CourtHeath ConsultingCourtHeath Consulting CourtHeath ConsultingCourtHeath Consulting
  • Home
  • Services
  • Blog
  • About us
    • Our people
    • Our story
    • Panels & Clients
  • UN Global Compact
    • UNGC Statement
  • Resources
    • Our policies
    • Reconciliation Action Plan
    • Documents
    • FAQ
  • Contact us +
    • Where to find us:

      CourtHeath Consulting
      Level 30, 35 Collins Street.
      Melbourne 3000

      Contact No: 04 21 167 746 0421167746

      Email: info@courtheath.com.au

      Tram: Elizabeth Street – Stop 8.

      Contact form:







        Your Name (required)

        Your Email (required)

        Subject

        Your Message

    14 Jan

    The Do’s and Don’ts of ‘cybersecure’ file-sharing with contractors and consultants

    Courtheath's blog
    By CourtHeath Consulting
    ​

    Cybersecurity is not always top of mind when sending and receiving documents to and from your third party suppliers. This blog talks about the pros and cons of some common ways of sharing files. 

    It goes without saying that you will need to share files with third party suppliers, be they contractors or consultants – and that they will need to share files with you. However, standards for file-sharing widely vary between businesses and government and can, as a consequence, lead to some insecure file-sharing practices. Following are some do’s and don’ts of some basic file-sharing types for the routine sharing of non-security classified documentation.

    Email

    Email is widely used, and is a generally well accepted way to transfer documents between agencies and third party suppliers, providing both parties have incoming and outgoing virus checking. Email, however, has several drawbacks the least not being that it is often a cause of version control issues as multiple recipients will share copies and may each work on documents individually. Email also has size limitations, which may potentially differ at each end of the transaction (for example, the sender may be able to send a bigger file than the recipient can receive), so particularly large files including those that are media rich, cannot be sent. Another consideration in some contexts is that an email can very easily be sent mistakenly to the wrong person, resulting in probity breaches. CourtHeath’s podcast on this issue has more information about this.

    Commercial ‘cloud’ services

    The use of reputable commercial cloud services by your third party suppliers, which these days come with security by design, should be regarded as a blessing as they allow small businesses to outsource cybersecurity to the experts. This is not to say, of course, that problems can’t happen but leaving security in the hands of professionals, is a much better option than relying on a small business with little or no cybersecurity expertise.

    Many of these services allow for sharing of specific files or folders, and for clients and suppliers to work on documents simultaneously, thus resolving concerns with version control. The drawback, unfortunately, is that some government/agency ICT policies do not permit the use of some specific services on their networks. If you find yourself in a situation where you can’t access a document you need for your work, the best approach is to contact your ICT team and ask how you can work together to overcome this problem. If a view is maintained that access is not to be permitted on network, then you could suggest a standalone machine with independent internet access (eg wifi) could be used. You should not, however, try to access government files using these commercial ‘cloud’ services via your personal devices and internet.

    Disks, drives and USBs

    Removable, external disks of any type are generally multi-use. This means they have most likely lived a varied and interesting life, containing a range of differing files and have been popped in and out of all manner of devices.  There is no telling, without a pre-use virus check if the disk is carrying something that could cause cybersecurity issues, however, it is common place for these disks to be transferred between organisations and individuals without a second thought. These external disks may present additional security issues because they may include confidential files irrelevant to the recipient (and the suitably-trained may also be able to recover deleted files), and can easily be lost, or even left plugged in ‘public’ computing devices which has been known to cause very embarrassing public probity breaches. They are also, obviously, impractical when you are not in a similar location to your third party supplier and, as with email, transferring files on disk can also make version control a challenge.

    Conclusion

    While all three methods of file transfer have their pros and cons, the sharing of files with third party suppliers by way of reputable cloud services is, by far, the safest approach. However, if your ICT policy does not allow this, external disks may be a viable alternative provided they can be encrypted or password-protected and that they are new (or completely wiped) and virus-checked at both ends. Email continues to be effective, but the version-control and security issues it brings should not be over-looked.

    * * *

    IMAGE: Used under licence from shutterstock.com

    Written by 

    ​Dr ​
    ​Julia Cornwell McKean.

    [category courtheath's blog]

    [

    ​cybersecurity, contractors, government

    ]

    CourtHeath Consulting

    CourtHeath Consulting provides expert procurement and probity advice to government and not for profit organisations. We provide specialist consulting services about procurement issues and organisational procurement operations – as well as management of simple and complex tender processes. Our probity audit and advisory services help clients meet government probity standards especially regarding conflict of interest, confidentiality, ethical conduct and corruption risks.

    Recent Posts

    • Cultural Diversity and Dialogue
    • The UNGCNA 2024 Impact Report
    • Earth Day 2025: Our Power, Our Planet
    • Spotlight on Public Sector Integrity
    • Supplier Code of Conduct: Probity Risks

    Archives

    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • March 2024
    • February 2024
    • December 2023
    • November 2023
    • October 2023
    • August 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • August 2022
    • July 2022
    • May 2022
    • March 2022
    • February 2022
    • December 2021
    • November 2021
    • September 2021
    • August 2021
    • June 2021
    • April 2021
    • March 2021
    • February 2021
    • December 2020
    • November 2020
    • September 2020
    • August 2020
    • July 2020
    • April 2020
    • March 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • June 2019
    • May 2019
    • March 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • October 2017
    • September 2017
    • August 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • December 2016
    • November 2016
    • October 2016
    • September 2016
    • August 2016
    • July 2016
    • June 2016
    • May 2016
    • April 2016
    • March 2016
    • February 2016
    • January 2016
    • December 2015
    • Home
    • Services
    • About us
      • Our People
      • Our story
      • Panels & Clients
    CourtHeath logo
    • Blog
    • UN Global Compact
    • Resources
      • Our policies
      • Documents
      • FAQ
    Linkedin     X Social
    • CONTACT US

    CourtHeath Consulting

    Level 30, 35 Collins Street.

    Melbourne 3000

    Contact No: 0421 167 746

    Email: info@courtheath.com.au

    Tram: Spring Street - Stop no 8


    Copyright 2021 © CourtHeath Consulting · Australia. All Rights Reserved.