University-approved, cloud-based services like Microsoft OneDrive can be essential tools, especially for people working remotely. 

These services offer robust security features, but they also require each of us to take individual responsibility for protecting institutional or personal data. Learn how you can protect data when using cloud-based services.

Use multi-factor authentication

Accessing Microsoft OneDrive with your University of Iowa credentials (i.e., your HawkID) requires authentication with Two-Step Login/Duo. This helps prevent unauthorized users from logging into your account with stolen credentials.

Use university-approved services like OneDrive with your UI credentials for university-related work. If you use other cloud-based services for personal or other purposes, enable multifactor authentication for those services as well.

Pay attention to security settings

Services like OneDrive allow you to customize security settings when sharing files. Choose your sharing settings with care:

• Share files only with people who need them: University employees, contractors, and others should access only the data they need for their work. Before you share a file, consider who needs it. Take special care when files contain any non-public data.
• Share files only with authorized users: It’s best to share files only with specific people who need them (versus making files available to anyone with a link).
• Set expiration dates: Establishing an endpoint for file access adds another layer of security, especially if you’re generating share links.

Review and delete old files

Securing data isn’t just about settings. It’s also about regularly reviewing the files you’ve placed on OneDrive (or other cloud services) and deleting anything you and your colleagues no longer need.

To comply with record-retention policies, make sure you have backups of critical files stored in the cloud. You can keep copies on local drives or, in some cases, other cloud services.

Also, review cloud providers’ data privacy policies—an especially important step for any services that aren’t approved or managed by the university.

Use secure networks to access cloud services

If accessing data from home, make sure your home network is secure. When in other locations, avoid using public Wi-Fi networks without a virtual private network, or VPN. The university’s VPN options can ensure your data stays encrypted.

Implement these steps right now

1. Submit any non-approved cloud-based applications or services for security review.
2. Implement multifactor authentication for any cloud services you use.
3. Review file-sharing security settings and share only with approved users.
4. Set expiration dates for sharing links.
5. Back up your cloud-based data and regularly delete files you no longer need to share.
6. Use a VPN when accessing cloud services over public Wi-Fi.

By taking these proactive steps, you can ensure your data remains safe and secure as cloud services become more common. 

Take the cybersecurity trivia challenge

The Big Ten Academic Alliance is teaming up with the National Cybersecurity Alliance for a cybersecurity trivia challenge on Oct. 30, 2024.

Join other Hawkeyes by registering with your University of Iowa email address. Seating is limited and available first come, first served.