Data Safety

Share files securely

What to do

Always check the settings when you share a file. Always choose the most ‘restricted’ and least privileged option available for files that contain confidential and sensitive information.

If you send a file as an email attachment, double check that you’re sending it to the correct recipients.

How to do it

When using Google Drive you can choose from the following sharing settings:

  • Restricted – only the people you have added can access the file
  • Monash University – only people within Monash can access the file
  • Anyone with the link – anyone can access this file.

These permissions can be altered at any time in the life of the document.

To make sure you're giving the correct people permissions to access files and correspondence, always:

  • Choose the correct sharing settings for the purpose of the file.
  • Ensure that the email addresses that you enter are correct and you've Cc'd or Bcc'd correctly.
  • Be mindful that using sharing settings other than the 'Restricted' setting can put your file at risk of being shared without your knowledge.

Why it matters

Accidentally sending a message or file to someone could be embarrassing but it could become a big problem if that document includes confidential information. It could lead to a violation of someone’s privacy or even to a data breach.

Be aware of data exfiltration risk

What to do

Be aware that cyber criminals will try to steal data from Monash systems and devices.

How it happens

Data exfiltration happens in two ways, through outsider attacks and insider threats.

Outsider attacks

An outsider attack occurs when an individual infiltrates a network to steal corporate data and potentially user credentials. This typically is a result of a cyber criminal injecting malware onto a device, such as a computer or smartphone, that is connected to the Monash University network.

Insider threats

Insider threats can be malicious, for example a staff member stealing their own organisation’s data and sending documents to their personal email address or cloud storage services – potentially to sell to cyber criminals.

Insider threats can also be caused unintentionally by careless behaviour that sees corporate data fall into the hands of bad actors.

Why it matters

Failing to control information security can lead to data loss that could cause reputational and financial damage to Monash.