Cimcon
Uploaded on Dec 22, 2025
Category
Technology
BlackRock’s PII spreadsheet leak shows how human error and Excel-based EUCs create data risk. Learn how stronger EUC controls, data classification, file scanning, and centralized policies help prevent PII exposure and reduce security incidents.
Category
Technology
Don’t be Headline News: Protect the PII Under Your Control - CIMCON Software
Don’t be
Headline
News: Protect
the PII Under
Your Control
These mistakes can happen to anyone, & they do.
The root cause in this instance was not criminal hacking, but the inadvertent (and
temporary) posting of several spreadsheets containing PII to a public part of
BlackRock’s website. It’s too early to understand all the mechanics involved, but
it’s apparent that human error played a major role. So, what can be done to
prevent such incidents in your company?
The short answer is better controls for those applications under end-use
r control (EUC), of which Excel spreadsheets are by far and away the most
common application type. Spreadsheets are ubiquitous and that familiarity
breeds complacency. Most people are ambivalent about the risks associated
with spreadsheets, whether it be the risk of an error in a financial report or
sensitive data loss.
Better processes combined with technology-enabled controls can
provide:
• Systematic capability to identify the presence of hidden sheets that may
contain PII or PHI
• High speed file share scanning technology to detect unauthorized storage of
files containing PII on network drives
• Data Classification technology to identify confidential files and create more
information security awareness at the user level
• EUC Inventory technology to enable closer monitoring of the critical EUCs e.g.
the files that are known to contain PII and/or are used within a critical business
process
• Centrally managed controls to enforce password policy and render important
spreadsheets unreadable if moved outside of the firewall
None of these options is a magic silver bullet and despite the technology, human
error reigns supreme. Nonetheless, having more effective EUC controls can
reduce the likelihood of such an incident happening to you and your company.
• Centrally managed controls to enforce password policy and render important
spreadsheets unreadable if moved outside of the firewall
None of these options is a magic silver bullet and despite the technology, human
error reigns supreme. Nonetheless, having more effective EUC controls can
reduce the likelihood of such an incident happening to you and your company.
About Us
Established in 1988, CIMCON Software, LLC is a pioneer in end-user computing
and model risk management, serving over 800 companies across industries.
Recognized by Gartner, Insurance ERM, and others as a top risk management
vendor, CIMCON brings 25+ years of experience and industry best practices to
support AI & GenAI readiness and governance. With the largest global installed
base, our feature-rich, extensively tested solutions offer unmatched depth,
support, and reliability.
Contact Us
Boston (Corporate Office)
+1 (978) 692-9868
234 Littleton Road Westford, MA 01886,
USA
New York
+1 (978) 496 7230
394 Broadway New York, NY 10013
THANK
YOU
Comments