The data leakage in the company occurred! When the security incident is identified, there are a number of procedures to follow. Therefore, knowing and doing what should be done is critical . Similarly, find out how and why safety incident happened.
Did you know that every 5 seconds there is an attempted fraud in Brazil? Did you know that 35% are purchasing mobile phones with fake documents?
This is an industry without size, with scary numbers. It is active 24 hours, seven days a week, without rest to collect data and use it in more and new fraud, blows and cause security incidents.
But what to do if much of life and work occur in the digital environment? Without investing in prevention (time, practices, technologies and tools ) it is virtually impossible to get rid of data leakage in the company.
What to do!?
First: Calm down!
Take a deep breath and remember: data leakage occur quite often .
Avoiding them is possible, accessible and simple. This, the good news for entrepreneurs who have a minimum of knowledge about the need for prevention against cyberatheraques and safety incidents .
The fact is that, coincidentally or not, 100% of companies that do not invest in technology solutions and compliance in data security, cannot avoid data leakage .
The first action of any businessman, manager or IT professional is to know the situation .
Check out what happened when it happened and stopped happening!
Then verify the data exposed and evaluate the extent of the damage .
At this point, depending on corporate culture and maturity , it is time to start acting. Practically and quickly, to try to reduce the loss of data leakage in the company.
Is your company ready to face a data leakage?
This should be the easiest and most simple step. After all, in theory, it would be sufficient to follow the protocols, processes and pre -established procedures in case of data leakage.
This is where it complicates: most entrepreneurs never thought of a security incident.
It is a unfortunate fact , but very few managers, entrepreneurs and IT professionals who consider the risk of cyber attacks.
A dangerous behavior that leads to the right damage . For when there is no care, even if they are minimal, the headache is large.
Especially when there is a lack of data prevention and data protection culture. A fact that is not about corporate maturity, but because companies and entrepreneurs are not afraid of being held responsible.
Often, they do not even know that they have obligation and responsibility for the data their companies collect, store and deal with.
Or, speaking more clearly, less politically correctly : the lack of supervision, liability and penalty is historical in Brazil.
One thing is certain: companies were not used to or were afraid to pay for their inefficiency, recklessness or negligence with the data of their employees, suppliers and customers under their guardianship.
Anyway, this is a very common example of a time that should cease to exist. LGPD , policies and demands for data transparency modify this scenario.
We still crawl. But data protection (personal, sensitive, sensitive, biometric, behavioral, confidential, registration and navigation) should charge compliance in data security management - and fine, when applicable .
Who is the responsibility for data leakage in companies?
The responsibility of companies and entrepreneurs is to prevent, control and monitor risk behaviors of employees.
Because, when they allow inappropriate and/or improper behaviors, they expose vulnerabilities and safety breaches :
- They leave the company exposed to data leakage.
- Without prevention and control, any employee can put the company at risk.
- With no compliance processes, technologies and data security tools, companies make life easier for cybercriminals and, by negligence, become accomplices in security incidents.
It is the obligation of entrepreneurs, managers and IT professionals to preserve the integrity and privacy of data. For this they can and should invest in efficient digital security solutions and technologies .
Data leakage: What to do?
Be sure to watch this video . It is very worth seeing and learning from the discussion about digital security and data leakage .
TV Cultura 's Opinion Program deepens the issue. It brings good information on data leakage and the impact of the human factor.
With the participation of lawyer and doctor in law Nathalie Fragoso and the security teacher and audit of ESPM Osmany Arruda , journalist and host Andressa Boni conducts the program.
Together they answer the following question: What is the explanation for these safety failures and what are the consequences and risks?
After all, information and knowledge are fundamental against the leakage of data in companies.
As well as minimize the impact of the human factor . To prevent the main risks, security breaches, vulnerabilities and situations in which data protection is threatened.
And now, does your business have culture and maturity to do what you need?
With many variables involved, it is not always an easy -to -deal with companies, between managers and employees.
Also, on the side of cybercriminals, there is always time and there are no rules for inventing a new way of circumventing and threatening data security .
