Call us 9am-5pm Mon to Fri0161 233 4499

Common Applications May Expose Companies to Data Breaches

By CIEEM Insurance Services

It may seem that common applications such as Word and Excel are intuitive enough not to generate a data breach by inadvertently hiding sensitive data. Yet, the government’s 2015 Information Breaches Survey revealed that 50 per cent of all data breaches were caused by inadvertent human errors. Each of these breaches cost those companies, on average, between £75,000 and £311,000 due to business disruptions, reputational damage and time spent fixing the breach.

To prevent an application from causing a breach by inadvertently hiding information, be on the lookout for these four sources of hidden data:

  1. Hidden columns: Hiding sensitive data in a spreadsheet is not as secure as you might think. For example, setting a column to hidden leaves obvious clues as to how to retrieve that information—such as a gap in numerical or alphabetical sequencing. To ensure that you share only the data you want, check for hidden columns or export the spreadsheet to a comma separated value (CSV) format.
  2. Pivot tables: A pivot table is an optional function of a spreadsheet application and is capable of summarising a large set of data. Yet, a separate spreadsheet of the original, raw data may still exist and be hidden from view. To ensure that only the information displayed in the table is shared, you can either export it to a CSV format, or copy the table and paste only the values into a new workbook.
  3. Ineffective redaction: When you want to redact or irreversibly remove data, it should only be redacted from a copy of the document—not the original. Also, highlighting the text in black does not permanently hide the obstructed text as a user could simply copy and paste the information in a new document, revealing the text obscured in black. For best results, use a specific redaction software.
  4. Meta data: Meta data refers to the ‘data about data’ which is embedded within files, such as when and where a photo was taken or the comments of a document’s previous author. As you may not want to share all of this data, use bespoke redaction software to remove it.

By adhering to the guidance outlined above, you can help ensure that you and your employees only share the information that you want to.


To read more download the full full edition of Cyber Risks and Liabilities – January|February 2016

View the complete document archive