No matter whether you're collaborating on a Google Doc, reviewing a shared PDF, or emailing a link to a Microsoft Word file, these programs are very common. However, while these tools facilitate collaboration, they can also open the door to security risks if not used with care. 

Why document sharing poses risks 

Cybercriminals are aware that document sharing is a common practice, and they exploit this vulnerability. Malicious links, phishing attempts, and even embedded malware can hide in seemingly innocent shared files. Through shared documents, criminals can steal your data, infect your system, or trick you into handing over sensitive information. 

Treat every shared document with caution, and don't open document links from someone you don't know or weren't expecting to hear from. When in doubt, delete the email!

Shared doc security tips  

1. Never open a shared document from someone you don't know 

   This is the most basic rule, but also the most important. If an email, text, or direct message includes a shared doc link from an unknown sender, or even from someone you know, but with unusual phrasing or urgency, treat it with skepticism. When in doubt, verify directly with the person who supposedly sent it. Don't just reply to the email, text, or DM. Contact them independently, such as by calling the number you have saved in your contacts or emailing them directly.

2. Watch out for urgent or strange messages 

   Scammers love to create panic. Common tactics you might see include: 

   • “This invoice is overdue – please review immediately.” 

   • “You’ve been mentioned in this document. Click to view.” 

   • “This document is confidential. Do not share.” 

   If something feels off, it probably is. Trust your gut. Delete the email or text.  

3. Never enter passwords, SSNs, or banking info into shared documents 

   Legitimate companies and collaborators will never ask you to provide sensitive information through a shared Google Doc or Word file. If a shared document requests login credentials, personal data, or financial information, close it immediately. This is almost certainly a phishing attempt. Never put a password in a shared document or Google Form.  

4. Use official sharing platforms with built-in protections

   Whenever possible, use tools that offer visibility into who’s accessing a document and the ability to restrict permissions. For example:

   • Google Docs: Use “View only” when appropriate and limit access to specific email addresses.

   • Microsoft OneDrive: Use password protection and expiration dates for shared links. 

   • Dropbox: Set file access permissions and track downloads.

   • PDFs: You can set passwords for PDFs as well as restrict editing, printing, and copying.

   All of these programs have additional security features worth exploring. Click the Help menu in these programs to learn more. These features help prevent unauthorized access and limit the risk of accidental leaks. 

5. Scan files before downloading 

   If you receive a file instead of a link, always scan it with antivirus software before opening. Many email providers and cloud platforms today do this automatically for any potential download. Still, it's always a good idea to double-check, especially with ZIP files or Office documents that contain macros. For example, with Microsoft Defender (which is included with many Microsoft products), you can right-click a file and select "Scan with Microsoft Defender." 

6. Disable macros unless necessary 

   Macros are small programs embedded in Office documents that can automate tasks, but they’re also a common vehicle for malware. Unless you're sure a macro is safe and necessary, don't enable it. Generally, macros are only needed by Word superusers, so you probably should always have them disabled.  

7. Set expiration dates for shared links 

   If you’re the one sharing a document, set a time limit on how long the link is active. This limits the window of opportunity for misuse and helps keep your content secure over time. Almost all document sharing programs have this feature.  

8. Review document sharing permissions regularly 

   With long-term collaborative projects, it's easy to forget who has access to what. Periodically audit your shared documents to: 

   • Remove people who no longer need access 

   • Downgrade edit access to “view only” when appropriate 

   • Delete unused links 

   Not only is this good from a security perspective, but it also prevents people who shouldn't be able to make changes from editing.  

9. Use multifactor authentication (MFA) on your document platforms 

   Enabling MFA on platforms like Google or Microsoft adds a critical layer of protection. Even if someone steals your password, they won’t be able to access your account without the second verification step. Enable MFA for all your accounts.  

10. Educate your collaborators 

    Even if you're cautious, your document is only as safe as the people who access it. Give your collaborators a heads up that you will share a document with them, so they know to expect it. Share these best practices with teammates, family members, or clients to build a culture of security. Shared documents mean we all share a responsibility for safeguarding each other's data. 

What to do if you think a shared doc is suspicious 

If you’ve received a document that seems weird: 

• Don't click on the shared doc link or any other links.  

• Don’t use “Preview” options unless you trust the sender and expect the file, because even previewing shady documents can be dangerous.  

• Don't download the file.  

• Contact the sender directly through another channel (like phone or in person) to verify. 

• Report the incident to your workplace's IT team.  

• Report the email or message to your email platform, such as by clicking the “Report phishing” button in Gmail.  

• If you've accidentally opened a suspicious shared doc, don't input anything, and definitely don't type in any passwords or sensitive data.  

• Run an antivirus scan if you accidentally opened something questionable. 

Share docs, but care lots! 

Shared documents are a powerful and convenient way to work with others. As we've outlined, they also come with risks. With a few simple precautions, you can drastically reduce your chances of falling victim to document-based scams or malware.  

For more online safety tips, sign up for our free email newsletter!