Three months ago our VP of Sales came into the Monday standup looking like he hadnt slept. He told us that one of our biggest prospects had forwarded our custom pricing proposal, complete with volume discounts and margin details, to our direct competitor. The competitor then used our pricing to undercut us on a deal worth about $180K.
We found out because the competitor's sales rep accidentally mentioned our exact discount structure during a call with a mutual contact. Thats how we learned that our confidential pricing was just floating around as an email attachment.
And the worst part? There was literally nothing we could have done about it. Once you email a PDF, its out of your hands.
This happens way more often than people admit
So i started asking around. Turns out this is not a rare thing at all. I talked to about a dozen sales leaders over the next few weeks. Eight of them had a story about document forwarding causing problems. Not all as dramatic as ours, but still painful.
A Statista survey on data sharing risks found that unauthorized document sharing is one of the top three data security concerns for businesses. And most of the time its not malicious. People just forward stuff casually without thinking about confidentiality.
Your prospect sends your proposal to their CFO. The CFO forwards it to their procurement team. Someone on procurement sends it to another vendor for a "competitive comparison." Each forward is totally logical from their perspective and totally invisible to you.
Email attachments have zero enforcement
Think about what happens when you attach a PDF to an email. The recipient now has a permanent copy on their device. They can:
- Forward it to anyone
- Download it to any device
- Print it and leave it on a desk
- Upload it to their own cloud storage
- Share it on Slack, Teams, whatever
You have zero visibility into any of this and zero ability to stop it. The "confidential" watermark you put on page one? Thats a suggestion, not enforcement. Nobody has ever been stopped from forwarding a document because it said "confidential" at the top.
According to Verizon's Data Breach Investigations Report, human error and misuse (including unauthorized sharing) account for about 74% of all data breaches. The PDF you emailed last Tuesday is part of that risk surface, whether you think about it or not.
What actual protection looks like
There are a few levels of protection that actually work, not just "please dont share this."
Link-based sharing with access controls. Instead of sending a file, you send a link. The link requires email verification or a password. If someone forwards the link, the new person has to authenticate before they can view anything. You get an alert that an unexpected viewer is trying to access your document.
Expiration dates. The link stops working after a date you set. Even if the prospect forwarded it, after your deadline it goes dead. No more perpetual access.
Download blocking. The viewer can read the document in their browser but cant download the actual file. This isnt bulletproof (screenshots exist) but it eliminates the casual "save and forward" behavior that causes most problems.
Dynamic watermarking. Every viewer sees a unique watermark with their email and the date. If a screenshot or printout leaks, you know exactly who shared it. This is more deterrent than prevention, but deterrents work. People behave differently when they know their name is literally on the document.
The real world tradeoff
Now, i want to be honest here. Adding friction to document sharing has a cost. Some prospects will find it annoying. Some will ask why they need to verify their email just to read a proposal.
But thats a tradeoff i'm willing to make after watching $180K walk out the door.
The key is applying the right level of protection to the right documents. Your marketing one-pager? Just email it, who cares. Your custom pricing proposal with margin details? That needs protection. Your investor data room during fundraising? Definitely needs protection.
Not every document needs to be locked down. But the ones that contain competitive intelligence, pricing, financial projections, or customer data absolutely should be.
What we changed after getting burned
After the incident, we made three changes to our sales process.
First, we stopped emailing proposals as attachments entirely. Everything goes through link-based sharing now with email verification required. It added about 10 seconds of friction for the viewer and so far zero prospects have complained.
Second, we set expiration dates on all proposals. 30 days for standard proposals, 14 days for custom pricing. If the deal is still active we extend it. But stale proposals dont just live forever in someone's inbox.
Third, we added dynamic watermarks to anything with pricing or financial details. Each viewer sees their name on every page. Its subtle but effective.
Thats exactly why I built CloakShare. It handles all three of those requirements (link-based sharing, expiration dates, dynamic watermarks) without charging per user.
The competitive intelligence angle
Heres something else i didnt think about until it happened to us. Every proposal you send is competitive intelligence. It tells competitors:
- What you charge
- How you structure deals
- What discounts you offer at different volumes
- What features you emphasize
- How you position against alternatives
A single forwarded proposal gives a competitor a masterclass in your sales strategy. And if you're sending unprotected attachments, you're basically publishing that information.
A Harvard Business Review article on competitive intelligence noted that most competitive intel comes from publicly or semi-publicly available sources. Your unprotected proposals are one of those sources, whether you realize it or not.
Prevention beats damage control
After our pricing got leaked, we spent about two weeks doing damage control. Repricing, calling the prospect, adjusting our competitive positioning for that deal (which we lost anyway). The total cost in time and the lost deal was well over $200K.
The tools to prevent this cost maybe $50-100/month. The math is embarrassingly obvious in retrospect.
If you're still sending pricing proposals and competitive documents as email attachments, please stop. Not because I'm selling you something, but because i learned this lesson the expensive way and i'd rather you didnt have to.
Top comments (0)