12min

File Sharing Best Practices

We need to share files all the time, it’s part of our daily life. However, how we share those files is just as important as what we share and with who. This is a guide to help you make the best decision when sharing company data.

General Best Practices

The Principal Of Least Privilege

One fundamental concepts in data security is the principal of least privilege. This means that people should only have permissions to resources based on the the type of work required or their “Need to know”.

This applies to actions such as:

  • View
  • Edit
  • Delete / Modify

This may also apply to sharing data:

  • Share with specific people
  • Share with the company
  • Share with the world (anyone with link)

Please take the above considerations before sharing data.

When sharing data, we want to make sure that the people receiving the data are who they are. This means sharing files with specific people as opposed to making a file accessible by anyone in the world.

Never Share Restricted Data Over Plain Email or Chat

Information such as:

  • SSNs
  • DOBs
  • Salary / Compensation Information
  • Password
  • API Keys

Should never be shared over email, or via Slack/chat (even private channels).

Please remove this data from email and spreadsheets before sharing.

Information sent over email will forever leave your control and can be forwarded around.

It’s better to provide online access to this information such as via a portal, google docs, or other online means that can be revoked.

If you need to share this information via email, please use an encrypted form of communication like Virtru. You can contact the IT team for access.

 

 

 

 

Updated 19 Aug 2021
Did this page help?
Yes
No