Box Edit - DNS Poisoning

by 2 weeks ago (93 Views)

Box Edit has a vulnerability in which an attacker who is able to compromise a user's DNS service would potentially be able to steal tokens allowing read access to portions of the attacked user's Box account. To exploit this, an attacker would need to be able to cause the domain edit.boxlocalhost.com, which Box owns and sets to 127.0.0.1, to resolve to the address of a machine controlled by the attacker.

 

If you have recieved a warning that your Box Edit connection may been compromised, submit a support case immediately by clicking this link: Submit a Case

 

Our User Services team will respond shortly. In the meantime, here are a few steps you can take to ensure your files remain secure: 

 

Disable Box Edit

Enterprise Admins can disable Box edit from the Apps tab of Enterprise Settings in the Admin Console, by searching for the Box Edit app and setting it to disabled (image below). Enterprises with Box Edit disabled will not be exposed to this vulnerability.
sifq0opr16jqvoktuctjo5uzotd14hwd
 

Update the HOSTS file

For machines under enterprise control, it is possible to update the HOSTS file to direct the url edit.boxlocalhost.com to the location 127.0.0.1. This will completely mitigate the issue and allow continued use of Box Edit -- however, it has the limitation that any use of Box Edit from a non-managed machine where the HOSTS file had not been updated would still be vulnerable.
 

Long term solution

A long term solution has been designed and is currently being developed. Our goal is to have this update released by calendar Q2 2017. Box is investigating ways to reduce this timeline and updates will be provided if any material changes are confirmed.

Can I Enable 2-Step Verification For My Box Account?

by on ‎12-16-2014 05:12 AM - edited 3 weeks ago by (16,599 Views)

Two-factor authentication may have been enabled on your account by your organization's Box administrator. If you have any questions about two-factor authentication or what is required by your organization's policies, please contact the Box Admin for your organization's account.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

  • Account Settings: Authentication

What is 2-Step Verification?

Please see the article What is 2-step Verification? to learn about this feature.

 

How do I Enable 2-Step Verification for My Account?

As the need for enhanced security increases, Box is proud to provide an extra layer of security through the use of 2-step verification. This process requires a user to present two authenticating pieces of evidence when they log in: something they know (their Box password) and something they have (a code that is sent to their mobile device). Please note that if your account has Single Sign On (SSO) enabled, you will not be able to turn on 2-step verification. 

 

In order to enable 2-step verification for your account, follow these steps:

  1. From within your Box account, click the gear icon in the upper right hand corner and clicked “Account Settings”can i enable 2 step verification for my account-1
  2. Navigate to the Security tab in Account Settings and check the box next to “Login verification” 
  3. Once enabled, you will be prompted to enter your mobile phone number. A six-character alphanumeric confirmation code separated by a space will be texted to the phone number you enter. 2factor_3.png
  4. Enter this confirmation code in the appropriate box and click “Confirm”.

 

Once the code is confirmed, a pop-up will appear that indicates that the setup is complete. Every time you log in through a new browser after this point, you will be sent a new code to your mobile phone and required to enter it.

 

Dont worry when you forget the syntax of an HTML element, like and iframe, a link, a table, an image or anything else. Visit HTML CheatSheet and generate the code you need.

What is 2-step Verification?

by on ‎12-16-2014 05:17 AM - edited 3 weeks ago by (3,800 Views)

Two-step verification (sometimes referred to as two-factor authentication) is an additional layer of security to protect your account. The second factor (the first being your password) is typically a code sent to your mobile device via SMS or a voice call, or accessed from a security application. This code is entered after you've entered your username and password to further verify your identity before granting access to your data. We offer two-factor authentication as an additional protection to safeguard your content. 

 

Two-factor authentication may have been enabled on your account by your organization's Box administrator. If you have any questions about two-factor authentication or what is required by your organization's policies, please contact the Box Admin for your organization's account. 

 

For more information about using two-factor authentication, please refer to the following articles:

 

Old Box Experience:

New Box Experience:

What Is The Box Policy For Browser And OS Support?

by on ‎12-16-2014 05:12 AM - edited 3 weeks ago by (94,301 Views)

Box supports the most recent major releases of the following web browsers and desktop/mobile operating systems (OS). If you are experiencing interface issues, try updating your browser or OS to the latest version.

 

Web browsers:

  • Internet Explorer (IE) - The two latest versions of Internet Explorer will be supported - this includes IE 11 and above. The end of support for a specific browser includes the browser in compatibility mode or any other version of compatibility mode that represents the IE browser.
    • IE 7 and earlier versions are NOT supported.
    • Support for IE 8 ended on December 31, 2015. Users who try to access Box using IE 8 will be blocked from doing so until they upgrade to a supported version or use alternate browser.
    • Support for IE 9 ended on September 26, 2016. After this date, IE 9 users will be notified that the browser they are using is unsupported and that they should upgrade to a supported version or alternate browser. In the months following the end-of-support date, users will be blocked entirely from accessing Box on IE 9 until they upgrade to a supported version or use an alternate browser.
    • Support for IE 10ended on September 26, 2016. After this date, IE 10 users will be notified that the browser they are using is unsupported and that they should upgrade to a supported version or alternate browser. In the months following the end-of-support date, users will be blocked entirely from accessing Box on IE 10 until they upgrade to a supported version or use an alternate browser.
    • Box Notes and the Box Upload Widget are only supported on IE 10 and IE 11
    • File/Folder Uploading on IE9 requires Adobe Flash (drag and drop uploading not supported).
    • not officially support compatibility mode for unsupported and supported browsers.
  • Microsoft Edge
    • Box Drag-n-Drop is not working in Edge on Windows 10. You can click the ellipsis (…) on the upper right corner > Open with Internet Explorer, then try to drag and drop the file again.
  • Safari - The two latest, released versions on Mac OS X (as specified in the OS section below).
    • Safari on iOS 6 and above for mobile browsers.
  • Firefox - The two latest, released versions.
  • Chrome - The two latest, released versions.

 

Operating Systems (OS):

  • Windows - 7 (32-bit and 64-bit), 8 (64-bit), and 10 (32-bit and 64-bit)
    • Note: Box Sync does not support NTFS data deduplication, even if it is enabled in Windows.
    • Support for Windows XP and Vista ended on October 31, 2014.
  • Android - The two latest, released versions.
    • Additionally, Box supports versions of Android released within the last three years.
  • OS X - The two latest, released versions.
  • iOS - The two latest, released versions.
  • Chrome - Box supports Chrome OS so you can natively access your Box files on your Chromebook. Visit the Chrome Web Store to download the application.
      • Box for Chrome OS is currently a publicly available beta release. 

 

Notes:

  • Each time a new version is released for general availability, Box begins supporting the update and stops supporting the third-oldest major version.
  • Box provides this Standard End of Life (EOL) policy for browsers and OS for transparency.
  • Box reserves the right to make exceptions from this policy (Examples: if conflicts arise or for security reasons).
  • Box will end support for 3rd party dependencies on the same day that the vendor ends support for the given software. Box will make reasonable efforts to provide at least 3 months lead time to upgrade to the supported version of 3rd party libraries/software. However, there may be exceptions to this policy where the EOL timeline might be accelerated (Example: security vulnerabilities in the 3rd party software).

 

Browser-Specific Upload Limits

IE applies file-size upload and download limits that supersede Box account-level upload limits.

  • Users accessing Box through IE versions 9, 10, & 11 can only upload files under 4GB in size.

For more information on IE limits, refer to Microsoft's official documentation.

For more information on Box upload limits, see How Does Box Measure Bandwidth Usage?

How Do I Log In To Box?

by on ‎03-13-2015 11:01 AM - edited 4 weeks ago by (8,900 Views)

 

Logging in with Box Credentials

You can log in to your Box account from your web browser on app.box.com/login or on any Box apps (on your mobile device or Box Sync on your desktop) by following these easy steps:

  • Enter the Email Address associated with your Box account and your Password in the corresponding fields.
  • Click or tap Sign In.

 

Forgot your password?

To reset your Box password:

  • Visit https://app.box.com/reset and enter the email address associated with your Box account.
  • Check your email, you will receive an email with a link to reset your password. 
    • Password reset links sent via email expire 3 hours after they are sent. If you need a new link after your current one has expired, visit https://app.box.com/reset to have another link emailed to you.
    • If you do not receive an email from Box for this password reset, check to see if your Box account is associated with that specific email address or another email address.
    • Also, check the spam folder in your email client, as it may have been sorted there by mistake. 

 

Logging in with Google Credentials

You can use your Google account information (username and password) to access Box through Google OpenID authorization. Follow the steps below to use your Google account while logging in to Box:

  • Go to the Box login page: http://app.box.com/login
  • Click or tap the Sign In with Google link in the footer:
    Google OpenID link in the footer at the bottom of the page
  • Log in to your Google Account as you normally would on the Google account login page. 

 

If you are unable to log in because your Google account address does not match your Box account address, you will need to change the primary address associated with your Box account.

  • Go to the Box login page: http://app.box.com/login
  • Sign in with the email address you currently use with your Box account. If you do not know the password, you can click or tap the Reset Password link on the login page.
  • Once you are signed in, change your primary Box email address to match your Google account address. You can find instructions here.

 

Logging in with Single Sign On (SSO)

If you're using Single Sign On (SSO) through your company or organization, you can log in to Box using the same password you use to log in to your organization's network.

  • Click or tap Sign In with SSO at the bottom of the login box
  • Enter the Email address you use to log in to your organization's network
  • Click or tap Sign In. You will be redirected to your company's login page.
  • Follow the steps from your SSO provider to log in to your organization's network

You'll be automatically redirected to your Box account once your account is authenticated through your SSO provider. If you have any questions about SSO or don't know the username and password you should use to log in to your organization's network, please contact your Box Admin.

 

For information about logging in with SSO on mobile devices and applications, see Single Sign On (SSO)

 

Two-step verification

Two-step verification (sometimes referred to as two-factor authentication) is an additional layer of security to protect your account. The second factor (the first being your password) is typically a code sent to your mobile device via SMS or a voice call, or accessed from a security application. This code is entered after you've entered your username and password to further verify your identity before granting access to your data.

 

Two-step verification can be enabled by you or your account administrator. If two-step verification is enabled on your account, you'll be asked to enter a passcode after you've entered your username and password. For information on enabling two-step verification in your account, see Account Settings: 2-Step Verification.

 

To log in with Two-step verification:

  • Enter your email and password as usual. You will be redirected to the Two-step verification screen.
  • logging in to box-4
  • Enter the passcode sent to you via SMS and click or tap Submit. If you didn't receive a code, click or tap Resend Code.

