Quick tip: take ten minutes today to review the files and folders you have shared from OneDrive, SharePoint, Google Drive, Dropbox, or another cloud storage service. The goal is simple: replace loose “anyone with the link” sharing with named people, viewer-only access where possible, and expiration dates for temporary outside access.
This is one of those small habits that prevents messy problems later. Cloud sharing is convenient, but old links tend to hang around. A proposal sent to a vendor, a spreadsheet shared with a bookkeeper, a folder opened for a temporary employee, or a PDF shared during a sales conversation can stay accessible long after the work is done. That does not automatically mean something bad has happened, but it does mean your business data may be easier to reach than you intended.
Google’s Drive help explains that files can be shared with specific people or opened to “Anyone with the link,” and that owners can choose viewer, commenter, or editor roles. Microsoft’s OneDrive support page similarly points users to Manage access so they can see people, links, and email-based sharing, then remove links or adjust permissions. Those controls are useful, but they only help if someone checks them once in a while.
Why This Matters During A Normal Workday
Most small businesses do not leak files because someone intentionally publishes a private folder. The more common issue is ordinary convenience. Someone needs a file quickly, clicks Copy link, changes the link to work for anyone, sends it in a text or email, and moves on. Weeks later, nobody remembers the link exists.
The practical risk depends on what was shared. A restaurant menu draft is low risk. A tax folder, payroll spreadsheet, customer list, quote sheet, contract, ID scan, insurance document, password export, medical form, or vendor invoice is different. For business files, the safer default is to share with named users, grant the least access they need, and remove access when the work is finished.
The 10-Minute Cloud Sharing Checklist
1. Start With The Most Sensitive Folders
Do not try to audit every file in your cloud account at once. Start with the folders that would hurt most if they were opened by the wrong person:
- Accounting, taxes, payroll, bookkeeping, and bank documents
- Customer lists, contracts, estimates, invoices, and signed forms
- Employee records, HR files, onboarding documents, and IDs
- Website, domain, hosting, software license, and vendor records
- Shared folders used by outside contractors, marketing vendors, accountants, or former employees
Open one folder at a time and check who has access. If you use Microsoft 365, select the file or folder, open the details pane, and choose Manage access. If you use Google Drive, open the sharing panel or file details and review General access plus the named people who have access.
2. Replace Public Links With Named People
If you see a link that works for Anyone with the link, ask whether it still needs to exist. For most business documents, the safer choice is Restricted in Google Drive or a OneDrive/SharePoint link limited to specific people. That way access is tied to a known account instead of anyone who happens to receive or forward the URL.
Public links are not always wrong. They can be fine for a flyer, brochure, public menu, public form, or downloadable price sheet. They are a bad fit for files that contain private customer information, employee details, financial records, internal procedures, passwords, or vendor contracts.
3. Drop Editors Down To Viewers When Editing Is Not Needed
Editing permission should be temporary and intentional. If someone only needs to read, download, or review a document, make them a viewer. If they need to leave feedback, use commenter access when your platform supports it. Reserve editor access for people who truly need to change the file.
This matters because editors can usually change the contents and may be able to share the file further depending on the platform and settings. Google notes that Drive owners can remove editors’ ability to change permissions and share. That is worth checking on sensitive documents where you do not want a collaborator to accidentally widen access.
4. Set Expiration Dates For Temporary Access
If a file is being shared for a project, repair, quote, tax season, event, or short-term vendor relationship, use an expiration date where your account supports it. Microsoft’s OneDrive sharing guidance includes options for changing a link expiration date. Google Drive also documents expiration-date sharing for eligible work or school accounts.
If your plan does not support link expiration, make your own follow-up date. Put a reminder on the calendar for the day after the project ends: “Remove access to tax folder,” “Remove contractor from marketing folder,” or “Review customer export link.” Low-tech reminders still work.
5. Remove Former Employees, Vendors, And Old Personal Accounts
Look for names you no longer recognize, old Gmail addresses, former employee accounts, personal Microsoft accounts, outside vendors who finished their work, and generic addresses like “office,” “assistant,” or “marketing” if nobody knows who controls them. Remove or downgrade access unless there is a clear business reason to keep it.
