Introduction
Ever attached a file to an email and hit “send” without thinking twice? It’s second nature for most of us — especially in construction, where plans, contracts, invoices, and personal or financial info get passed around by email every day. But have you ever stopped to think about the risks?
Picture this: You’re emailing a supplier about a payment. What you don’t know is that a cybercriminal has found a way into your mail server, changed the bank details on the invoice, and now you’re about to send thousands of dollars straight into the wrong account. Sadly, this isn’t a rare “what if” — it’s happening more often than you'd think.
In today’s digital world, relying on email attachments alone is a risky move. Cyber threats are getting smarter, and old habits just don’t cut it anymore. That’s where secure file-sharing links come in.
In this article, we’ll look at why email attachments are risky, explain how secure file share links work, and walk you through how to start using them.
Whether you’re a homeowner, small business owner, or working in residential construction, knowing how to protect your files is key to avoiding headaches — and keeping your projects on track.
In the 2023–24 financial year, the Australian Cyber Security Hotline received over 36,000 calls, marking a 12% increase from the previous year. This surge underscores the escalating cyber threats facing Australian businesses and individuals. SOURCE
The Risks Associated with Email Attachments
In the construction industry, sharing documents via email attachments is a common practice. However, this method carries several risks that can compromise project integrity and client trust.
1. Security Vulnerabilities
Email attachments are a primary vector for cyber threats. Malicious actors often use them to distribute malware, ransomware, and phishing scams. Once an attachment is opened, it can compromise the recipient's system, leading to data breaches and unauthorised access to sensitive information.
2. Lack of Control Over Shared Files
Once an attachment is sent, the sender loses control over who accesses it and how it's used. The file can be forwarded, copied, or stored indefinitely without the sender's knowledge, increasing the risk of unauthorised access and data leakage.
3. Compliance and Legal Issues
Sending sensitive information via unsecured email attachments can lead to non-compliance with data protection regulations. In Australia, the Privacy Act mandates the secure handling of personal and sensitive data. Failure to comply can result in legal penalties and damage to the company's reputation.
4. Man-in-the-Middle (MITM) Attacks
In MITM attacks, cybercriminals intercept email communications between parties, altering the content without either party's knowledge. In the construction sector, this often involves changing bank account details on invoices, leading to payments being diverted to fraudulent accounts.
5. Version Control Issues
Email attachments can lead to confusion over document versions. Multiple recipients may make changes to different copies of the same document, resulting in inconsistencies and errors that can delay projects and increase costs.
According to Check Point’s Cyber Security Report for 2024, 88% of all malicious file deliveries occur through email, highlighting the significant risk posed by email attachments in cyberattacks. SOURCE
Advantages of Using File Share Links
Making the move from old-school email attachments to secure file-sharing links comes with a lot of benefits — especially in construction, where tight teamwork and protecting sensitive info are both critical.
1. Enhanced Security and Governance
File share links provide advanced security features that email attachments lack. These include:
- Access Controls: Define who can view, edit, or download files.
- Link Expiration: Set expiration dates to limit access duration.
- Audit Trails: Monitor who accessed the file and when, enhancing accountability.
These features align with data protection regulations, ensuring compliance and reducing the risk of unauthorised access.
2. Improved Version Control
File share links keep everyone on the same page — literally. Instead of emailing different versions back and forth, your team works on one central file. Any updates happen in real time, so there’s less confusion, fewer mistakes, and way less time wasted redoing things.
3. Compliance with Cyber Insurance Policies
Cyber insurance companies are starting to expect more from businesses when it comes to protecting data. Using secure file-sharing links shows you’re taking security seriously — and that kind of proactive approach can actually help you get better policy terms and lower premiums.
4. Protection of Personally Identifiable Information (PII)
Sharing sensitive client information via secure links minimises exposure risks. Unlike email attachments, which can be forwarded or stored indefinitely, file share links offer controlled access, safeguarding PII and maintaining client trust, discharging cyber insurance obligations.
