Spreadsheets are a Security Risk

Excel has long been a target for hackers; all it takes is one person to open an attachment in an email and all of your systems can become infected. 

While there are many alternatives for spreadsheets most organisations around the world still consider them as a core component in their IT structure and admit they support critical parts of the businesses. Their omnipresence and familiarity mean that business leaders and employees are more than happy to keep working with them, even though they pose security risks for the business. Spreadsheet security is rarely on the radar of senior executives.

Spreadsheets develop over time 

Security problems arise because the worksheets develop over time, this unplanned augmentation means they are generally not exposed to the same controls and disciplines as planned and managed IT projects. Most organisations administer good practice within their ERP environment such as applying segregation, identity and access management layers, yet lose that discipline when data is extracted and uploaded into a spreadsheet.

Spreadsheet security risk has received more attention

High profile cases have made the headlines in recent years because of security risks in spreadsheets. This has at least focused organisations to develop proper procedures for spreadsheet development and policies and guidelines do go some way to mitigating risks. However, threats posed by viruses, Trojans and unencrypted USB sticks are still prevalent and organisations must be vigilant. Security features such as password protection, hiding or protecting sheets and other features are not actually designed to secure information and can be easily bypassed. Even with security measures, the threat of hacks is constant. Many organisations are not aware that software is readily available to crack passwords or open spreadsheets and remove all perceived protection features such as hidden sheets.

Personal devices that employees bring to work must also be considered for security protocols or businesses should maintain all data on local servers and allow remote access only to approved employees. Viruses are also widely transmitted by spoofing methods that include file names likeunpaid Invoice, overdue Invoiceor similar terms in an email. These fishing approaches try to manipulate unsuspecting users to open the attachment.

Be aware of viruses 

One of the best-known spreadsheet viruses was first released in March 1999, the virus named Malissa, infected computers around the world by way of malicious macro code inside Office documents, including Excel. The virus emailed itself to everyone within an affected user's Outlook contact list.

The widespread use of spreadsheets across businesses of all sizes can make it easy to overlook the potential risks they can pose. Companies that follow best practice will ensure they are less vulnerable to security breaches and data flaws. For more information on spreadsheet security risks and how to mitigate it download Mercur’s complimentary e-book.

Mercur has produced a complimentary e-book which sets out six critical risks of reporting in spreadsheets and how to mitigate them. To download your free copy click here.



You may also be interested in

Mercur Solutions (UK) Limited - UK office

Mercur Solutions Limited
Ocean House, The Ring, Bracknell RG12 1AX, United Kingdom
+44 (0) 1344 388 025

Mercur Solutions AB - head office in Sweden

Mercur Solutions AB
Vretenvägen 13, SE-171 54 Solna
+46 (0)-459 69 00


Malmo Office

Stortorget 3, SE-211 22 Malmö


Kyrkogatan 24, SE-411 15 Göteborg

Mercur Solutions

A Swedish company with over 40 years of experience, delivering solutions for performance management and business intelligence.




Read Mercur Business Control Reviews on GetApp.com