For businesses, do not rely only on individual users cleaning up their own sharing. Someone should own the process. A manager, office admin, or IT provider should periodically review shared folders that contain company information, especially when employees leave or vendors change.
How To Do It In Google Drive And OneDrive
Google Drive
- Go to drive.google.com.
- Right-click the file or folder you want to review.
- Open Share or file details, then look for Manage access.
- Check General access. If it says Anyone with the link and the file is not meant to be public, change it to Restricted.
- Review each person listed. Remove people who no longer need access.
- Change roles from editor to commenter or viewer where editing is unnecessary.
- For sensitive files, open sharing settings and consider turning off editor permission changes or sharing changes.
Microsoft OneDrive Or SharePoint
- Open OneDrive or the SharePoint document library.
- Select one file or folder.
- Open the details pane and choose Manage access.
- Review the people, links, and email-based access shown there.
- Remove old sharing links that should no longer work.
- Change permissions from edit to view when possible.
- Use password or expiration options for links when your Microsoft 365 plan and organization settings allow them.
What Can Go Wrong
- You can break someone’s workflow. Before removing access from an active shared folder, check whether accounting, sales, HR, or a vendor still needs it.
- Folder permissions can override file permissions. Google warns that folder permissions can affect items inside the folder. If a person still has access through a parent folder, removing them from one file may not fully solve the issue.
- Deleting a file is not the same as removing every copy. People who already had access may have downloaded or copied the file. Permission cleanup helps going forward, but it cannot erase copies already made.
- Links may stop working after files move. Microsoft notes that OneDrive sharing links can stop working if files or folders are moved. If a client says a link broke, check whether the file was moved, renamed, or no longer shared.
- Personal cloud accounts create ownership problems. Business files should live in business-controlled Microsoft 365, Google Workspace, or another managed company storage system. A folder owned by a personal account can become a problem when someone leaves.
When To Call An IT Professional
Call an IT professional if you find sensitive files shared broadly, if an employee or vendor recently left and you are not sure what they can still access, if your team uses a mix of personal and business cloud accounts, or if you need company-wide sharing rules. A managed Microsoft 365 or Google Workspace setup can enforce better defaults, restrict external sharing, require expiration for certain links, and make offboarding much cleaner.
This is also worth a professional review after a suspected email compromise. If an attacker accessed a mailbox or cloud account, file-sharing links, mailbox rules, forwarding settings, OAuth app permissions, and saved sessions should all be checked together.
A Simple Office Policy That Works
Use this as a practical baseline:
- Share private business files with named people, not public links.
- Use viewer access unless editing is required.
- Use expiration dates for vendors, projects, quotes, and temporary work.
- Review shared accounting, HR, customer, and vendor folders monthly.
- Remove access during employee and vendor offboarding.
- Keep company files in company-owned accounts, not personal cloud storage.
Need help cleaning up cloud sharing without locking out the people who still need files? Contact The IT Guys for practical local support.
Related Reading
- Check Email Forwarding Rules Before They Leak Your Messages
- Stop Sharing Passwords by Text and Use a Shared Vault Instead
- Check SPF, DKIM, And DMARC Before Email Spoofing Hurts Your Business
Sources
- Google Drive Help: Share files from Google Drive
- Google Drive Help: Stop, limit, or change sharing
- Microsoft Support: Share files and folders in Microsoft OneDrive
- Microsoft Support: See who a file is shared with in OneDrive or SharePoint
FAQ
Is “anyone with the link” always unsafe?
No. It can be fine for public documents such as flyers, menus, public forms, and general marketing files. It is risky for private business files, customer information, payroll, tax documents, contracts, and internal records.
Should I remove every old sharing link?
Remove links that no longer have a clear purpose. For active clients, vendors, or staff, first confirm what they still need so you do not interrupt work.
What is the safest default permission?
For most shared business files, use named people and viewer access by default. Add edit permission only when someone truly needs to change the file.