Data + File Privacy

Data and File Security Best Practices

​

Welcome to our Data and File Security Best Practices page. At SPRUCE + PALM, we take data security seriously and are committed to safeguarding your information. Below, you'll find a set of guidelines designed to ensure the utmost privacy and protection for your files and folders.

​

1. Regular Security Audits: We suggest you conduct routine security audits to review user access levels, shared files, and groups. This ongoing assessment helps to identify and rectify any unauthorized access, ensuring that permissions align with current roles and responsibilities.

​

2. Two-Factor Authentication (2FA): We strongly encourage all users to enable two-factor authentication for their accounts. This additional layer of security requires a secondary verification method beyond just a password, bolstering your account's protection.

​

3. Strong Password Policies: Our organization recommends robust password policies for accounts. This ensures the use of strong passwords comprising uppercase and lowercase letters, numbers, and special characters. We also like when you prompt users to regularly update their passwords.

​

4. Data Classification and Labeling: We think you should implement a data classification and labeling system to clearly indicate the sensitivity level of your files and folders. This empowers you to make informed decisions about sharing and access.

​

5. Regular Training and Education: Conduct periodic training sessions to educate our users about data security best practices. Topics include identifying phishing attempts, secure sharing practices, and the importance of safeguarding credentials.

​

6. Restricted Sharing Links: When sharing files externally, we suggests using restricted sharing links. These links grant access only to those who possess them and prevent external users from editing content without proper permissions.

​

7. Automatic Expire and Review Dates: Shared links and files should have automatic expiration dates, especially for temporary or sensitive information. This ensures access is revoked after a specific period, mitigating the risk of unauthorized access.

​

8. Version Control: You should enable version control for important files to track changes and revert to previous versions if needed. This feature ensures data integrity and helps recover from inadvertent deletions or undesired changes.

​

9. Encryption: Your data is encrypted both at rest and during transit. Softwares like OneDrive employ encryption mechanisms to protect your information from unauthorized access, whether within Microsoft's infrastructure or during transfer.

​

10. Guest Access Controls: For external collaborators requiring access to files, you should utilize guest access controls. This approach restricts their access to specific files or folders, preventing access to unrelated content.

​

11. Regular Review of Access Groups: Periodically review and update access groups to reflect evolving organizational roles and responsibilities. This practice removes users who no longer require access and promptly adds new users to relevant groups.

​

12. Incident Response Plan: Have a robust incident response plan that outlines steps to take in case of a security breach or unauthorized access. This ensures a swift and coordinated response to minimize potential damage.

​

At SPRUCE + PALM, we believe that technology should empower without compromising security. By embracing these best practices, you become an integral part of our commitment to data protection. As the digital landscape evolves, our dedication to your data's security remains unwavering.