2 min read time

Excel Filters for the Fail

by   in Cybersecurity

 In the space of just a few days here in the UK we have had reports of two data breaches that seem to have many similarities.  Both of these breaches involved the police and freedom of information requests (FOI) – one in Northern Ireland involving the NI Police Service and the second involving the Norfolk and Suffolk constabulary.  More information can be found here on the BBC and Sky of each case.

These are both incredibly serious, and on-going stories.  I am sure they will have serious and ongoing ramifications for those whose data has been inadvertently exposed.  We already know that the data of the police officers is in the hands of republicans and recent history shows what could happen.

The real interesting thing here is not that we are looking at a hack, a zero day or a spear fish but an internal mistake.  It all seems to stem from an assumption that a filtered Excel spreadsheet does more than just hide data in the presentation layer. 

Excel filters and data slicers are incredibly powerful.  I use them almost daily in my sales engineering role here at Voltage OpenText, but as they used to write on old maps ‘here be dragons’.

If an organization cannot manage relatively simple processes like this, then they need procedures and technology.  Topics such as DSARs, FOI, and ‘Right to be Forgotten’ sound easy on paper but time and mistakes and shown that they are not. And if they struggle with these, then they will definitely struggle with understanding their known and unknown (dark) data, both how to manage and protect it. 

Not to belabor the point, but if this process was being run and orchestrated through Voltage Fusion our Data Protection Platform they would have seen an inconsistency with the user previewing the file in Excel directly seeing one or two names or addresses. Voltage Fusion would have been able to show that it contained thousands of PII elements, The users would also be able to add a configurable risk score and drill down to specific data elements. This drill down technique is called HIT Highlighting which allows a person to quickly jump to the exact location of any of the discovered sensitive value inside the files.

                                       

We have even taken solution elements of our technology and, through the use of APIs, built data discovery and anonymization into existing data off shoring and FOI pipelines for large

Want to learn more about how Voltage Fusion can help you? Join our Voltage Data Privacy and Protection Community. Keep up with the latest Tips & Info about Data Privacy and Protection. We’d love to hear your thoughts on this blog. Log in or register to comment below.

Labels:

Data Privacy and Protection