Basic steps to protect sensitive data in Excel spreadsheets
Data leaks seem to be in the press daily these days.
Stories like this BBC News article describing how Leicester City Council accidentally sent a spreadsheet containing sensitive information to 27 companies engaged in a tender process seem commonplace.
There will undoubtedly be collective intakes of breath and a few sighs of relief in other companies, thankful it wasn’t them. That sensitive data is held in spreadsheets isn’t a surprise – almost all of us will have our own personal data, sitting somewhere in some company’s data system – payroll for example. Most of these systems will have the option to export data, and in many cases, exporting it will be essential to the business processes behind the scenes.
So what went wrong, and how can things like this be prevented? There are some basic steps you can start with to protect your data.
Mitigating against human error – adopt a good naming convention
In this particular story, the name of the leaked file did little to warn whomever sent the email, that it was the wrong attachment to send.
In fact, the of the file may very well have been one of the causes of the slip – “Taxi Tender Live v3” – sounds like something you ought to attach to a taxi tendering email doesn’t it?
Prefixing a file with “Internal” or whatever makes sense in your organisation, would help avoid this type of leak. Perhaps avoid things like, “Highly Sensitive” because you may want to avoid drawing attention to sensitive files. Better yet, only label files which are for external use with “External” and only ever send files labelled “External”. This makes it harder to identify which other files on a drive contain the good stuff if someone with malicious intent gains access to your system.
“A simple rule of thumb – would you panic if someone else got hold of this file? ”
Adopt good practices and password protect your files
When working with data, consider the sensitivity of the data and whether or not it ought to be protected. A simple rule of thumb – would you panic if someone else got hold of this file? Would it hurt your reputation and client trust if the data got out there? Probably ought to do something with it then.
At a basic level, password protecting such files in Excel could save a lot of heartache. Excel’s native encryption is pretty hard to brute force and would take time, effort and resource.
When saving your files simply choose “Save as”, and then Tools – General options, and enter a “Password to open”. The file will now be encrypted using this password every time you save it.
The downside is that you now have to share around the password with appropriate people which is a little inconvenient. However, even if everyone in your office knew the password, and the file accidentally got attached to an email, you wouldn’t be worried about the recipients opening it unless the password was leaked also, which is a different kind of problem.
You should of course take independent advice on your own IT requirements and data sensitivity – just because this guy said it on the internet doesn’t mean it’s right for you – however, simple basic steps in the interim might just give you a little peace of mind.
I read “It doesn’t have to be crazy at work” by the Basecamp founders – and can’t recommend it highly enough.
Know that stuff you keep thinking about doing but never quite get around to? Just go for it. You’ll be great.
Good thinking comes from taking a moment away from the grind, the noise and pressure of our regular environment.