There should be no schadenfreude experienced after the news reports of BlackRock accidentally leaking a spreadsheet containing the PII (personally identifiable information) of close to 20,000 independent financial advisors who distribute their iShares products. It can happen to anyone and in fact, it happens all the time.
The root cause in this instance was not criminal hacking, but the inadvertent (and temporary) posting of several spreadsheets containing PII to a public part of BlackRock’s website. It’s too early to understand all the mechanics involved, but it’s apparent that human error played a major role. So, what can be done to prevent such incidents in your company?
The short answer is better controls for those applications under end-user control (EUC), of which Excel spreadsheets are by far and away the most common application type. Spreadsheets are ubiquitous and that familiarity breeds complacency. Most people are ambivalent about the risks associated with spreadsheets, whether it be the risk of an error in a financial report or sensitive data loss. Better processes combined with technology-enabled controls can provide:
- Systematic capability to identify the presence of hidden sheets that may contain PII or PHI
- High speed file share scanning technology to detect unauthorized storage of files containing PII on network drives
- Data Classification technology to identify confidential files and create more information security awareness at the user level
- EUC Inventory technology to enable closer monitoring of the critical EUCs e.g. the files that are known to contain PII and/or are used within a critical business process
- Centrally managed controls to enforce password policy and render important spreadsheets unreadable if moved outside of the firewall
None of these options is a magic silver bullet and despite the technology, human error reigns supreme. Nonetheless, having more effective EUC controls can reduce the likelihood of such an incident happening to you and your company.
To learn more, download our white paper Spreadsheets vs. Information Security.