Internet security

Learn how to reduce losses and damages from data breaches without relying on luck

April 12, 2022

8 minutes of reading

Today, I intend to demonstrate that, compared to large corporations, small and medium-sized enterprises have much to lose from security incidents , especially when data breaches occur.

It's actually quite easy to understand why. Two situations occur that make data breaches and other security incidents more intense and damaging in small and medium-sized businesses .

Firstly, because the General Data Protection Law (LGPD) does not differentiate between company size and size . It aims to prevent security incidents and protect the holders of personal data against losses, damages and harm.

That is, under the law, a data breach involving 50 customers or millions of people will receive the same treatment. In other words, the measures provided for by law (fines and sanctions) are the same for small or large companies.

Secondly, because large companies have a culture and practices aimed at minimizing risks . And, at the same time, enhancing policies for managing and controlling internet access . In other words, they have governance and invest heavily in technology solutions and data security compliance.

The good fortune of many companies and entrepreneurs is that, even in 2022, the National Data Protection Authority (ANPD) declares that it is focusing more on educational measures than on punishment .

However, let's face it: relying on luck isn't the best approach .

An unmanaged data breach can break your company

Reducing risks and enhancing data protection in companies should be common practices. However, this is far from the case , especially in small and medium-sized enterprises.

Without a doubt, this is a gross error on the part of business owners, IT professionals, and managers . After all, the LGPD (Brazilian General Data Protection Law) does not differentiate between large and small data breaches, nor does it differentiate between the size of the companies responsible for the improper disclosure.

Therefore, it's easy to understand why small and medium-sized enterprises have much more to lose than large corporations. In fact, the chances of smaller companies going bankrupt are much higher .

In practice, security incidents, particularly data breaches, lead companies to be unable to produce, sell, or provide services .

And that's where the danger lies: what determines the downtime period (longer or shorter) is how prepared companies are to deal with security incidents.

And no, how much do they rely on luck?.

Data leak test

I propose an easy and didactic exercise that requires only the information and knowledge you have about your company.

Ultimately, we will determine how long your company will be inoperative in the event of a data breach or other security incident. What will determine this period is your level of information and training.

In other words, we're going to test how prepared your company is, or isn't, to deal with security incidents .

For this purpose, I will list a series of questions about measures and precautions. You must state whether they should be taken against data leaks in the company and ransomware attacks .

Each negative response means two business days without production or revenue. See how many you can answer. Then, calculate the impact of the number of days the company is at a standstill and reflect on the consequences .

Find out if your company is ready to face security incidents

Does anyone at the company know what a data breach is?
Similarly, do you know what a ransomware attack is?
What are the main causes of security incidents?
Is there a difference between a data breach, a ransomware attack, and a security incident?
What are the types of security incidents?
What are the dangers of a ransomware attack?
What does the LGPD (Brazilian General Data Protection Law) stipulate? What are the sanctions and penalties for data breaches?
How can a company protect itself against data breaches and ransomware attacks? List five preventative actions.
According to the LGPD (Brazilian General Data Protection Law), who is responsible for a data breach?
Has your company already adapted to the LGPD (Brazilian General Data Protection Law)?
What steps should be taken in the event of a data breach and ransomware attack?
What do cybercriminals look for in data breaches?
What can cybercriminals do with the data they collect?
Does your company invest in data security? How?
What technologies and solutions are available on the market for managing and controlling internet access and protecting data?
List five preventative actions to avoid data leaks in the company.
Are there policies in place to manage and control internet access?
If so, have all employees been informed, trained, and made aware?
Should every data breach be reported?
Who should be informed in the event of a data breach?
What information should be included in a security incident report?
What are the consequences of a data breach?
Does your company have a crisis management team?
Can customers sue your company for a data breach?
How many operating cycles without cash flow can your company's revenue, profitability, and cash flow allow?

After 25 questions, what is the result?

The history of Business Administration and security incidents

Although Administration has its roots dating back to around 5000 BC in Sumeria, since that time, solving problems common to society and businesses has required a minimum of organization and systematization of processes and controls.

