Securing Box Files and Folders

Standard for securing data in Box

It's always important to keep College data safe.  Below are recommendations to make your file sharing more secure.  

IMPORTANT NOTE about Sensitive Data:  If the data you are sharing falls into the "Sensitive Data" category in our Data Classification and Protection Policy, you MUST use the folder settings below.  If for some reason these settings do not meet your business needs please contact [[pckell,W&M IT's Information Security Office]].

How to share securely

There are two ways to share data.  You can invite someone to collaborate on a folder or you can simply share a link with them.  If sharing sensitive data, collaborate.  To collaborate:

  1. Set-up a folder.
  2. Add the file with the sensitive data to the folder.
  3. Then invite the person you are sharing with as a "Collaborator".

This will provide an additional layer of security controls and a more accurate audit trail.  

Standard File

There are three layers of security controls when collaborating:

Share a link - If you share a link to a file, you are essentially pushing-out a document to another person or group.  You are not anticipating an exchange.  Only share links with collaborators in your folder when sharing sensitive data.

Folder Roles for Collaborators

To make your folders more secure, invite anyone who will look at your sensitive files as a "Collaborator" in your folder.  That way you will have a record of who accessed your file and when. 

If you want to collaborate with someone who is not a W&M faculty or staff member or who does not already have a Box account, you can still invite them using their email address.  They will be prompted to sign-up for a free 10 GB account at box.com.

To invite someone as a Collaborator, click the Share this Folder button on the right side of the screen and select Invite Collaborators.  The screen pictured below will appear.  In the Permissions drop-down, make the setting as restrictive as possible, but still allowing you to do what you need to do with the folder.  Use the "Previewer" role unless editing or downloading is necessary for your business need. 

BoxUpdateImage2

If downloading is necessary for a file with sensitive data, assign either the "Viewer" or "Editor" role, but also insert the following statement into the message field:

(Copy & paste)

“This file contains sensitive data protected by law. If you choose to download this file, you are accepting full responsibility for the security of the data. Please be sure to delete the file when you no longer need it. If you are unsure how to secure this file, please contact W&M’s Director of Infrastructure & Security at pckell@wm.edu for assistance”

Then click Send Invites.

Folder-Level Permissions

Folders with sensitive data should have the following settings. To get to the settings:

BoxUpdateImage3

The settings will be slightly different depending on whether you are sharing with other W&M faculty and staff (top image) or W&M Students or external constituents (bottom image):

BoxUpdateImage4
BoxUpdateImage5

Then click Save Changes.

File-Level Permissions

File level permission secure only the document itself.  If you also have folder-level permissions in place, certain file-level permissions may or may not be an option.  However, these permissions, if given the option, should be set as stringent as possible when working with any confidential information.  This is especially important when sending links directly to files.  Find these settings, here:

BoxUpdateImage6

If downloading or editing is not necessary, that permission should be removed.  Use additional security settings when offered like link expirations and a password requirement.  Link expirations should be set for no more than 30 days.

BoxUpdateImage7

If emailing the link, insert the following statement into the message field:

“This file contains sensitive data protected by law. If you choose to download this file, you are accepting full responsibility for the security of the data. Please be sure to delete the file when you no longer need it. If you are unsure how to secure this file, please contact the W&M’s Director of Infrastructure & Security at pckell@wm.edu for assistance”

Then click Save and Close.

BoxUpdateImage8Secure Link Settings

Sharing a link to a file or folder allows you to push data to another person or it can direct them to a specific place within Box. 

If the file contains sensitive data, the receiver of the link must be a collaborator on your folder.  Only share links with collaborators.  Additional security measures for links include:

  • Add an expiration date for additional security.  Link expirations should be set for no more than 30 days.
  • Do not set a custom URL.  Making a link easy to remember makes it less secure.  

If the data in the file isn't classified as sensitive, you may share links with non-collaborators.  However, you still want to keep the data as safe as possible.  Lock-down your links by adjusting the access level, setting an expiration date, restricting downloads, etc.  Guidelines for securing these links are listed in the file-level permissions section.

BoxUpdateImage9Open With Word

We recommend using Microsoft Word within the Box document previewer instead of downloading the file to make edits.  

The Microsoft Word option will launch a app called Box Edit.  The Microsoft Word Online option will open Office 365.  Both options will allow you to open and edit documents and resave to Box without downloading a copy of the file to your computer/device. 

Learn more about Box Edit and find download options on our Box Apps page.


Questions?
Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [[support]]| Jones 201, Monday - Friday, 8:00 am - 5:00 pm