Data security is hugely important to an organization, so much so that it keeps some users up at night. The trouble is that many users are blissfully unaware of potential faults that put their information at risk. A company’s success rests heavily on the strength of its security measures. Failure to implement and maintain appropriate measures to ensure data integrity can cost millions and add needless headaches to an already stressed accounting team. Beyond those measurable costs, loss of information or a data breach can also damage employee and consumer trust.
If you haven’t yet, you should immediately include your Information Technology department in the data security process. The problem is that many departments are unaware of the different options their IT team offers, so they keep doing things in a time-consuming manner that leaves more room for errors and data breaches.
More often than not, your IT department will be glad you asked these questions. And once armed with answers, you can either rest easy knowing that all security systems are in place and your spreadsheet data is safe, or you can fill the gaps where security lacks and best ensure your financial data is locked down from top to bottom.
Clarity is important. You must define the parameters for each user. By identifying requirements for spreadsheet use upfront, companies can avoid common errors such as versioning mistakes or giving access to the wrong people. Create a separate tab within each spreadsheet to clarify standards for cell formatting, labeling, tracking changes, etc.
Make sure your live and backup spreadsheets are stored in a secure network location and only use a reputable cloud storage provider. Your IT department can help with this. They can create a folder on a network share where your spreadsheet files should be stored. Access can be based on individual needs or groups of users within specified departments. If an unauthorized user tries to access a folder, they’ll receive a message saying they don’t have permission. Also, make sure to keep track of who is allowed access to critical spreadsheets and regularly audit whether access is still required.
Since your financials contain sensitive information, you should add security on a spreadsheet-by-spreadsheet basis. This allows you to lock cells or entire workbooks with a password. In Excel, simply go to File > Info and select Protect Workbook. This setup is common in companies where the sharing and amending of spreadsheets are handled primarily via email. Users sharing data in this manner should also consider how all communication is protected by their internal email admin.
There are always cells within spreadsheets that you don’t want users to change. You can ensure this by locking cells or ranges of cells. For instance, you may wish to lock cells containing any formulas.
Change control is an important piece of managing spreadsheets and protecting data. Enable Track Changes functionality which will highlight any design or data changes users make. This provides visibility into who made modifications and when. You should also use a standardized version naming convention when saving a copy. You can make that as simple or detailed as you like. For example, V1, V2, V3, etc. or also include the date/time of saving, for example, V1_100319_1225.
Create regular backups. Even if they’re kept in cloud storage, it’s a good idea to frequently back them up to local storage. Your IT department should be able to advise you on how workstation data is backed up and where. If a spreadsheet lives on an individual workstation and not a shared network, drive, or server, and that workstation crashes, the entire spreadsheet could be lost. Which means countless hours of work and critical data flushed. Gone forever. Another potential problem to be aware of is the detrimental effects if an important spreadsheet, with the most recent edits, lives only on a workstation. If a user is terminated or access to their workstation is lost, improper backups will make it difficult, if not impossible, for all data to be recovered. This will vary widely based on if the organization uses thin clients, thick clients, and the company security management operations policy.
Spreadsheets allow you to set parameters so that clearly incorrect data can be blocked. For example, if you know that certain cells should only contain numbers between 1 and 10, you can block numbers outside of that range to help prevent errors and protect the integrity of the data. In Excel, you can do this by clicking on the Data tab, then Data Validation, and then set acceptable data ranges or lists.
The bottom line is that every business, big or small, should implement best practices to improve the security and integrity of their data. Never underestimate the importance of spreadsheet control as mistakes will cost you money.
If you’re still concerned about the amount of work it takes to lock down financial numbers to specific users, it may be time to consider an enterprise reporting application, such as Synoptix. These types of systems give you much more flexibility than any spreadsheet could and ensure your data is properly secure from unnecessary breaches and access by the wrong people. You’ll also get additional security capabilities including limiting users’ access to certain drill downs (payroll for instance), while still allowing them to view the big picture so that they can do their jobs. Further, any good application will allow you to completely automate the scheduling and distribution of reports, saving you and the organization thousands of dollars per year.
Jeana has been in the software industry for 15+ years specializing in ERP reporting solutions. She has decades of experience in creative content development and marketing and enjoys exercising, traveling & spending time with her husband & twin boys.
Download Spreadsheets-The Corporate Secret Killer & What to Do About It to better understand its inherent errors, how to manage quality control & overconfidence, with detailed solutions on improving spreadsheets in financial reporting.
THOUGHT LEADERSHIP WHITEPAPER
We want to provide you with an update on the Log4J vulnerability that was identified this weekend as it relates to your Synoptix installation. The short answer is that there should be no vulnerability issues with Synoptix. Synoptix no longer uses Log4J. Version 7 did use version 1.2 of Log4J (which was not vulnerable), and should therefore also be clear of any vulnerability issues related to Log4J version 2.0-2.14 (which was identified this weekend as having vulnerability).