 

If you are having a problem logging into your Box account 

  • Please make sure that you signed up for a Box account and not another service. 
  • Please make sure that you are using the correct email address associated with your Box account to login. 
  • Please make sure you are using your proper Box password. If you cannot remember your Box password, please go to https://app.box.com/reset  to reset your password.
    • Password reset links sent via email expire 3 hours after they are sent. If you need a new link after your current one has expired, visit https://app.box.com/reset to have another link emailed to you.
    • If you do not receive an email from Box for this password reset, check to see if your Box account is associated with that specific email address or another email address.
    • Also, check your spam folder in your email client for this email. 

 

How Do I Manage Email Notifications From Box?

by on ‎01-28-2015 08:29 PM - edited 4 weeks ago by (23,301 Views)

You can customize the types of email notifications you receive by modifying the email notification settings in your account.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

These settings can be adjusted by:

 

  • Account-wide email notifications: When email notifications are applied in the "Account Settings", it will be the default notification setting for all newly created folders in the account OR for folders that are set to "Use my default notification settings".
  • Enterprise-wide email notifications: When email notifications are applied in the "Admin Console", it will be the default for all newly created end users until the end user adjusts their settings.
    • End users in a Box instance can have different account wide settings by manually adjusting their email notification settings.
  • Folder specific level email notifications: When email notifications are applied in the "Folder Settings", it will be the default email notifications for all files in the folder and subfolders. Please note that you cannot trigger email notifications to yourself for actions you triggered.
  • Different users collaborating in a folder can set their own specific Folder level email notifications (if allowed by the folder owner).

 

In this way, you can decide what types of activities (e.g. downloads, uploads, previews) you would like to be notified of.

 

To customize your account-wide email notification settings, please follow the steps below:

  1. From within your Box account, click on the gear icon in the upper right-hand corner and select "Account Settings"
  2. Click on the "Notifications" tab
  3. Under the "Email Notifications" section, select the check-boxes for the specific notifications you would like to receive. There are separate settings for folders you own vs. folders you have joined.

    Please note you will not receive email notifications for actions you do yourself. The notification settings only apply to actions done by someone else.



  4. Scroll down to the bottom of the page and click "Save"

 

Additional Notes:

  • Folder-level Notifications: notifications can be customized at the folder level. To adjust this for a specific folder, navigate to the folder and select Properties > Folder Settings. Folder level notifications will trump the default setting that you set in your "account settings" section.
  • Administrators and Folder Owners can choose to disable email notifications for their managed users and collaborators. If you are not receiving notification emails, please check with the administrator or folder owner to see if these notifications have been disabled.

 

Email Notification Settings

by on ‎01-16-2015 08:52 PM - edited 4 weeks ago by (25,300 Views)

In your account settings, you can choose the types of email notifications you receive as well as personalize these notifications on a folder by folder basis.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

Updating your email notification defaults:

  1. Click on your name in the upper right of your screen and select “Account Settings” from the drop down menu. 
  2. Go to the Notifications tab and select the notifications you would like to receive then click “Save” at the bottom of the page.

 

Personalizing email notifications for a folder:

  1. For the folder you would like to personalize, click the ellipses (...) > Properties > Folder Settings.
    Access Folder Settings Link
  2. Under Email and Notifications, select the notifications you would like to receive for this specific folder and click “Save Changes”.
    Email Notification Settings

 

Email notifications can also be adjusted at enterprise-wide, account-wide, and folder specific levels.

  • Enterprise-wide email notifications: When email notifications are applied in the "Admin Console", it will be the default for all newly created end users until the end user adjusts their settings.
  • Account-wide email notifications: When email notifications are applied in the "Account Settings", it will be the default notification setting for all newly created folders in the account OR for folders that are set to "Use my default notification settings".
  • End users in a Box instance can have different account wide settings by manually adjusting their email notification settings.
  • Folder specific level email notifications: When email notifications are applied in the "Folder Settings", it will be the default email notifications for all files in the folder and subfolders. Please note that you cannot trigger email notifications to yourself for actions you triggered.
  • Different users collaborating in a folder can set their own specific Folder level email notifications (if allowed by the folder owner).

Why Don't I Receive Email Notifications From Box?

by on ‎12-16-2014 05:12 AM - edited 4 weeks ago by (15,800 Views)

If you are missing emails from Box, please check your email account's Spam or Junk folder to ensure the message was not filtered. If the message was filtered, you may find an option to 'Mark as good', 'Not Spam', 'Not junk', or 'Add sender to white-list.' This will aid in receiving future emails from Box.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

Try these additional steps as needed:

  1. Check your Spam/Junk email folder. Sometimes, certain email clients do not recognize email from box.com. If you find Box messages in your Spam or Junk folder, add noreply@box.com and noreply@box.net to your Email Contacts, or Safe Senders list. This will allow your mail client to recognize Box emails and deliver them to your Inbox.

    Here are examples of the "From" field from our email notification:
    • From: "Box Updates" <noreply@box.com>
    • From: "John Smith" <noreply@box.com>
  2. Firewall, Content Filter, or Email Security Policy: Check if your firewall or virus scan is blocking the email notifications. Contact your Internet Service Provider (ISP) or Corporate IT department and ask that emails from the following domains added to the email whitelist (safe sender) to ensure that Box messages are not blocked.
    • box.com
    • box.net
    • mailer.box.com
  3. Incorrectly typed email address: Is the sender using your correct email address? Just one mistyped letter will cause an email to go to the wrong address or make it undeliverable. Ask them to double-check that they entered your address correctly.
  4. If you are using Yahoo Mail, Gmail, or Outlook, please follow the additional steps below:

 

Yahoo! Mail

  1. Login to your Yahoo! Mail account
  2. In your Spam folder, click the Box email to select it.
  3. Then click Not Spam, which is above the list of emails
  4. If you continue seeing these emails in your Spam folder and want them in a Non-Spam folder, you can set up a filter and send them to any folder you wish. How do I create a filter?

 

Gmail

  1. Login to your Gmail by Google account
  2. Click Contacts
  3. Click the New Contact button in the top-left corner of the Contact Manager
  4. Enter noreply@box.com in the email field.
  5. Click the Add button to save
  6. Repeat steps 3 - 5 using noreply@box.com as the new contact
  7. Alternatively, you can mark a message from Box.com as 'Not spam,' - your Contacts list is automatically updated so that future messages from us are received in your inbox.

 

Windows Live / Outlook Mail

  1. Login to your Outlook Mail / Windows Live (or Hotmail) account
  2. Go to Options > More options >
  3. Under Junk e-mail, choose Safe senders
  4.  In the Enter a sender or domain here box, enter Box.com and then choose Add +, then click Save.

  5. Messages from Box.com will not be sent to the Junk Email folder.

Also see: I didn't receive an email someone sent me

Email Aliases Overview And FAQs

by on ‎01-22-2015 06:50 PM - edited 4 weeks ago by (8,898 Views)

Email alias is a feature that allows users to link multiple email addresses to a single Box account for easy management of their important content. Now, any type of user can add multiple email addresses to their account and designate one as the primary address, where collaboration invites and Box notifications will be sent.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

What’s the overview of the functionality?

  • All Box users can add multiple email addresses to be associated with a single Box account, meaning they can log in using any validated addresses
  • Once the primary address is designated, collaboration invites sent to any validated address will be received by the same Box account; additionally, all Box notification emails will be sent to the primary address

 

Why should I care?

  • This functionality removes friction from managing multiple Box accounts and allows you to consolidate into one account
  • Being able to log in with any email address and receive notifications to one central address simplifies the content management and collaboration process

 

What are some example use cases?

  • Acquisitions/mergers where a user may be issued multiple email addresses for the different domains
  • People getting married and changing their last names
  • Multiple domains, like @box.com and @box.net
  • Rebranding, like our move to @box.com from @box.net
  • Preferred vs. official email addresses
  • Gmail users with multiple email aliases
  • University vs. department email addresses

 

Does this work for both new and existing accounts?

  • Yes, all types of users can immediately add additional email aliases to their new or existing account, and change the primary address

 

What if I have two Box accounts with two different email addresses? Can I merge those in to one Box account?

  • We currently do not provide account merge functionality, and email address cannot be associated with more than one Box account

 

How do I add multiple email addresses to my account?

  • Go to Settings > Account and add a new email address. After entering the address, you’ll receive a confirmation email from Box to that address. Click on the link to validate that you own the email address.
  • The email address is not added to the account until it is validated 

 

How do I change my primary email address?

  • Sign into your Box account
  • Click the small "gear" icon in the top right corner 
  • Click "Account settings" from the drop-down menu
  • Scroll down to "Login and Email Addresses"
  • Click "Add more emails"
  • Add new email address and click "Save"
  • Confirm the alias via the email confirmation that will be sent (this step has to be completed or else the user can not mark as primary and it will not be recognized as an alias)
  • Go back to Account Settings and hover over alias and mark it as primary
  • You will be prompted to enter your password underneath the alias to validate this change
  • An email will be sent to let you know your primary email address has changed (only a notification, no need to confirm)

 

With multiple email aliases associated with a single Box account, is there a primary email address?

  • Yes, you can select any validated email alias to be the primary
  • If you’re a managed user in a business or enterprise account, your primary address must match the corporate domain(s)
  • All email notifications will be sent to this primary email address
  • When you change your primary email address, a confirmation will be sent to both old and new email addresses

 

How do I delete an email alias?

  • You can go to Settings > Account and delete an email alias from there
  • Deleted aliases will be made available for anyone to add or to open a new Box account as soon as it’s removed from the account (note they would have to confirm that address)

 

What happens if I forget my Box account password?

  • You can enter any email alias in the ‘forget password’ field to recover your password
  • Once you do, Box will send an email to the entered email address and the primary address with directions for how to reset the password and access the account
    • Note the email to the primary address will contain the link to reset your password, while the email to the entered address (if different) will let you know to check your primary address for the link

 

What types of accounts can use multiple email address?

  • This feature is available to all users and admins

 

Can I modify email addresses from my mobile device?

  • No, email alias management must be done through the Box web app. You currently cannot modify email aliases from the mobile app or the mobile website (m.box.com)

 

What should I know about pending email aliases (i.e. those awaiting validation)?

  • You can remove pending email addresses
  • You can’t make pending email addresses primary
  • An email address can’t be reserved until it is validated
  • If multiple people have the same alias pending validation, once it is validated it is auto deleted from others’ pending email aliases

 

Does this feature affect other Box features?