Egnyte highlights that using secure file share links over email attachments offers enhanced security, flexibility, and efficiency. Features like access controls, link expiration, and audit trails provide better governance and protection for sensitive information. SOURCE
The Threat of Man-in-the-Middle (MITM) Attacks in Construction
In the construction industry, where large sums of money are frequently exchanged, cybercriminals have found fertile ground for Man-in-the-Middle (MITM) attacks. These attacks involve an unauthorised party intercepting and potentially altering communications between two legitimate parties without their knowledge.
1. What is a MITM Attack
A typical MITM attack in the construction sector might involve a hacker gaining access to email communications between a contractor and a client. The attacker monitors the conversation and, at an opportune moment, sends a fraudulent email—masquerading as one of the parties—instructing a change in bank account details for an upcoming payment. The unsuspecting recipient complies, transferring funds directly to the criminal's account.
2. Real-World Impacts
These kinds of attacks aren’t just some worst-case scenario — they’re happening right now. In 2024, a construction company in Victoria lost over $900,000 after paying a fake invoice that came from a hacked supplier email account (source). Luckily, their bank stepped in quickly and recovered most of the money — but it’s a clear warning of just how real the risk is.
3. Vulnerabilities in Email Systems
Email systems — especially the ones without solid security in place — are a prime target for man-in-the-middle (MITM) attacks. Here’s why they’re so vulnerable:
- Lack of Encryption: Unencrypted emails can be intercepted and read by unauthorised parties.
- Weak Authentication Protocols: Without multi-factor authentication, unauthorised access to email accounts becomes easier.
- Human Error: Employees may unknowingly click on malicious links or comply with fraudulent requests.
4. Mitigation Strategies
To protect against MITM attacks:
- Implement Multi-Factor Authentication (MFA): Adding an extra layer of security makes unauthorised access more difficult.
- Use Secure File Sharing Platforms: Instead of sending sensitive documents via email, utilise platforms that offer encrypted file sharing.
- Educate Employees: Regular training on recognising phishing attempts and suspicious activities can reduce human error.
- Verify Payment Details: Always confirm changes in payment instructions through a secondary communication channel.
In 2021, the Australian Cyber Security Centre (ACSC) issued an alert highlighting a surge in Business Email Compromise (BEC) scams targeting the construction industry, emphasising the need for heightened vigilance and improved cybersecurity measures. SOURCE
Challenges and Considerations
Switching to secure file-sharing links has a lot of upsides — but let’s be real, it’s not always easy to teach old dogs new tricks. Especially in construction, there are a few hurdles to get over. Knowing what they are upfront makes it easier to tackle them head-on.
1. Resistance to Change
A lot of people in construction are used to doing things the old-school way — sending documents as email attachments or even handing over hard copies. So when you roll out something new, it’s not unusual to get a few raised eyebrows, especially if the benefits aren’t obvious right away.
The workaround? Show, don’t just tell. Run practical training sessions and use real examples of how secure file sharing has prevented data breaches or saved projects from turning into a mess. Once people see the value, the resistance usually fades.
2. Compatibility Issues
Not everyone on a project is using the same tools — and that can be a headache. Maybe the head contractor’s using one platform, but a subcontractor can’t access it, and suddenly you’re chasing files by email again.
The fix? Stick with file-sharing platforms that play nicely across different systems and devices. The more accessible it is for everyone, the smoother the workflow.
3. Cost Implications
A lot of secure file-sharing platforms have free versions, but the really useful features — like advanced permissions, expiry dates, or audit trails — usually come with a price tag. For small businesses or solo contractors, that can feel like a stretch.
Our take? Look at what your projects actually need and find a platform that gives you the right tools without blowing the budget. A bit of spend upfront on security is nothing compared to what a data breach could cost you later. We recently evaluated Box and Egnyte. Box looks great but Egnyte is just the best for AEC (Architecture, Engineering Construction) in our opinion.
