Six years after the enactment of the General Data Protection Law (LGPD), sanctioned in August 2018 and in effect since September 2020, many companies still are unaware of their obligations regarding the handling and confidentiality of their clients' and employees' information and end up neglecting the protection of their networks in the virtual environment. The alert is from cybersecurity specialist Fábio Fukushima, director of L8 Security, a company specialized in information security.
“When it comes to cybersecurity, we have a very diverse universe, with companies at different levels of maturity and that have specific demands for data protection. On the other hand, the LGPD applies to all companies, regardless of their size or sector of activity, and this requires special attention from managers so that they can act preventively to avoid data leaks,” highlights Fábio Fukushima.
He explains that each case must be analyzed individually in order to identify which technologies available on the market best suit the company's needs. However, there are some solutions that can ensure a minimum security for the corporate network in general. Check out the top three, according to the expert's assessment:
1 – Firewall
This is the first device any company should have for network protection. Through the firewall, it is possible to monitor and control users' access to the network and protect sensitive data of clients and employees. In addition to protection, the firewall also logs who accessed each piece of information, helping to identify those responsible in case of data leaks.
2 – Password Vault
Once the network security is ensured, it is necessary to consider protecting employees' access passwords, especially for remote access on mobile devices. With the password safe, all network access is mediated by the program that generates passwords randomly, informing the user at each access. Thus, not even the account owner will know your password, ensuring the integrity of the information available on the network and controlling access to the company's privileged information.
3 – Vulnerability testing
To keep up with changes in the cyber world, it is necessary to periodically test whether the protection barriers installed on the network are functioning properly, and one way to do this is by testing the network's vulnerability through penetration tests or intrusion tests. There are specific solutions on the market that monitor the network and identify potential vulnerabilities that could be exploited by cybercriminals and cause damage to the corporation.
The cybersecurity field is very dynamic, and every day new virtual threats are created by criminals, which requires constant updating of professionals in the sector. No matter how much the company has information security tools, it is always necessary to be aware of theupdates available for the software and keeping up with the latest developments in the market. Therefore, having a team specialized in information security is essential, regardless of the size of the company," emphasizes Leandro Kuhn, CEO of L8 Group.
Brazil is one of the most targeted countries by cybercriminals in the world, and in the first quarter of this year alone, the volume of attacks in the digital environment increased by 38% in the country, according to a report released by Check Point Research. The General Data Protection Law establishes the accountability of companies for the processing, storage, and sharing of sensitive information of individuals and legal entities. Penalties range from warnings and fines (which can reach R$50 million) to publicizing the violation and partial suspension or blocking of the database.
