With YNAB 4 delivering people’s personal budgets to the cloud, concerns have been raised by people in the YNAB user community about the security of their data. Let’s spend a few moments analyzing the personal exposure YNAB users have by employing the cloud-based functionality.
Dropbox has been atop the IT Security hit list within the business for some time now. The issues revolve around loss of control over data. Concerns are primarily around that businesses could be exposed through inadequate security provided by Dropbox such as the password breaches that occurred mid-2012 where a hacker was able to access user’s files using their own password. Or concerns that large organizations don’t know where all its data is located because of having so many different employees and contractors store it on their own Dropbox accounts. Or concerns over trade secrets being extracted by Dropbox employees digging through their corporate files. Truth is, many large organizations will block the Dropbox website from their systems.
Your Exposed Information
But let’s look at your personal exposure. YNAB users all know that YNAB does not connect to banks to do account reconciliations. So immediately the concern that someone is going to get access to your checking, savings, or credit card information via YNAB to your financial institutions is gone.
The risk you are taking is that if someone hacks into your DropBox account (a rare event, but has happened) and can identify you (could do from other files on there) and accesses your YNAB file, they could potentially gain some benefit by knowing all the places you shop and who you bank with which could conceivably be useful in identity theft.
I would rank this as extremely low risk, however, if you are uber risk-averse, there are some things you can do to provide comfort:
First, Dropbox allows users to enable two-step verification on your Dropbox account (see https://www.dropbox.com/help/363/en).
Second, you could make sure full string account numbers are located anywhere inside YNAB. If you really wanted to go the extra mile, you could also remove any last names and bank names.
The reality is your personal information located inside Dropbox isn’t valuable enough to be worth a hackers time and effort that’d be required to break through DropBox and steal. It would be nice if DropBox and YNAB got together and encrypted your information to provide peace of mind.
Even though it is extremely unlikely your YNAB file will ever be exposed, perhaps employing the simple recommendations listed above are worth the 5 minutes required to hide your data.