4. Learning Curve
Adopting new technologies requires time and effort to learn. Without proper guidance, team members might misuse the tools, leading to potential security vulnerabilities.
Solution: Provide step-by-step tutorials and support resources to ensure all team members can effectively use the new file-sharing tools.
A study by Planning, Building & Construction Today (UK) highlighted that technological barriers and slow digital adoption exacerbate data-sharing issues in the construction industry, creating inefficiencies and miscommunication. SOURCE
Practical Steps to Transition from Attachments to File Share Links
Switching from email attachments to secure file-sharing links isn’t just a tech upgrade — it’s a smart move that makes your data safer and teamwork smoother. Here’s a simple step-by-step guide, built with construction teams in mind:
1. Assess Your Current File Sharing Practices
Begin by evaluating how your team currently shares files:
- Identify Commonly Shared Documents: Blueprints, contracts, invoices, and project plans.
- Determine Sharing Methods: Email attachments, USB drives, or cloud services.
- Evaluate Security Measures: Check for encryption, access controls, and audit trails.
Understanding your starting point will help in selecting the most suitable file-sharing solution.
2. Choose a Secure File Sharing Platform
Select a platform that offers:
- Robust Security Features: End-to-end encryption, password protection, and two-factor authentication.
- User-Friendly Interface: Ease of use encourages adoption among team members.
- Integration Capabilities: Compatibility with existing tools like project management software.
Platforms like Egnyte are built for the AEC space — that’s architecture, engineering, and construction. They’re made to handle big files, lock down access, and protect sensitive info properly.
We’ve tried plenty over the years — Dropbox, Google Drive, Box, even Tresorit — but right now we’re using Egnyte, and honestly, we love it. It just suits how construction teams actually work.
Features like built-in Adobe PDF edit/sign/save, simple workflows for document review, and client-friendly portals make collaboration easy. We also use the Project Control add-on — great for tagging site photos with metadata, setting file expiry, bundling folders together, and making search and retrieval painless.
3. Develop a File Sharing Policy
Establish clear guidelines that cover:
- Types of Data to Be Shared: Define what information is appropriate for sharing via links.
- Access Permissions: Specify who can view, edit, or download files.
- Retention Periods: Set timeframes for how long files are accessible.
- Revocation Procedures: Outline steps to revoke access when necessary.
A well-defined policy ensures consistency and compliance across the organisation.
4. Train Your Team
Educate employees on:
- Benefits of Secure File Sharing: Emphasise improved security and collaboration.
- Platform Usage: Provide tutorials and hands-on training sessions.
- Security Best Practices: Highlight the importance of strong passwords and recognising phishing attempts.
Regular training sessions help maintain a high level of security awareness.
5. Implement Gradually
Start with a pilot program:
- Select a Small Team or Project: Test the new system in a controlled environment.
- Gather Feedback: Identify challenges and areas for improvement.
- Refine Processes: Make necessary adjustments before a full-scale rollout.
A phased implementation allows for smoother transitions and better adoption rates.
6. Monitor and Review
Continuously assess the effectiveness of the new system:
- Track Usage Metrics: Monitor how often and effectively the platform is used.
- Solicit Feedback: Encourage team members to share their experiences.
- Update Policies and Training: Adapt to evolving needs and technological advancements.
Regular reviews ensure the system remains effective and secure.
Implementing secure file-sharing platforms with encryption features ensures that sensitive construction documents are protected throughout the sharing process, enhancing collaboration security protocols.
Technological Solutions and Best Practices
Embracing the right technological tools is crucial for enhancing cybersecurity in the construction industry. By integrating advanced solutions, businesses can safeguard sensitive data, streamline operations, and foster a culture of security.
1. Adopt Secure File Sharing Platforms
Transitioning from email attachments to secure file-sharing platforms is a significant step toward better data protection. Platforms like Egnyte, designed specifically for the Architecture, Engineering, and Construction (AEC) industry, offer:
- Granular Access Controls: Define who can view, edit, or share files.
