how to use claude cowork safely.
cowork can read your files, use your connected apps, and take real actions. that is the point of it, and it is also why a little setup discipline pays for itself the first time it saves you from a mistake. the built-in floor is solid: claude always asks before deleting a file, and in the default mode it asks before sending or sharing too. this is the part you bring on top.
i wrote about what cowork is and the draft-and-approve model in what claude cowork actually is. this is how you work in it without ever getting surprised.
set up so a mistake can't reach what matters
the single highest-leverage move is the folder you point claude at. that folder is the boundary for what it can read, write, and with your okay, delete. three rules:
- use a dedicated working folder, not a catch-all. pointing claude at your whole documents, downloads, or desktop is like letting a new hire rummage through every file you own. make a folder for the task, move in what it needs, point claude there.
- back up anything irreplaceable first. if a file matters and a fresh copy can't be regenerated, an old client deliverable, a contract you can't re-issue, keep a copy somewhere cowork can't reach.
- test new workflows on copies. building a scheduled task that runs every friday? the first run goes against a copy. once you have watched it behave, point it at the live folder.
write prompts that leave no room for the wrong action
how you ask matters as much as where you point it.
- be specific about destructive verbs. "cut the section" can mean remove from view or delete from the file. if the wrong reading is irrecoverable, name it: "remove the section from the draft, but keep the file."
- name the bounds in the prompt. "only the 3 most recently updated files." "only contracts that closed in q3." "don't message anyone, draft only." narrow scope gives you a clear line for spotting drift.
- keep scheduled tasks on draft until you trust them. a task that runs while you are not watching should draft for your review before it ever sends on your behalf.
the three checks that catch the rest
in the moment, three habits catch almost everything:
- read the plan. when claude starts, it lays out what it is going to do. skim it. do the steps make sense, in the right order, using the right sources? redirect if not.
- watch for unexpected patterns. you don't need to validate every step. but if it is touching files or sites you didn't mention, or scope is creeping, stop it. "something feels off" is a real signal.
- approve deliberately. when a confirmation appears, read it. most mistakes are not the safeguard failing, they are someone clicking through a dialog that wasn't quite the action they meant. the dialog exists because the action matters.
when cowork is not the right tool
a short, honest list. don't hand cowork:
- regulated workflows that need an audit trail. cowork activity isn't captured in audit logs or compliance exports.
- anything you wouldn't trust a smart, quick colleague to do unsupervised: sending the legal doc to the counterparty, posting the public announcement, pushing the customer-facing change. claude prepares, you ship.
- highly sensitive personal data outside the boundary your it team has approved.
this is the same idea that makes any claude setup safe: the model does the reading, sorting, and drafting, and a human approves the things with consequences. i wrote about why that one rule changes the whole risk math in how to set up claude for a small business. set the boundary once, and you can hand off real work without watching every keystroke.
want it set up safely the first time?
the systems diagnostic is $500, the price is on the page. you get a written map of the one process worth automating first, with the folder boundaries, approval gates, and guardrails built in. you decide on your own schedule.
get the $500 diagnostic