Secure Sharing Practices
Share files safely without creating security gaps.
What Is Secure Sharing Practices?
Sharing files and data is something you do dozens of times per day, and each instance is a decision point where sensitive information either stays protected or gets exposed. This exercise walks you through common sharing scenarios that carry more risk than most employees realize. You need to send a contract containing financial terms to an external law firm, share a spreadsheet of customer data with a colleague in another office, collaborate on a document with a vendor who uses a different platform, and transfer large files that exceed your email attachment limit. For each scenario, you choose between available sharing methods and the simulation reveals the security implications of each choice. You learn why emailing an unencrypted attachment is different from using a password-protected link with an expiration date. The exercise covers approved file-sharing tools, link permission settings, encryption basics for email attachments, and the risks of shadow IT, where employees use unauthorized apps like personal Dropbox or WeTransfer because the approved tools feel inconvenient. You walk away with a practical checklist for sharing decisions that balances security with getting work done.
What You'll Learn in Secure Sharing Practices
- Select the appropriate sharing method for different data types by evaluating sensitivity level, recipient, and available approved tools
- Configure file-sharing links with proper permission settings including view-only access, expiration dates, and password protection
- Identify when email attachments require encryption and apply basic encryption practices for sensitive documents
- Recognize shadow IT risks when colleagues use unauthorized sharing tools and redirect to approved alternatives without disrupting workflows
- Verify recipient identity and authorization before sharing confidential or restricted data with external parties including vendors, partners, and legal counsel
Secure Sharing Practices — Training Steps
-
A Busy Week at Catalyst Ventures
Today is particularly hectic — the Q3 audit window closes at 5 PM and the external auditor still hasn't received the financial report.
-
The Urgent Request
Alice receives an urgent message from her manager Marcus Chen on Telegram.
-
Accessing SecureShare
Under pressure to meet the 5 PM deadline, Alice opens the Catalyst SecureShare portal to send the report as quickly as possible.
-
Selecting the File
The SecureShare portal displays Alice's files. She needs to select the Q3 Financial Report to share with the auditor.
-
Setting the Recipient
Alice needs to enter the auditor's email address from Marcus's message.
-
Quick Share Settings
The sharing configuration page appears. Alice is in a rush — she picks the most permissive options without thinking: 'Full Control' access, 'Anyone with the link' visibility, 'Never' for expiration, and hits Share Now.
-
Confirmation
Steve confirms he got the report. Deadline met, crisis averted. Or so Alice thinks.
-
Something Is Wrong
Three weeks later, Alice arrives at work to find an urgent email from the IT Security team. Her stomach drops as she reads the subject line.
-
The Audit Log
Alice clicks the link to the audit log, dreading what she'll find.
-
What Went Wrong
Three critical failures turned a routine file share into a catastrophic data exposure: 1. Full Control access. The auditor only needed to view the report, but Alice gave Full Control — allowing anyone with the link to download, edit, or redistribute the file. 2. No access controls. 'Anyone with the link' means anyone who obtains the URL can access the file — no authentication required. The link was forwarded, shared, and eventually posted publicly. 3. No expiration or password. A link that never expires and requires no password is a permanent, unprotected gateway to sensitive data. Once it's out, there's no way to contain it.