  • No, this feature does not affect other Box features
  • If a customer is using SSO and wants to add an email alias and later change that alias to be their primary, that change will also need to be made directly in Active Directory

 

How does an admin enable for their account? Can an admin turn off email aliases for their account?

  • The option is available to all users by default, so no need for an admin to enable
  • Admins that would like to prevent their managed users from adding email aliases that are not one of the managed domains should contact their Box Customer Success Manager
  • Admins can also prevent users from changing their primary email by selecting the “Prevent users from changing their email address.” The setting can be found in Settings > Security tab > Signup and Login

 

Can an admin add multiple email addresses on behalf of a managed user? How?

  • Admins can add email addresses for managed users (for example, John.Smith@example.com and jsmith@example.com), but will need to use the Box APIs to do so.
  • For more information, refer to our developer documentation here: https://docs.box.com/reference#add-an-email-alias-for-a-user
  • When email aliases are added in this way by the admin, they don’t need to be validated, but the email address domain needs to be consistent with one of the account’s managed domains.
  • If the company doesn’t have enterprise auto roll-in turned on, they could list all domains in both accounts as managed domains. (With enterprise auto roll-in enabled, there will be conflicts / bugs as both accounts try to claim a particular user for roll-in.)

 

How does email alias impact auto roll-in?

  • Users cannot enter an email alias that has the domain of another account that has auto roll-in turned on. For example: If a consultant has been given a client domain email address, but the client has auto-roll-in enabled, then the consultant won’t be able to add their client email alias to their Box account.

 

Will changes to an account’s email aliases be logged for reporting?

  • Yes. New email aliases and any changes to primary email addresses are logged and accessible through the admin console (Reports tab > Usage Logs)
  • The export of users shows the primary email address only. To see the aliases, you have to explicitly click on the user.
  • The APIs are similar. Pulling a list of users shows the login name, so you have to explicitly request the aliases for a user.

How do I change my time zone and/or language?

by on ‎01-19-2015 11:44 PM - edited 4 weeks ago by (4,699 Views)

You can change your time zone and language within Account Settings.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

 

  1. Sign into your Box account
  2. Click the small "gear" icon in the top right corner 
  3. Click "Account settings" from the pulldown menu
  4. Click the "General" tab
  5. Select your preferred timezone from the pulldown menu labeled "Language"
  6. Be sure to click "Save" at the bottom of the page
 
 
 

How do I change my language?

  1. Sign into your Box account
  2. Click the small "gear" icon in the top right corner 
  3. Click "Account settings" from the pulldown menu
  4. Click the "General" tab
  5. Select your preferred language from the pulldown menu labeled "Language"
  6. Be sure to click "Save" at the bottom of the page
 
time_zone_language.png

Languages Supported by Box

by on ‎02-03-2015 08:34 PM - edited 4 weeks ago by (3,200 Views)
Box supports a number of languages across our products.
 
The officially supported languages on the Box Web App are:
  • Chinese (Traditional)
  • Chinese (Simplified)
  • Danish
  • Dutch
  • English (US)
  • English (UK)
  • English (Australia)
  • English (Canada)
  • Finnish
  • French (France)
  • French (Canada)
  • German (Germany)
  • Italian
  • Japanese
  • Korean
  • Norwegian
  • Polish
  • Portuguese (Brazil)
  • Russian
  • Spanish (Spain)
  • Swedish
  • Turkish
 
The supported languages on Android, iOS, mbox are:
  • Chinese (Simplified)
  • Chinese (Traditional)
  • Danish
  • Dutch
  • English (US)
  • English (UK)
  • Finnish
  • French (France)
  • German (Germany)
  • Italian
  • Japanese
  • Korean
  • Norwegian
  • Polish
  • Portuguese (Brazil)
  • Russian
  • Spanish (Spain)
  • Swedish
  • Turkish

 

The supported languages on our Windows app are:
  • Arabic (translation only)
  • Chinese (Simplified)
  • Chinese (Traditional)
  • Danish
  • Dutch
  • English (US)
  • English (UK)
  • Finnish
  • French (France)
  • German (Germany)
  • Hebrew (translation only)
  • Italian
  • Japanese
  • Korean
  • Norwegian
  • Polish
  • Portuguese (Brazil)
  • Russian
  • Spanish (Spain)
  • Swedish
  • Turkish

Notifications

by on ‎12-16-2014 05:25 AM - edited 4 weeks ago by (4,700 Views)

The Box Notifications page displays information about events in Box that require your attention.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

 

 

In most cases, you can also navigate from the Notifications page directly to the piece of content that requires action.

 

Upon navigating to the Notifications page (by clicking the inbox icon in the header), you will see a list of all your notifications sorted by date. This is the All view.

 

In the upper right-hand corner of all notifications, you will see a bell icon. If you click the icon, you can mark notifications as unread.

 

 

From there, you can hover over All to select a specific notification type from the dropdown menu and filter for that type.

 

Unread shows you all unread notifications. Select a notification in the left-hand column to see more detail. From there, you will have the opportunity to take further steps to view a file or folder or take action on a notification depending on whether it is a task, invite, @mention, or expiration.

 

Incomplete Tasks shows you any tasks you have been assigned and not yet completed. Select a notification in the left-hand column to see more detail. From there, you can click the Complete Task button to view the file and complete your task or the Decline Task button to indicate that you will not complete the task.

 

 

Sent Tasks shows you a list of the tasks you have assigned to your collaborators and are waiting for them to complete. Select a notification in the left-hand column to see more detail. From there, you can click the Remind User button to have an email reminder automatically sent, or you can click the Cancel Assignment button.

 

 

 

Pending Invites shows you a list of the invitations you have received to collaborate on folders. Select a notification in the left-hand column to see more detail. From there, you can choose to Accept or Reject the invitation to collaborate. 

 

 

  • If you receive an invitation to collaborate that has strong password requirements, you can choose to either Change Password to accept the invitation or Reject the invitation. If you choose Change Password, you will be prompted to change your Box password to meet the stricter criteria. 
  • If you receive an invitation to collaborate that has a custom Terms of Service agreement, you will shown the Terms of Service with the invitation and be prompted to either Agree and Accept (meaning you accept the invitation and agree to the Terms of Service) or Reject the invitation completely.

 

Unread @Mentions shows you comments where you have been mentioned by name. Select a notification in the left-hand column to see the comment and other details. The Go To Item button takes you to the file or folder where the @Mention occurred.

 

 

 

Expirations shows you any content or collaborations that are set to expire in a week or less. Select a notification in the left-hand column to see the details. From there, you can click the Go To Folder or Go To Item button to navigate to the folder or item.

 

Where do I grant Box User Services temporary access to my account?

by on ‎01-22-2015 01:03 AM - edited 4 weeks ago by (2,705 Views)

If you submit a ticket to Box, a Box User Services Representative may ask for temporary access into your Box account in order to troubleshoot your issue.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

 

Please follow the steps below to grant your representative temporary access to your account:

  • From within your Box account, click on the arrow in the upper right hand corner and select Account Settings

 

  • Under the Security tab, scroll down until you see a section titled Access to your Account

 

  • Click Grant Box Access for 5 days

 

If access has been successfully granted, this section will now read Access Granted, with a countdown of how many days of access remain. You may revoke access to your account at any time by going back to the Security page and clicking Revoke Access.

How can I manage incoming collaboration invitations to folders?

by on ‎01-17-2015 01:55 AM - edited 4 weeks ago by (3,700 Views)

By default, your Box account will be set to automatically accept incoming collaboration invitations.  This means that when someone invites you to collaborate on a folder, your account will automatically accept this invitation and you will receive an email notification alerting you of the invitation and acceptance.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

 

If you would prefer to manually accept/reject incoming collaboration invitations, you can disable this setting on your account by following these steps:

  • From within your Box account, click on the gear icon in the upper right hand corner and select “Account Settings
  • Under the “Content and Sharing” tab, scroll down until you see a section titled “Collaborating on Content
  • Uncheck the box marked “Automatically accept incoming collaboration invitations

 

  • Click “Save” to confirm this change

My laptop or mobile device was stolen, how do I protect my Box account?

by on ‎02-01-2015 03:33 AM - edited 4 weeks ago by (1,199 Views)

If your laptop, tablet, or smart phone is stolen, you can protect your Box account by managing your active sessions.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

 

To do manage active sessions, follow these steps:

  •  Log in to your account and navigate to Account Settings

 

 

  • Under the Security tab, you will see a list of your account’s Login Activity
  • Scroll through the list of past sessions and click the” X” next to the listings connected to the stolen device (it should show up as "Box for iPhone", “Windows Chrome”, etc.)

 

  • Alternatively, you can choose the “Forget All” option if you’re not quite sure which browsers or apps your stolen device may have had access to

 

This will effectively cause Box to "forget" previous modes of access. The next time someone tries to open this application or browser from your stolen device, they will be prompted to re-enter their Box login credentials. 

Other helpful articles:

How do I unsubscribe from Box emails?

by on ‎01-01-2015 05:03 AM - edited 4 weeks ago by (2,100 Views)

We send out various emails to our users, including service notifications, announcements about new features, and regular newsletters.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

 

You opt to unsubscribe from account related notifications by logging into your Box account, going to the Settings page, and clicking on 'Notifications'.

 

You can also opt out of non-service emails by submitting the email address associated with your Box account.

How Do I View Or Edit My Profile?

by on ‎12-16-2014 05:19 AM - edited 4 weeks ago by (4,900 Views)

You can view your profile page by clicking the arrow next to your name in the upper right-hand corner of your Box account and selecting View Profile from the menu.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

 

View Profile page

 

You can update certain information in your profile, including your name, profile picture, and contact information.

 

You can edit your profile information by clicking the Edit Information button in your profile view (shown above). This will take you to the Profile tab in your Account Settings.

 

You can also go directly to your Account Settings. Click the arrow next to your name in the upper right-hand corner of your Box account and then click Account Settings.

 

Modify the information you’d like to update in the appropriate fields and click Save.

 

  • To add a profile picture, click Upload a Picture to select the image you would like to use from the file browser or Take Photo to take a new photo. 
  • If you already have a profile picture and you would like to change it, click the Change button beside the picture and select the image you would like to use from the file browser and click Open or click or Take Photo to take a new photo.
  • f you would like to remove a picture, simply click the Remove button.

Be sure to Save any changes. 

