Secure Box account usage
OSU account vs private account
When doing any university related data storage and sharing, be sure to use your OSU Box account and not a personal one you may already have. This is especially true if it’s sensitive University data. When sharing these folders and files with others, be sure to share to their OSU Box accounts as well.
Sharing Sensitive Data
When you are emailing someone a link to a shared file or folder containing sensitive information, be sure to check that you are sending it to the correct person and not someone else with a similar name. An easy way to do this is through the outlook contact cards. https://support.office.com/en-us/article/Find-people-and-contacts-f86874...
It’s also good practice to only share files with the people who need access to them, keeping the pool of those with access as small as possible and up to date. If you regularly work with a group of people on things, it’s best to have a shared folder with them, where everyone can edit the documents directly within Box, using Office 365. Keeping the work within Box minimizes the risk of someone gaining access to any of those files saved to your local machine.
Box automatically encrypts the files you upload, but if you’re uploading sensitive or confidential information OIS recommends you encrypt it yourself first. This can be done easily in Microsoft Office products: http://is.oregonstate.edu/ois/how-encrypting-microsoft-office-documents-...
When uploading confidential information, we require that you share the passwords to these files via phone or in person (anything other than email.)
If you accidentally delete something or find that you later need something you previously deleted, it can often be recovered if it’s within a couple months. Try looking in the trash folder first.
Avoid Box related phishing attempts
The login uses your onid account, so if someone asks for your Box account password it’s probably phony. The storage is also unlimited so any email saying you’ve reached your quota and your account will be shut down is also likely a phishing attempt. For the safest experience, please use DUO two-step authentication.