Is Your Internal Financial Reporting Data Safe?
Posted on: October 8, 2019
Data security is hugely important to an organization, so much so that it keeps some users up at night. The trouble is that many users are blissfully unaware of potential faults that put their information at risk. A company’s success rests heavily on the strength of its security measures. Failure to implement and maintain appropriate measures to ensure data integrity can cost millions and add needless headaches to an already stressed accounting team. Beyond those measurable costs, loss of information or a data breach can also damage employee and consumer trust.
Studies show that most companies are using spreadsheets, at least in part, to create their internal financial reports. Therefore, it’s imperative you’re maximizing security within those critical spreadsheets which contain the life and death financial information of your company. Obviously, you don’t want your sensitive financial data lost or made visible to the wrong eyes.
If you haven’t yet, you should immediately include your Information Technology department in the data security process. The problem is that many departments are unaware of the different options their IT team offers, so they keep doing things in a time-consuming manner that leaves more room for errors and data breaches.
Questions To Ask Your IT Department To Streamline Spreadsheet Security
- What spreadsheet sharing options does our infrastructure support?
- Do we have existing user policies we can apply to secure our spreadsheets?
- Am I responsible for backing up my data or is there a backup policy in place that covers our spreadsheets?
- According to current company security policies, what’s the best way to disseminate data for approved users?
More often than not, your IT department will be glad you asked these questions. And once armed with answers, you can either rest easy knowing that all security systems are in place and your spreadsheet data is safe, or you can fill the gaps where security lacks and best ensure your financial data is locked down from top to bottom.
2019 Best Practices To Secure Spreadsheets
Clarity is important. You must define the parameters for each user. By identifying requirements for spreadsheet use upfront, companies can avoid common errors such as versioning mistakes or giving access to the wrong people. Create a separate tab within each spreadsheet to clarify standards for cell formatting, labeling, tracking changes, etc.
Store in a safe network location
Make sure your live and backup spreadsheets are stored in a secure network location and only use a reputable cloud storage provider. Your IT department can help with this. They can create a folder on a network share where your spreadsheet files should be stored. Access can be based on individual needs or groups of users within specified departments. If an unauthorized user tries to access a folder, they’ll receive a message saying they don’t have permission. Also, make sure to keep track of who is allowed access to critical spreadsheets and regularly audit whether access is still required.
Since your financials contain sensitive information, you should add security on a spreadsheet-by-spreadsheet basis. This allows you to lock cells or entire workbooks with a password. In Excel, simply go to File > Info and select Protect Workbook. This setup is common in companies where the sharing and amending of spreadsheets are handled primarily via email. Users sharing data in this manner should also consider how all communication is protected by their internal email admin.
Protect static parts of spreadsheets
There are always cells within spreadsheets that you don’t want users to change. You can ensure this by locking cells or ranges of cells. For instance, you may wish to lock cells containing any formulas.
Create control system for changes
Change control is an important piece of managing spreadsheets and protecting data. Enable Track Changes functionality which will highlight any design or data changes users make. This provides visibility into who made modifications and when. You should also use a standardized version naming convention when saving a copy. You can make that as simple or detailed as you like. For example, V1, V2, V3, etc. or also include the date/time of saving, for example, V1_100319_1225.
Create regular backups. Even if they’re kept in cloud storage, it’s a good idea to frequently back them up to local storage. Your IT department should be able to advise you on how workstation data is backed up and where. If a spreadsheet lives on an individual workstation and not a shared network, drive, or server, and that workstation crashes, the entire spreadsheet could be lost. Which means countless hours of work and critical data flushed. Gone forever. Another potential problem to be aware of is the detrimental effects if an important spreadsheet, with the most recent edits, lives only on a workstation. If a user is terminated or access to their workstation is lost, improper backups will make it difficult, if not impossible, for all data to be recovered. This will vary widely based on if the organization uses thin clients, thick clients, and the company security management operations policy.
Spreadsheets allow you to set parameters so that clearly incorrect data can be blocked. For example, if you know that certain cells should only contain numbers between 1 and 10, you can block numbers outside of that range to help prevent errors and protect the integrity of the data. In Excel, you can do this by clicking on the Data tab, then Data Validation, and then set acceptable data ranges or lists.
The bottom line is that every business, big or small, should implement best practices to improve the security and integrity of their data. Never underestimate the importance of spreadsheet control as mistakes will cost you money.
One Final Note
If you’re still concerned about the amount of work it takes to lock down financial numbers to specific users, it may be time to consider an enterprise reporting application, such as Synoptix. These types of systems give you much more flexibility than any spreadsheet could and ensure your data is properly secure from unnecessary breaches and access by the wrong people. You’ll also get additional security capabilities including limiting users’ access to certain drill downs (payroll for instance), while still allowing them to view the big picture so that they can do their jobs. Further, any good application will allow you to completely automate the scheduling and distribution of reports, saving you and the organization thousands of dollars per year.
Jeana has been in the software industry for 15+ years specializing in ERP reporting solutions. She has decades of experience in creative content development and marketing and enjoys exercising, traveling & spending time with her husband & twin boys.