The Cornell default link is 'people in this folder', i.e. people who already have access. You have to make an explicit decision to make the links more open. 

A standard Box shared link looks like this: https://cornell.box.com/s/ub4eqjy4rvi4y813ty1m 

A custom Box shared link looks like this: https://cornell.box.com/v/betareaders. You have to set this 'friendly' link explicitly when you create the link. 

Neither custom links nor open links should be used for data that you do not want disclosed, because it's relatively easy for outsiders to scan for and download your data. Some instances of Box customers who had shared sensitive data this way prompted Box to do this cleanup. 

There are many legitimate uses for sharing public information with open links at a University. If you have such a case, you can check the link with the Share menu in Box, and set/reset it to open, if appropriate for your data.  

We encourage you to remove any links that you're no longer using, and to review any sensitive data that you've stored in Box to make sure the links are to 'people in this folder' only. If any of your files have been shared openly and they contain PII (Personally Identifiable Information, such as Social Security Numbers, passports, or drivers licenses) or other sensitive data, you have an obligation to correct the oversharing and report the (potential) information leakage to the IT Security Office. 

For more information see Box's documentation about using shared links.