As per this recent TechRadar article recent embarrassing events relating to security incidents and exposure of sensitive information has been attributed to the use of Excel spreadsheets.
Table of contents
UK governments Excel spreadsheet suggestions
Some of the key recommendations, as per the article include:
https://www.techradar.com/pro/the-uk-government-is-telling-people-to-stop-using-excel-spreadsheets-because-of-multiple-data-breaches
- Immediately stop uploading original source spreadsheets to online platforms used to respond to FOI requests
- Continually provide training to staff who are involved with disclosing information
- Avoid using spreadsheets with hundreds or thousands of rows and instead invest in data management systems which support data integrity
Typically this is easier said then done. Excel spreadsheets will always be the default program for any sorts of lists, especially if they are hundred of thousands of rows long or need multiple sheets.
Stop uploading original Excel spreadsheets ✔
It is a good idea to not upload the full spreadsheet but sometimes what is the alternative? If the sensitivity is in the formulas, or you want to break the formulas and only show the values, you can look at something like this – https://online-excel-training.auditexcel.co.za/lesson/remove-all-formulas-from-entire-spreadsheet/ .
If you don’t want spreadsheets uploaded then disable the ability to upload spreadsheets. We have all come across the systems that won’t allow certain formats to be uploaded.
Also before you upload (if you have to), use the relatively new Inspect tool. You can see how to find all the Protected sheets (including hidden sheets) on this blog post.
Continually provide (Excel) training to staff ✔
The training is the most practical idea. 99.9999% of Excel errors are user errors. Even if the user knows the risk, time pressure means that the risk cannot be addressed adequately. As per below we have a free online training course focused on the built in protection features available to all Excel users.
Invest in Data Management Systems
Also easy to say that you should invest in a system but there is not enough money in the world to create all the systems that Excel fills in for.
Excel has some built in protection features
Some recommendations from our side.
Excel has some built in protection features. Although not perfect (and relatively easy to break) they are better than nothing and are little known.
We have a free GDPR Compliance- Built in Excel Tools that will help course that covers these.
Some of the lesser known issues that are important to know include:
- If you include a Pivot Table in the spreadsheet it remembers all the source data even if you removed it.
- You can have different levels of passwords that allow different access to Excel (all available in Excel already)
- You can lock a spreadsheet BUT still allow people to change the column widths, add colors etc.