Sharing documents is something almost all of us need to do from time to time. Whether it's for research papers, a thesis or a presentation, email is often the first way of sharing that comes to mind. Perhaps this is due to its sheer convenience. However, think of email as being like a postcard - your documents can be:
- Read if someone gets access to your email account or your recipient's email account (for example, through phishing)
- Sent accidentally to the wrong people
- Forwarded to anyone without your knowledge or
- Intercepted and read en route.
When you're sending documents containing personal data, or information that you wouldn't want to share with anyone other than your intended recipient, you should turn to some of the easy-to-use facilities available within the University.
What alternatives?
File sharing tools such as Nexus365 OneDrive for Business, Teams and SharePoint allow you to control who can access your documents, and you can change this at any time. You can allow selected recipients the ability to edit your documents as well, which is handy for collaborative work. Online file sharing also helps to keep your files and comments in one organised area so you can easily see what you've shared, to whom, and when. As with any other service, you must check that the system you're planning to use is suitable for the type of information you are sharing. We provide further advice to help you do this on the Information Security website.
So what about email?
Sometimes, email is just the best tool for the job. If you are using Outlook 2016 and attach a document from Nexus365 OneDrive for Business then you'll normally be asked if you want to send a link (which automatically shares the document with your intended recipient) or send a copy. Sending a link avoids most of the risks above.
Another option is to secure the document with a password before you email it – this is called encryption and the recipient needs to have the password before they can read the document. If you send the password by a means other than email (e.g. telephone or text message) then you can avoid all of the risks above. This should be your default approach for anything confidential. The most recent versions of Microsoft Word, Excel, Adobe Acrobat and Nuance Power PDF have built-in features to encrypt documents with a password, and these are secure enough for University data.
You can find more advice about sharing documents by email on the Information Security website. For a full demonstration of how to encrypt files using common software, watch our YouTube training videos.
For further information contact: infosec@it.ox.ac.uk.
