Originally launched in 1985, Microsoft Excel has long been an essential software and management tool for 99.99% of businesses, with versions available for Windows, MacOS, Android, and iOS.
This nearly ubiquitous spreadsheet software offers features such as calculations, graphing, and data sorting. Excel is commonly used for all sorts of organizational tasks such as budgeting, planning, data reporting and analysis, and more.
But how safe is Excel for transferring sensitive data?
In 2020, Microsoft’s Security Intelligence team announced it had detected a phishing campaign that specifically targeted Excel. The campaign was based around an email that appeared to come from a medical center. The email was related to the COVID-19 pandemic and came with an Excel attachment. If downloaded and opened, the Excel file displayed a graph of COVID-19 cases in the US and a security warning.
If users bypassed the warning and allowed the file to run, the device would download and run NetSupport Manager, which is a remote access tool often used by hackers to control external devices, such as a victim’s computer.
Microsoft admitted that this campaign was just one of hundreds that targeted Excel. But Microsoft was not the only target: by September of 2021, data breaches across industries and software programs had surpassed breaches from the year prior by 17%.
Unauthorized access is responsible for 20% of breaches, making compromised credentials stand out as a leading cause of data breaches. Remote working and subsequent digital transformations (e.g., moving to face-to-face meetings to teleconferencing technology) due to the COVID-19 pandemic increased the average cost of a data breach by 10%.
Encryption can be key to mitigating unauthorized access to cloud-based storage systems, email accounts, computers, laptops, tablets, and portable storage devices.
This encryption should extend to Microsoft Excel files. Since Microsoft Excel spreadsheets often contain numerical inputs, its files may contain sensitive information, such as financial data. It is therefore vital to encrypt Excel files to protect the data within.
This article explains how encryption works, why enterprise-level companies need to encrypt Excel files, and provides step-by-step instructions on how to encrypt Excel files using a security solution like WinZip® Enterprise.
How does encryption work?
Encryption keeps sensitive information safe from unauthorized access. The encryption process takes data and transforms it into another form or code that can only be accessed with a decryption key or password. Unencrypted data is known as plain text; encrypted data is called ciphertext.
Encoding (and decoding) data is accomplished using encryption algorithms (also known as ciphers). Part of the algorithm is an encryption key. An encryption key is a variable value which creates the cipher’s unique output. As the name suggests, it is the key to unlocking the encrypted text.
Why enterprise-level companies need to encrypt Excel files
Unfortunately, Microsoft Excel files are common targets for malware––especially when these files are sent via email. Verizon reports that 46% of malware attacks that happened to organizations in 2020 originated from an email.
Microsoft products are particularly susceptible to macro viruses, which are viruses that use the same macro language as software programs such as Microsoft Word or Microsoft Excel. Since the virus is written using the same language as these software programs, it can corrupt documents––and your device’s software.
Unauthorized access to files and data can be detrimental to both the companies and their clientele. Potential consequences of unauthorized access include the following:
- The manipulation or destruction of sensitive data. Unauthorized access by nefarious third parties can lead to tampering with Excel files containing important information. If these files are not backed up on other devices, this data can be irretrievable.
- Negative impact on a company’s reputation. A Forbes study reports that 46% of businesses experience damage to their reputation and brand value because of a data breach. An additional 19% of organizations suffer reputation and brand damage caused by either a third-party security breach or an IT system’s failure.
- Loss of revenue. While a data breach can harm an enterprise’s reputation and deter potential customers, it may also affect the organization’s current customer base. PricewaterhouseCoopers (PwC) reports that 87% of consumers are willing to cut ties with a business when data breaches take place.
- Regulatory ramifications. Businesses must adhere to specific regulatory standards for data privacy. These standards will vary by industry. Merchants, vendors, and financial institutions, for example, must follow the Payment Card Industry Data Security Standard (PCI DSS) for transactions.
Healthcare entities must abide by the 1996 Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, which requires protection of protected health information (PHI) in electronic health and medical records.
- Legal ramifications. Compromised data brings into question whether companies have taken all possible measures to secure client or customer data as per federal law. Therefore, in the event of a breach, class action lawsuits are not uncommon. Equifax’s 2017 data breach, for example, cost the company $700 million in payouts to affected US customers.
Encrypted files are password-protected, which ensures that only authorized individuals can open, read, or edit the files. Since encrypting Excel files allows users to control who can access and edit sheets and workbooks, encryption helps to maintain data integrity and avoid the repercussions of data breaches.
How to encrypt an Excel file using WinZip Enterprise
WinZip Enterprise is a file encryption and security solution designed for large companies that handle vast amounts of sensitive data, such as government and military agencies, healthcare companies, and financial institutions.
To encrypt an Excel file using WinZip Enterprise, complete the following steps:
- Open WinZip Enterprise.
- In the Actions pane, click on Encrypt.
- Drag and drop your Excel file to the center NewZip.zip pane.
- In the dialog box that appears, enter your password.
- Click OK.
- Click the Options tab in the Actions pane and choose Encryption Settings.
- Set your desired level of encryption.
- Click Save.
Benefits of using WinZip Enterprise for file encryption
As mentioned, the process of encrypting and decrypting data is called cryptography and the formulas used to code and decode encryptions are called encryption algorithms. Although numerous encryption algorithms have been developed and used over time, Advanced Encryption Standard (AES) is one of the most popular today.
The Advanced Encryption Standard (AES) is the encryption algorithm used by most governments, financial institutions, and enterprises that require high levels of data security, such as insurance and healthcare companies.
The AES algorithm works by separating data into small blocks (called “bits”) and then applying mathematical codes to these bits. Bits typically come in sizes of 128, 192, or 256 and are referred to as 128-, 192-, or 256-bit keys.
The longer the bit key length, the greater the security of the AES system. However, even the smallest bit key (128) remains resistant to “brute force attacks” such as a supercomputer rapidly generating and applying numerical codes in an attempt to decipher the AES’s cryptographic algorithm. It is estimated that it would take a supercomputer more than 100 trillion years to crack a 128-bit AES.
WinZip Enterprise uses AES encryption with a 128-, 192-, or 256-bit key to encrypt and decrypt data. With AES encryption and secure password protection, your files are protected as you share them via email, cloud-storage systems, or with portable storage devices.
Since WinZip Enterprise also compresses your encrypted files, they are easier to upload and share. Word-based documents, for example, have files that can be compressed to 90% of their original size. It can also compress MP3 files by 15 to 20% and JPEG files by 20 to 25% without loss to photo or audio quality or data integrity. Excel files can be compressed up to 93% but rates vary significantly, since Excel files may have embedded images or other elements that affect compression size.
These compressed files can be transferred much faster than their uncompressed versions.
It takes one tenth of the time to transmit a compressed file than it takes to send the original (uncompressed) file. Since users spend less time waiting for files to transfer and download, these faster transfer times help improve employee productivity.
In addition, compressing files helps companies cut data storage costs, which can be significant. For example, enterprise-class hard drives can cost hundreds of dollars, and cloud-based storage solutions are often priced based on the amount of data stored.
With its encryption and compression capabilities, WinZip Enterprise keeps your organization’s data safe, reduces data storage requirements, improves productivity, and helps prevent costly and detrimental data breaches.
Explore how WinZip Enterprise can help your company encrypt its digital assets.