M365 (OneDrive, SharePoint, and Teams) - Security Recommendations

Because OneDrive and SharePoint are a cloud-based file storage and sharing systems, their use presents some potential risk to UWM and its students, faculty, and staff.

  • Data stored in the cloud can be accessed by any workstation, laptop, tablet, or mobile device with access to the internet.
  • Students, faculty, and staff are likely to access data in a variety of ways, including potentially unsecured connections from off-campus locations.
  • It is not possible for UWM to govern how OneDrive is being accessed by non-University computers or internet connections.
  • When files are shared with others from a device that is infected with viruses or malware, the data is likely to be compromised as well.

How to Use OneDrive, SharePoint, and Teams Securely

Secure the workstation or device you are using:

  • Install virus/malware detection software with the latest definitions
    • Windows 10 includes an anti-virus solution through Virus & Threat protection; ensure that it is turned on and up to date.
  • Run a firewall that blocks in-bound traffic
    • Windows 10 includes a firewall solution; ensure that it is turned on.
  • Do not log into your workstation or device as an administrator (unless absolutely necessary)
  • Keep your operating system and software up-to-date
  • Password-protect your workstation or device and use idle-time screen saver passwords where possible
  • Talk to your departmental IT support for help securing your computers and other devices

Use only secure network connections:

  • Use the UWM wired network or UWM WiFi when on campus
  • Try to avoid using public WiFi, but if you need to use it, follow FTC's best practices
  • Secure your home wireless network using the FTC's guide

De-identify confidential or sensitive data before sharing via OneDrive, SharePoint, and Teams:

  • Use a random identifier and store both the identifiable data and its encrypted identifier on an internal network drive

Encrypt confidential or sensitive data that cannot be de-identified:

  • Use the UWM Information Security Office's recommended tools
  • Ensure the party you are sharing these files with has met the requirements associated with the type of data being shared (e.g., signing a confidentiality agreement or signing a BAA for HIPAA data)
  • Encryption key or password should be exchanged over the phone

Exercise caution when sharing files online:

  • Share files with specific individuals, never with everyone or the public
  • Use folders to share groups of files with others online
  • Be careful sending links to shared folders because they can often be forwarded to others who you did not provide access to
  • Remember that once a file is shared with someone and they download it to their device, they can share it with others

Review sharing privileges in OneDrive, SharePoint, and Teams on at least a quarterly basis:

  • Remove individuals when they no longer require access to files or folders
  • See the KB articles (OneDrive, SharePoint, Teams) on reviewing sharing permissions for more information

See the UWM Information Security Office for more information.


See Also:




Keywords:m365, microsoft365, office365, office 365, onedrive, one drive, security, privacy, onedrive for business, od4b, sharepoint, teams, team sites, sharepoint team sites   Doc ID:46824
Owner:Help Desk K.Group:UW-Milwaukee Help Desk
Created:2015-02-04 11:40 CDTUpdated:2021-02-23 11:22 CDT
Sites:UW-Milwaukee Help Desk
Feedback:  2   0