How Do I Change My Password Or Email Address?

by on ‎01-27-2015 07:11 PM - edited 4 weeks ago by (212,400 Views)

You can change your password and email address through your Account Settings.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

 

Steps

  1. Sign into your Box account
  2. Click your name in the top right corner 
  3. Click "Account settings" from the pulldown menu
  4. From the "Account" tab, scroll down to "Password Information"
  5. Click "Edit Password" and then enter your old password
  6. Enter your new password
  7. Confirm your new password
  8. Click "Save"

Note: If you are a SSO enabled user, you will see a section titled "Create External Password" instead.

 

 

 

If you are unable to log into your account, you may request a password reset at http://www.box.com/reset. (This link can only be sent to the email address that is currently associated with your Box Account). 

 

 

How do I change my primary email address?

  1. Sign into your Box account
  2. Click your name in the top right corner 
  3. Click "Account settings" from the pulldown menu
  4. From the "Account" tab, scroll down to "Login and Email Addresses"
  5. Click "Add more emails"
  6. Add new email address and click "Save"
  7. Confirm the alias via the email confirmation that will be sent (this step has to be done or else user can not mark as primary and it will not be recognized as an alias)
  8. Go back to account settings and hover over alias and mark it for primary
  9. You will be prompted to enter their password underneath the alias to validate this change

  • An email will be sent to let you know your primary email address has changed (it's only a notification, no need to confirm)
  • If you do not see the option to "Make Primary" it's likely that the admin has prevented the ability to change the primary email address on your account. (Please reach out to your admin if you would like to confirm). 

Can I Add Multiple Email Aliases To My Box Account?

by on ‎12-16-2014 05:14 AM - edited 4 weeks ago by (4,800 Views)

You can link multiple email addresses to the same account in Box. Any collaboration invites that go to these secondary emails will get funneled into your existing Box account. Other users will only see your primary email address and all notifications from Box will continue to be sent to your primary address.

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

 

To add an email address:

  1. Go to the Account tab in your Account Settings.
  2. Click the Add more emails link under the Login and Email Addresses section.
  3. Enter your new email address in the field and click the Save button.


An email verification will be sent to the address you entered. Click the verification link in the email to confirm and add the alternate email to you account.

 

To remove an address, simply click on the Remove link.

 

To change your primary address, click the "Make Primary" button. 

How Do I Contact Box User Services?

by on ‎01-19-2015 08:21 AM - edited 4 weeks ago by (10,800 Views)

In order to get your support request or question addressed as quickly and efficiently as possible, here are the recommended steps to follow:

Note: Old Box Experience

This page refers to the old Box experience. In Box, hover over a single file or folder with your mouse. If the item looks like the following image, you are in the right place.

 

Files and folders should look like this when you hover over them.Files and folders should look like this when you hover over them.

If the item does not look like the image above, visit one of the links below instead:

  1. Visit community.box.com
  2. Search by keyword in the Help forums to see if your issue has previously been addressed.
  3. If you do not see a similar issue, submit a request from the Help section of our community. We offer multiple channels to contact our support team. 
  4. Include as much detail as possible when filling out your support request. Make sure to address all of the questions below:
    • What is the problem?
    • Is this happening just to you or other users in your office?
    • Is it happening in multiple browsers?
    • Are you using a Mac or PC?
    • Is this problem related to Box Sync or Box Edit?
      • Yes: be sure to attach the sync or edit logs from your computer.
      • No: be sure to attach screenshots of your problem. Screenshots are the most helpful resource you can provide when describing your problem.
    • What troubleshooting steps have you already taken?

 

Contacting Box User Services via Chat

To contact a member of the User Services team via you must be signed into the community. Depending on your account type and the availability of an agent, the chat option should appear to you on the right-hand side of community.box.com/help. 

 
Click "Chat with Us". Another widget will pop-up. Enter your details (email, name, and question) and start chatting with us! It's as simple as that! The next available agent will contact you to continue the chat. 
 

How Does Box Measure Bandwidth Usage?

by on ‎12-16-2014 05:24 AM - edited on ‎01-10-2017 03:32 PM by (19,999 Views)

Box measures bandwidth usage based on downloads from open access shared links. All downloads from any public shared link count towards the bandwidth limit. Depending on the size of the files being shared and the frequency of downloads, you can reach this limit quite quickly based on the file format (GIF, FLV, MP3, and so forth).

 

Do all Box accounts have a bandwidth limit?

Yes.

 

The following limitations apply to free and paid accounts

The following downloads do not count towards an account's bandwidth limit:

  • Downloads from within an account by the content owner
  • Downloads by collaborators while logged in to their account

 

When is this bandwidth limit reset?

The Box bandwidth limit is reset on the first day of each month.

 

What happens when I reach the bandwidth limit?

Shared link recipients will not be able to download the file. The download will appear to initiate, but will not complete.

 

There is no impact on account owners and they can continue to work with their files on Box.

Ransomware/Cryptovirus/Malware Attacks

by on ‎05-13-2016 12:16 PM - edited on ‎06-07-2016 07:20 AM by (4,400 Views)

Ransomware is a type of malware that restricts access to the infected computer system in some way, and requires payment of the ransom to the malware operators to remove the restriction on the machine.

 

When Box Sync is being used on a machine, each file is downloaded and a hard copy of the content marked for sync is available locally.  If a machine has Ransomware on it, then the content being synced is susceptible to encryption and the encrypted content may be uploaded into Box.

 

In the event encrypted content was uploaded into Box, there are several options available in order to restore content to the unencrypted version.

 

You can determine which folders the user synced and which files were altered using the admin reporting tool. To do this, go to Admin Console > Reports (graph icon) - if you have access to the computer or account, you can also open Box Sync and the Box web app to see which folders are marked for Sync.

 

 

Using the ability to specify action types, you can use run a report to see which files were uploaded by the user while the computer was infected. You can also export these reports as a CSV file.

These reports will also show you which files were uploaded with Box Sync. You can then restore the previous, unencrypted version of the file using Box's Version History.

 

Additionally, you can write a custom program that rolls back all files to an unaffected version via API.

You'll need to inspect each file for its versions:

And promote the second newest version to the top (assuming you didn't modify anything after the crypto locker hit):

 

If you have have any further questions or would like further assistance, please don't hestiate to submit a case with our User Services team for further investigation.

Is My Data Encrypted?

by on ‎01-17-2015 01:29 AM - edited on ‎11-28-2016 03:49 PM by (16,300 Views)

Content uploaded to Box - from a single user with a Personal account to our largest Enterprise accounts - is encrypted in transit when sent through Box's website and Box-created applications, using high-strength TLS encryption. Content is also encrypted at rest by Box using 256-bit AES encryption, and is further protected by an encryption key-wrapping strategy that also utilizes 256-bit AES encryption.

 

Note: Box defaults to use the strongest encryption cipher suite available starting with 256-bit AES. However, to support Box's diverse customer base, Box does support other encryption cipher suites such as RC4, which provides greater compatibility with systems and end users. Users with specific encryption requirements should ensure that their browsers are correctly configured to use Box.

 

All outgoing Box email notifications associated with the Box Webapp (account.box.com) and Box-created applications support opportunistic TLS.

  • Please see this link to learn more about the security behind our Upload by Email feature.

 

 

How Do I Reset My Account's Password?

by on ‎03-13-2015 11:29 AM - edited on ‎11-08-2016 02:29 PM by (31,499 Views)

To reset the password for your Box account, follow this process:

  1. Visit https://app.box.com/reset and enter the email address associated with your Box account.
  2. Check your email, you will receive an email with a link to reset your password. 
    • Password reset links sent via email expire 3 hours after they are sent. If you need a new link after your current one has expired, visit https://app.box.com/reset to have another link emailed to you.
    • If you do not receive an email from Box for this password reset, check to see if your Box account is associated with that specific email address or another email address.
    • Also, check your spam folder in your email client for this email. 

Configuring A Firewall For Box Applications

by on ‎02-11-2015 06:40 PM - edited on ‎09-27-2016 03:57 PM by (95,199 Views)

When configuring your firewall to allow Box as a trusted source, please use the steps outlined below:

1. Use our site's domain names instead of a particular site IP address as IP addresses can change frequently and without notice. Please configure host names to recognize any sub-domain of:

  • *.box.com
  • *.boxcloud.com
  • *.boxlocalhost.com
  • *.box.net
  • *.boxcdn.net

If you are unable to use wildcards as shown in the list above, please allow these specific hostnames:

www.box.com

www.box.net

app.box.com

account.box.com

ent.box.com

developer.box.com

docs.box.com

a.box.com

m.box.com

upload.app.box.com

upload.box.com

notes.services.box.com

api.box.com

community.box.com

support.box.com

status.box.com

blog.box.com

view-api.box.com

view.box.com

upload.view-api.box.com

{yourcustomsubdomain}.app.box.com

{yourcustomsubdomain}.account.box.com

{yourcustomsubdomain}.ent.box.com

public.boxcloud.com

enterprise.boxcloud.com

dl.boxcloud.com

dl2.boxcloud.com - dl20.boxcloud.com

edit.boxlocalhost.com

upload.box.net

2.realtime.services.box.net

e3.boxcdn.net

cdn01.boxcdn.net - cdn20.boxcdn.net

 

2. Enable HTTPS (port 443) for the domains above.

Due to the numerous firewalls available we cannot provide specific instructions for each firewall beyond what is listed above. If you are using a firewall or proxy such as Websense, Blue Coat, etc., please create a Box User Services case  and request any additional hostnames that are used with Enterprise accounts.

 

Configuring a Proxy for Box Sync

1. What client settings are supported?

  • Automatic Proxy Detection 
  • Proxy Auto-Configuration (PAC file)
  • Manual setting: Select Web Proxy (HTTP) and Secure Web Proxy (HTTPS) and enter the IP address or host name for your proxy server

2. What server settings are supported?

  • Proxy server without authentication
  • Proxy server with NTLMv1 or NTLMv2 authentication

3. What are the proxy exceptions?

  • Windows: The Windows API does not support local file path schema (file://C:\proxy.pac).  Box Sync works if the PAC file path starts with HTTP or HTTPS, but it doesn't work if the PAC file path is the local path. 

 

Configuring a Proxy for Box Edit

See our Box Edit DNS and proxy configuration guide for more information.

 

Testing Connectivity to Box Domains

 You can test if your browser is able to connect to various Box domains by going to our Connectivity Testing page. Each test image is hosted on a different Box domain.

 

Using Box In Virtual Environments

by on ‎07-20-2015 04:07 PM - edited on ‎05-25-2016 10:33 AM by (7,400 Views)
Box Sync, Box Edit and Box for Office are supported in select virtual environments, subject to a few known caveats. Administrators should test Box applications in their virtual environment before deploying to production to verify they will work. Please see the matrix below for the supported configurations and caveats.
 
