Article
Safely sharing files externally
The most common over-share mistake is choosing "anyone with the link" by default. The second is leaving an old share link active for years. Both are easy to fix once you know which knobs to turn in OneDrive, SharePoint, Box, Dropbox, and Egnyte.
Pick the Right Permission
Three options, very different outcomes
Specific people
The link works only for the email addresses you list, and the recipient must sign in to view. Best default for sensitive content. Works in OneDrive, SharePoint, Box, Dropbox, and Egnyte.
People in your company
Anyone signed into your firm's account can open the link. Good for internal sharing where you do not need to specify each person. Not good for sharing with clients or vendors.
Anyone with the link
The link works for everyone, anywhere, without sign-in. If the link gets forwarded, the new recipient can open it. Use this only when the content is genuinely public, and prefer to set an expiration date.
Set an Expiration
Old share links are quietly the biggest leak source
Set a real date when sharing externally
OneDrive, SharePoint, Box, and Dropbox all support expiration dates. Pick one that matches the actual project timeline — 30 or 60 days is reasonable for most external shares.
Audit your old shares once a year
In OneDrive, look at "Shared by you." In SharePoint, the site owner can run a sharing report. In Box, the admin can pull a report. Remove anything that does not need to stay live.
If a recipient leaves their company, revoke the link
Specific-people sharing is tied to email addresses. If you shared with someone at Vendor Co. and they left, the new owner of that email can read your file unless you remove the share.
Sensitive Content
Extra steps when content is confidential
Set view-only when the recipient does not need to edit
"View only" prevents download in some apps but not all. Treat it as friction, not a hard guarantee.
Use a password on the link if available
OneDrive and Box both support a password on the share link. Send the password through a different channel (a phone call, not email).
Consider a request file or upload-only link
If a vendor needs to send you a file, give them an upload-only link instead of a shared editable folder. OneDrive Request Files and Box Request work this way.
For client work, use the channel your client expects
Many clients have their own SharePoint, Box, or Egnyte they prefer. Sending into their system is often safer than sharing out from yours.
What Not To Do
Common mistakes
Do not email the file as an attachment to "make it simple"
Attachments cannot be revoked, get forwarded freely, and create version chaos. A share link can be revoked and updated.
Do not paste a "people in your company" link in an external email
The recipient sees a sign-in error and assumes the link is broken. Generate a new share targeted to their email.
Do not rely on "I sent it to a personal Gmail by mistake, can IT pull it back?"
Once a file is in someone else's mailbox or downloaded, IT cannot get it back. Slow down before sending.