Today we will talk about Excel security issues.
In the first part we tried to investigate what kind of mistakes you can face with, using Excel in commodity trading.
In the previous part we saw what obstacles can Excel propose for scaling of the company.
Commodity traders never associate word ‘security’ with a data security. It is always about the cargo. Thus they insure vessels but not the data about them. However, losing each of those could cause dramatic issues for the company.
Let’s figure out how that could happen?
Excel security issue #1: Sending files via Email
Imagine, you just have made all corrections in your Excel file (where all your operational reporting is situated) and willing to send the result to colleagues.
You were distracted or you were in a hurry. Whatever happened, it might lead to an error in the addressee line and all reports sent to counterparties. It can’t be unseen, it can’t be returned, it’s not a bank transfer you can ask to send back, it’s worse. It is a point of non return.
Let’s see how that can happen: I am just trying to pick the address of my company, typing – Grain… and in addition to the company emails, I also see some other one that I can click on in hurry and the deal is done.
And it is can’t be unseen :)
Excel security issue #2: remove access from employees
The employee leaves the company. The first question is, has he signed an NDA? And if he did, how would this affect the fact that he could use the company’s data in any way he wanted.
The second question – let’s not even talk about very sensitive data, like P&L or contracts with counterparties.
Let’s see the usual Excel workbook each employee maintains for himself. He leaves the company and all his experience, all his accomplishments, all his data and achievements – go with him.
Excel security issue #3: manipulations in Excel, that are impossible to track
In the article about mistakes we already considered unintentional errors and what they can lead to. Now let’s talk about intentional errors, which are even harder to track down.
The story that happened to us and our clients illustrates the situation in a nutshell:
Amidst the process if implementation of Graintrack into the company, we compared how the deal calculator in our system processed with the results of their standard Excel template for calculations.
The bottom line is that different departments of the company entered data into this template: shipping costs, freight, insurance, purchase price, exchange rates, and so on. And then, when it was necessary to calculate the approximate margin of the upcoming transaction, this file was used to approve whether we go with the business or not. We got the same data, fed it into the Graintrack, and found that our final result didn’t add up by about $1,000. We double-checked, asked for another deal, but the result was the same.
We started to check how the client’s file counts and found that in a long formula that adds up all costs with each other, as in the figure above (in the figure – this is fictitious data for an example). Among all the calculation formulas, +1000 was written, which was the reason for the discrepancy. The employee responsible for this simply said: “Oh, now we’ll fix it, thanks.” The question is whether it was done on purpose or by chance – it is no longer for us. But we were happy to help and find such a mistake, but how many trades had they confirmed with this formula before?
Excel security issue #4: Industrial espionage
If you think it is related to large corporations with thousands of employees only – it’s not. The commodity market is not such a big and frequent case is – when one employee jumps from one company-our client to another and happily sends us an email: “Ah, I’m at the new place and here you are guys, as well!” The turnover of staff in the industry is quite high. All these people are mostly pleasant, smiling and responsible professionals. But where is the guarantee that all of them are such? There is a general shortage of talent on the market and often companies hire a person with no experience in the industry and teach him everything themselves, and almost immediately provide access to sensitive company data.
It is enough to work in the company for several weeks or months to get access to the server with data that is not a problem to merge and is not tracked in any way. Industrial espionage is a deliberate employment of a spy employee from another company who, after finding out the necessary information, leaves the company.
Excel security issue #5: Hacking
The last but not lease important and frequent. Not so long ago, the Petya virus caused a lot of devastation, and everyone has already relaxed and forgot. Although the best hack is the one where you don’t even know you’ve been hacked.
Employees write down passwords on pieces of paper, open fishing emails, and…. do you still have open Wi-Fi in your office? If at least one of the points is true – congratulations, with a high degree of probability you have already been hacked.
The usage of online tools that can be accessed by intruders through access to the mail of employees who, in most cases, come up with too easy passwords, or become victims of social networks engineering.
When you use a system for operational management, customized ERP for a commodity business, or CTRM, your data is securely encrypted and protected.
In such systems, user sessions have a timeout, there is a validation for password complexity, there is data validation, access control, tracking of IP addresses and attempts to download important data. Using a specialized ERP or CTRM systems allows you to protect your data from all the above troubles.
Well, if you love Excel so much, then we at Grain Track made it so that to edit large data arrays, employees can use Excel built into the system, which, after editing, checks all the data and identifies errors that could occur in a regular Excel.