Securing Box Files and Folders
Standard for securing data in Box
It's always important to keep university data safe. Below are recommendations to make your file sharing more secure.
IMPORTANT NOTE about Sensitive Data: If the data you are sharing falls into the "Sensitive Data" category in our System and Data Classification Policy, you MUST use the folder settings below. If for some reason these settings do not meet your business needs please contact [[pckell,William & Mary Information Technology's Information Security Office]].
How to share securely
There are two ways to share data. You can invite someone to collaborate on a folder or you can simply share a link with them. If sharing sensitive data, collaborate. To collaborate:
- Set-up a folder.
- Add the file with the sensitive data to the folder.
- Then invite the person you are sharing with as a "Collaborator".
This will provide an additional layer of security controls and a more accurate audit trail.
There are three layers of security controls when collaborating:
Share a link - If you share a link to a file, you are essentially pushing-out a document to another person or group. You are not anticipating an exchange. Only share links with collaborators in your folder when sharing sensitive data.
Folder Roles for Collaborators
To make your folders more secure, invite anyone who will look at your sensitive files as a "Collaborator" in your folder. That way you will have a record of who accessed your file and when.
If you want to collaborate with someone who is not a W&M faculty or staff member or who does not already have a Box account, you can still invite them using their email address. They will be prompted to sign-up for a free 10 GB account at box.com.
To invite someone as a Collaborator, click the Share this Folder button on the right side of the screen and select Invite Collaborators. The screen pictured below will appear. In the Permissions drop-down, make the setting as restrictive as possible, but still allowing you to do what you need to do with the folder. Use the "Previewer" role unless editing or downloading is necessary for your business need.
If downloading is necessary for a file with sensitive data, assign either the "Viewer" or "Editor" role, but also insert the following statement into the message field:
(Copy & paste)
“This file contains sensitive data protected by law. If you choose to download this file, you are accepting full responsibility for the security of the data. Please be sure to delete the file when you no longer need it. If you are unsure how to secure this file, please contact W&M’s Director of Infrastructure & Security at email@example.com for assistance”
Then click Send Invites.
Folders with sensitive data should have the following settings. To get to the settings:
The settings will be slightly different depending on whether you are sharing with other W&M faculty and staff (top image) or W&M Students or external constituents (bottom image):
Then click Save Changes.
Folder roles for Collaborators have precedence over file-level permissions. For example: if the folder role for a Collaborator is set as Previewer and the file-level permission for that Collaborator is set as Editor, the Collaborator will not be able to edit the file. File level permission secure only the document itself. If you also have folder-level permissions in place, certain file-level permissions may or may not be an option. However, these permissions, if given the option, should be set as stringent as possible when working with any confidential information. This is especially important when sending links directly to files. Find these settings, here:
If the data in the file is not classified as sensitive, you may allow collaboration outside W&M. However, you still want to keep the data as safe as possible. Lock-down your links by adjusting the access level, setting an expiration date, restricting downloads, etc.
If uploading or editing is not necessary, choose Viewer from the Invite as drop-down list. Previous shares, if any, are displayed above the email address box and can be viewed and managed by clicking on Shared with.
If emailing the link, insert the following statement into the message field:
“This file contains sensitive data protected by law. If you choose to download this file, you are accepting full responsibility for the security of the data. Please be sure to delete the file when you no longer need it. If you are unsure how to secure this file, please contact the W&M’s Director of Infrastructure & Security at firstname.lastname@example.org for assistance”
Then click Save and Close.
Secure Link Settings
Sharing a link to a file or folder allows you to push data to another person or it can direct them to a specific place within Box.
If the file contains sensitive data, the receiver of the link must be a collaborator on your folder. Only share links with collaborators. Additional security measures for links include:
- Add an expiration date for additional security. Link expirations should be set for no more than 30 days.
- Do not set a custom URL. Making a link easy to remember makes it less secure.
If the data in the file isn't classified as sensitive, you may share links with non-collaborators. However, you still want to keep the data as safe as possible. Lock-down your links by adjusting the access level, setting an expiration date, restricting downloads, etc. Guidelines for securing these links are listed in the file-level permissions section.
Collaborate with Students and People Outside of W&M
- Assure that Folder-Level Permissions are set to allow collaboration with students and outsiders.
- Use the ‘Invite People’ link to invite a collaborator to your folder.
- Type in the email address of the person you want to collaborate with.
We recommend opening files in Box with their native applications instead of downloading them to make edits. This can be achieved using Box Drive or with Microsoft Office Integrations, described next.
- Box Drive should be downloaded from https://www.box.com/drive and installed.
- There are two ways to open files with their native applications using Box Drive:
- Start the document’s native application (e.g., Microsoft Word) and open the file (e.g., select File … Open … Browse), then navigate to the Box icon and locate the desired file to open.
- Use File Explorer to navigate to the file beneath the Box icon, then double-click on the file to open
- Both options will allow you to open and edit documents and resave to Box without downloading a copy of the file to your computer/device.
Microsoft Office IntegrationsSetup instructions can be found on our Microsoft Office Integrations page.
Questions? Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [[support]]| Jones 201, Monday - Friday, 8:00 am - 5:00 pm