Configuration Box Sync Box Edit Box for Office
Published apps No* No Yes**
Remote Desktop No* Yes*** Yes
VDI (persistent) Yes Yes  Yes 
VDI (non-persistent) No Yes Yes
  
Known Caveats:
Box Sync only works if it is running on the client PC (not on the RDS/Terminal Services Server) and client drive mapping from RDS/Terminal Services server must be enabled to save content into Box Sync.
 
** If Microsoft Office is being deployed as a virtual app, Box for Office will only work if properly packaged to be accessible in the virtual app environment. Consult with your app virtualization provider for the appropriate way to package Microsoft Office Plugins.
 
*** Box Edit app needs to be running on the RDS/Terminal Server and the browser used has to be running there as well
 
In virtual environments, only Box Edit admin installs via the MSI installer is supported. 

Box HIPAA And HITECH Overview And FAQs

by on ‎12-16-2014 05:12 AM - edited on ‎02-19-2016 09:59 AM by (25,200 Views)

In April of 2013, Box announced its ability to support the HIPAA and HITECH regulations, as well as the ability to sign HIPAA Business Associate Agreements (BAAs) with customers. Box is one of the few cloud-based application providers that signs HIPAA Business Associate Agreements (BAAs), demonstrating our ongoing investment in enterprise security, compliancy and control for our customers.

 

What is HIPAA?

  • HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It is a federal mandate that requires specific security and privacy protections for Protected Health Information (PHI). More information around HIPAA can be found here: http://www.hhs.gov/ocr/privacy/index.html

 

What is the HITECH Act and the Final HIPAA Omnibus rule?

  • The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law in 2009, to promote the adoption and meaningful use of health information technology in the U.S.
  • In 2013, the final HIPAA Omnibus rule set further statutory requirements, which greatly enhanced a patient’s privacy rights and protections, including holding all custodians of Protected Health Information (PHI) — including HIPAA Business Associates (BA) — subject to the same security and privacy rules as Covered Entities under HIPAA.

 

How does Box facilitate HIPAA compliance for its customers?

  • The Box product/platform meets the obligations required by HIPAA, HITECH, and the final HIPAA Omnibus ruling.
  • Box signs BAA addendums to with its customers who have an Enterprise or Elite account and want to be HIPAA compliant. A signed BAA should be in place between Box and the customer prior to storing any Protected Health Information (PHI) on Box.
  • Customers are responsible for configuring Box in a HIPAA compliant manner and for enforcing policies in their organizations to meet HIPAA compliance.

 

Is there any kind of industry certification that Box has undergone to prove it supports HIPAA compliance?

  • There are no official government or industry certifications for HIPAA compliance. In order to support HIPAA compliance, Box has reviewed the HIPAA regulations and updated its product, policies and procedures to support customers around their need to be HIPAA compliant.
  • Box has also been evaluated by an independent, third party auditor who has issued an evaluation report (HIPAA AUP) that details the controls Box has in place to meet HIPAA requirements in regards to data privacy and security.

 

How do I get a copy of the third party audit report on Box HIPAA compliance?

  • Please contact your Box representative.

 

How does Box support HIPAA compliance within its product and platform?

In addition to being able to sign HIPAA Business Associate Agreements (BAAs), Box has the following features in its product as well as organizational policies:

  • Data encryption in transit and at rest
  • Restricted physical access to production servers
  • Strict logical system access controls
  • Configurable administrative controls available to the customer to:
    • Grant explicit authorization to customer files to read, download, edit, lock and password protect files
    • Monitor access
    • Reporting and audit trail of account activities on both users and content
    • Formally defined and tested breach notification policy
    • Training of employees on security policies and controls
    • Employee access to customer data files are highly restricted
    • Mirrored, active-active data center facilities to mitigate disaster situations
    • 99.9% uptime SLA
    • SSAE 16 SOC1 and AT-101 SOC2 Type II Reports
    • Additionally, Box is ISO 27001 certified


What types of customer and administrator controls does Box have that are relevant to HIPAA requirements?

  • Controls to provide reasonable assurance that instructions and information provided to Box by the customer are in accordance with the provisions of the Box Service Agreement with the customer, or other applicable governing agreements or documents between Box and its customers.
  • Controls to provide reasonable assurance that only authorized individuals from the user entity are granted the ability to access, modify, and delete information from Box’s application.
  • Controls to provide reasonable assurance that the user entity’s method for accessing Box’s application is configured with proper logical security protocols.
  • Controls to provide reasonable assurance that the confidentiality of the user entity’s sensitive information is not compromised by its users.
  • Controls to provide reasonable assurance for defining and granting access to users permitted by the user entity.
  • Controls to provide reasonable assurance that user accounts and access permissions are correctly specified on an ongoing basis, including revoking accounts.

 

Has Box signed HIPAA Business Associate Agreements (BAAs) with customers to date?

  • Yes, Box has signed BAAs with several healthcare and life sciences customers to date. 

 

What types of Box accounts can be HIPAA compliant?

  • Box applies the same security and privacy controls for all of its customers, whether Personal, Starter, Business, Enterprise or Elite accounts.
  • However, customers who are required by law to comply with HIPAA, such as HIPAA Covered Entities and HIPAA Business Associates, must have an Enterprise or Elite account with Box and sign a HIPAA Business Associate Agreement (BAA). To comply with HIPAA they must configure Box and enforce policies within their organizations to meet HIPAA requirements.

 

Are Box partners or OneCloud apps automatically HIPAA compliant?

  • Box partners that offer a product or service to a HIPAA Covered Entity or another HIPAA Business Associate (BA) and are handling Protected Health Information (PHI) must sign a HIPAA Business Associate Agreement (BAA) with the customer; in addition, the customer should also sign a BAA with Box. Please refer to the Box partner’s website for information on their HIPAA compliance.

 

Can Box sign HIPAA Business Associate Agreements with partners who are doing business with healthcare customers (e.g., Covered Entities or other Business Associates)?

  • Yes, Box has the ability to enter into a direct Business Associate Agreement (BAA) with the partner as well as directly with the partner’s customer as needed. 

 

Basic HIPAA Terms and Glossary

What is HIPAA?

  • HIPAA stands for the Health Insurance Portability and Accountability Act of 1996.
  • HIPAA is a federal mandate that requires protections regarding security and privacy on Protected Health Information (PHI). More information around HIPAA can be found here: http://www.hhs.gov/ocr/privacy/index.html       

 

What is Protected Health Information (PHI)?

  • Protected Health Information (PHI), also referred to as protected health information, generally refers to demographic information, medical history, test and laboratory results, insurance information and other data that is collected by a health care professional to identify an individual and determine appropriate care.

 

What is Personally Identifiable Information (PII)?

  • Personally Identifiable Information (PII) is a subset of Protected Health Information (PHI), and refers to information that is uniquely identifying to a specific individual. Protected Health Information (PHI) is specific to medical and health-related use.

 

What is a HIPAA Covered Entity?

  • A HIPAA Covered Entity (CE) stewards Protected Health Information (PHI) and/or Personally Identifiable Information (PII) on patients in the process of providing healthcare care or paying for care.  Examples of HIPAA Covered Entities (CE) are one of the following:
    • Healthcare provider:
      • Including doctors, clinics, psychologists, dentists, chiropractors, nursing homes, pharmacies that transmits any information in an electronic form in connection with a transaction for which the U.S. Department of Health and Human Services (HHS) has adopted a standard.
    • Health plan:
      • Including health insurance companies, HMOs, company health pans, government programs that pay for healthcare (like Medicare and Medicaid)
    • Healthcare clearinghouses:
      • Including entities that process non-standard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

 

What is a HIPAA Business Associate (BA)?  

  • A HIPAA Business Associate (BA) refers to a person or organization that conducts business with the HIPAA Covered Entity (CE) and touches the Protected Health Information (PHI) or Personally Identifiable Information (PII) that the covered entity is stewarding on behalf of the patient.
  • Business Associates (BAs) include those vendors or services that do business with the HIPAA covered entity (CE). Examples are service organizations or vendors that contract with the HIPAA Covered Entity (CE) that may provide: software such as Electronic Health Records (EHRs), claims processing, data analysis, utilization review, billing, legal services, actuarial services, accounting services, consulting services, data aggregation, accreditation services, or financial services. To be a HIPAA Business Associate (BA), the work of an organization must deal directly with the use or disclosure of Protected Health Information (PHI) and/or Personally Identifiable Information (PII).

 

What is a HIPAA Business Associate Agreement (BAA)?

  • A HIPAA Business Associate Agreement (BAA) is a legal document that a HIPAA Business Associate (BA) enters into with a HIPAA Covered Entity (CE).

 

What is the HITECH Act?

  • The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology in the U.S.

 

What does the HITECH Act have to do with HIPAA or patient privacy?

  • Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

 

What is the final omnibus rule and how does this apply to HIPAA?

  • The final omnibus rule is based on statutory changes under the HITECH Act, and was enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009.  The rule made the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented in 1996. 
  • The omnibus rule greatly enhanced a patient’s privacy rights and protections, as well as included support for the Genetic Information Nondiscrimination Act of 2008 (GINA).  It also strengthened the government’s ability to enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a HIPAA covered entity (like a health plan, a health care provider or retail pharmacy) or one of their third party contractors that is a HIPAA Business Associate.

 

Where can I get more information?

Logging in with Single Sign On (SSO)

by ‎11-17-2015 11:45 AM - edited ‎12-14-2015 02:00 PM (9,900 Views)

 

Single Sign On Authentication

Single Sign On Authentication (or SSO Authentication) allows you to log in to multiple applications using a single set of credentials. If your administrator has enabled or required SSO for your organization, you can use your company credentials to log in to Box.

 
Follow these steps to log into your Box account using SSO authentication:
From Box.com:
  • From the Box log in screen, select Sign in with SSO in the bottom right corner. 
  • Enter the email address affiliated with your Box account.
  • You will be redirected to your company's login page. Enter your company credentials in order to gain access to your Box account.
 
From Company Branded Subdomain
  • If you are logging in via your company's branded Box subdomain (e.g. yourcompany.box.com), and your enterprise has enabled or required SSO, you will be shown the following prompt:
  • Click Continue to be redirected to your company's login page. Enter your company credentials in order to gain access to your Box account.

 

Single Sign On on Mobile Devices

To login to Box using SSO authentication on any mobile device, tap “Use Single Sign On (SSO)” underneath the Log In button.

