When is the last time that you did an audit on your file security? I have walked into places to perform a migration and discovered that the security on files was set to allow anyone to access them or people had more rights than what was needed. Most people setup the file shares and once they are setup do not review them unless a problem exists. I have seen software and third parties modify permissions and cause issues. My recommendation is to do a yearly review on permissions.