Financial services need a multilayered approach to catching security risks such as unsecured Microsoft Excel files, due to CFOs continued reliance upon them.
That approach should include implementing strong identity and access management, encrypting data at rest and in transit, classifying sensitive data and establishing consistent governance policies.
About 70% of CFOs still depend on Excel spreadsheets for planning, forecasting and reporting, according to EASA Software. This is problematic because unsecured spreadsheets pose a significant threat to data security, especially in highly regulated industries such as finance.
“These files are often shared via email or stored on local drives without file-level encryption, access controls or audit trails,” says Heather Ceylan, CISO at Box. “This opens the door to unauthorized access, data leakage and compliance violations.”
Click the banner below to start implementing smarter security.
Unmanaged Spreadsheets Lead to Security Challenges
Spreadsheets can also harbor malicious macros, executable code embedded in files to download malware or initiate phishing attacks when enabled.
When spreadsheets are unmanaged and distributed across disparate systems, it’s nearly impossible to ensure version control, user accountability or adherence to data retention policies from a governance perspective, Ceylan says.
CFOs’ continued reliance on spreadsheets presents operational and security challenges.
“While Excel remains a powerful and familiar tool, its use in mission-critical processes can introduce risks related to data integrity, collaboration inefficiencies and security gaps,” Ceylan says. “Financial services organizations are particularly exposed, due to the sensitivity of the data involved and the strict regulatory frameworks they operate under.”
Click the banner below to sign up for the BizTech newsletter for weekly updates.
The Importance of Audits and Platforms for Secure Workflows
Financial services using Excel should conduct regular audits of that tool and others to ensure compliance with internal and external standards and identify security gaps before they’re exploited, Ceylan says.
Additionally, low- and no-code platforms help organizations build secure, automated workflows that reduce manual handling of sensitive data, thereby limiting human error. Still, these platforms need to be deployed within a secure, governed framework to avoid introducing new vulnerabilities, Ceylan says.
Real-time decision-making and compliance require financial services to maintain a single source of truth, enforce access controls and track who made changes when.
Box’s secure, intelligent content management platform lets financial services safely manage, share and collaborate on sensitive financial data thanks to enterprise-grade encryption, granular access and audit trails throughout the data’s life cycle; whether that data is accessed on a desktop or mobile device or integrated into a broader workflow doesn’t matter.
“Box Shield adds an intelligent layer of threat protection and classification, helping organizations prevent data leakage before it occurs and stop malicious content,” Ceylan says. “For organizations navigating complex regulatory landscapes, our compliance certifications and data governance policies help them meet compliance requirements — including FINRA, GDPR, CCPA and PCI DSS — without introducing friction.”
UP NEXT: Why MVDG makes sense for financial services.
