Office 365 (OneDrive for Business) - Security Recommendations
Because OneDrive for Business is a cloud-based file storage and sharing utility, its use presents some potential risk to UWM and it's students, faculty, and staff:
- Data stored in the cloud can be accessed by any workstation, laptop, tablet, or mobile device with access to the internet.
- Students, faculty, and staff are likely to access data in a variety of ways, including potentially unsecured connections from off-campus locations.
- It is not possible for UWM to govern how OneDrive for Business is being accessed by non-University computers or internet connections.
- When files are shared with others from a device that is infected with viruses or malware, the data is likely to be compromised as well.
How to Use OneDrive for Business Securely
Secure the workstation or device you are using to access OneDrive forBusiness:
- Install virus/malware detection software with the latest definitions
- Run a firewall that blocks in-bound traffic
- Do not log into your workstation or device as an administrator (unlessabsolutely necessary)
- Keep your operating system and software up-to-date
- Password-protect your workstation or device and use idle-time screensaver passwords where possible
- Talk to your departmental IT support for help securing your computersand other devices
Use only secure networkconnections:
- Use the UWM wired network or UWM WiFi when on campus.
- Try to avoid using public WiFi, but if you need to use it, followFTC's best practices.
- Secure your home wireless network using the FTC's guide.
De-identify confidential or sensitive data before sharing on OneDrivefor Business:
- Use a random identifier and storeboth the identifiable data and its encrypted identifier on an internal networkdrive.
Encrypt confidential or sensitive data that cannot be de-identified:
- Use the UWM Information SecurityOffice's recommended tools.
- Ensure the party you are sharingthese files with has met the requirements associated with the type of databeing shared (e.g., signing a confidentiality agreement or signing a BAA forHIPAA data).
- Encryption key or password shouldbe exchanged over the phone.
Exercise caution when sharing files online:
- Share files with specific individuals, never with everyone or the public
- Use folders to share groups of files with others online
- Be careful sending links to shared folders because they can often beforwarded to others who you did not provide access to
- Remember that once a file is shared with someone and they download itto their device, they can share it with others
Review sharing privileges in OneDrive on at least a quarterly basis:
- Remove individuals when they no longer require access to files orfolders
- See this How-To on reviewingsharing privileges for more information
Review file access logs in OneDrive on at least a weekly basis:
- Enable all audit settings
- Turn on reporting features
- Review your audit log reports
See the UWM InformationSecurity Office for more information.