M365 Storage (Information) Security Recommendations for OneDrive, SharePoint, and Teams

Because OneDrive and SharePoint are a cloud-based file storage and sharing systems, their use presents some potential risk to UWM students, faculty, and staff information security.

 
Data stored in the cloud can be accessed by any workstation, laptop, tablet, or mobile device with access to the internet. Students, faculty, and staff are likely to access data in a variety of ways, including potentially unsecured connections from off-campus locations. It is not possible for UWM to govern how OneDrive is being accessed by non-University computers or internet connections. When files are shared with others from a device infected with viruses or malware, the data is likely to be compromised as well.

Secure the workstation or device you are using:

  • Install virus/malware detection software with the latest definitions
    • Windows 10 includes an anti-virus solution through Virus & Threat protection; ensure that it is turned on and up to date.
  • Run a firewall that blocks in-bound traffic
    • Windows 10 includes a firewall solution; ensure that it is turned on.
  • Do not log into your workstation or device as an administrator (unless absolutely necessary)
  • Keep your operating system and software up-to-date
  • Password-protect your workstation or device and use idle-time screen saver passwords where possible
  • Contact the Help Desk for help securing your device and your data. 

Use only secure network connections:

  • Use the UWM wired network or UWM WiFi when on campus
  • Try to avoid using public WiFi, but if you need to use it, follow FTC's best practices
  • Secure your home wireless network using the FTC's guide

De-identify confidential or sensitive data before sharing via OneDrive, SharePoint, and Teams:

  • Use a random identifier and store both the identifiable data and its encrypted identifier on an internal network drive

Encrypt confidential or sensitive data that cannot be de-identified:

  • Use the UWM Information Security Office's recommended tools
  • Ensure the party you are sharing these files with has met the requirements associated with the type of data being shared (e.g., signing a confidentiality agreement or signing a BAA for HIPAA data)
  • Encryption key or password should be exchanged over the phone

Exercise caution when sharing files online:

  • Share files with specific individuals, never with everyone or the public
  • Use folders to share groups of files with others online
  • Be careful sending links to shared folders because they can often be forwarded to others who you did not provide access to
  • Remember that once a file is shared with someone and they download it to their device, they can share it with others

Review sharing privileges in OneDrive, SharePoint, and Teams on at least a quarterly basis:

  • Remove individuals when they no longer require access to files or folders
  • See the KB articles (OneDrive, SharePoint, Teams ) on reviewing sharing permissions for more information

Use sensitivity labels for files that contain sensitive data:

  • Sensitivity labels allow classification of files, emails, and SharePoint sites with sensitive information as either Sensitive or Restricted.
  • See the KB article Microsoft 365 - Sensitivity Labels for more information. 

See the UWM Information Security Office for more information.

 



Keywordsonedrive, one drive, security, privacy, onedrive for business, od4b, sharepoint, teams, team, sites, microsoft, m365, office, o365   Doc ID46824
OwnerHelp Desk K.GroupUW-Milwaukee Help Desk
Created2015-02-04 10:40:39Updated2024-06-17 11:28:00
SitesUW-Milwaukee Help Desk
Feedback  2   0