Tuesday, January 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Data Privacy

Preventing “The Great Spreadsheet Escape:” Lessons from BlackRock’s Data Leak

It Could Have Been Worse. It Also Could Have Been Prevented.

by Diane Robinette
March 20, 2019
in Data Privacy, Featured
illustration of leaky faucet in blue

In January, BlackRock accidentally leaked confidential sales data by posting spreadsheets unsecurely online – certainly not the first time we’ve seen sensitive information “escape” an organization. Incisive CEO Diane Robinette provides guidance companies can follow to minimize spreadsheet risk.

Several weeks ago, the world’s largest asset manager, BlackRock, accidentally posted a link to spreadsheets containing confidential information about thousands of the firm’s financial advisor clients. As reported by Bloomberg News, the link was inadvertently posted on the company’s web pages dedicated to BlackRock’s iShares exchange-traded funds. Included in these spreadsheets was a categorized list of advisors broken into groups identified as “dabblers” and “power users.”

While BlackRock was lucky in the fact that there was no financial information included on these spreadsheets, they are still left to deal with reputational damage. For the rest of us, this breach brings an important issue — spreadsheet risk management — back into the spotlight.

Despite years of rumors predicting the demise of spreadsheets, they are still widely used by businesses of every size. And why shouldn’t they be? Beyond providing an easy way to categorize clients and business partners, spreadsheets continue to meet the analytical needs of finance and business executives. They are especially useful for analyzing and providing evidentiary support for decision-making and for complex calculations where data is continuously changing. Yet, as we’ve seen time and time again, spreadsheets represent continued exposure to risk.

Accidentally clicking on the wrong spreadsheet is an easy mistake to make, especially when all documents are stored and treated equally. For example, it may seem obvious that a confidential spreadsheet should not sit alongside a football or Oscars pool spreadsheet, yet sometimes they do. When this happens, in a rush, it’s easy to click on the wrong spreadsheet and hit “send” or “post” before realizing the error. Putting policies in place that dictate such things as where confidential spreadsheets are stored is a good start. However, policies and procedures alone are simply not enough. Technology that enforces these policies and limits spreadsheet access to only authorized users is critical to stopping spreadsheets from escaping.

In an effort to gain control over spreadsheet risks, it’s not uncommon for companies to focus on change management. And while there is great value in the ability to track who changed what, when they changed it, etc., change management alone is also not enough.

It’s essential to put controls around spreadsheets that allow policies to be set and enforced and to dictate such things as who can access a spreadsheet or whether a spreadsheet can be saved outside the system. Spreadsheet risk management technology cannot entirely prevent scenarios like the BlackRock one from happening (yet). However, the ability to house critical spreadsheets in a controlled environment, along with policies and procedures, can limit these situations from happening.

Human error is always a liability. And while technology alone isn’t the answer, the right technology will provide the visibility and transparency to ensure you’re doing the right things. Implementing controls to manage the risks associated with business-critical spreadsheets will help keep companies from becoming the subject of embarrassing or devastating headlines.


Tags: information managementreputation risk
Previous Post

Proposed Privacy Legislation Grows at the State Level

Next Post

Deloitte Report: 94 Percent of Boards Surveyed Aim to Increase Diversity, Industry-Specific Experience Tops Board Recruitment Priorities

Diane Robinette

June 15 - Diane Robinette headshotDiane Robinette is president and CEO of Incisive Software, a provider of innovative risk intelligence spreadsheet management solutions. She has more than 20 years of experience in strategic planning, marketing, product management, business operations and management. Diane has worked in companies from startups to large enterprises in various industries including high-tech, aerospace and defense, telecommunications, financial services and transportation.

Related Posts

digital cybersecurity and network protection

Vetting Vendors’ Cybersecurity

January 26, 2021
illustration of man on ladder with binoculars, 2021 outlook concept

Financial Services Compliance in 2021

January 25, 2021
illustration of mafia man in silhouette with red tie

The Mafia’s Jackpot: How Criminal Organizations are Profiting from COVID-19

January 22, 2021
illustration of videoconference, screen and speech bubbles

New Risks as COVID-19 Forces Rapid Technology Adoption

January 21, 2021
Next Post
racially diverse hands raised on yellow background

Deloitte Report: 94 Percent of Boards Surveyed Aim to Increase Diversity, Industry-Specific Experience Tops Board Recruitment Priorities

Access realtime data
Dynamic Risk Assessments with Workiva

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security internal audit KYC/know your customer machine learning monitoring regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights