Six years after the enactment of the General Data Protection Law (LGPD), sanctioned in August 2018 and in force since September 2020, many companies are still unaware of their obligations regarding the handling and confidentiality of their customers' and employees' information, and end up neglecting the protection of their networks in the virtual environment. This warning comes from cybersecurity expert Fábio Fukushima, director of L8 Security, a company specializing in information security.
“When we talk about cybersecurity, we have a very diverse universe, with companies at different levels of maturity and with specific demands for data protection. On the other hand, the LGPD (Brazilian General Data Protection Law) applies to all companies, regardless of size or field of activity, and this requires special attention from managers so that they can act preventively to avoid data breaches,” emphasizes Fábio Fukushima.
He explains that each case must be analyzed individually in order to identify which technologies available on the market best suit the company's needs. However, there are some solutions that can guarantee a minimum level of security for the corporate network in general. Check out the three main ones, according to the expert:
1 – Firewall
This is the first device any company should have for network protection. Through a firewall, it's possible to monitor and control user access to the network and protect sensitive customer and employee data. In addition to protection, the firewall also logs who accessed each piece of information, helping to identify those responsible in cases of data breaches.
2 – Password Safe
Once network security is guaranteed, it's necessary to consider protecting employee access passwords, especially for remote access via mobile devices. With a password vault, all network access is mediated by a program that randomly generates passwords, informing the user each time they access the system. This way, not even the account owner will know their own password, ensuring the integrity of information available on the network and controlling access to privileged company information.
3 – Vulnerability testing
To keep up with changes in the cyber world, it is necessary to periodically test whether the protection barriers installed on the network are working properly, and one way to do this is by testing network vulnerabilities through penetration testing or intrusion testing. Specific solutions exist on the market that scan the network and identify potential vulnerabilities that could be exploited by cybercriminals and cause harm to the corporation.
“The cybersecurity field is very dynamic, and every day new virtual threats are created by criminals, which requires constant updating of professionals in the sector. Even if a company has information security tools, it is necessary to always be aware of software updates and keep up with market trends. Therefore, having a team specialized in information security is fundamental, regardless of the company's size,” emphasizes Leandro Kuhn, CEO of L8 Group.
Brazil is one of the most targeted countries by cybercriminals in the world, and in the first quarter of this year alone, the volume of attacks in the digital environment grew by 38% in the country, according to a report released by Check Point Research. The General Data Protection Law (LGPD) establishes the responsibility of companies for the processing, storage, and sharing of sensitive information of individuals and legal entities. Penalties range from warnings and fines (which can reach R$50 million) to publicizing the infraction and partial suspension or blocking of the database.
