Is Box.com Safe? 

If you use or plan to use Box.com, you need to know: Is Box.com safe? 

Below, we explain whether Box.com is: 

• Safe to use. 
• Good for privacy. 

We also look at some steps you can take to improve both your safety and privacy when using this online service. 

What Is Box.com?

Box.com, also known simply as Box, is a cloud-based content management, collaboration, and file-sharing tool.

Though individuals can use Box.com, the tool is primarily marketed to business users. 

With Box.com, you can store, manage, and share files via an online folder system accessible from any device, with additional features such as commenting, workflow integration, and security and governance controls.

Is Box.com Safe?

Yes, Box.com is considered a safe platform for storing and sharing files.

In its privacy policy, Box.com says it encrypts your content at rest, encrypts sensitive information during transmission, and keeps the servers where personal information is stored in a controlled environment with limited access. 

It also says it has compliance and security programs. 

Box.com also outlines its security features on its website. These include, but are not limited to, the following (but may depend on your chosen plan):

• Identity and Access Management: Multi-factor authentication (via TOTP, SMS, email), single sign-on integrations, granular password controls, and configurable session timeouts. 
• Built-in content protection: Data is secured using TLS 1.2 for in-transit encryption and 256-bit AES for data at rest. Options like Box KeySafe allow for custom encryption key management, and vector-based watermarking helps stop unauthorized sharing.
• Integration with security tools: Box seamlessly integrates with existing security solutions (such as EMM, MDM, SIEM, and CASB) and identity providers. 

Box.com is designed to meet various industry-specific and international data compliance requirements, such as the GDPR, HIPAA, PCI DSS, FedRAMP, and ITAR. It also offers solutions like Box Zones, which help organizations manage data residency obligations across various regions. 

PCMag gives Box.com a 3.5 out of 5.0 rating for personal use and a 3.5 out of 5.0 rating for business use. Techradar gives Box.com a 4.0 out of 5.0 rating. 

Internet user reviews of Box.com are mixed. 

Box.com receives a score of 898 out of 950 from the cybersecurity company UpGuard, with UpGuard noting that the only concern is that the Content Security Policy is implemented unsafely.

Improper usage of Box previously led to data leakages. However, Box has since taken steps to prevent similar leakages in the future. 

In 2024, Varonis Threat Labs found a vulnerability that allowed attackers to bypass multi-factor authentication (MFA) for Box accounts using SMS verification. 

Is Box.com Private?

Depends on your definition of “private.” 

Box complies with a large number of privacy regulations and standards, such as GDPR (General Data Protection Regulation), HIPAA (Health Insurance Portability and Accountability Act), and FedRAMP (Federal Risk and Authorization Management Program). 

Its privacy policy outlines what data it collects and how it handles it. 

Box.com’s privacy policy receives a “Warning” rating from the Common Sense Privacy Program. This means Box.com “Does not meet our recommendations for privacy and security practices.” 

The Common Sense Privacy Program says it’s unclear whether data is sold or rented to third parties or shared for third-party marketing. 

In addition, it says that Box.com displays behavioral or targeted ads, data is collected by third parties for advertising, data is used to track and target ads on other websites, and it’s unclear whether the product creates and uses data profiles for data enhancement or targeted ads.

How to Improve Your Safety and Privacy On Box.com

Follow the below steps for a safer and more private experience when using Box.com. 

• Use strong passwords and enable two-factor authentication. Protect your Box.com account with a strong, unique password and turn on two-factor authentication (2FA). 
• Set granular file access permissions. Box allows you to control who can view, edit, or share your files. Assign access levels carefully, and don’t give unnecessary permissions to collaborators. 
• Review and manage shared links. Regularly audit your shared links to ensure only the right people have access. Set expiration dates on links and apply passwords to further protect your files from unintended access.
• Monitor activity logs. Box offers activity logs that allow you to track access to your files. Regularly reviewing these logs can help you detect any unusual activity or unauthorized access attempts. 
• Exercise your privacy rights. You can update your privacy preferences through your Box.com account or email privacy@box.com. You can update, access, and delete your account information; choose whether you want to receive promotional and newsletter communications; and choose whether you want to share personal data with and use Box integrations.