Whether an organisation is large or small, spreadsheets are often an overlooked risk by many people.
Flexibility, ease of use, and transferability are a few of the advantages of electronic spreadsheets. Yet, the same features that make spreadsheets useful can also make them risky compared to a managed, specialist line of business application such as a SaaS application.
Security and accuracy problems arise because spreadsheets continue to evolve beyond their initial use case over time; this unplanned augmentation means they are generally not exposed to the same controls and disciplines as managed services or planned IT system changes.
Most organisations adhere to good practices within their managed environment such as applying segregation, identity and access management layers, yet lose that discipline when data is extracted and uploaded into a spreadsheet.
Access Control, Segregation of Duties/Roles and Procedures
A key vulnerability of spreadsheets is that they often contain information needed by various individuals or department units in an organisation. So rather than accessing a single point of truth in the cloud, static spreadsheets are frequently shared via email, shared folders, or via internal or external collaboration tools.
Problems arise quickly due to this sharing because they are not tied to a robust modern access control system, it’s not unusual for any user to easily open a spreadsheet file they receive and view or modify the contents as they wish, or worse - share/republish the document externally without appropriate permission.
The frequent sharing of spreadsheets as files means that duplicates tend to pop up across the organisation leading to confusion about which version of the document is the most recent or ‘correct’ version. Even worse when these files are then edited independently and changes need to then be manually reconciled.
Human Error, Manual Entry, Tampering
Spreadsheets are highly susceptible to trivial manual errors. Due to the fundamental structure of spreadsheets, a slight change in the formula or value in any of their inhabited cells may already affect their overall output.
An accidental copy-paste, omission of a negative sign, erroneous range selection, incorrect data input or unintentional deletion of a character, cell, range, column, or row are just some of the simple errors spreadsheet users frequently encounter.
Rarely are there any counter-checking controls in place in a spreadsheet-based activity and manual errors therefore easily go undetected.
Fraudulent manipulations in company Excel files have already resulted in billion-dollar losses. The main underlying reason behind this spreadsheet vulnerability is an inherent lack of controls, which makes it so easy to alter formulas, values, or dependencies without being detected.
Storage, Backups, & Business Continuity
Traditionally storage of spreadsheets can be very ad-hoc, relying on the author to choose an appropriate place (hopefully not their personal desktop) to store the spreadsheet where it can be accessed in a controlled manner, while still being safely backed up.
The onus is on the organisation to centrally store, apply remote access policies, and design backup & recovery processes around data kept within spreadsheets. And to then audit these policies and processes to ensure standards are being kept.
Want to learn more about how to break free from spreadsheets?
Download our Ultimate Guide to Liberating Yourself From Spreadsheets today!