Human Error and Manual-Process Risks
Like most programs, using spreadsheet software is a manual process. This means calculations are susceptible to human error. The most common is keying the wrong numbers, deleting formulas, not linking new fields or a failure to update formulas.
Formulas are unique and have specific tasks, as there is no automated process to check for worksheet errors; checking these files is an onerous but important task to prevent errors from happening. Regular auditing and checking of spreadsheets will prevent the need to rebuild the work from scratch.
Security Vulnerabilities and Malicious Threats
High-profile cases have made the headlines in recent years because of spreadsheet security risks. This has at least prompted organisations to develop proper procedures for spreadsheet development, and policies and guidelines do go some way to mitigating risks.
However, threats posed by viruses, Trojans and unencrypted USB sticks are still prevalent, and organisations must be vigilant. Security features such as password protection, hiding or protecting sheets and other features are not actually designed to secure information and can be easily bypassed.
Even with security measures, the threat of hacks is constant. Many organisations are not aware that software is readily available to crack passwords or open spreadsheets and remove all perceived protection features, such as hidden sheets.
Note: One of the best‑known spreadsheet viruses, Malissa, surfaced in March 1999. It spread via malicious macros in Office documents, emailing itself to every contact in an infected user’s Outlook list.
Unsecured Employee Devices
Personal devices that employees bring to work must also be considered for security protocols, or businesses should maintain all data on local servers and allow remote access only to approved employees.
Viruses are also widely transmitted by spoofing methods that include file names like “unpaid invoice,” “overdue invoice,” and similar terms in an email. These phishing approaches try to manipulate unsuspecting users into opening the attachment.