Back to Blog
Security28 November 2025

Why Email Attachments Are the #1 Cause of Breached Confidentiality

Every forwarded attachment is a lost audit trail. We look at why email is the weakest link in document security, and what to replace it with.

Here's a confronting statistic: more than 60% of confidential document breaches in Australian professional services firms start with an email attachment. Not sophisticated hackers, not insider threats, just an advisor, accountant, or lawyer hitting "attach" on a PDF.

Why email is the weak link

Email was designed in the 1970s for academic researchers sharing text. Every feature we've added since, attachments, HTML rendering, auto-forwarding, has compounded the security problem rather than fixing it. A single attached document creates at least four copies: your sent folder, the recipient's inbox, any server it traverses, and whatever device they opened it on. Once it's in their inbox, you have zero visibility and zero control.

The forwarding problem

The real risk isn't interception in transit (TLS covers that for modern mail servers). It's what happens after delivery. Your recipient forwards the email to a colleague for a second opinion. That colleague forwards it to their phone to read later. That phone syncs to a home computer. A week later, someone's junior assistant is copying the PDF to their personal Dropbox to work on the weekend. You, the sender, have no idea any of this has happened.

Password-protected PDFs don't help

The standard response is "I'll just password-protect the PDF and send the password separately." Two problems with this. First, PDF passwords are trivial to strip, there are free online tools that do it in under a minute. Second, the password usually ends up in a follow-up email or a text message, so you're still relying on transport security for the one thing you wanted to protect.

What works

The fix is to send a link instead of a file. The link takes the recipient to a controlled environment where you can verify their identity (email code), require NDA acceptance, apply a watermark, track their activity, and revoke access whenever you want. If they need to forward it, you can invite the second person directly and still see what they're doing. The audit trail belongs to you, not to whoever's sitting in someone's Outlook archive.

The compliance dimension

This isn't only about good practice — it's about obligations. Under Australian Privacy Principle 11 you must take reasonable steps to protect personal information, and "we emailed it as an attachment and hoped" is hard to defend as reasonable when a leak occurs. If the attachment contained a Tax File Number or bank details and ends up exposed, you may be looking at a Notifiable Data Breach. Sending a controlled link instead of a copy is one of the cleanest ways to show you took those reasonable steps — because you retain visibility and the ability to revoke.

What to do right now

  • For anything sensitive, send a link to a controlled room, not the file itself.
  • Turn on view-only for recipients who only need to read, so there's no downloadable copy to forward.
  • Set an expiry on access so a forgotten link doesn't stay live forever.
  • If someone needs to loop in a colleague, invite that colleague directly rather than letting the original recipient forward — so you keep the audit trail.

The rule of thumb

If the document is routine (meeting notes, agenda, marketing deck), email is fine. If the document is something you'd be uncomfortable seeing in a news article, it needs a better channel than email.

Frequently asked questions

Isn't email encrypted in transit anyway? Modern mail uses TLS hop-to-hop, but that only protects the message while it's moving — once it lands in an inbox it's a permanent, forwardable copy you no longer control. What about secure email add-ons? They help in transit but rarely give you a per-recipient audit trail or revocation after delivery. What's the single change with the biggest payoff? Stop attaching sensitive files; share a link to a view-only, audited room instead.

Related reading