Box User Guidelines - Rice Data
This document provides guidance and best practices on how to use Box to safely store protected Rice data.
Box provides a safe platform for protected classifications of data when used properly.
For example: Box encrypts all data it stores, allow for granular access controls, and facilitates access monitoring.
Folders must be properly configured to take full advantage of these security enhancements.
Using Box as a collaborative space for protected information (including information classified as confidential or sensitive by Rice Policy 808, or information otherwise regulated through federal, state, or local laws; or other information regulated by third party agreement) should make a few changes to important settings in their account. In addition, Users should create a top-level, separate space for protected information in their Box environment.
An understanding of Box User roles is helpful when applying the principle of least privilege to protected information.
Login to Box
Step 2: Login to Box with Rice NetID and Password, select Login
Step 3: Go to the User Profile drop-down, select Account Settings.
User level Account Settings
Users should leverage tools provided by Box to check for suspicious activity including the following:
Some settings should also be set for those working with protected data. Specifically, these settings should be set:
external links to folders and files with only people at Rice or already
in the folder (by default, changeable at the folder level for those who
need external collaboration) [Shared Links Can Be Viewed By: People in your company and People in this folder only]
- Default new links to people in the folder
- Link viewers should preview the shared item only
Each project or collaboration should have a separate, top-level folder
as all sub folders in Box inherit parent folder permissions (and there is
no way to disable this).
If collaborator links are used, users should join with the Previewer role
Collaborating on Content
These settings will only apply to content that you own.
By default, Incoming Invitations is selected to "Automatically accept incoming collaboration invitations"
- Set your account to receive notifications when someone downloads, uploads, comments, previews, or deletes files in folders owned or joined
General Emails and Notifications
Uploading Content - this feature is turned on by default
Box Accelerator is a global data transfer network that improves the speed of your uploads. If you experience issues with uploads, try turning this off.
- Security: this section allows the User to view Login Activity
- Logins to your account are tracked so you can monitor details on each access and manage these applications
- Invitations should be restricted to only be sent by the folder owners and co-owners
- Collaboration should be restricted to those within Rice (unless external collaboration is required)
- Shared link access should be restricted to file or folder collaborators
- If collaborator links are used, users should join with the Previewer role
- When possible, enable the watermarking feature for supported PII documents
To the top
When possible, set an automated unshare date
for any shared links (beyond the expected collaboration window)
- For example, if a collaborative project is only expected to last for (6) six months, set an automatic unshare date for just after that
- Set an expiration date for shared links
- Employ the use of tags, such as PII, FERPA, HIPAA, etc. on files and folers to facilitate searching for protected information