Technological advances in recent years have brought numerous benefits, conveniences, and also agility to daily processes. This leads us to think that advancements in information security within companies have also been positively impacted; however, the current scenario shows us otherwise.
Data from studies conducted by the Global Data Protection Index revealed that 59% of Brazilian organizations reported experiencing at least one cyber incident in 2023.
Although this is already a worrying number, it is essential to consider that these are only the reported cases. The actual number could be much higher, as some companies may be experiencing cyberattacks at this very moment without even knowing it.
Unfortunately, this situation is still prevalent due to the lack of adequate security policies. Studies reveal that only 41% of Brazilian companies have established security policies.
When we analyze smaller companies, with up to 49 employees, this scenario worsens, as only 37% of them have security policies.
Major Errors in Information Security in Companies
- Use of Weak Passwords:
Much has been said about the importance of having efficient passwords. Despite this, the use of easily guessable passwords is still common, increasing the risk of breaches. Ditch the classic “12345,” get creative, and challenge yourself to create more complex passwords.
- Lack of Team Training and Awareness:
Many attacks succeed due to employees’ lack of knowledge about cybersecurity practices. Remember, Information Security should also be part of the organizational culture.
- Insecure Connections:
Using public or unprotected Wi-Fi networks to access sensitive information can put data at risk, leading to exposure or interceptions.
- Updates and Security Patches:
Outdated software may contain vulnerabilities commonly exploited by cybercriminals. This applies to all types of software, from simple ones like the Office suite to those responsible for Corporate Management, such as Interact Suite SA.
- Inadequate Storage and Lack of Backups:
The lack of regular backups and improper data storage can lead to the loss of important information, especially in the event of an attack.
Enhance Information Security in your company
To enhance Information Security in your company, it’s crucial to start with the basics by understanding its foundational pillars. Knowing, comprehending, and applying principles of data integrity, confidentiality, and availability are essential before implementing further measures.
Utilizing data encryption is also paramount to safeguard sensitive information, ensuring that only authorized individuals have access.
Creating and maintaining clear and updated policies that govern data usage and protection can significantly bolster security. However, these policies must be integrated into the organizational culture to be effective.
All employees should be aware of these policies and receive adequate training to adopt secure practices and recognize potential threats.
As previously mentioned, secure connections are fundamental for effective Information Security. Therefore, ensure all company network connections are secure, especially for transmitting sensitive data. If direct security isn’t feasible, prioritize using a Virtual Private Network (VPN), which encrypts traffic and routes it through a remote server. This masks IP addresses, geographical locations, search histories, and downloads, thus safeguarding personal information.
Opt for appropriate security software and tools such as firewalls, antivirus programs, and intrusion detection systems. Regular audits and testing should be conducted to identify and rectify security flaws and even anticipate vulnerabilities.
Remember to safeguard files through backups and secure copies, especially for critical data, ensuring their recovery in case of incidents.
Regarding document management, access control is vital. Manage which employees can access specific data and services, updating access controls promptly during department changes, role alterations, or terminations.
Keeping operating systems updated enhances security by implementing new vulnerability fixes aligned with evolving cyber threat patterns.
The measures mentioned form the foundation for reinforcing Information Security. Additionally, practices like two-factor authentication and heightened vigilance with suspicious links are crucial.
Staying updated and following industry trends is an excellent strategy. Treat Information Security as a continuous process integrated across all areas of the organization.
Conduct periodic tests, even if your company hasn’t experienced any incidents or threats. Ultimately, identifying and improving on weaknesses is best accomplished internally.
Information Security at Interact
Here at Interact, Information Security is taken seriously and responsibly, both in company data and in the security of Interact Suite SA, which is responsible for transacting and storing customer information.
We work on two fronts to meet the most demanding regulatory and contractual requirements: management and technologies. Our primary goal is to ensure the availability, integrity, and confidentiality of information.
In terms of management, we compile and implement the latest market practices through a robust structure of Documents, Processes, Indicators, and Risks in Interact Suite SA. We have also published nine new practices to define and instruct employees on best practices for privacy, maintenance, secure architecture, encryption, continuity, recovery, authentication, among other Security Management recommendations.
Other important sources of requirements are VRM assessments, Vendor Risk Management, which are conducted by our clients to certify the security and continuity capabilities of Interact Solutions in facing IS and LGPD incidents.
Regarding technologies, we are executing two major technological projects. One focuses on updating and innovating existing services, including the restructuring of all communication platforms. The other project will implement a set of eight new open-source tools, which will assist in the identification, monitoring, and protection of the company’s assets.
Authors:
Renata Lopes
Founder of Human Technology
Felipe Albuquerque de Almeida
IT Supervisor in the Infrastructure at Interact