Just because the whole office has Microsoft Office and Windows XP, doesn't mean the whole world has Office or Windows.

If you read this blog on a regular basis, you may remember a post called "The Yard Sale Effect" which rails on about the evils of stuffing poor web pages with any and every shard of content just because it exists.  On the Staney-scale of bad things you can do on the web, that's easily an "8" or "9". But dear readers, there's a worse atrocity committed on websites throughout the world by 'DOCX, XLSX, PPT, PUB, MOV, AVI, GIF, JPG junkies with FTP access'.

Its one thing to litter up web pages with too much content; it's another thing to do it in a hundred different file formats -- and you may be putting your company or organization at risk.  Moreover, it's just not good practice to assume; to rely on lots of software installed on the user's machine to open something or view content.

#1: It's Risky 

If you are just learning the security risks of posting Word and Excel documents to web servers from my blog, then your organization may have bigger problems than you may realize.  Why?  Consider this:

I was once told to post an [unprotected] order form to a web server in Word format.  [Why was the company using a document and not a web form you might ask? The business had many "old school" clients that still faxed orders in; a necessary evil that eventually went away.] At the bottom of the form was a footer chock-full of important terms and conditions as well as shipping policies, return information and restocking fees.

Rather than keep quiet, I asked for a moment with the manager and recommended that we post the form as PDF and not a Word document.  The response I received back astounded me, "We are a business-to-business company and business uses [Microsoft] Word."  Even though I indicated the form could be changed by just about anyone, I was shot down and did as I was told. 

Sadly, it didn't take long before the first crafty customer decided to change the shipping deadline and demand we honor what the form said.

I hope the example above is painfully obvious. If it's not, read on - there's more.  There's something else you need to know though, about using these kinds of files, and the risks are far greater than a customer simply boosting a rush order and free, expedited shipping.  Word and Excel files are packed with all sorts of metadata about you and your organization, and the more sophisticated your files - for example, if you use macros or advanced calculations you'd prefer keep confidential - the more risk you carry.

Back in the day I used to write a good deal of VBA [Visual Basic for Applications], the prominent programming language for Office Applications up until .NET. Once I opened an Excel product list from a company's website, and sure enough, there in the VBA code was the connection string to one of the company's product databases [with the user name and password just out there for the picking].  

#2. It's a little rude

Sure, Microsoft Publisher is a dandy tool [ahem] for making your customer newsletter look pretty but linking to a Publisher [.pub] file is just bad.  [Sadly, some people don't get this.] 

#3. It's no fun when you're not invited to the party

Video can be an especially prickly pear and you really need to:
1.) Understand your company web servers and know a little bit about MIME types. {Because no one likes big gaping holes in web pages - especially not Steve Jobs.}
2.) Offer more than one file format option (Sure, Windows Media Video is great if you're running Windows, but not so "awesome" if you're a Mac user.)
3.) Have a good backup plan for folks that can't open whatever kind of file you are trying to show them.
4.) Know that's a tomorrow, and it's right around the corner. Sure, Adobe Flash has been the advertising industry's darling for dozens of years, but clients and operating systems are changing every day. 
5.) Simple instructions [or a Media F.A.Q. page] go a long way and help ease frustrations

#4. Whatever you do, be consistent. 

If 80% of the time your website offers [web] forms to do the heavy lifting, there's no good excuse for the 20% of your documents are that are still popping up in .pdf, .doc or other formats. And if you don't have an army of web developers at your service and you have to link to documents, use a format like Adobe Acrobat Reader [PDF] that allows a nice mix of portability, security and compatibility -- and use it for everything.  Mixing and matching is a sign of laziness and sends the message that you just don't care [enough].

The same rules apply to video. If your company or organization can, standardize on a minimum of two formats and publish consistently to those formats. If you don't have the resources to handle video, look to YouTube or Vimeo for hosting.

#5. Keep blank target links to a minimum

Opening a new window to go to link to another website's content is perfectly acceptable and good for SEO. Spawning dozens of new browser windows just to get to assets, is not cool -- especially if those assets don't have a support MIME type and rely on a user's programs to serve the content. 

#6. Keep an eye on file sizes and understand your audience when it comes to assets 

Sure, that 26MB Powerpoint with the picture of the CEO standing on his boat with a huge marlin and the caption "Reel in the Sales" was a real hoot at the Sales Meeting, but is it appropriate and relevant to your audience?

Moreover, will your users forgive you for the six minutes of their lives they can't reclaim [while it downloads]?

What are your thoughts on this topic?