Secure Collaboration with Box

Please refer to the Allowable Data Sheet which provides a list of data that are allowed to be stored on Box. The prohibited items on this list should NEVER be stored on box under any circumstance.

As a commitment to your security within Box, we have all third-party apps not vetted by Box, turned off. IT Services does not have the capacity to vet all of the new apps being developed for Box.com. Only Core Apps used with Box.com are currently turned on as a security measure.

What to do	How	Why
Create and use a top-level shared folder for all your sensitive data. Do not designate a different top level folder. Note that permission settings on a folder apply to all the folders and files inside it.	These are the settings used for the top-level folder in shared UCLA accounts for sensitive data. Make these settings if they have not already been set for you. Check "Only Owners and Co-owners can send collaborator invites." in the security settings. Leave "Allow anyone who can access this folder from a shared link to join" unchecked. Check "Restrict shared links to collaborators only" for both files and folders. You can check in Folder Properties to make sure these are set appropriately.	When you request a departmental account and indicate that the account will be used for sensitive data, the top-level folder settings are configured for you with appropriate security settings.
Keep your list of collaborators (the people to whom you give access to folders) up-to-date. Only add people who need access to do their university work. Remove people as collaborators immediately when they no longer need that access (For example, when they leave the university or change jobs).	See Box's Invite Colleagues And Friends for instructions. Also see Know your Folder Icons to learn how to identify folders with collaborators at a glance.	It is your responsibility to make sure that only those people who need access to the data to do their jobs have that access. It is important to keep your list of collaborators up-to-date as their access needs change.
Give your folder collaborators only the permissions they need to do their university work and no more. For example, if someone does not need to make changes to files in a folder, give them only view or preview access; do not give them edit access.	See Understanding Permissions for details.	Providing only the minimum access needed reduces the chance of people inadvertently altering the data or sharing it more widely than intended

What to do

How

Why

Create and use a top-level shared folder for all your sensitive data.

Do not designate a different top level folder. Note that permission settings on a folder apply to all the folders and files inside it.

These are the settings used for the top-level folder in shared UCLA accounts for sensitive data. Make these settings if they have not already been set for you.

Check "Only Owners and Co-owners can send collaborator invites." in the security settings.
Leave "Allow anyone who can access this folder from a shared link to join" unchecked.
Check "Restrict shared links to collaborators only" for both files and folders.

You can check in Folder Properties to make sure these are set appropriately.

When you request a departmental account and indicate that the account will be used for sensitive data, the top-level folder settings are configured for you with appropriate security settings.

Keep your list of collaborators (the people to whom you give access to folders) up-to-date. Only add people who need access to do their university work. Remove people as collaborators immediately when they no longer need that access (For example, when they leave the university or change jobs).

See Box's Invite Colleagues And Friends for instructions.
Also see Know your Folder Icons to learn how to identify folders with collaborators at a glance.

It is your responsibility to make sure that only those people who need access to the data to do their jobs have that access. It is important to keep your list of collaborators up-to-date as their access needs change.

Give your folder collaborators only the permissions they need to do their university work and no more. For example, if someone does not need to make changes to files in a folder, give them only view or preview access; do not give them edit access.

See Understanding Permissions for details.

Providing only the minimum access needed reduces the chance of people inadvertently altering the data or sharing it more widely than intended

Know your Folder Icons

Understanding Permissions

Below are the permissions assigned to each role. Make sure to understand each of these roles before assigning collaborators to a folder. Only give collaborators the highest level of permission they need.

Role	Upload	download	preview	Get Link	Edit	delete	Owner
Co-owner*	x	x	x	x	x	x	x
Editor*	x	x	x	x	x	x
Viewer Uploader	x	x	x	x	x
Previewer Uploader	x		x
Viewer		x	x	x
Previewer			x
Uploader	x

*Co-Owner and Editor are the only roles with the ability to invite Collaborators.