EASA specialises in turning complex spreadsheets and legacy tools into secure, scalable web apps without traditional coding. Sebastian Dewhurst, Founder of EASA, discusses how SMEs can leverage spreadsheets for maximum output.
Identifying the potential security risks spreadsheets contain
Spreadsheets are the backbone of every SME (small and medium enterprise), serving as tools for managing everything from financial tools and sales forecasts to customer databases and inventory lists. The accessibility and versatility have proven spreadsheets to be an indispensable tool for daily admin tasks, making this an attractive option for many SMEs, especially as they are cost-effective and easy to use.
However, this comes at a price. Easy access can ultimately create security vulnerabilities when it comes to protecting sensitive business data. Without the right safeguarding processes in place, one spreadsheet can easily become a Trojan Horse for multiple data breaches, which can spiral into a domino effect of consequences for the business
For SMEs, data is king. It is the core framework that drives a business, and if this information ends up in the wrong hands, the consequences will be severe. Unlike other business systems, spreadsheets lack the necessary built-in systems needed to protect the data as they are often stored on local and cloud drives, as well as shared with ease amongst multiple people.
Sharing spreadsheets using macros or VBA [Visual Basic for Applications] conventionally can lead to difficulties such as version control issues, compatibility problems, user errors and large file sizes. More importantly, it introduces a huge security risk that opens a Pandora’s box of issues that include the potential for malware data manipulation and harmful automation to say the least.
Although convenient, this can build up dangerous habits that can lead to unauthorised access to sensitive info, as well as phishing attacks that can happen through spreadsheets that have been maliciously altered. For SMEs with limited resources, these types of threats are even more dangerous.
What SMEs can do to protect themselves
- A strong password goes a long way
There are numerous ways in which SMEs can take steps to protect themselves. First and foremost, businesses should strengthen their passwords. Current spreadsheet software, such as Microsoft Excel and Google Sheets, offers file-level password protection, which should be activated automatically for any spreadsheet that contains sensitive information. All passwords should contain a mixture of letters, numbers and special characters and making use of password managers can help you to store this information safely.
Also, spreadsheet access should be limited to a need-to-know basis; not every employee needs full editing rights to the document. By using role-based permissions, managers can assign view-only or comment access as needed and review the permissions on a regular basis, especially when team members make changes. With cloud-based platforms like Microsoft 365 and Google Workspace, this process can be made simple, offering greater visibility and control over shared files.
- Encryption: The invisible armour protecting businesses
Encryption is also another viable security method which can be used to further protect spreadsheets. SMEs need to educate their employees on the importance of encryption as well as inform them of the practical applications of its usage, such as BitBlocker for Windows, as well as FileVault for MacOS, which can be used for files that are stored locally on computers or laptops.
Applying key management practices for cloud-based encryption software is essential. For SMES handling sensitive data, exploring specialised third-party file encryption software that offers advanced encryption algorithms and precise control over encryption settings may be worth investing in.
Maintaining the accuracy and integrity of the data stored within spreadsheets is vital for making the correct decisions. SMEs should move beyond basic rules for data and protection and start thinking about implementing more complex techniques. This includes using custom formulas and specific criteria within data settings in order to strengthen data integrity rules, which can prevent potentially malicious data entries.
By also utilising the built-in form features of spreadsheet software or integrating with form builders, such as Google Forms, can provide a controlled approach to data input, which will minimise manual errors and ensure a more consistent approach to data. Using cloud-based spreadsheets to actively leverage the built-in version history can provide an invaluable audit trail, which allows SMEs to track changes to the data and identify any anomalies.
- A strategic shift towards spreadsheet security
The physical location where spreadsheets with sensitive data are stored and the methods that are used to share them impact their overall security massively. SMEs need to start discouraging their staff from storing business spreadsheets on local devices that are unmanaged, as these devices are less secure and prone to theft. What SMEs can do is make a strategic approach that utilises centralised and more secure storage solutions, such as company-managed servers or a reliable cloud storage provider with vigorous access controls and end-to-end encryption.
Although the practice may be deemed inconvenient, SMEs should avoid the practice of sharing sensitive files through email directly. Instead, they should start using file-secure platforms that offer more robust security features. Password protection should be used for shared links, and timed access should be activated as well. Another method that should be implemented is the use of comprehensive audit logs for access and any changes that are made. For SMEs with remote employees who have access to sensitive data from external locations, the use of VPNs (Virtual Private Network) can establish secure and encrypted connections, which lowers the risk of data being transferred over insecure networks.
- Creating an effective environment for spreadsheets
Spreadsheets are powerful tools that drive efficiency and provide critical insights for SMEs. But in order to fully tap into their full potential, a strategic and disciplined approach using technology is necessary to boost their security. Proactive investment in spreadsheet security is not simply about lowering the risk of reputational damage and financial losses, it is also about building and maintaining customer trust, as well as safeguarding the long-term success of the business in a world that is constantly threatened by cyber-risks.
