Most people share files without thinking twice. A quick link here, an email attachment there, it feels harmless until something goes wrong. A document ends up in the wrong hands, a former colleague still has access to a shared folder, or a private file turns up in a search result.

These situations aren’t rare or unusual. They happen because small habits, repeated over time, create real security gaps. Find out why each of these four mistakes is more risky than it looks, and what you can do about them below.

Sending Confidential Files as Email Attachments

Email is still the default for many people when it comes to sharing documents. It’s familiar, it’s quick, and it feels like a direct line between you and the recipient. The problem is that attachments don’t stay put.

A forwarded email takes your file with it. Copies land in sent folders, inboxes, backups and archiving systems you have no visibility over. If you’ve sent a contract, financial statement, or anything with personal data over email, you’ve already lost control of where it ends up.

For anything sensitive, a file-sharing link with controlled permissions is a much safer approach.

Using Public Links for Private Documents

When you share a document via link and set it to “anyone with the link can view”, that’s functionally the same as publishing it. Links get pasted into Slack channels, forwarded in emails, or captured in browser history without a second thought.

That’s why it’s important to use platforms that use end-to-end encryption and give you proper access controls. Some of them even offer free cloud storage with capabilities to set a password on a shared link, limit how long it stays active, or restrict access to specific people. That’s a very different level of control compared to a public link you can no longer track.

If you’re sharing files through a platform that doesn’t offer these options, it’s worth considering whether it’s the right tool for sensitive content.

Forgetting to Revoke Access

Sharing a file is easy. Remembering to remove access afterwards is the part most people skip. Freelancers, contractors, and former employees often retain access to shared drives long after they’ve stopped working with you, simply because nobody went back to update the permissions.

This is less dramatic than a data breach but just as problematic in practice. Someone with ongoing access to a live document can view updates, download copies, or, in the worst case, make changes you don’t notice for weeks.

Build a habit of auditing access when a project ends or someone leaves. Most platforms make it straightforward; it’s just the habit that’s missing.

Sharing Files Across Personal and Work Accounts

Sending a work file to your personal email “just to finish it at home” is one of those habits that seems harmless but creates compliance and security problems. Personal accounts often have weaker passwords, no two-factor authentication, and aren’t covered by your organisation’s security policies.

The same applies in reverse. When personal files end up on work systems, the line between private and professional data gets blurry, which complicates things if devices are ever audited or a device is lost.

Keep the two separate. If remote access is genuinely needed, a properly secured cloud environment is a better solution than bouncing files between accounts.

To Summarise

File-sharing mistakes rarely feel significant in the moment, which is exactly why they’re so common. But access that isn’t revoked, attachments that get forwarded, and public links that spread further than intended are all real risks that add up over time. Tightening up a few habits, and choosing the right tools to support them, goes a long way.