Whether you need to share financials as part of a merger or acquisition or need to share proprietary information with a potential investor, confidentiality is never far from your mind. Assuming the other party has signed all of the necessary disclosures and has proven to be trustworthy, your next decision involves how to share these top secret files. Yes, there's a right way and a wrong way to share documents -- especially sensitive ones. Before you click that "send" button, read through this list of do's and don'ts of secure file sharing.
- DO send only what's absolutely and minimally necessary. Consider the other party as being on a "need to know basis." For example, if you've determined that the other party needs to know your profits and losses for the past 12 months, don't send 10 years worth of profit and loss statements. Likewise, if the other party wants assurance that you've applied for a patent, is it necessary to provide the entire patent application containing detailed drawings and descriptions?
- DO use encryption if sending documents in electronic form.
-DO include watermarks. While a text-based watermark merely acts as a warning, it is a powerful deterrent. For example, if the other party's name and email address were to be watermarked into every page of your document, do you think the other party would be likely to anonymously leak the document? No because his or her name and email would reveal the breach!
-DO set permissions and restrictions on the document. Some software applications allow you to set permissions on how the document can be handled. Can you prevent downloading and printing? What happens to the document if the user walks away from their computer with it open on the screen? Does your program employ a privacy blind after a limited amount of time of inactivity?
-DON'T use basic file sharing sites. Basic file sharing sites are fantastic for sharing basic files such as memos, product price lists, or public meeting minutes. They're not so great for sharing highly sensitive corporate information. (DO use a virtual data room which is designed specifically for this situation.)
-DON'T send sensitive files via email. While it's hard to imagine a hacker targeting your business, hackers, computer spyware, and other threats making sending files by email risky. Even if your network is highly secure, you can't control all the other points through which that email will travel. In addition, what happens if the other party opens the file on a smartphone and then loses the smartphone? Your sensitive file could be viewed by a co-worker, a good samaritan, or worse, a criminal with bad intentions.
Finally, DO take confidentiality seriously. The other party may have the best intentions but may not be as careful as you'd like. By securing your files on your end, you can prevent many forms of disclosure from happening.