5 ways to support HR compliance with Dropbox

Human Resources (HR) deals with all kinds of personal and confidential information: healthcare data, salary and benefit specifics, internal feedback, survey results and more. The most effective HR teams are the ones that collect, organise and store this information, transforming bits of data into actionable items that can drive business goals, improve internal functions and processes and attract external talent.

But with great power comes great responsibility, and protecting sensitive employee information and confidential business data is just that. Additionally, it’s vital to protect this information for compliance purposes as well. HR has a duty to an organisation’s employees and to ensure they follow business and security regulations. And that’s where Dropbox comes in. Here are five ways Dropbox can secure confidential data and support HR compliance: 

1. Control access to confidential files and folders

One of the first and simplest ways to control private information is to limit who has access to the data. With the Dropbox granular file permissions, it's easy to control who can access folders and files—and what kind of access permissions they have for each one. By using group permissions, you can share a spreadsheet detailing the salaries of a specific team with their manager without giving the team access to the folder where the spreadsheet lives (i.e. a folder containing spreadsheets with all salary information). 

Additionally, the admin console and Teams capabilities of the Dropbox eSignature product called Dropbox Sign also offer need-to-know permissions on essential documents that require a legally binding signature. With Dropbox Sign, it’s easy to secure legally binding signatures on employee agreements such as offer letters, NDAs, contracts and non-competes. These documents are tamper-proof and have an audit trail to make their path easily trackable in case of any legal disputes.

2. Create layers of protection

Protection for data comes in a few varieties. First, there's the best-in-class security system that includes 256-bit Advanced Encryption Standard, Secure Sockets Layer and Transport Layer Security to protect data in transit between Dropbox apps and the servers, a robust security vulnerability reward programme, two-step verification and more. Second, there are multiple ways for HR and other users to add more layers of protection. Using the Dropbox cloud file system enables someone to send view-only links, which allow the recipient to view, comment on and download the file but not edit them, while adding two-step verification to documents creates a way to ensure that only the intended recipient can see sensitive HR materials.

3. Proactively manage devices and track how data is shared

It's one thing to know who can see a file or folder. It's another to know who has accessed the information. With Dropbox, a quick glance will deliver this information as anyone who is viewing will have their avatar shown in colour, while those with view and edit permissions, who aren't currently viewing, will have their avatars shown in grey. And checking who viewed, edited, moved or otherwise altered a file is as easy as opening the file and clicking Activity in the right sidebar. It's also possible to remotely sign out of a Dropbox account and—for users on Plus, Family, Professional or Business—it's also possible to remotely delete all Dropbox files while signing out remotely. There's no need to worry about information on lost or stolen devices falling into the wrong hands.

4. Password-protect individual files and folders

A spreadsheet contains the personal information of every employee in the company. It needs to be maximally protected. Why not go beyond the already robust security infrastructure and add a password to a Dropbox file, folder or document. Only those with the password will be able to access it. If HR needs to send the file, it can't be opened without the password, either. As a bonus, set an expiry date for the shared link so that no one will be able to download or view the file after the expiry date even if they have the password. Simple, effective and safe.

5. Monitor and detect suspicious behaviour and data leaks

HR teams using Dropbox Advanced or Enterprise can set up alerts for issues including ransomware detection, mass deletion or data move, the presence of malware, too many sign-in attempts and more. These alerts are a key to detecting issues early and dealing with any potential fall-out. The Dropbox security practices make tracing the details easy, showing information such as who is responsible, what happened, when it happened and what files, folders or people were impacted. Anyone in HR knows that data can get released. What matters is how the leak is dealt with and the quality of the overall response. That’s how HR builds, and maintains, trust across the organisation. 

With the right tools and technology, securing HR practices doesn’t have to be difficult. But it is essential to the success of an organisation. Individual employees need to feel confident that their information is safe, protected and only accessible to those who need it. Business leaders should know that they are in compliance with business and security regulations. The cost of data breaches is too great, both reputationally and financially, to risk unsound HR practices.