Macquarie Government logo
Macquarie Government logo

Blog Government Why file sharing is still one of government’s biggest security risks (and how to fix it)

Why file sharing is still one of government’s biggest security risks (and how to fix it)

May 1 2026, by David Flanagan | Category: Government

In today’s digital environment, sharing files between organisations is part of everyday work. Documents are sent quickly, often without giving a second thought to what happens next.

Within government, the information being shared is often sensitive, regulated and subject to strict compliance requirements, often at PROTECTED classification. Yet it’s also routinely shared through tools that were never designed for secure external collaboration – email, USB drives and general-purpose platforms. These tools remain embedded in everyday workflows, despite their limitations.

On the surface, this seems manageable. Teams are aware of the risks, and there are likely processes and policies in place. But in practice, these policies are difficult to enforce once information leaves your environment.

Where file sharing introduces risk.

Human error remains one of the most common causes of data breaches. Simple mistakes, such as sending information to the wrong recipient or sharing files unintentionally, continue to occur across organisations.

But even when a file reaches the intended recipient, the problem doesn’t end there.

Once information leaves your environment, visibility drops away. There is limited ability to track who has accessed it, whether it has been forwarded, or how it is being used. In most cases, there is no way to revoke access.

The problem with visibility and control.

Most file sharing tools were designed for speed and convenience, not for managing sensitive information across organisational boundaries.

In practice, that creates risk. Files are sent quickly, often through familiar tools, without much thought about what happens once they leave the organisation. Information can be duplicated, stored in multiple locations, or handled in ways that fall outside established controls.

Individually, these actions may seem low-risk. But at scale, they create a broader problem. Sensitive information moves beyond the organisation in ways that are difficult to govern, increasing the likelihood of exposure, misuse or non-compliant handling.

In government environments, the impact is more significant. Organisations are expected to manage information in line with strict regulatory frameworks, maintain auditability, and ensure data is handled in accordance with sovereignty requirements.

When everyday file sharing practices don’t align with these expectations, the gap between policy and practice widens, making compliance harder to demonstrate and risk harder to manage.

Why this matters now.

The risk associated with file sharing is not new, but the context has changed.

Data volumes are increasing, collaboration across organisations is more common, and regulatory expectations are rising. At the same time, the consequences of failure are more visible.

According to Verizon’s Data Breach Investigations Report, 74 per cent of breaches involve the human element, including errors, misuse or social engineering (2026 Data Breach Investigations Report (DBIR) | Verizon).

In this environment, relying on tools that were not designed for secure external collaboration is increasingly difficult to justify. Ultimately, file sharing is not a peripheral issue, but a core part of how information moves through government. Left unmanaged, it creates persistent and often invisible risk.

Addressing that risk requires more than policy. It requires control, visibility and auditability built into the way information is shared. Because once information leaves your environment, you should still be able to see it, manage it, and account for it.

Why existing approaches persist.

Despite the risks, the practical benefits mean many organisations continue to rely on existing tools. Email is fast, USB drives are simple, and general-purpose platforms are already integrated into workflows. They require little training and no change to behaviour.

For teams under pressure, familiarity is important. But this reliance creates a false sense of security. It assumes that process and policy alone are enough to manage risk.

However, even without malicious intent, mistakes can happen. People move quickly, files may be shared under time constraints, or quick workarounds used to meet deadlines. Despite good intentions, without embedded controls, even well-meaning teams can introduce risk.

A more structured approach to file sharing.

The good news is, fixing this doesn’t require a complete overhaul of how teams work. It requires a more structured approach to how information is shared.

At its core, secure file sharing comes down to three things: control, visibility and auditability. That means being able to manage who can access information, maintain oversight of how it is used, and retain a clear record of activity over time.

Purpose-built solutions are designed to support this. SigBox provides a controlled environment for sharing sensitive information across organisational boundaries. It is built specifically for regulated environments, with features such as access controls, activity visibility and audit trails designed to support compliance and governance requirements.

SigBox is designed for regulated environments, supporting secure file sharing at PROTECTED classification, giving government organisations confidence they are meeting strict data handling requirements.

It also aligns with Australian government expectations, including sovereign data hosting and support for security frameworks such as IRAP and ISM. This shifts file sharing from an informal activity to a governed process.

Reducing risk without adding friction

As mentioned, one of the reasons insecure file sharing persists is that it’s quick and easy. If a secure alternative is more complex, slower or more difficult to use, teams will find ways around it.

This is why usability matters when it comes to providing safer alternatives. A secure file sharing approach needs to work within existing workflows. It needs to be intuitive enough that teams adopt it naturally, without requiring significant training or behavioural change.

Sources.

  • Office of the Australian Information Commissioner (OAIC), Notifiable Data Breaches Report 2024
  • Australian Cyber Security Centre (ACSC), Data breach guidance

Get in touch.

Call us Enquire online
1800 004 943
Open Live Chat

Enquiry Sent.

Thank you for contacting us. Our specialists will get in touch with you shortly.

From the Blogs.

Email isn't secure file sharing.

Email Isn’t Secure File Sharing. It Ju...

For more than thirty years, email has been a trusted communication tool across business and government organisations. To this day, it remain...

Read More
Who has your file right now?

Who has your file right now? The hidden ...

You’ve sent the file. It reached the intended recipient. In many organisations, file sharing is treated as a completed action. Once the do...

Read More
Macquarie Government and Trellix Partner to Strengthen Email & Network Security Across Australian Government

Macquarie Government and Trellix Partner...

Agencies will have simplified access (through Macquarie) to the Trellix platform, potentially speeding up deployment and reducing complexity...

Read More