- Audit Trails: Monitor file access and modifications.
- Data Encryption: Ensure data is encrypted both at rest and during transit.
These features not only enhance security but also improve collaboration among project stakeholders.
2. Implement Multi-Factor Authentication (MFA)
MFA adds an extra layer of security by requiring users to provide two or more verification factors to gain access. This reduces the risk of unauthorised access due to compromised credentials.
3. Regularly Update and Patch Systems
Keeping software and systems up to date is just as important as deploying software. Regular patches fix known vulnerabilities, reducing the risk of exploitation by cybercriminals.
4. Conduct Regular Security Audits
Periodic security assessments help identify potential vulnerabilities and ensure that security measures are effective. These audits should cover all aspects of the IT infrastructure, including networks, applications, and user practices.
5. Educate and Train Employees
Technology is only as effective as the people using it. Regular training sessions on cybersecurity best practices ensure that employees are aware of potential threats and know how to respond appropriately.
According to a study by the Construction Industry Council (UK), 80% of construction companies lack basic cybersecurity protocols, highlighting the urgent need for adopting technological solutions and best practices in the industry. SOURCE
Regulatory Compliance and Legal Considerations
In the construction industry, understanding and adhering to data protection laws is crucial. Australia has established a comprehensive legal framework to safeguard personal information, which construction companies must navigate diligently.
1. The Privacy Act 1988 and Australian Privacy Principles (APPs)
Australia’s main privacy law is the Privacy Act 1988, and it includes something called the Australian Privacy Principles (or APPs). These set the ground rules for how businesses collect, use, and share personal information.
For construction companies, that means you need to have clear processes in place for handling things like client details, staff records, or supplier data — and you’ve got to do it securely and responsibly.
2. State and Territory Legislation
On top of the federal privacy laws, each state and territory has its own set of rules. For example, in Queensland, there’s the Information Privacy Act 2009, which applies to government agencies. If your construction business works across multiple states, you’ll need to be across these local laws too — they’re not all the same, and compliance matters.
3. Mandatory Data Breach Notification
Thanks to the Notifiable Data Breaches (NDB) scheme, businesses are legally required to tell both the OAIC and anyone affected if a data breach is likely to cause serious harm. In plain terms: if something goes wrong and sensitive info gets out, you need to own up to it — fast. That’s why having solid data security and a plan to deal with breaches is so important, especially in construction where private information is constantly being shared.
What Happened When We Reported a Data Breach to the OAIC
The absurdity of Australia’s mandatory breach notification regime hit home for us recently.
We contacted the OAIC to report a data broker that’s widely used in real estate. Our concern was simple: “Where did they get this data? These individuals never gave permission.”
Their response? “Don’t you want their business to succeed?”
That’s not just tone-deaf — it’s a textbook adhominem fallacy. Instead of addressing the issue, they questioned our motive for raising it. Classic bullshit.
We pushed back: “If someone shady pays $165 for a month’s access, uses it to find the last 10 residential addresses of someone they intend to harm — and then harms them — that blood is on your hands.”
This isn’t theoretical. It’s real risk. It’s privacy weaponised. And the regulator responsible for protecting our data? Useless.4. International Data Transfers
When transferring personal information overseas, construction companies must ensure that the recipient country has adequate data protection laws or that appropriate safeguards are in place. This is particularly relevant for firms collaborating with international partners or utilising cloud services hosted abroad.
5. Implications for Non-Compliance
Failure to comply with data protection laws can result in significant penalties, legal action, and reputational damage. For example, serious or repeated interferences with privacy can attract fines up to AUD 2.1 million for corporations.
