What is a best practice for sharing attachments or data with external recipients?

• A. Only share on need-to-know basis and consider encryption and external recipients only if necessary.
• B. Share attachments to everyone on the thread.
• C. Copy data to the body of the email for visibility.
• D. Remove subject line to avoid drawing attention.

Answer: (A)

Sharing attachments or data with external recipients should be limited to those who truly need access, and when sharing is necessary, protect the information with encryption or secure methods. This approach follows the principle of least privilege: expose the data only to the people who must see it and only to the extent needed. It helps prevent leaks if someone’s account is compromised, if an email is forwarded, or if the recipient’s environment isn’t secure. When external sharing is required, use secure options such as encrypting files, password-protecting documents, or sending through secure file‑sharing services with access controls and expiration, and verify the recipient’s identity. Using secure links and avoiding placing sensitive data in the email body adds further protection and control.

Sharing with everyone on the thread increases exposure beyond what’s necessary, and putting data directly into the email body can be easily copied or forwarded, making leaks more likely. Removing the subject line does nothing to reduce risk and can make tracking or auditing more difficult.