You’ve never accidently sent an email to the wrong person right? Best practice is to password protect important data prior to electronic transmission to avoid uncomfortable situations.

Your email is only as safe as your password, and we all recognise how secure passwords are correct? To be clear, poorly selected passwords are a weak point and ready to be exploited by malicious individuals, organisations and state actors.

Massive password files containing billions of known hacked passwords are readily available on the internet and are used to brute force attack servers every second around the world. I’m not even scratching the surface here of what is possible, there are many ways to access a computer and it’s frightening once you start learning more about how sophisticated cyber breaches and attacks that have already occurred on organisations and government agencies around the world.

Before sending private data via email I recommend you password protect the file to counter a possible active man-in-the-middle attacks. You won’t know you are a victim of a man-in-the-middle attack until it happens. They could be accessing and watching your in/outbox for months before they attack. The only way to counter a man-in-the-middle attack is to use difficult and unique password and change them regularly. More info on this below.

When you send the password protected data file, and I acknowledge it’s receipt and recommend you go your ‘Sent Item’ box, delete the email, then empty your trash.

When I receive your data, it is securely transferred to our air-gapped, completely internet disconnected, encrypted and password production environment, essentially making it free from any potential online hacking attempts. Once completed, emails are removed, deleted permanently and transfer media overwritten with zeros or random digits as per Australian Government ICT Security Manual 2014 – Controls as set out by The Australian Cyber Security Centre (ACSC) within the Australian Signals Directorate (ASD). Learn more here:

The logic is simple; if the data is not accessible via the internet then it can’t be hacked via the internet, and so your data is safest with us.

You can protect your data further with a Confidentiality Agreement or NDA, which I am happy to sign and adhere to, like I have already done for many individuals, organisations and government agencies.

Okay, let’s get started: Adding a password

Step 1: In Excel, open the document you want to secure with a password.

Step 2: Save your file with the .xlsx extention and with the same file name but include (SECURED) or (PROTECTED) at the end of the file name. I.e. “Customer Data July Mail Out (SECURED).xlsx”. This will be explained in Step 5.

Step 3: Once saved, click File, followed by Info.

Step 4: Next, click the Protect Workbook button. From the drop-down menu, select Encrypt with Password.

Step 5: Excel will then prompt you to type in a password. Pick one that’s complicated and unique and note it down in your password manager. Generate a secure password here:

If your database contains especially critical data check your password isn’t already part of a brute force file here:

When you use a (SECURED) file, it’s not that important if you lose or forget the password. You can just go back to the earlier file.

Step 6: Once you have set your password, Save the file. Don’t skip this step as the password will not be applied otherwise.

Step 7: Close the file.

Step 8: Reopen the file and it will prompt you for your new password. Go ahead and type it or paste it in to test it works. it’s a good idea to do this before sending the file.

From now on, any time you try to open that file, Excel will prompt you to input your newly chosen password.

Note: This password only protects that individual document, not every Excel document on your PC. If you want all Excel files to have similar protection, you’ll need to password protect each file individually or look at more advanced protections.

If you want to see whether an Excel file has password protection or not, check out the Info tab for the document and look at the Protect Workbook section. It will tell you whether a password is required to open it or not.

Additional security options

Excel also allows an opportunity to add more customised security options to your file. Creating the right security is important so take time to understand what the following options will do to your file.

Under Protect Document, you’ll find several additional features that may prove useful:

Mark as Final: This will mark the file as completed, which lets other people know that they shouldn’t make any changes. Using this option will not secure the data behind a password, however, so it doesn’t offer any security.

Protect Current Sheet: This will guard the currently selected worksheet with a password so that people can’t make any changes. It’s a handy option if there’s only one sheet in the workbook that you want to protect, and you don’t mind if people can see the info — you just don’t want them messing with anything. You will notice that there’s also an option to do this with “Workbook Structure,” which protects data throughout the workbook from changes unless people have the password.

Restrict Access: This is a unique option used by organizations where IT has created security templates that essentially lock Excel files to only certain people or ranks. It’s handy in larger organisations where some people should be able to access the file, but not everyone.

Add a Digital Signature: This simply verifies the file as the real version, which is useful when sending it to other people or organisations, and to make sure it hasn’t been altered. It also helps files from being spied on when you send them digitally.

Don’t forget you can always contact me if you are having any problems or concerns.

With thanks,

Mark Prosser

0419 728 758