In the 2020-21 financial year, the Australian Cyber Security Centre received over 67,500 cybercrime reports, with losses exceeding AUD 33 billion. Phishing scams accounted for more than 22% of breaches against Australian construction companies. SOURCE
Conclusion: A Better Way To Share Build Information
We've covered a lot in this blog post— from the risks of email attachments to the practical benefits of using secure file-sharing links. So what does this all mean for your business?
If you're managing construction projects, you're constantly sharing sensitive documents: plans, financial information, Personally Identifiable Information (PII), contracts, invoices, purchase orders and reports. Email might feel quick and easy, but it comes with risks — interception, errors, lost versions, and legal exposure.
Secure file-sharing platforms solve these problems. They give you control, traceability, and confidence that your information won’t end up in the wrong hands.
This isn’t just about ticking a cybersecurity box. It’s about lifting your standards, working smarter with clients and consultants, and avoiding costly mistakes. Yes, change takes effort — but the good news is that modern software is easier than ever to roll out. Providers like Egnyte offer excellent support (we’ve had a great experience), and plans can be tailored to suit your business needs.
So what should you do next to take action and get moving? Great question!
- Educate your team — show them why this matters.
- Switch to secure platforms — not tomorrow, now.
- Set the tone — don’t wait for others to drag you up to speed. Lead by example.
In construction, you wouldn’t accept dodgy workmanship on site. Don’t accept it in your digital tools either. Don't diddle around with dodgy digital tools. 😄
The Australian Cyber Security Centre reported over 87,400 cybercrime reports in the 2023-24 financial year, averaging one every six minutes, underscoring the critical importance of robust cybersecurity measures in all industries, including construction.
Frequently Asked Questions (FAQ)
1. Why should I use file share links instead of email attachments?
Using file share links enhances security by allowing you to control who accesses the file, set expiration dates, and monitor activity. Unlike email attachments, which can be forwarded or intercepted, share links provide a more secure and manageable way to share sensitive documents.
2. Are file share links secure enough for sensitive construction documents?
Yes, when using reputable platforms that offer encryption, access controls, and audit trails, file share links are secure for sharing sensitive information. It's essential to choose a platform that complies with industry standards and best practices.
3. What if the recipient doesn't have access to the file-sharing platform I use?
Most modern file-sharing platforms allow you to send links that can be accessed without requiring the recipient to have an account. You can also set permissions to view-only or require authentication, depending on the sensitivity of the information.
4. How do file share links help with version control?
File share links often point to a single, centralised document. This means that any updates made to the document are reflected in real-time, reducing confusion caused by multiple versions sent via email attachments.
5. Can I set expiration dates on file share links?
Yes, many file-sharing platforms allow you to set expiration dates on links, ensuring that access is only available for a specified period. This feature enhances security by limiting the window during which the file can be accessed.
6. What happens if a file share link is forwarded to someone else?
You can set permissions on file share links to restrict access to specific individuals or require authentication. If a link is forwarded, unauthorised users won't be able to access the file without the necessary permissions.
7. Are there any downsides to using file share links?
While file share links offer enhanced security, they require proper management. It's essential to monitor access, set appropriate permissions, and educate team members on best practices to prevent unauthorised sharing.
8. How do file share links align with regulatory compliance?
Using file share links can help meet regulatory requirements by providing audit trails, access controls, and data encryption. These features support compliance with data protection laws and industry standards.
9. Can I track who accesses the files I share?
Yes, many file-sharing platforms offer audit logs that track who accessed the file, when, and what actions they took. This transparency aids in monitoring and ensures accountability.
10. What should I consider when choosing a file-sharing platform?
Look for platforms that offer robust security features, user-friendly interfaces, integration with your existing tools, and compliance with industry standards. It's also beneficial to choose a platform that provides support and training resources.
Further Reading
Anthony Painter
Anthony Painter
Our Favourite File Storage Providers
(In order of preference: we have paid accounts with Egnyte and a Lifetime Pcloud Account 2.5Tb, a very handy plan option)
– CDO, Morgan Stanley Wealth Management
