Skip to main content

Using Cornell Secure File Transfer Safely and Securely

This article applies to: Cornell Secure File Transfer


Using Cornell Secure File Transfer, you can securely send and receive files that contain confidential and restricted information. It is especially important that those who handle such files understand data security best practices.

General Security Considerations

The following are recommended to improve security when transferring files with confidential or restricted data.

  • When downloading, use Save instead of Open when prompted. This will lessen the chance that a copy of the file is stored in your internet cache.
  • Stay organized. Avoid saving files to many different locations—this will help prevent losing track of copies of files.
  • When you no longer need a file, delete it.
  • A file in your recycling bin is no more secure than a file in a regular folder.
  • Secure deleting ("shredding" files) is preferable to deleting.
  • If you have a security question—always ask technical staff.
  • If your department provides secure locations for you to save files, take advantage of them (PGP Drives, Private Shares over VPN, etc).
  • Protect your backups! Encrypt backups when possible.

Always talk to your local technical staff if you have any questions or concerns on how you can store and transfer files more securely.

Avoid Revealing Confidential Information in Email 

Do not expose confidential data when naming a file, in a note to the recipient, or in text appended to the notification subject line. Any of these may be included by Secure File Transfer in an email notification and could be exposed to a third party.

When using Cornell Secure File Transfer, if you choose to notify recipients of sent files using an email notification, be aware that the file's name and any notes you enter on the Send Files form will be included in the body of the email notification. Because the email is sent as plain text, it may be possible for a third party to illegally intercept and use this information.

For example, you send a file named JohnSmith-Office101.txt and include a note to your recipient, Info for John Smith EmplID: 123456789. Had you chosen to send this with Notify Recipients by Email checked, the information contained in the actual filename (i.e., contact person's name and office location) and the note (the contact's name and personal employee ID number) would be at risk.

Your filenames, notes, and subject lines should never include, or even suggest, secure information.

Reviewing Your Recent Activity on Secure File Transfer

In the footer of the Secure File Transfer main page, click Recent Activity to display a list of recent actions performed using your account.

In addition to letting you review your recent activity, this log also provides a measure of security, allowing you to make sure no unauthorized use has been made with your account.

About this Article

Last updated: 

Friday, August 23, 2019 - 7:34am

Was this page helpful?

Your feedback helps improve the site.

Comments?