Small Business Attack – Type of Data: Office Documents

How many of you use Microsoft Office?  OpenOffice.org?  KOffice?  AbiWord?

I’ll bet you’re all raising your hands right now, right?  We’ll put’em down, you’ll want to hit scroll at some point.

What do you know about these files?  Did you know that many of these files track changes?  In other words, if you redact certain things or change data, that a clever attacker can open the file and revert it to what it used to be?  It happens.

Do you know what kind of data is stored in these documents?  financial data?  Email addresses? Trade secrets? Passwords?

(The above links go to Google searches.  There is no guarantee what Google may find when you search on certain things.  If you access information that you shouldn’t, saying “but it was on Google” may not be a good defense.  Remember rule number one of security is don’t be stupid.)

If someone wanted data from your company, where would they go to get it?  Is there any one thing (say, a spreadsheet perhaps) or location (hmm, shared drive) that might be particularly tempting to an attacker?

If you get a virus or spyware infection on your computer, might the person who wrote it be able to access all the documents that you can access?

How are you protecting your files?