The easiest most convenient way to share and protect files is a Jamie said using the Shared Files feature.
However, it is possible to protect static files by role via configuration. For example if you have a folder where you put pdf files and you only want users in admins role to be able to access files in that flder by url you would create a web.config file in the folder something like this:
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="" roles="Admins" />
now all files in the folder are limited to Admins
There is no easy way to change urls for files that may already be in content other than editing the content and fixing the url.
one other possibility is create a virtual folder in IIS named "files" and point it to the assets folder. That way either url would work so it would not break urls in existing content but going forward you could start using the new url with "files" instead of "assets"