alert edit page shows the new values].

Re: Biz admin security and alerts

Amy
Community Manager

Hi @xtolchinskii, thanks for that feedback, I've shared that with the team who takes care of alerts, and I'll let you know if they have any further info on it.

Re: Biz admin security and alerts

Amy
Community Manager

Hi again @xtolchinskii, I spoke to the team and they have given me a little more info on this. We needed to adjust the calculation which triggers the alerts to deal with anomalies in customers environment, for example to deal with really large files that can each trigger an alert, so we can scale down big files. That is why it is inefficient to translate threshold to specific size or number of files. We found that from our testing this is the most logical way of doing this to allow for the alerts to work intuitively for all teams. Having a strict set of rules for these thresholds for all teams would mean some teams would not have the best experience if they use a much smaller, or much larger amount of data on a daily basis. We feel this approach is more inclusive for all teams, and makes the most sense. 

Need more support?