Safe File Sharing

Safely sharing files and documents is a crucial part of life in the modern world. CBS has many tools which allow us to share and collaborate, both internally and with global partners, but it is incumbent on everyone to make sure the tools are used safely. Here are the ABCs of file sharing:

  1. Always know with whom you are sharing files
  2. Be aware of what’s in the files you share
  3. Constantly be mindful of what you’ve shared

Always know with whom you are sharing files

Whether sharing on PQRS, OneDrive, DropBox, Lionmail, or any other tool, please make sure you understand the option your choosing. Whenever possible, share only with specific people or established groups (such as shares on the R: drive). Options for “anyone with a link can view” sound convenient, but that means anyone on the internet can see it including major search engines. Options vary by platform, so please contact us to learn more!

ITG strongly recommends against using anyof these tools to share a file publically; files to be shared publically can be posted on a CBS website. Always share with the smallest group possible and with known entities only.

Be aware of what’s in the files you share

When sharing files, there are two fundamental questions to ask yourself beyond with whom you’re sharing the files.

  • Does the information in this file fall under Columbia University’s Data Classification Policy?
  • How would this information look in the Columbia Spectator or the Wall Street Journal?

These can be good rules of thumb when deciding how broadly or narrowly to share data. Columbia University Copyright policies and applicable laws also apply when sharing files.

Constantly be mindful of what you’ve shared

Once a collaboration project is completed, consider removing it from the shared location. Within CBS and CU, access to authenticated resources like network shares automatically terminates when a person leaves the School. However, when sharing externally, links can be forwarded or just left laying around. Also as the saying goes, “the internet is written in ink”. Anything shared without a need to login for access is generally archived within 72 hours, and is very hard to remove from the internet subsequently.

While some systemic protections are in place for file sharing and there will be more to come as we automate security in the cloud, you are the first and last lines of defense when it comes to safe file sharing! We encourage you to use all the tools available to their fullest extent as they empower unprecedented utility in our day to day lives, but we ask you to be mindful of the ABCs. If you have any questions, or are concerned about anything you may have shared previously, please contact your support team.

Sharing via PQRS

PQRS is a safe and secure way for faculty and staff to share files within CBS. Full documentation is available here. You can access these drives from anywhere in the world via Columbia University's VPN. For information on who has access to a given folder in the Q or R drives, or to request a new share, please contact your suport team.

Sharing via OneDrive, Dropbox, Lionmail

Whenever sharing a file or folder, please make sure to double-check all settings. In particlular, avoid options such as "Anyone with a link can edit" or "Anyone with a link can view". These seem secure as the URL is usually impossible for a person to guess. However, these links can then be forwarded on to third parties, and serch engines such as Google can index and archive the contents.

If you would like a file to be shared as broadly as possible, consider putting it on  a CBS website. You can contact your support team for more information on this option.

Sharing via Email

While e-mail was invented in 1972, it is still by far the most common way files get shared. When a file is attached to an email you send it is the same as putting it in the mail; it is no longer under your control. Please ensure you trust the recipients with whom you share any potentially sensitive files. If you are unsure, consider sharing using a tool such as OneDrive where you can both revoke access if needed and prevent downloading. On the flip side, please be cautious of any files sent to you via email. This is still one of the most common ways for a computer to be infected with a virus.