11.2.14 Windows Filesharing Policy: Middle Georgia State University Policies

11.2.14 Windows Filesharing Policy

1.0 Overview

Shared folders facilitate collaboration but, if misconfigured, can compromise data confidentiality and integrity. Common risks include unrestricted access (e.g., ‘Everyone’ or ‘Domain Users’ groups) and lack of password protection. Such open shares are vulnerable to unauthorized access and modification and may serve as vectors for malware propagation across the network.

2.0 Purpose

This policy establishes Middle Georgia State University’s requirements for secure file sharing across institutional platforms, including Windows-based systems, campus file servers, and approved cloud services. It ensures that all file-sharing activities support collaboration while maintaining data confidentiality, integrity, and compliance with MGA and USG standards.

3.0 Scope

This policy applies to all Middle Georgia State University resources and services used for storing or sharing institutional data, including on-premises systems, network file servers, and approved cloud-based platforms. It governs any file-sharing activity that involves University data, regardless of location or technology.

4.0 Policy

Cloud-based File Sharing

Middle Georgia State University permits the use of Microsoft OneDrive for Business for institutional data storage and sharing. Sharing MGA data with entities not under contract with MGA or USG, such as Google Drive or Dropbox, is prohibited. Users must comply with University and USG policies, apply appropriate security controls for sensitive data, and restrict sharing to authorized individuals. Public or anonymous sharing is not allowed.

See MGA’s Cloud Storage policy for additional information.

Syncing

Syncing university data to personal cloud accounts or personal devices is not allowed.

Campus Fileserver

Middle Georgia State University provides limited storage space on the ‘FILESERVER’ for departmental interoffice collaboration. This space will be allocated as needed in collaboration with the CIO. The fileserver administrator is responsible for creating shares and applying appropriate security settings. Shares may be mapped for individual users or groups. System administrators and departmental personnel must regularly review and remove obsolete data to maintain system integrity and efficiency.

Workstation File Sharing

Individual are responsible for securing any shared folders on their workstations. All shares must be restricted to specific users or groups or protected with a strong password. The preferred method is to grant access only to designated users or groups.

Faculty and Staff Home Directories

Home directories are mapped automatically to the “Home” server for all staff and faculty accounts. Storage space is limited and shared among all users. Each home directory is accessible only to its assigned user, who is responsible for maintaining and periodically removing obsolete data. System administrators are authorized to delete directories belonging to disabled or inactive accounts.5.0 Enforcement

The Office of Cybersecurity will periodically scan the network for open or weakly protected shares and require corrective action within a specified timeframe. Failure to comply after notification may result in suspension of network privileges and referral to the CIO for further review. The Office of Cybersecurity reserves the right to intervene immediately to protect institutional resources.

Middle Georgia State University may enforce Data Loss Prevention (DLP) controls on file-sharing activities to protect confidential information. Certain categories of sensitive data — including, but not limited to, Credit Card Numbers, U.S. Bank Account Numbers, U.S. Driver’s License Numbers, and U.S. Social Security Numbers (SSN) — are subject to automated restrictions.

If a user attempts to share such data, the system may block the action by default. In cases where sharing this information is necessary for legitimate business purposes, users must provide a documented business justification and follow the approved override process.

6.0 Definitions

File-sharing - the public or private sharing of computer data or space in a network with various levels of access privilege. While files can easily be shared outside a network (for example, simply by handing or mailing someone your file on a USB drive), the term file sharing almost always means sharing files in a network, even if in a small local area network. File sharing allows a number of people to use the same file or file by some combination of being able to read or view it, write to or modify it, copy it, or print it