Making consumer and sensitive data more secure has been top of the agenda for business leaders and managers in a wide range of sectors since GDPR was announced.
Even up until and after the new law came into effect across Europe, on 25 May 2018, companies were scrambling to safeguard data, opt-in databases, issue new privacy policies and train staff. The risks to data remain. Especially when companies share financial projections, records and other important financial documents (usually in spreadsheets) as attachments across email.
Risks when sharing sensitive data
Mistakes happen. Type in the wrong email address, or accidentally CC the wrong person and you could cause a whole world of problems. Gmail has a feature that lets you pull an email back in the first few seconds, if you realise in time, but most email platforms and services don’t let you do that.
Financial information can also fall into the wrong hands on purpose. If an unhappy employee, or even service provider, such as a bookkeeper or accountant, sent an email to a competitor, the media or investor, you’ve got no way of stopping them. Trust goes a long way in corporate environments, until it is broken, and you need to repair the damage.
Sure, you can find out who and how, what computer and what email address – unless they’ve shared a document with themselves then sent it from a personal email account. But none of that, after the fact, will prevent someone from maliciously or accidentally sending a document to someone who shouldn’t have access.
And then, of course, there is still the risk that cybercriminals will break into personal or corporate inboxes and steal sensitive data. Cyberattacks are on the rise and these are the two best avenues into a company’s systems. In any of these scenarios, companies risk reputational damage, the loss of investor confidence, and potentially, GDPR-related fines (currently up to 4% of global annual turnover or €20 million, whichever is higher).
How to reduce risks: Selective sharing tools
In Excel 360 (the online version) there is a way to restrict who can access the document. However, since in Excel there is a need to create various copies and versions for different stakeholders, soon data chaos kicks in and you lose control of who has what piece of information. Unfortunately, for those looking to reduce data compliance risks, you can’t do this effectively using Excel.
However, there are a few ways you can keep financial information secure when sharing with colleagues, stakeholders and accountants or auditors.
One way is to upload a document to a secure encrypted cloud-platform. This way, you can set access permissions, and with most, you can restrict who can download/edit and where/how they share the link. Depending on how an encrypted cloud is integrated with your security and VPN, this should allow you to restrict access to internal systems, avoiding the risk of documents wandering over to personal inboxes shared over the Internet.
The only problem with this approach is that you need to download the document to edit it and, once the document is downloaded, it can be shared via email again. It is out in the open, with the same risks we mentioned earlier.
One way to drastically reduce your data leak threat would be to use a spreadsheet that does not require the creation of multiple versions, that is the single source of truth for all stakeholders and that allows to share only selected parts (i.e., a group of cells, a worksheet, a chart) with selected people. Visyond is a secure cloud-based spreadsheet platform gives companies and teams the ability to work on the same document without multiple copies flying around between email addresses. Control who has access to what parts of the spreadsheet and what they can or can’t do, what they can or can’t see when they’re in the spreadsheet. For extra security, you can also see a record of who has made changes.
With selective sharing, you gain complete peace of mind. Sensitive data remains secure, and with access control in place you won’t lose sleep over who’s sharing a document that contains information that should stay within a restricted team.
By Gianluca Bisceglie, Founder, Visyond
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/