Secure Box account usage

OSU account vs private account

When doing any university related data storage and sharing, be sure to use your OSU Box account and not a personal one you may already have. This is especially true if it’s sensitive University data. When sharing these folders and files with others, be sure to share to their OSU Box accounts as well.

login screen

Sharing Sensitive Data

When you are emailing someone a link to a shared file or folder containing sensitive information, be sure to check that you are sending it to the correct person and not someone else with a similar name. An easy way to do this is through the outlook contact cards.

Shared Folders

It’s also good practice to only share files with the people who need access to them, keeping the pool of those with access as small as possible and up to date. If you regularly work with a group of people on things, it’s best to have a shared folder with them, where everyone can edit the documents directly within Box, using Office 365. Keeping the work within Box minimizes the risk of someone gaining access to any of those files saved to your local machine.

edit online


Box automatically encrypts the files you upload, but if you’re uploading sensitive or confidential information OIS recommends you encrypt it yourself first. This can be done easily in Microsoft Word:

We recommend that you share the passwords to these files over the phone so that you are never sending a password in plain text over the web.

Recoverable deletions

If you accidentally delete something or find that you later need something you previously deleted, it can often be recovered if it’s within a couple months. Try looking in the trash folder first.

Avoid Box related phishing attempts

Never give your password to anyone, OSU will never ask for it. The login uses your onid account, so if someone asks for your Box account password it’s probably phony. The storage is also unlimited so any email saying you’ve reached your quota and your account will be shut down is also likely a phishing attempt.