 

 

On the next page, enter the email address associated with your Box account. Clicking "Log In" will redirect you to your company or university login page. Enter your company or university credentials to log into Box. 

 

Logging in to 3rd Party Mobile Apps using SSO

A majority of 3rd party applications and our OneCloud partners now support SSO and have a dedicated SSO login button labelled - Use Single Sign On (SSO). If your company has SSO required, you can click on the SSO log in button and then enter your Box specific email address. This should then redirect you to your company login page, where you will need to log in with your company credentials.

 

Follow these steps to log in with SSO:

  • Inside of the application you want to use, locate Box by looking for "App Integrations" or "Server Connections" and select the "Box" connection.
  • Depending on the application, you may be asked to enter your username (email address) before you can see the SSO login button.

  • Select "Use Single Sign On (SSO)"
  • Enter your Box specific email address
  • You will be redirected to your company company login page. Enter your company credentials in order to gain access to your Box account

 

Notes: 

  • While the Box API supports SSO login, because of the customization that goes into setting up SSO, occasionally there are apps or SSO configurations that are not optimized for SSO login on mobile. If it does not work for an app, you will need to create a Box-specific password in your account settings to login with.
  • SSO won't work for any app using WebDav or FTP
  • If the account has SSO required, a Box-specific password will not work unless the app is using WebDav to authenticate (ex. QuickOffice, DocsToGo, GoodReader)
  • 3rd Party App developers must also optimized their apps for SSO login, so you may see issues on an app by app basis
  • If you are not able to log into your Box account from within a third party application your admin may have disabled this application for the Enterprise from within the Admin Settings. You would have to contact your admin to have them enable the application for the Enterprise from within the Apps tab of the Admin Console.

How Do I Clear The Cache And Cookies In My Browser?

by on ‎12-16-2014 05:12 AM - edited on ‎10-26-2015 05:29 PM by (42,200 Views)

Occasionally clearing your browser's cache and cookies may help to eliminate common problems. To clear your cache follow the steps below for your browser:

 
Mozilla Firefox (version 40 & later):
  1. Once your browser is open click on "" located at the top right of the browser then click "History" and  select "Clear Recent History".
  2. Remove checks from everything except "Cache" and "Cookies" which should be left checked.
  3. Click "Details" and choose "Everything" in the "Time Range to clean" dropdown.
  4. Click the "Clear Now" button.
  5. Close and re-open your browser before returning to Box.
     
Internet Explorer 9, 10 & 11:
  1. Click the "Gear/Tools" drop-down at the top-right of your browser.
  2. Click "Safety" > "Delete browsing history."
  3. Deselect the option "Preserve Favorites website data"
  4. Select "Temporary internet files and website files" and "Cookies and website data" then click "Delete"
  5. Close and re-open your browser before returning to Box.

 

Google Chrome:

  1. Click the menu icon "" on the right end of the browser toolbar.
  2. Select "More Tools" > "Clear browsing data"
  3. Select the options for "Cached images and files" and "Cookies"
  4. Use the menu at the top to select "the beginning of time"
  5. Click "Clear browsing data"
  6. Close and re-open your browser before returning to Box.

 

Safari 7 and 8 (Mac):
  1. Click on the Safari menu > Preferences 
  2. Navigate to Privacy 
  3. Click "Remove All Website Data" under Cookies and other website data. 
Safari 6 (Mac):
  1. First you need to enable the Develop Menu in Safari. To do so, click on the Safari menu > Preferences
  2. Select the Advanced option and enable Show develop menu in menu bar
  3. The Develop drop down will now appear in the menu bar. Select Develop > Empty Caches.

How To Disable Plugins/Add-Ons/Extensions In Multiple Browsers

by ‎12-16-2014 05:12 AM - edited ‎10-16-2015 12:44 PM (100,699 Views)

Can browser plugins and extensions affect my connection to Box?

If you are encountering speed, upload, download, or various interface problem with Box it could be caused by a plugin, add-on, or extension that you have installed in your browser. To see if this is the case you can try disabling all plugins, add-ons, or extensions within your browser. Here are steps for various browsers:

 

Microsoft Internet Explorer 8 and Later:

 

Mozilla Firefox: 

  1. Click the orange "Firefox" button in the top left-hand corner of the browser window and choose "Add-ons" from the right column of the menu to open an Add-ons Manager tab in the active browser window.
  2. If you are using Windows XP, click on "Tools" from the menu bar near the top of the browser window and choose "Add-ons." 
  3. Click "Extensions" to view the installed extensions that add features to Firefox, or click "Plugins" to view plugins that add compatibility and functionality. 
  4. Find the add-on you want to disable and click its "Disable" button.
  5. If you want to delete an extension entirely, click "Remove."
  6. Restart Firefox to complete the process.

 

Google Chrome:

  1. Click the menu icon "" at the top right of the browser window, choose "Tools" and choose "Extensions" to open a new "Options" tab. 
  2. Uncheck "Enabled" to disable an extension, or click "Remove" to delete it completely.
  3. Enter "chrome://plugins/" in Chrome's address bar to view plugins that add compatibility and functionality, such as Apple QuickTime or Adobe Flash,
  4. Click the "Disable" link under the plugin you want to disable.

 

Safari:

  1. Choose Safari > Preferences.
  2. Click the Security pane.
  3. Click Manage Website Settings to see plug-in details for a particular website.
  4. Internet plug-ins installed on your computer appear on the left side of the plug-ins sheet. Select a plug-in to configure its website settings.
  5. Websites that are currently open in Safari appear on the right side of the plug-ins sheet. Websites that you have already configured by clicking "Trust" or "Cancel" also appear here.
  6. You can select Ask, Block, Allow, Allow Always and Runs in Unsafe Mode under "When visiting other websites:". Select Block to disable plugin and Allow or Allow Always to enable. 

About Box's User Research Panel

by ‎10-07-2015 04:32 PM - edited ‎10-07-2015 08:45 PM (4,700 Views)

At Box, we’re always pushing ourselves to create the best products to help you get work done. But there’s one thing we need more of in our design process: you. That's why we're putting together Box's User Research Panel, a group of users who can provide insight into their experience with Box products, and give feedback about our newest ideas.

 

What is Box's User Research Panel? 

As a member of Box’s User Research Panel, you’ll be able to participate in our product research and give feedback to help us design and build what's next for Box. You'll not only be one of the first to see new ideas and innovations from our Product Design team- you’ll help shape them with your direct feedback.

 

How do I sign up?

If you’re interested, sign up here

 

What kind of feedback am I going to be giving?

We’re looking to include our users at every stage of the design process. This can mean anything from answering a quick survey to testing a new prototype to 1-on-1 conversations with our product design team. There’s lots of ways to get your voice heard and influence Box’s future.


How often will you be contacting me?

Don't worry; we’re not going to flood your Inbox. You won’t hear from us about a research initiative more than twice a month.

If you have any additional questions, please contact us at user-research@box.com.

 

Using A.Box.Com For Accessibility

by on ‎08-24-2015 05:18 PM (3,300 Views)

Box is committed to providing a simple and compelling experience for all users. We work closely with our Accessibility Advisory Board to provide a user experience for users who require an accessible Box application due to a physical disability (or for any other reason).

 

This article provides further details on accessibility at Box. You can always contact our Box User Services team for further information.

 

 

What are the available features for a.box.com?

a.Box.com supports the primary features of Box, and provides access to all features available in the m.Box.com website. Some of the primary features include preview and download access to files and folders, sharing and configuring links to files and folders, adding and managing collaborators, viewing and making comments, and managing files and folders.

a.Box addresses accessibility as a core requirement for each feature.

 

What are the supported browsers for Box applications? How does a.Box deal with browsers without JavaScript or CSS?  

Box recommends using the most current version of web browsers (see the list of officially supported browsers at Box). The a.Box.com site degrades depending on your browser's support for JavaScript and CSS, but continues to display the basic information required to view files and folders.

 

Does a.Box support screen readers?

a.Box is intended to work with the leading screen reading technology providers, including VoiceOver. Screen readers attempt to identify and interpret what is being displayed on the screen and convey that information via text-to-speech to users who are visually impaired.

 

Does a.box.com provide keyboard access?

a.Box.com provides keyboard accessibility, which enables you to use your keyboard exclusively (with no mouse) for improved interactions with the Box UI.

a.Box.com helps enable keyboard accessibility through the following additional features:

  • Removal of all menu items that are enabled via mouse 'hovering'.
  • Re-ordering of all menu structures to maintain a logical reading order. 
  • Enabling of visible focus, which helps people with visual or other print-related disabilities have a clear indicator of where they are on a page.
  • Providing a short-cut that enables a user to immediately 'skip to content' they are trying to view, letting them bypass repeated menu elements.

 

Does a.Box provide low vision color contrast?

a.Box.com is designed with low vision and color-blind user needs in mind. a.Box.com allows for text resizing, with up to 200% magnification. The site has also been tested for color contrast, with contrast ratios set at a minimum of 4.5:1.

 

How can I get more information about accessibility at Box?

Contact Box User Services to receive additional information or to provide feedback.

The Box Net Promoter Survey

by on ‎05-12-2015 08:44 AM (539 Views)
The Net Promoter Survey is a widely used, standard methodology for measuring user satisfaction in a way that is quantifiable and actionable. Box strives to create products that end users and administrators love, and this survey is used to collect feedback that feeds directly into our product planning process.  The survey is presented as a pop up in the Box Web Application and asks users how likely they are to recommend Box to a colleague or friend. It also solicits feedback on areas the user feels Box’s products can be improved.
 
 
The Net Promoter Survey is sent to a small random sampling of Box end-users at regular intervals in order to give Box a balanced perspective on user satisfaction across our entire user base.  The feedback gathered is used to design new features and enhancements to existing features.  Participation is optional and users will not be repeatedly surveyed.
 
We are dedicated to maintaining the security and trust of all Box users.  Data collected from the Net Promoter Survey is handled carefully in accordance with the terms specified in the Box Privacy Policy.  Box employees from a variety of disciplines review the data in order to improve Box products and services.
 
If you have additional questions about the Net Promoter Survey, please contact your Box account team or Box User Services.

How do I update to the latest version of my preferred browser?

by ‎01-30-2015 04:26 PM - edited ‎03-16-2015 11:13 AM (1,400 Views)

To check if you have the most recent browser version, you can go to the browser’s Settings (usually a gear icon) > About Browser. Below you can see where to find this information for each browser Box supports:

 

Internet Explorer:

 

Firefox:

 

Chrome:

 

Safari:

 

To update to the most recent browser version, which we recommend for the best Box experience, please visit the browser’s updates page:

DMCA Takedown Requests

by ‎01-22-2015 02:13 AM - edited ‎03-16-2015 11:00 AM (700 Views)

Box, Inc. ("Box") respects the intellectual property of third parties and expects its users to do the same. Box will respond expeditiously to claims of copyright infringement committed using the Box service or the Box website (the "Site"), in accordance with the Digital Millennium Copyright Act of 1998, the text of which may be found on the U.S. Copyright Office website at http://www.copyright.gov/legislation/dmca.pdf.

