UMD Box is a cloud-based storage and collaboration system that provides a Web interface for uploading, downloading, sharing and discussing files. It is designed to work on Macs, PCs, smartphones and tablets. This guide will help you understand Box sharing settings, and store and collaborate securely with your files in Box. For information about Box Drive, see Getting Started with UMD Box Drive.
These guidelines are best practices for storing and sharing items in Box, but do not guarantee the security of your items, and do not imply compliance with any specific regulations or laws. Be sure to consult with the appropriate IT admins and the Division of IT Compliance team when handling sensitive data.
The most secure way to store an item in UMD Box is to upload the file to a folder, set the file as locked, enable notifications for Preview and Download, and enable Watermarking. As long as you have not invited a collaborator or enabled link sharing for the folder or file, only you will be able to access the item. Notifications will ensure that you are notified if a setting is misconfigured or if someone accesses the item. Watermarking will superimpose the user's information onto the item while viewing it, discouraging misuse and screenshots.
If you wish to have a high level of security but need to share a file or folder, be sure to leave link sharing off and share the file or folder directly with members of the University of Maryland community (UMD), and give them the Previewer Uploader role. This would prevent them from sharing the file with others and downloading the file, while requiring them to have a UMD account to view the item.
If you wish to have a high level of security but need to share a file or folder with someone outside of UMD, make sure to leave link sharing off and only share the file or folder directly with the email address of the trusted collaborator; give them the Previewer Uploader role. As long as they have a Box account registered with that email address, they will be able to access the item, but still be unable to share the file with others or download the file.
If for some reason, a collaborator cannot get a Box account with their own email address or institution, you will need to enable Link Sharing for People with the Link. This makes the item public, so you should exercise extreme caution with this method. Make sure to have notifications enabled for preview and download, and make sure to go into Link Settings and require a passphrase for the data. Make sure the passphrase you set meets the UMD passphrase requirements. You should also disable downloads, and enable watermarking. Finally, set an expiration date within 6 months for the link.
Folder sharing allows you to set granular permissions for collaborators who have Box accounts. There are seven roles with various permissions. While Editor is the most commonly used role, Previewer Uploader is ideal when the collaborators do not need to edit any of the items. The Previewer Uploader role prevents the collaborator from sharing and downloading the item. If a collaborator needs to be able to edit files, use one of the roles that allows editing, but lock items from editing.
Sharing individual items will limit the roles you can choose from to Editor and Viewer. You cannot prevent collaborators with these roles from sharing or downloading the item. The most secure option is to share folders using roles with more granular permissions and place appropriate items into the folder, rather than sharing individual items.
Box allows you to share Files and Folders with people using a link. There are several ways to use link sharing and the Link Sharing options will change depending on certain conditions.
When you first enable 'Shared Link', there are three types of link sharing:
People with Link and People in your Company include an additional setting that allows you to choose between 'View and Download' or 'View Only' rights for people with the link.
Once a Shared Link is Created, a Link Settings option appears in the modal. These settings change depending on the type of link sharing you are using.
Set Link Expiration |
Create Custom URL |
Enable/Disable Download |
Set a Passphrase for access |
|
---|---|---|---|---|
People with the Link |
|
|
|
|
People in your Company |
|
|
|
|
Invited People Only |
|
|
This feature allows files to be deleted on a specific date, which is useful when a data management plan or agreement includes a data destruction requirement, or if you only need to share files temporarily.
You can enable this feature by selecting the Actions icon (...), choosing the More Actions menu, and selecting Set Expiration.
Watermarking places a semi-transparent overlay of the current viewer's user name and time of access across a document's contents to deter unauthorized sharing.
You can enable this for a file by selecting the Actions icon (...) and then selecting the More Options menu.
The Lock button in the Actions Menu allows you to lock a file from being edited by collaborators. You can also use this feature to prevent download of the file.
Box File Request is a secure way to allow anyone to upload files to a Box folder you own. Make sure to secure your Folder appropriately for the type of data you plan to collect, and be cautious of uploaded files if they are unexpected or uploaded by unknown people. Some files can compromise your system when they are opened. At a minimum, it is recommended that you collect the uploader's email address during the upload process.
Box allows you to receive notifications for content you own or are a part of. If you handle data that is sensitive and needs to be access controlled, you should enable notifications for Downloads and Deletes. Previews will generate many notifications, but may also be useful if you handle very sensitive data.
These notifications may indicate that access control procedures aren't being followed.
You should also enable notifications about Login Activity. This will send you an email if your account is accessed from an unrecognized device, which will help indicate if it has been compromised.
If you select a file in Box, you will see access stats on the right side of the screen. Clicking View Details will give you a deeper dive into these stats and allow you to export activity into a spreadsheet. This capability is useful when performing a self-audit of the usage of your data, and is a useful capability that can be written into data management plans.