Information Security Procedures (ISPR) provide formal methods for which Information Security Regulations, Standards, and Best Practices are conducted.

This ISPR directly supports the ISBP for sharing files and folders in OneDrive.

• Sharing
• Change Permissions
• Stop Sharing

Sharing Files and Folders

In today’s evolving threat landscape, we must protect ourselves from those that would perpetrate fraud against us by constantly questioning how we store and transmit confidential information.

Available methods

1. Anyone: Avoid this option. Gives access to anyone who receives this link, whether they receive it directly from you or forwarded from someone else, which includes people outside of your organization.

   Using this option can potentially put the institution at risk. If users intentionally or inadvertently share confidential information or protected data, Anyone that receives or fraudulently generates the link will have access to that information – no authentication is required.

2. People in Your Organization: Use with caution. Gives everyone in your organization access to the link, whether they receive it directly from you or forwarded from someone else.

   Only use this option when you intend to share information with colleagues that do not contain confidential information or protected data. Be aware that any LBCC user with access to OneDrive can gain access to that information if they obtain the link.

3. People with Existing Access: This can be used by people who already have access to the document or folder. It does not change the permissions on the item. Use this if you just want to send a link to somebody who already has access.

4. Specific People: This should be your default option. Gives access only to the people you specify, although other people may already have access. If people forward the sharing invitation, only people who already have access to the item will be able to use the link.

   Minimizes risk by restricting information to a specific person or group. Make sure the data you share is appropriate for the intended audience.

Select Permissions Based Upon the Audience’s Need to Know

DO NOT share files or folders using Anyone with this link. Using this option can potentially put the institution at risk. If users intentionally or inadvertently share confidential information or protected data, Anyone that receives or fraudulently generates the link will have access to that information – no authentication is required.

DO share files and folders by selecting Specific People.

Make sure the data you share is appropriate for the audience you choose. Read more about data classification for specifics.

• Only select Allow Editing if users need the ability to edit the document or folder.

Enter Email Addresses

• Add people by entering a valid email address or the name of an Outlook Contact Group you created previously.
• Click Send when finished and an automated email notification will be sent to each user.
  

Change Existing Permissions

Only select Allow Editing if users need the ability to edit the document or folder.

From the file or folder in question, select the Shared link located in the last column.

The Manage Access pane will open on the right side of OneDrive.

Change Permissions of an Individual User

To change the permissions of an individual user, click the down arrow option next to the user’s name in the Manage Access pane under Direct Access, and choose from one of the following options:

• Can Edit: Grants the user edit and delete privileges.
• Can View: Grants the user view-only access. 
• Stop Sharing: Removes all privileges from the user.
  
• Confirm your selection.

Stop Sharing with Users

From the file or folder in question, select the Shared link located in the last column.

The Manage Access pane will open on the right side of OneDrive.

Stop Sharing a File or Folder Entirely

• Click Stop Sharing.
  

Delete a Share Link

• Click the ellipsis (…) next to the link, and click the X.
  

Stop Sharing with Specific People

• Expand the list under a specific people link and click the X to remove someone.
  

Stop Sharing with Someone That Has Direct Access

• Under Direct Access, click the dropdown next to the person’s name and select Stop Sharing.