 

If you are a copyright owner or an agent thereof, please report the alleged copyright infringement taking place on or through the Site by completing the DMCA notice of alleged infringement ("DMCA Notice") found below, and delivering it to Box's Designated Copyright Agent. Upon receipt of the DMCA Notice, Box will take whatever action it deems appropriate, in its sole discretion, including removal of the content at issue from the Site.

 

All DMCA copyright takedown requests should be directed to our form at http://sites.box.com/help/dmca

Where can I find your “Terms of Service” and “Privacy Policy”?

by ‎12-16-2014 05:12 AM - edited ‎03-16-2015 10:26 AM (805 Views)

Where can I find your “Terms of Service” and “Privacy Policy”?

Terms of Service: https://www.box.com/static/html/terms.html

Privacy Policy: https://www.box.com/static/html/privacy.html

How do I log in using my Google account?

by ‎02-06-2015 01:27 AM - edited ‎03-16-2015 09:21 AM (68,399 Views)

You can use your Google account information (username and password) to access Box through Google OpenID authorization. Follow the steps below to use your Google account while logging in to Box:

  1. Go to the Box login page: http://app.box.com/login
  2. Click or tap the Sign In with Google link in the footer:
    Google OpenID link in the footer at the bottom of the page
  3. Log in to your Google Account as you normally would on the Google account login page. 

 

Having Trouble?

If you are unable to log in because your Google account address does not match your Box account address, you will need to change the primary address associated with your Box account.

  1. Go to the Box login page: http://app.box.com/login
  2. Sign in with the email address you currently use with your Box account. If you do not know the password, you can click or tap the Reset Password link on the login page.
  3. Once you are signed in, change your primary Box email address to match your Google account address. You can find instructions here: How Do I Change My Password Or Email Address?

Protecting Your Box Content

by ‎12-16-2014 05:25 AM - edited ‎03-16-2015 08:40 AM (6,498 Views)

Box makes it easy to share your files and folders using shared links. While verifying and setting the access level for your links, be aware of the considerations and tools identified in this article to help manage access to your items on Box.

 

Guidelines

Many of our users and customers use open access links to share content widely as they have visibility into how their content is accessed.

 

Awareness of Search Engine Crawler Behavior

Search engines may display any open access link discovered by crawlers. Be aware of the following nuances in search engine crawler behavior:

  • All shared links found by the crawler are indexed and displayed in the search engine results page.
  • Displaying the link does not indicate if the document(s) in the displayed link was downloaded or parsed.
  • The name that is displayed in the search engine results page is taken from context or HTML tags, not from the content itself.

Note: If your content is sensitive and should not be accessed by crawlers, be sure to carefully review the settings for each shared link and ensure that you've set the required permissions for your content.

 

Do You Need Open or Restrictive Access?

Box provides a broad array of options to share content with settings that are as open or as restrictive as needed, including:

  • You can restrict access to shared links so only people from the same company or who have been specifically added as collaborators to a folder can access the content.
  • You can turn off shared links for a file or folder you own; Admins can turn off shared links for their entire organization. 
  • You can designate a default shared link option across all the content you own so you don't have to remember to change from the open option when generating new shared links. Admins on our Starter, Business, Enterprise, and Elite plans also have the ability to set this default for the entire account. 
  • You can enforce an expiration date on a link, or require that people with the shared link enter a password before they can access a file or folder. 
  • If a link is set to the open access level, shared link values are randomly generated, alpha numeric and have a large number of digits (20) to make it very difficult to guess.
  • With all shared links - including open links - Box displays a message to remind you of the permissions associated with your content.

 

Is Flexibility Important to You?

If  you prefer to have flexibility when allowing your files and folders to be publicly accessible, see the following additional articles:

  • Share content publicly using customized links.
  • Share files and folder using Open access links.
  • Embed files and folders in your website directly.

How Does Box Prevent Clickjacking?

by ‎12-16-2014 05:19 AM - edited ‎03-16-2015 08:27 AM (1,015 Views)

What is clickjacking?

A clickjacking attack (more technically known as a "UI redress attack") occurs when a user's clicks or key presses are "hijacked" by an attacker. The attacker places his/her site in a frame (either opaque or transparent) over the site the user meant to visit. The user will still see the correct site, clicking on a seemingly innocuous button or link or entering sensitive information in one of the site's fields, and the attacker uses that click or tracks the keypresses for his/her own nefarious purposes, routing them to another application or domain.

 

How does Box prevent clickjacking?

To guard against clickjacking attacks, Box employs preventative measures in our embed widget as well as an X-Frame-Options header. 

Our embed widget uses an interactive "Drag the Cloud" game in which a white cloud puzzle piece, randomly placed on the page, needs to be plugged into a cloud-shaped "hole" in the page, also randomly placed on the page. Because both of the objects are randomly placed on the page, the user's click locations cannot be predicted easily by attackers, making a clickjacking attack less effective and an attempt to use clickjacking measures less worthwhile. This randomized interaction is the most effective method of preventing clickjacking attempts available for embedded content. Users can feel secure that they are interacting with the correct site if they are able to click and drag the cloud into the correct place.

 

As a partner using Box, how do I prevent clickjacking?

Box recommends that partners use the Box Embed widget, which includes a randomized interaction (the "Drag the Cloud" game). However, we understand that some partners may not want to use the embed widget, or may want to use the widget without the included cloud-game interaction. We offer an option without the cloud-game interaction to those partners who have implemented one of our security team's approved clickjacking defenses. Partners who are interested in opting out of the cloud-game interaction will need to contact their Box Support representative to begin the process. 

Our approved clickjacking defenses include the following:

  1. Using an X-Frame-Options header 
  2. Displaying framed content in a new window
  3. Implement a randomized user interaction before allowing access to the application

The X-Frame-Options header is an industry-wide standard used to prevent clickjacking by specifying whether or not a site can be rendered within <frame> or <iframe> tags. For more specific information on the various X-Frame-Options header types, including browser support and limitations, see this article.

 

Box isn't showing up on my site properly, or I'm getting an empty frame, what should I do?

If you're seeing an empty frame when you try to use Box on your site, or you're getting an error page, use the Box Embed widget. To get the embed code, click the Share button, then click the Embed button from the Share window. Click Copy to Clipboard to copy the embed code, or select it directly from the field in the window and copy it. Paste the code into your html editor to use Box Embed. 

Enhanced Security

by ‎12-16-2014 05:12 AM - edited ‎03-13-2015 03:42 PM (5,298 Views)

For detailed information on the security of Box's servers and services, please see our Security Overview.

Box adheres to the highest industry standards for security so you can share, access, and manage your content with confidence.

 

  • Secure data centers: Your content is stored on enterprise-grade servers that undergo regular audits and are monitored 24/7
  • Redundancy: Files are backed up daily to additional facilities
  • All files uploaded to Box are encrypted at rest using 256-bit AES encryption.
  • For files in transit, AES 256 is a supported cipher, however we default to use RC4-128 encryption. We do this to mitigate a known vulnerability in SSL called the BEAST attack, which an attacker could use to hijack someone's web session when other ciphers (including AES 256) are used. 128 bit encryption is currently considered safe and secure.
  • AD/LDAP integration: Enterprise edition customers can replace Box’s authentication mechanism with their own

 

Box is also SAS70 Type II and Safe Harbor certified.

Is Box HIPAA Compliant?

by ‎01-19-2015 04:44 AM - edited ‎03-13-2015 01:28 PM (8,099 Views)

In November 2012, Box achieved compliance with HIPAA and HITECH obligations, reinforcing our position as the secure cloud platform for collaboration, external sharing and mobile productivity. Healthcare organizations – providers, insurers and life sciences innovators – have relied on Box to improve the efficiency of their daily operations, and we’re excited to be in a position to help them accelerate their work on improving real health outcomes for patients and plan members.

 

For more information, please refer to this article: Box HIPAA and HITECH: Overview and FAQ

Box Protection Against OpenSSL Heartbleed Vulnerability

by ‎01-06-2015 02:39 AM - edited ‎03-13-2015 11:39 AM (899 Views)

Our new SSL certificates are now live. At this time, we recommend that users reset their passwords using a new, unique passcode. This is a preventative measure for added protection - we've performed very in-depth analysis and have found no evidence of breaches or attacks during the time the vulnerability was live for Box users.

 

We've also added additional details below to answer some of the common questions we've been hearing.


On April 7, 2014, a major security flaw was discovered with OpenSSL, a cryptographic library that enables SSL (Secure Sockets Layer) or TLS (Transport Security Layer) encryption for a majority of sites and services across the web.

 

Earlier this year, Box updated its servers and upgraded to a version of OpenSSL that contained the vulnerability.

 

Within hours of notification about this vulnerability on April 7, Box released a patch to protect all logins and content . We also took the extra step to revoke and reissue our SSL certificates for the product for added precaution. These new certificates were live as of April 11, 2014. To date, we have no indication that Box has been targeted or attacked in relation to this bug

 

Now that the new SSL certificates are live, we recommend that users reset their Box passwords as an additional security measure. Again, this is just an added precautionary measure as we have not found any indications of malicious activity. 

 

Frequently asked questions

Is it safe to use Box?

Yes. We've performed a thorough investigation and have found no breaches, attacks, or malicious activity during the time we were using the version of OpenSSL that contained the Heartbleed vulnerability. Box takes the security of your personal information and data very seriously, which is why we immediately patched the bug within hours of the initial notification and have take the extra step of reissuing our SSL certificates. Though we haven't seen any evidence of malicious activity around this vulnerability, we do recommend users reset their passwords just as an added precaution. 

 

Do I really need to reset my password?

It's optional, but if you have any concerns or have logged into your account recently we do advise you to proactively update your password.

 

How do I change or reset my password?

Detailed instructions for how to change your password if you're already signed into your account are available here. If you're not logged in or don't remember your password, here are instructions for how to reset your password

 

What if I use SSO (Single Sign-On) to log in to Box? Should I also reset my password?

