Body
When do you need to share a file, how do you share it? The first thought that may come to mind is by attaching the file to an email. Though this is often the quickest and most convenient method, simply attaching files to an email may not be a secure enough for files containing more sensitive information.
Any files containing confidential data, including personally identifiable information (PII) or protected health information (PHI), should not be sent over email. This includes education records protected by FERPA (Family Educational Rights and Privacy Act) or health records protected by HIPAA (Health Insurance Portability and Accountability). For more information, please refer to Data Privacy Laws.
Please note that directory information (i.e. information that is publicly available), including a student’s name, Dartmouth email address, and telephone number, can still be sent via email.
So, if you need to send a file that contains sensitive information, what should you do? This article goes into a few different methods for securely transferring files:
Cloud Storage Providers
Secure File Transfer Protocol (SFTP)
File-Level Encryption
Encryption Features on Email Client
The most common and simplest method for sharing files securely is by uploading them to a reputable cloud storage provider like Google Drive and SharePoint. These cloud storage services typically have built-in security controls to help protect files. For example, Google Drive’s security controls include encryption and options for restricting viewing privileges for a file so only certain people can see it.
In most cases, cloud storage providers are the most preferred method for file sharing at Dartmouth, due to its ease of access and collaboration features.
Secure File Transfer Protocol (SFTP) is a standard protocol that creates an encrypted connection between a server and a client over a computer network, preventing files from being intercepted. SFTP can handle larger file sizes and has faster transfer speeds than cloud storage providers. It is also useful for accessing and updating a website’s files and folders. Options for SFTP at Dartmouth include SSH Secure Shell for Windows and Fetch for Macs.
File-level encryption is a method of encrypting individual files or folders. When employing file-level encryption, it is important to select the right encryption method for your needs that includes a strong encryption algorithm and a secure encryption key.
Many file applications, including Microsoft Office and Adobe Reader, have built-in features to encrypt individual files. You can also encrypt a compressed zip folder containing multiple files. To do this, you can use the Encrypting File System (EFS) built into Microsoft Windows or the Disk Utility feature built into Mac devices. There are also a number of third-party programs for file-level encryption available for both Windows and Mac operating systems.
Encrypted files should always be protected with a strong password (the Dartmouth password rule is: a minimum of 8 characters, which may consist of upper or lower case letters, numbers, or special characters, in any order). However, a risk with file-level encryption is that, if you lose the password, the data in the file is most likely not recoverable. Ensure that you always securely share the encryption password with at least one other member of your department and consider storing encryption passwords in a password manager like Bitlocker.
You can also protect the contents of an email, including any attachments, by enabling the encryption features on your email client. These features can be enabled in Outlook while you are composing an email. Just look for the “Encrypt” feature (this should be found under the “Drafts” tab on the Mac and the “Email Security” tab of Windows). There are a few different encryption options included in Dartmouth’s version of Outlook:
Encrypt-Only: Recipients can read the message, forward, print or copy content from the message, but cannot remove protection.
Do Not Forward: Recipients can read this message, but cannot forward, print or copy content.
Dartmouth College – Confidential: This content is proprietary information intended for internal users only. This content can be modified but cannot be copied and printed.
Dartmouth College – Confidential View Only: This content is proprietary information intended for internal users only. This content cannot be modified.
Encrypt: This message is encrypted. Recipients can’t remove encryption.
Unfortunately, even with encryption, email remains one of the least secure methods for transferring information. You should only rely on email encryption features for files with limited personal information.