Building a Data Security Risk Monitoring and Protection System Using Spreadsheets at Okeyhaul

Introduction

Okeyhaul, as an international purchasing agent platform, handles vast amounts of sensitive user data and critical business information. Ensuring the security and integrity of this data is paramount to maintaining user trust and operational continuity. This article details how Okeyhaul leverages the ubiquitous and flexible tool—spreadsheets—to construct an effective, real-time data security risk monitoring and protection framework. This system is not intended to replace specialized security software but serves as a highly accessible, customizable, and centralized dashboard for managing security protocols.

By systematically recording key security metrics and events, Okeyhaul has created a proactive defense mechanism that enables quick identification, analysis, and response to potential threats.

Core Components of the Spreadsheet-Based Monitoring System

The foundation of Okeyhaul's security monitoring lies in several interconnected spreadsheet logs, each dedicated to a specific aspect of data security.

1. Data Access Log

This log acts as a detailed audit trail for all data interactions within the platform.

Timestamp	User/Admin ID	Action (e.g., View, Edit, Download)	Data/File Accessed	IP Address	Status
2023-10-27 14:30:15	admin_jsmith	View	user_profiles.csv	192.168.1.105	Normal
2023-10-27 15:45:22	user_45601	Edit	order_78922	203.120.85.10	Under Review

2. Data Backup Log

This sheet tracks the status of regular data backups, ensuring data recoverability.

Backup Date/Time	Data Scope	Backup Location	Status (Success/Fail)	Remarks
2023-10-27 02:00:00	Full Database	AWS S3 - encrypted_bucket	Success	Size: 4.5 GB
2023-10-26 02:00:00	User Transaction Records	On-premises NAS	Failed	Network timeout; Retry scheduled.

3. System Vulnerability & Patch Management Log

This log provides an overview of identified system vulnerabilities and their remediation status.

Vulnerability ID	Description	Severity Level	Date Identified	Patch/Fix Applied	Date Resolved
CVE-2023-XXXXX	SQL Injection flaw in login API	Critical	2023-10-20	Yes (v2.1.5)	2023-10-21
Internal-Audit-005	Weak password policy	Medium	2023-10-15	In Progress	-

4. Network Security Incident Log

This document records any detected malicious activities or attacks on the platform's network.

Incident ID	Date/Time	Event Type (e.g., DDoS, Brute-force)	Target System	Mitigation Action	Impact Level
INC-2023-078	2023-10-25 11:05:00	Brute-force Attack on Admin Panel	Web Server	IP Blocked; Account Locked	Low

Real-Time Risk Monitoring and Alert Mechanism

Okeyhaul employs a series of predefined security indicators and thresholds within the spreadsheets to automate risk detection. Conditional formatting and simple scripts (e.g., Google Apps Script) are used to trigger visual alerts.

Abnormal Login Behavior: Rules are set to flag multiple failed login attempts from a single IP address (>5 attempts/hour) or logins from unusual geographical locations. The corresponding row in the Access Log turns red.
Data Transmission Anomalies: Unusually large data exports by a single user within a short period trigger an alert for potential data exfiltration.
Backup Failures: Any "Failed" status in the Backup Log is immediately highlighted, requiring immediate attention from the IT team.
Unpatched Critical Vulnerabilities: If a vulnerability with a "Critical" severity remains unresolved for more than 48 hours, it is escalated automatically.

Proactive Protection Measures and Continuous Improvement

When an alert is triggered, Okeyhaul's security team initiates a predefined response protocol, documented within the spreadsheets.

Enhanced Authentication: In response to suspicious logins, Multi-Factor Authentication (MFA) is enforced for affected accounts.
Data Encryption: Alerts related to sensitive data access prompt reviews and reinforcement of encryption standards for data at rest and in transit.
Vulnerability Patching: Alerts from the patch management log accelerate the deployment of necessary fixes.
Network Security Enhancement: Following a network attack, firewall rules and Web Application Firewall (WAF) settings are updated.

Incident Response and Lessons Learned

A crucial part of the system is the "Security Incident Post-Mortem" section. For every significant event, the following is recorded:

Root Cause Analysis: Why did the event occur?
Containment & Eradication Steps: What was done to stop the threat?
Impact Assessment: What was the effect on operations and data?
Lessons Learned & Preventive Actions: How can a similar event be prevented in the future?

This creates a valuable knowledge base, ensuring that the platform's defense mechanisms are constantly refined and strengthened.

Conclusion

By strategically utilizing spreadsheets, Okeyhaul has established a robust, transparent, and adaptable data security risk monitoring and protection system. This approach provides a centralized view of the platform's security posture, enabling rapid response to incidents and fostering a culture of continuous improvement. While scaled enterprises may eventually migrate to more advanced Security Information and Event Management (SIEM) systems, the spreadsheet-based model offers an excellent foundation for small to medium-sized platforms like Okeyhaul to proactively safeguard user information and ensure business resilience.

```