Secure Sharing Practices
Share files safely without creating security gaps.
What You'll Learn
- Select the appropriate sharing method for different data types by evaluating sensitivity level, recipient, and available approved tools
- Configure file-sharing links with proper permission settings including view-only access, expiration dates, and password protection
- Identify when email attachments require encryption and apply basic encryption practices for sensitive documents
- Recognize shadow IT risks when colleagues use unauthorized sharing tools and redirect to approved alternatives without disrupting workflows
- Verify recipient identity and authorization before sharing confidential or restricted data with external parties including vendors, partners, and legal counsel
Training Steps
-
A Busy Week at Catalyst Ventures
Welcome to Catalyst Ventures! You are Alice, a project coordinator who manages deliverables for external partners, clients, and auditors. Today is particularly hectic — the Q3 audit window closes at 5 PM and the external auditor still hasn't received the financial report.
-
The Urgent Request
Alice receives an urgent message from her manager Marcus Chen on Telegram.
-
Accessing SecureShare
Under pressure to meet the 5 PM deadline, Alice opens the Catalyst SecureShare portal to send the report as quickly as possible.
-
Selecting the File
The SecureShare portal displays Alice's files. She needs to select the Q3 Financial Report to share with the auditor.
-
Setting the Recipient
Alice needs to enter the auditor's email address from Marcus's message.
-
Quick Share Settings
The sharing configuration page appears. Alice is in a rush — she picks the most permissive options without thinking: 'Full Control' access, 'Anyone with the link' visibility, 'Never' for expiration, and hits Share Now.
-
Confirmation
Steve confirms he got the report. Deadline met, crisis averted. Or so Alice thinks.
-
Something Is Wrong
Three weeks later, Alice arrives at work to find an urgent email from the IT Security team. Her stomach drops as she reads the subject line.
-
The Audit Log
Alice clicks the link to the audit log, dreading what she'll find.
-
What Went Wrong
Three critical failures turned a routine file share into a catastrophic data exposure: 1. Full Control access. The auditor only needed to view the report, but Alice gave Full Control — allowing anyone with the link to download, edit, or redistribute the file. 2. No access controls. 'Anyone with the link' means anyone who obtains the URL can access the file — no authentication required. The link was forwarded, shared, and eventually posted publicly. 3. No expiration or password. A link that never expires and requires no password is a permanent, unprotected gateway to sensitive data. Once it's out, there's no way to contain it.