Because SSO users do not enter a Box password when they log in (this is done through the organization's identify provider such as Okta or Ping Identity), you do not need to reset a password. The exceptions are if you're a user at a company where SSO login is optional or you use an external password (a separate Box-specific password that can be used to log into apps that don't support single sign-on like some iOS apps, WebDAV or FTP) to access Box and have used those since the beginning of 2014. In that case, we recommend you reset that external password now for added protection.    

 

I'm an admin of a Box account. How do I know if my users need to reset their passwords?

The short answer is that if you have any concerns, you should err on the side of caution and initiate a password reset for your users just in case (instructions for how to do that are here). We will be sending an email to the subset of users on paid accounts that logged in during the time the vulnerability was live that specifically should reset their passwords, but it's always a good idea to regularly update passwords and this could be a good time for all of your users to update as well. 

 

What else can I do to make sure my personal info and content on Box stays secure? 

We highly recommend that users enable our two-step login verification feature for added security and protection of your login credentials.

 

I'm an admin of a Box account. What else can I do to keep my users protected? 

Box offers a variety of security features you may want to leverage for added protection (especially around users' login credentials), including:

Why Do I See "Error On Page" In Internet Explorer?

by ‎12-16-2014 05:12 AM - edited ‎03-13-2015 11:12 AM (34,799 Views)

If your internet browser is having trouble navigating Box normally, you may need to disable one or more installed browser add-ons to resolve the issue. Here’s how to check for the problem:

 

Start Here

  1. Close any open Internet Explorer windows
  2. Click the Start button
  3. Mouse over All Programs, then click Accessories
  4. Click System Tools, then open Internet Explorer (No Add-ons)
  5. In the browser window that appears, go to www.box.com

If you’re able to navigate the site normally in this window, one or more of your browser add-ons are conflicting with Box. Close Internet Explorer. In this case, you’ll need to identify the add-on(s) causing the conflict. Here’s how:

 

For Internet Explorer 11

  1. Click the Start button and type Internet Explorer into the search box. In the list of results, click Internet Explorer to launch the browser.
  2. Click on Gear Icon located on the top right corner.
  3. Click on Manage add-ons. 
  4. Under toolbars and extensions, select the add-on you want to test for issues, click Disable, and click Close.
  5. Click the refresh icon in Internet Explorer or press the F5 key to reload www.box.com. Then, verify that the issue is resolved.
  6. Repeat step 4 and 5 for every add-on until you find the one causing problems in Box.com. Leave that one disabled and enable the rest. When you’re finished, click Close.

 

For Internet Explorer 9 & 10

  1. Click the Start button and type Internet Explorer into the search box. In the list of results, click Internet Explorer to launch the browser.
  2. Click the Tools button, then click Manage add-ons
  3. Under Show menu, click All add-ons
  4. Click the add-on you want to test for issues, click Disable, and click Close
  5. Click the refresh icon in Internet Explorer or press the F5 key to reload www.box.com. Then, verify that the issue is resolved.
  6. Repeat step 4 and 5 for every add-on until you find the one causing problems in Box.com. Leave that one disabled and enable the rest. When you’re finished, click Close.

 

For Internet Explorer 8

  1. Open Internet Explorer (IE) normally by clicking the Start button, then clicking Internet Explorer
  2. Click the Tools button, then click Manage Add-ons
  3. Under the Show menu, click All Add-ons
  4. Click the add-on you want to test for issues, then click Disable
  5. Test Box.com with this add-on disabled
  6. Repeat steps 4 and 5 for every add-on until you find the one causing problems in Box. Leave that one disabled and enable the rest. When you’re finished, click Close.

 

For Internet Explorer 7

  1. Open Internet Explorer (IE) normally by clicking the Start button, then clicking Internet Explorer
  2. Click the Tools button, mouse over Manage Add-ons, then click Enable or Disable Add-ons
  3. In the Show list, click Add-ons currently loaded in Internet Explorer
  4. Click the add-on you want to test for issues
  5. Under Settings, click Disable
  6. Test Box.com with this add-on disabled
  7. Repeat steps 4 - 6 for every add-on until you find the one causing problems in Box. Leave that one disabled and enable the rest. When you’re finished, click OK.
 

Adding Box as a Trusted Site zone in IE 

If you come across the error that says "Cannot Navigate to this page", please follow the steps below to add Box to the Trusted Sites zone in IE:
  1. Open Internet Explorer
  2. Login to your Box account
  3. Click the Tools button, and then click Internet Options.
  4. Click the Security tab, and then click the security zone,Trusted sites
  5. Click Sites.
  6. Clear the Require server verification (https: ) for all sites in this zone check box.
  7. Type the following websites in the Add this website to the zone field and click Add after each one:
    Type: *.box.com and click Add
    Type: *.box.net and click Add
    Type: *.boxcdn.net and click Add
    Type: *.boxcloud.com and click Add
  8. Click Close, and then click OK
  9. Restart Internet Explorer 

 

Related articles:

What Is Box?

by ‎01-27-2015 07:39 AM - edited ‎03-13-2015 11:09 AM (22,400 Views)

Document Management: Keep all your files in one place that you can access anywhere from any device.

  1. All your content will live in one place that you can access from your desktop or mobile device.
  2. You will be given access to specific department related folders and you can organize your private business content in your own folder tree.
  3. When your files are stored in Box you have a quick, easy and secure way to review version history and share your files internally or externally.

                                                     

Use Box Collaboration to create group work spaces.

Are group projects a challenge – not the good kind? Are you bombarded with emails, making it tough to determine the latest file version? Box allows you to centralize files in a single online workspace.

  1. Invite your colleagues or clients to Share and Edit: Turn folders into shared online workspaces, invite people to view, edit and upload files and more.
  2. Do you have a client who you need toactively work on a long-term project with? Invite them into a folder to have a lasting working relationship. Learn more about inviting collaborators now.
  3. Post Comments and Assign Tasks: Whether you leave a quick comment or you want to assign a task, keep the whole team on track by exchanging feedback in one place. Instead of going back and forth in a long email chain, use comments to maintain the conversation history around your content in a single place.

 

Use Box Shared Links to send large files and replace email attachments.

  1. You can create a unique link to any file or folder in your Box account.
  2. Send your links to anyone with or without a box account for view and/or download access
  3. Shared Links always point to the most up-to-date version of your file. When you make changes to your file, you do not need to resend the link.

Problems Logging Into Box

by ‎12-16-2014 05:12 AM - edited ‎03-13-2015 11:03 AM (9,900 Views)

If you are having a problem logging into your Box account: 

  • Please make sure that you are using the correct email address associated with your Box account to login. 
  • Please make sure you are using your proper Box password. If you cannot remember your Box password, please go to https://app.box.com/reset  to reset your password.
  • Please make sure that you signed up for a Box account and not another service. 

 

If you use your company's SSO credentials to log into your Box account, see the Single Sign On (SSO) section of:  How do I log in to Box?

Where Can I Check To See If I Am Running The Latest Versions Of Java And Flash?

by ‎01-16-2015 05:06 AM - edited ‎03-12-2015 04:13 PM (97,198 Views)

How can I check if I’m running the latest version of Java?

Java is an integral application to any web experience and is necessary to use some of Box’s core features (like Upload Folders). Check if you have the most up-to-date Java version running on your browser here:

If you do not have the most current Java running on your browser, you will be prompted to update by downloading, installing, and running the most recent release.

 

How can I check if I'm running the latest version of Flash?

Check if you are running the latest version of Flash here:

Why Is My Page Not Displaying Properly?

by ‎12-16-2014 05:12 AM - edited ‎02-25-2015 01:49 AM (3,100 Views)

1. Please ensure that your web browser is either the latest version of Internet Explorer  (click here to download), Safari  (click here to download) or Firefox  (click here to download).

2. If you are able to see the ‘View: List’ or ‘View: Icon’ feature on the ‘All Files’ page please try toggling between these two views by clicking on them. If you are unable to see this feature please proceed to the next step.

3. Try clearing your browser’s cache (see instructions here). If this does not resolve your issue please proceed to the next step.

4. Try disabling or configuring your anti-virus, anti-spyware, firewall, or any other third-party software to recognize Box.com as a trusted site. If you are accessing Box from an office environment please contact your IT department for further assistance.

5. If you are still experiencing issues on your web browser after following the instructions in step four, we recommend trying to access your account from a different computer to isolate any potential computer issues. If you do not encounter the issue on another computer, then you will know that the first computer itself was causing the issue. If your issue persists, it is most likely that you are experiencing an issue with your internet connection.

Is my content on Box secure?

by on ‎01-27-2015 02:18 AM (1,698 Views)

Yes! Box’s corporate network and datacenters are continually tested in accordance with SSAE 16 Type II standards, and we carry regularly updated third-party SOC1 and SOC2 certifications of our compliance. We maintain our own SSAE 16 Type II certification and audits for our corporate operations and platform. 

Does Box have a disaster recovery plan?

by on ‎12-16-2014 05:12 AM (1,899 Views)

Our physical infrastructure is designed not only for disaster recovery, but true disaster avoidance, building in advanced measures for N+1 redundancy for all components, geographical diversity, physical security, and environmental controls. Access to systems are monitored around the clock by onsite monitoring and guards, and access to cages are restricted to only top-level clearance Box employees, managed by keys and biometric scanning. 

ISO 27001 Certification Overview and FAQs

by on ‎12-16-2014 05:12 AM (2,899 Views)

Box has achieved ISO (International Organization for Standardization) 27001 certification for our Information Security Management Systems (ISMS), covering the Box product and all supporting infrastructure. ISO 27001 is a globally recognized security standard that provides a guideline of the policies and controls that an organization has in place to secure their data. The standard sets out internationally agreed upon requirements and best practices for the systematic approach to the development, deployment and management of a risk/threat based information security management system.

 

What does this mean for Box and the Box platform?

  • This certification demonstrates that Box adheres to the most recognized international standard regarding management of security focused around Box’s product, supporting product infrastructure and overall IT environment (what keeps our company up and running).
  • More details are available on the Box blog.

 

Does this affect all Box accounts?

  • Our ISO 27001 certification’s scope encompasses the Box production environment, which includes Box Personal, Business, and Enterprise accounts.

 

Do I need to do anything regarding ISO?

  • No, our customers are using an ISO 27001 certified service
  • Customers looking to pursue ISO 27001 certification for their business will need to properly scope their ISMS. Box does not need to be scoped for this purpose.

 

What Box locations are covered in the ISO 27001 certification?

  • Box HQ in Los Altos CA, the San Francisco sales office, and the San Francisco, South Bay and Las Vegas datacenters are all covered.

 

Where can I view Box’s ISO 27001 certificate?