the best way for this is to setup the contractors in a security group, then give that group access to only the shares they need. You also need to tighten down the security of the rest of the network so that you are NOT using the everyone group or the domain users group to give access to everyone. If you have a network share that is for quotes and usually everyone has access to it then you create a QUOTES group, (or something similar), and give access to the share to the QUOTES group instead of the Domain Users or Everyone group. You have a lot of work ahead of you to clean up what was originally created but in the end it will work out right.
A full network security audit is going to be your first job in this project. Before you can start cleaning up the rights you’ll need to find out what everyone needs access to, re-grant those rights without using the everyone account (or domain users) then grant the consultants the rights that they need.