Microsoft Excel contains a feature that could expose sensitive corporate data once the document is distributed within a company or among trading partners. The feature allow spreadsheet creators to hide, lock and/or password-protect data and mathematical calculations used in original documents.
These features seemingly provide a measure of data security to conceal specified data from prying eyes. In reality, that data can be exposed by any end user who can execute a simple copy-and-paste procedure.
When Excel data is copied using the "copy all" command and pasted into a new spreadsheet, it exposes the hidden and password-protected cells, which may contain data such as employee salaries, return-on-investment or expense report calculations, or request-for-proposal formulas. Excel users must execute an "unhide" command in Excel before they see the previously protected data in the spreadsheet copy, but in non-Microsoft spreadsheets the hidden cells are automatically revealed.
Unless access to the document is locked down, Excel cannot protect any information, although the program gives the illusion that it can, critics say.
As Rick Sturm, president of Enterprise Management Associates (EMA), a consulting and research firm that encountered the security hole when it was creating spreadsheets to share with clients says "This is like putting a password on a document while also supplying a Post-It Note revealing the password. It"s as potentially damaging as some of these recent viruses that have spread around the world."