Â鶹Æƽâ°æ

Securing Box Files & Folders

Standard for securing data in Box

It's always important to keep university data safe. Below are recommendations to make your file sharing more secure.  

IMPORTANT NOTE about Sensitive Data:  If the data you are sharing falls into the "Sensitive Data" category in our System and Data Classification Policy, you MUST use the folder settings below. If, for some reason, these settings do not meet your business needs, please contact [[pckell,Â鶹Æƽâ°æ Information Technology's Information Security Office]].

How to Share Securely

There are two ways to share data. You can invite someone to collaborate on a folder or share a link with them. If sharing sensitive data, collaborate. To collaborate:

1. Set up a folder.
2. Add the file with the sensitive data to the folder.
3. Then invite the person you are sharing with as a "Collaborator"; this will provide an additional layer of security controls and a more accurate audit trail.
   1. In the right column, click Share this folder.
   2. Select Invite Collaborators.

There are three layers of security controls when collaborating:

Share a link - If you share a link to a file, you are essentially pushing out a document to another person or group. You are not anticipating an exchange. Only share links with collaborators in your folder when sharing sensitive data.

• Secure Link Settings

Folder Roles for Collaborators

To make your folders more secure, invite anyone who will access your sensitive files as a "Collaborator" on your folder. That way, you will have a record of who accessed your file and when. 

If you want to collaborate with someone who is not a W&M faculty or staff member or who does not already have a Box account, you can still invite them using their email address. They will be prompted to sign up for a free 10 GB account at .

To invite someone as a Collaborator, click the Share this Folder button on the right side of the screen and select Invite Collaborators. The screen pictured below will appear. In the Permissions drop-down, set it as restrictive as possible while still allowing you to do what you need to do with the folder. Use the "Previewer" role unless editing or downloading is necessary for your business needs. 

If downloading is necessary for a file with sensitive data, assign either the "Viewer" or "Editor" role, but also insert the following statement into the message field:

(Copy & paste)

“This file contains sensitive data protected by law. If you choose to download this file, you are accepting full responsibility for the security of the data. Please be sure to delete the file when you no longer need it. If you are unsure how to secure this file, please contact W&M’s Director of Infrastructure & Security at pckell@wm.edu for assistance.”

Then click Send Invites.

Folder-Level Permissions

Folders with sensitive data should have the following settings. To get to the settings:

1. In the folder, click the More Options icon.
2. Click on Settings.

The settings will be slightly different depending on whether you are sharing with other W&M faculty and staff (top image) or W&M Students or external constituents (bottom image). Check the following boxes when collaborating with W&M Faculty & Staff:

• Only folder owners and co-owners can send collaborator invites
• Restrict collaboration to within Â鶹Æƽâ°æ
• Only collaborators can access this folder via shared links (For: Files and Folders)

When sharing externally or with students, check the following boxes:

• Only folder owners and co-owners can send collaborator invites
• Only collaborators can access this folder via shared links (For: Files and Folders)

Images for box collaborator settings

Then click Save Changes.

File-Level Permissions

Folder roles for Collaborators have precedence over file-level permissions. For example, if the folder role for a Collaborator is set as Previewer and the file-level permission for that Collaborator is set as Editor, the Collaborator will not be able to edit the file. File-level permissions secure only the document itself. If you also have folder-level permissions in place, certain file-level permissions may or may not be an option. However, if given the option, these permissions should be set as stringently as possible when working with any confidential information; this is especially important when sending links directly to files. Find these settings by clicking on the file's Share button (next to the ellipses):

If the data in the file is not classified as sensitive, you may allow collaboration outside W&M. However, you still want to keep the data as safe as possible. Lock down your links by adjusting access levels, setting expiration dates, restricting downloads, etc. 

If uploading or editing is not necessary, choose Viewer from the Invite as drop-down list. Previous shares, if any, are displayed above the email address box and can be viewed and managed by clicking on Shared with.

1. Change to People in this file
2. Click on Settings (gear icon) for more security options.
3. Secure your links further with these options (if available).

Important: links to sensitive data should only be shared with collaborators in your folders.

If emailing the link, insert the following statement into the message field:

“This file contains sensitive data protected by law. If you choose to download this file, you are accepting full responsibility for the security of the data. Please be sure to delete the file when you no longer need it. If you are unsure how to secure this file, please contact W&M’s Director of Infrastructure & Security at pckell@wm.edu for assistance.”

Then click Save and Close.

Secure Link Settings

Sharing a link to a file or folder lets you push data to another person or direct them to a specific place within Box.

If the file contains sensitive data, the receiver of the link must be a collaborator on your folder. Only share links with collaborators. Additional security measures for links include:

• Secure your links with an expiration date.
  • Add an expiration date for additional security. Link expirations should be set for no more than 30 days.
• Do not set a custom URL. Making a link easy to remember makes it less secure.
• Restrict ability to download, if appropriate.

If the data in the file isn't classified as sensitive, you may share links with non-collaborators. However, you still want to keep the data as safe as possible. Lock down your links by adjusting access levels, setting expiration dates, restricting downloads, etc. Guidelines for securing these links are listed in the file-level permissions section.

Collaborate with Students & People Outside of W&M

• Assure that Folder-Level Permissions are set to allow collaboration with students and outsiders.
• Use the ‘Invite People’ link to invite a collaborator to your folder.
• Type in the email address of the person you want to collaborate with.

Making edits

We recommend opening files in Box using its native applications rather than downloading them to edit; this can be done with Box Drive or Microsoft Office Integrations, described next.

Box Drive

• Box Drive should be downloaded from https://www.box.com/drive and installed.
• There are two ways to open files with their native applications using Box Drive:
  • Start the document’s native application (e.g., Microsoft Word) and open the file (e.g., select File > Open > Browse), then navigate to the Box icon and locate the desired file to open.
  • Use File Explorer to navigate to the file under the Box icon, then double-click it to open.
• Both options will allow you to open and edit documents and resave to Box without downloading a copy of the file to your computer/device. 

Microsoft Office Integrations

Setup instructions can be found on our Microsoft Office Integrations page.

Questions?

Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [[support]]| Jones 201, Monday - Friday, 8:00 am - 5:00 pm