Cyber Security Newsletter - April 2023: Avoiding Privacy Pitfalls in Teams, SharePoint, and OneDrive

April 26, 2023
Print | PDF

Using Teams, SharePoint, and OneDrive to share files is something we do often; we rely on these applications to share files and folders with colleagues, classmates, and other educational institutions.

Although it's convenient to use these applications to share content with a variety of recipients, it is important to pay attention to who you're sharing with and the type of data being shared – incorrectly configured file sharing settings can lead to privacy breaches.

Here are some tips to ensure that the content you're sharing is protected from accidental disclosure:

EVALUATE THE RISK

Evaluate the files/folders you intend to share:

  • What type of information do they contain (open or private)?
  • What is the impact of them being accidentally shared with the wrong audience?

Laurier's Information Security Policy explains the different classifications of data handled at Laurier and how data should be treated to avoid privacy breaches. 

SELECT THE RIGHT PERMISSION LEVEL

Make sure you are selecting the appropriate permission level when you share files. The sharing options available include sharing with:

  • People in Wilfrid Laurier University – allows you to share with other Laurier users
  • People with existing access – allows you to reshare with people who already have access
  • People you choose – allows you to share with specific people, internal and external to Laurier.* 

*Sharing externally presents the greatest amount of privacy and security risk and should be used with caution.

screenshot of sharing permission options described above

KEEP IT 'READ-ONLY' IF POSSIBLE

Give recipients read-only access by default unless there is a need for the recipient to edit the file. This will help prevent unauthorized or accidental edits from occurring without your knowledge.

DON'T SHARE ENTIRE FOLDERS UNLESS YOU NEED TO

Only share the documents that you need to share. Unless the recipient needs access to every single file in a folder, don't share the entire folder. 

REVIEW FILES YOU'VE SHARED

Regularly review the list of files that you've shared with others, and unshare any files that recipients no longer need access to. 

To see which files you have shared on OneDrive:

  1. Sign in to onedrive.com with your Laurier email address and password.
  2. From the left-hand menu, select "Shared" to see a list of all files shared by you, and files shared with you.
  3. To change the sharing permissions, hover over the file > click the three dots to the right of the file > select "Details" > click "Manage Access". 

USE THE RIGHT TOOL FOR THE JOB

Although Teams, SharePoint, and OneDrive overlap in some of their functionality, each one has an intended use.

  • OneDrive – best for personal/individual storage and occasional sharing with others.
  • SharePoint – intended for longer-term storage of information that larger groups or departments require access to.
  • Teams – a collaborative space intended for chat, calls, and file sharing. Each "Team" has its own shared file storage location.

Make sure you select the right tool for your needs. 

Using these tips will help you keep your shared information private and secure!