You might see that the Dropbox Community team have been busy working on some major updates to the Community itself! So, here is some info on what’s changed, what’s staying the same and what you can expect from the Dropbox Community overall.

Forum Discussion

Amy's avatar
Amy
Icon for Community Manager rankCommunity Manager
4 years ago

Biz admin security and alerts

Security alerts is a feature available to Dropbox Business teams on an Enterprise plan, and means that admins will receive email notifications if suspicious behavior, risky activity, and potential data leaks are detected. As a Biz Admin, you have visibility and access to a lot of information, so it’s important to know when something really needs your attention. Here is a roundup of alerts and security for you to be aware of. 
 

What kind of actions will trigger an alert? 

 
  • Mass deletion - A team member deleted an unusually large amount of data over a short period of time.
  • Mass data move - A team member moved an unusually large amount of data over a short period of time.
  • Sensitive content shared externally - A team member shared a file labeled as personal information outside of your team.
  • Malware shared from outside your team - Someone outside your team shared a malware file with team members.
  • Malware shared with your team - A team member shared a file containing malware.
  • Too many sign-in attempts - A team member tried to sign in unsuccessfully too many times.
  • Sign-in from a high-risk country - A team member signed in from a location that could be considered high-risk. 

How to take action on an alert

 

From the alert details page, you can take the following actions:
  • Restore in activity page - If you were sent a Mass deletion alert, this will take you to the activity page where you can restore the deleted files.
  • Email team member - This will allow you to email the team member who triggered the alert.
  • Suspend team member - This will suspend the team member responsible for the alert.
  • Acknowledge - This will mark the alert as acknowledged and remove it from the main alerts list.
 

Set alert sensitivity

Don’t worry, if you are  getting too many alerts, you can change the sensitivity of Mass deletion and Mass move alerts. If moving and deleting a lot of things at once is part of your team’s day to day, you don’t need to be bombarded with emails. 
 
If you want any more info about alerts and security settings you can check it out at here. Now you can carry on with peace of mind.
  • xtolchinskii's avatar
    xtolchinskii
    Explorer | Level 4

    while good in theory, this isn't very practical.  in order to make this practical/useful, the following changes should be made :

    - communicate the specific criteria used to trigger alerts [what constitutes a 'large' amount of data or 'too many' sign in attempts ?  what are the thresholds of 'informational', 'low', 'medium', 'high' ?  ...etc.]

    - allow admins to configure these values so they're appropriate to their specific use cases.  for example, an admin may want to place an especially high priority on the malware alert [which is currently impossible].

    - when an admin does make a change to an alert, reflect that change in the control panel. currently, changing the sensitivity of the mass-deletion or mass-move alerts is possible, but the alerts policies page still displays the old severity levels [probably a bug, as revisiting the alert edit page shows the new values].

    • Amy's avatar
      Amy
      Icon for Community Manager rankCommunity Manager

      Hi xtolchinskii, thanks for that feedback, I've shared that with the team who takes care of alerts, and I'll let you know if they have any further info on it.

    • Amy's avatar
      Amy
      Icon for Community Manager rankCommunity Manager

      Hi again xtolchinskii, I spoke to the team and they have given me a little more info on this. We needed to adjust the calculation which triggers the alerts to deal with anomalies in customers environment, for example to deal with really large files that can each trigger an alert, so we can scale down big files. That is why it is inefficient to translate threshold to specific size or number of files. We found that from our testing this is the most logical way of doing this to allow for the alerts to work intuitively for all teams. Having a strict set of rules for these thresholds for all teams would mean some teams would not have the best experience if they use a much smaller, or much larger amount of data on a daily basis. We feel this approach is more inclusive for all teams, and makes the most sense. 

About Dropbox tips & tricks

Node avatar for Dropbox tips & tricks

Learn how to get the most out of Dropbox with other users like you.

390 PostsLatest Activity: 4 days ago
324 Following

If you need more help you can view your support options (expected response time for an email or ticket is 24 hours), or contact us on X or Facebook.

For more info on available support options for your Dropbox plan, see this article.

If you found the answer to your question in this Community thread, please 'like' the post to say thanks and to let us know it was useful!