Common Applications May Expose Companies to Data Breaches

Cyber Risk Header

It may seem that common applications such as Word and Excel are intuitive enough not to generate a data breach by inadvertently hiding sensitive data. Yet, the government’s 2015 Information Breaches Survey revealed that 50 per cent of all data breaches were caused by inadvertent human errors.

Each of these breaches cost those companies, on average, between £75,000 and £311,000 due to business disruptions, reputational damage and time spent fixing the breach.

To prevent an application from causing a breach by inadvertently hiding information, be on the lookout for these four sources of hidden data:

1. Hidden columns: Hiding sensitive data in a spreadsheet is not as secure as you might think. For example, setting a column to hidden leaves obvious clues as to how to retrieve that information—such as a gap in numerical or alphabetical sequencing. To ensure that you share only the data you want, check for hidden columns or export the spreadsheet to a comma separated value (CSV) format.

2. Pivot tables: A pivot table is an optional function of a spreadsheet application and is capable of summarising a large set of data. Yet, a separate spreadsheet of the original, raw data may still exist and be hidden from view. To ensure that only the information displayed in the table is shared, you can either export it to a CSV format, or copy the table and paste only the values into a new workbook.

3. Ineffective redaction: When you want to redact or irreversibly remove data, it should only be redacted from a copy of the document—not the original. Also, highlighting the text in black does
not permanently hide the obstructed text as a user could simply copy and paste the information in a new document, revealing the text obscured in black. For best results, use a specific redaction software.

4. Meta data: Meta data refers to the ‘data about data’ which is embedded within files, such as when and where a photo was taken or the comments of a document’s previous author. As you may not want to share all of this data, use bespoke redaction software to remove it.

By adhering to the guidance outlined above, you can help ensure that you and your employees only share the information that you want to.

If you would like to run a health check on your current arrangements for cyber security - by running a simple self-assessment tool - then you can download a copy of our Cyber Risk Exposure Scorecard. This guides you through 20 questions to highlight areas where you may be prone to data breaches, hacking or other cyber crime.  Just a few minutes of your time in understanding any risks could make a big difference to your cyber security.

In order to afford your business or organisation the best protection, Bollington can offer advice on insurance products that meet your needs. Call us now to find out more.