Email security and attachments
Email security and attachments
According to Regent’s information security policy, we should not send sensitive information such as passwords, customer data and similar content via email. It is especially important not to attach files containing such information.
This is due to the following reasons:
- Emails are not encrypted.
- Emails are a “broadcast” communication medium. The recipient can easily forward your email.
- Emails can be easily intercepted and read by third-party attackers.
So, what should we do instead?
With our customers, we need to follow their processes and guidelines. Check with your customer on how to proceed if this has not been communicated to you yet.
Within Regent, we use OneDrive as our standard. Work from a project folder and refer to that instead of emailing documents. If you have to share documents externally, you can copy the relevant documents to your personal storage area in OneDrive and then share the document/folder from there. The default setting when sharing a document is that only the recipient you choose can open the link, and they will have read-only access. Such a sharing link is only active for a limited period, unlike an email that remains in the recipient’s mailbox indefinitely. You have more visual details in images below.
Feel free to reach out to your manager or CISO if you have any questions about this.
First time you share I file you will get this dialog for category of user to share the file or folder with and there you can also set an expiration date of the link you share.
You can also access this setting page via the cogwheel from the sharing page below.