Today, 7,022 years later, the evolution of civilization and the current context require business leaders to understand that their companies must organize themselves to be both productive and secure. There is no room for security breaches. Minimizing vulnerabilities and protecting data are an obligation.

Since then, some theories and theorists have stood out and entered the history of Administration. Especially Taylor (Scientific), Fayol (Classical), Mayo (Organizational Behavior), and Weber (Organization Theory).

So, the more questions you were able to answer , the less the parents in charge of administration turned in their graves.

Joking aside, every company, regardless of size, requires the same processes created by these scholars: planning, organization, management, and control .

From cash flow and employee training to investing in internet access management and control .

Digital transformation and data leaks in companies

Without a doubt, the pandemic accelerated the processes of digital transformation .

Certainly, large companies have an easier time investing in and adopting technologies and tools to optimize and maximize production, management, and control processes .

However, despite their lower investment capacity, small and medium-sized enterprises also have to manage and administer their businesses . Therefore, training and developing their human capital .

Ultimately, it is the employees who must overcome obstacles and challenges to produce and sell their products and services with the highest possible productivity and effectiveness.

At the same time, business owners and managers cannot do without any accessible technological tool or solution.

Just like information, technology is a valuable asset. It is available to streamline management, production, and communication processes without leaving them susceptible or vulnerable to cyber threats .

Technology in favor of data security

A good example is how companies handle billing. Besides the paperwork involved, it required one or more full-time employees to issue and send invoices and payment slips. And then, they still had to manually control and monitor the payments.

Today, modern financial management requires only a few clicks to automate this entire process .

Therefore, the most logical and feasible approach is to integrate information security solutions, technologies, and systems to protect the personal and sensitive data involved in this process .

Another great example is a practice that was already falling out of use: analog, face-to-face communication . It was completely banished with the pandemic, due to the spread of COVID-19.

For a long time now, modern business communication management has fit in the palm of your hand and is under the control of managers and IT professionals .

Without a doubt, mobile technology and internet access revolutionized communication and allowed work and business to continue during the pandemic.

The same technology that enables all this connectivity and remote work (home office) is vulnerable and exacts a price: constant (internal) surveillance and total control of (external) communication .

Otherwise, digital threats and security incidents cause disruption, losses, make businesses unviable, and can even jeopardize the existence of companies .

What to do to avoid problems and losses

A data breach in a company is not always caused by hackers and malicious attacks . A large portion originates from misuse and uncontrolled, unauthorized access to the corporate internet by employees themselves.

Even if security incidents facilitated or caused by employees are unintentional, they always cause a great deal of disruption and damage .

Although the human factor is a key element , it is the companies that are held responsible in the event of a data breach .

In fact, this type of situation only occurs because companies do not invest in managing and controlling internet access .

Ultimately, it is their responsibility to handle the personal data in their custody in accordance with the LGPD (Brazilian General ) and with the rules and guidelines of the ANPD (National ).

Therefore, in addition to technological solutions and information security systems , companies must also invest in employee awareness and training .

Avoidance is the best solution

Without a doubt, the best solution is to invest in prevention against cyberattacks and security incidents .

Because, after a 2021 with record-breaking data breaches, the exposed information will make life easier for cybercriminals. The trend is for cyber threats to become more sophisticated, individualized, and frequent .

In this way, minimizing cyber risks and threats and complying with the General Data Protection Law (LGPD) means investing in solutions to prevent information security incidents .

In this way, financial losses are avoided and the image and reputation of companies are protected .

Certainly, it is urgent that companies structure and implement data security policies and internet access management and control, since employees are the main entry point for cyberattacks .

Without a doubt, it is necessary to invest in information security solutions, technologies and systems , as well as in employee training and development .

Preventing data leaks in your company is possible, accessible, and simple. Just adopt preventative measures against cyberattacks and security incidents .

Prevention of security incidents

Learning about and staying informed regarding data breaches allows for preventative action and contributes to reducing damage and losses .

Managing and controlling internet access doesn't have to be difficult or complex. Simply invest in solutions to prevent information security incidents .

In practice, in addition to prevention , the best solutions on the market productivity and profitability indicators . Just do your research and compare.