Because OneDrive is a cloud-based file storage and sharing utility, its use presents some potential risk to UWM and it’s students, faculty, and staff:
- Data stored in the cloud can be accessed by any workstation, laptop, tablet, or mobile device with access to the Internet.
- Students, faculty, and staff are likely to access data in a variety of ways, including potentially unsecured connections from off-campus locations.
- It is not possible for UWM to govern how OneDrive is being accessed by non-university computers or Internet connections.
- When files are shared with others from a device that is infected with viruses or malware, the data is likely to be compromised as well.
Data Classification Recommendations
Listed below are general recommendations for storing files containing confidential, sensitive, or unclassified UWM data in your OneDrive account. A full definition of all data classifications and examples of each are available in the UWM Information Security Office’s Data Classification and Criticality Standards.
Confidential Data
Confidential data should NOT be stored or shared using OneDrive; see “Online File Storage Alternatives” listed below.
Sensitive Data
Sensitive data may be stored and shared in OneDrive, but must be stored and shared in a secure manner (see “How to Use OneDrive Securely” below).
Unclassified Data
Unclassified data may be stored and shared in OneDrive, but must be stored and shared in a secure manner (see “How to Use OneDrive Securely” below).
Online file storage Alternatives
If you have confidential or sensitive data that must be stored and/or shared online, please consider the following alternatives:
De-identify data before sharing on OneDrive:
- Use a random identifier and store both the identifiable data and its encrypted identifier on an internal network drive.
- De-identified data can be stored and shared with others via OneDrive.
Encrypt and store data that cannot be de-identified on a network drive:
- Use the UWM information Security Office’s recommended tools
- Ensure the party you are sharing these files with has met the requirements associated with the type of data being shared (e.g., signing a confidentiality agreement or signing a BAA for HIPAA data)
- OneDrive can be used to share encrypted files if the other party is properly authorized to receive and care for the data, the encryption key or password is exchanged over the phone, and the file(s) are removed from OneDrive once transferred
How to Use OneDrive Securely
Secure the workstation or device you are using to access OneDrive:
- Install virus/malware detection software with the latest definitions
- Run a firewall that blocks in-bound traffic
- Do not log into your workstation or device as an administrator (unless absolutely necessary)
- Keep your operating system and software up-to-date
- Password-protect your workstation or device and use idle-time screen saver passwords where possible
- Talk to your departmental IT support for help securing your computers and other devices
Use only secure network connections:
- Use the UWM wired network or UWM WiFi when on campus
- Implement the FTC’s best practices for using public WiFi connections
- Implement the FTC’s best practices for securing home wireless networks
Exercise caution when sharing files online:
- Use folders to share groups of files with others online
- Share files with specific individuals, never with “everyone” or the “public”
- Be careful sending links to shared folders because they can often be forwarded to others who you did not provide access to
- Remember that once a file is shared with someone and they download it to their device, they can share it with others
Review sharing privileges in OneDrive on at least a quarterly basis:
- Remove individuals when they no longer require access to files or folders
- See this How-To on reviewing sharing privileges for more information
Review file access logs in OneDrive on at least a weekly basis:
- Enable all audit settings
- Turn on reporting features
- Review your audit log reports
- See this How-To on OneDrive settings for more information
Additional Resources
UWM Information Security Office
Microsoft 365 Apps (previously Office 365) Trust Center
EDUCAUSE’s 7 Things You Should Know About Cloud Storage & Collaboration
FAQs
Is OneDrive Safe? Generally speaking, Microsoft OneDrive is as safe as any other cloud storage platform. The platform provides encryption for data shared and stored on it. However, OneDrive is exposed to the same security risks that threaten other cloud applications with similar capabilities.
Is OneDrive secure enough for confidential data? ›
Is OneDrive Safe? Generally speaking, Microsoft OneDrive is as safe as any other cloud storage platform. The platform provides encryption for data shared and stored on it. However, OneDrive is exposed to the same security risks that threaten other cloud applications with similar capabilities.
Can my employer see my OneDrive files? ›
OneDrive is personal to you; only you will be able to view and edit your files unless you decide to share them with others.
How do I remove OneDrive from Windows security? ›
Uninstall OneDrive
- Click the Start button, then in the search box, type Add Programs, and then, in the list of results, click Programs and Features.
- Click Microsoft OneDrive, and then click Uninstall. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
(OneDrive also encrypts all files stored online, whether they're in the Vault or not.) In theory, that means someone who breaches your OneDrive account or accesses your computer without permission would have a tougher time getting to those important documents.
What are the disadvantages of using OneDrive? ›
What are the disadvantages of OneDrive? The disadvantages of OneDrive are limited sharing options, limited file management and desktop synchronise settings.
Is OneDrive Secure Hipaa compliant? ›
If you're using Microsoft's office suite at your organization you may wonder: is OneDrive HIPAA Compliant? Here's what you need to know, in brief: OneDrive is fully HIPAA compliant and can be used to store, share, and collaborate on PHI.
Are things on OneDrive private? ›
The OneDrive library provided for you is typically protected from public viewing by default. Only you can access personal documents and media files that you store in it unless you explicitly share a folder of documents or a single document with other people in your organization for reviewing or co-editing.
Can admin see all files on OneDrive? ›
For example, if you save your files in OneDrive for business or SharePoint Online, Office 365 administrators can check the activity via audit log and check your files via Office 365 admin center.
What happens if I delete files from OneDrive? ›
When you delete a file or folder on OneDrive with one device, you won't be able to find it on your other devices. All deleted files go into the Recycle bin, where you have a chance to restore it. Select the file or files you want to delete.
Do you need OneDrive on Windows 10? OneDrive is able to save your files and data, but it is not the necessary program on your computer. If you do not need it, you can choose to unlink or disable it. To keep data safe, you can choose other services or other software.
What does unlinking OneDrive do? ›
This will disable OneDrive on your PC. If you want to permanently delete the application and stop syncing between your PC and the cloud, it's best to unlink your OneDrive first. If you change your mind and want to re-link your OneDrive to your Microsoft account, that can just as easily be achieved.
Does the government use OneDrive? ›
OneDrive is available for the Government Community Cloud (GCC), GCC High, and DoD environments. For more info about the government cloud, including eligibility and purchasing, see Microsoft 365 Government - how to buy.
Are OneDrive files actually on my computer? ›
The OneDrive folder is saved on your disk. This allow you to have access to your files even without internet connection. once you get internet connection the files will be updated.
Is Google Drive or OneDrive more secure? ›
OneDrive's advanced security features provide businesses with greater protection and control over their data, making it a preferred choice for organizations that prioritize security and compliance. Besides the previous factors, OneDrive is also stronger than Google Drive in terms of file sharing control.
Is OneDrive as secure as Dropbox? ›
Both the OneDrive and Dropbox services offer a maximum 256-bit AES encryption on files. However, unless you're using a OneDrive for Business tier, your files will have no encryption once they're stored on the OneDrive servers, which is disappointing.
How secure is OneDrive vs Dropbox? ›
It protects files in-transit with an AES 128-bit encryption algorithm while files at rest receive AES 256-bit protection. Hence, Dropbox is a relatively safer option compared to OneDrive unless you are a business customer for Microsoft OneDrive.
Is it safe to share OneDrive files with external users? ›
Sharing OneDrive files, SharePoint files, or Lists with external users (guests) allows you to securely collaborate with people outside your organization such as your business partners, vendors, clients, or customers — with or without a Microsoft account.