Meanwhile, on the “good” side, the rules, ways, and ways to prevent, protect and avoid cyber risks take more time and depend on everyday practices to ensure data security in companies .
That is why technology is a powerful ally of companies for security incidents. Especially against data leakage. After all, entrepreneurs and employees direct their time to produce and generate profits.
In this sense, the search for technology solutions is alongside the formation of culture and compliance in data security.
If on the one hand there is no company without people, on the other, they make the commercial venture happen . This is because entrepreneurs and employees are responsible for everything that happens in the corporate world. The good and the bad.
This perspective makes all the difference in management and institutional combat to security incidents. Because employees are the gateway to cyber attacks and data leakage in companies.
Therefore, it is necessary to do what should be done: training employees , structure and implement the data security policy and internet access management . Certainly, measures as relevant as solutions, technologies and security systems .
What should happen after a data leakage in the company?
After evaluating the size of the problem, it's time to learn, to avoid .
As happened and why it happened are also important questions. However, they are for a second moment and for mature companies, with culture and compliance in data security management.
This is what mature companies do: they make mistakes and learn from their mistakes. Thus, taking care of never having to repeat, it is that it goes further and more successful.
These are the most difficult answers to find out and investigate . Undoubtedly, because they depend on a number of factors, elements and present processes, or not , in companies.
Certainly, there are many variables. But, I will mention only the two most effective against improper access, unauthorized collection and exposure and/or selling personal, sensitive or sensitive data.
Therefore, they are indispensable processes and elements against data leakage in the company:
- Internet access and control policies;
- technologies and tools to prevent safety incidents.
See what to do in the case of data leakage
What leaked? Why did you leaked? How should data holders act to minimize risks, damage and damage? These are the three questions that companies should evaluate , register and inform , respectively.
Minimally, this is also the information that should be included in the fourth basic and mandatory step after a data leakage in the company: notify .
We researched a set of procedures for right after a data leakage. See the best recommendations and measures:
Inquire
If you receive notifications or know by the media of a leakage, find out and try to identify which data leaked (this helps to know which measures to take).
Try to know what measures were or will be taken, which should be followed, the leakage dates and on communications and news about it.
Avoid accessing websites and opening files that allegedly confirm or display leakage data. If in doubt, directly contact the organizations involved and seek more information.
What to do in case of
Low access credentials: Exposed passwords immediately. Activate the checking in two steps in the accounts that offer this feature if you have not yet done. Use the available mechanisms to analyze access records and denounce improper attempts/access.
Credit or Debt Cards: Inform the Card Essaying Institutions. Review the statement of your cards and bank account. Contest the eventual irregular releases to identify, via the official channels of the respective institutions.
To resort
If you find that your data has been used fraudulently or you have been harmed in some way.
Financial Fraud: Contact the institutions involved and follow the guidelines received.
Identity Theft: Register the police report with the police authority, to enable the investigation and to safeguard. Contact the institutions involved.
Personal data leakage: When the company is a data controller, it needs to be ready to communicate and provide information whenever requested. If the company does not comply with these requests, it may be denounced to the National Data Protection Authority (ANPD) .
Provide information about which data was leaked; when he was aware of the leak; If you believe personal data were unduly used in some criminal action (such as estelionate, fraud or illegal trade in personal data) and what evidence to confirm this hypothesis.
These and other information are present in the Internet Security Primer - Fascicle Data Leakage , produced by CERT.br , Nic.br and CGI.br , with the contribution of the National Authority for Data Protection (ANPD) .
What to do in case of leakage of personal data
It is an obligation to communicate to ANPD whenever the leakage of personal data that may lead to risk or relevant damage to the holders.
Every company must follow these four steps:
- Internally evaluate the incident - nature, category and quantity of affected personal data holders, category and quantity of data affected, concrete and probable consequences.
- Communicate to the controller if you are the operator under the LGPD .
- Communicate to ANPD and data holders , in case of risk or relevant damage to the holders.
- Prepare documentation with the internal evaluation of the incident, measures taken and risk analysis, for the purpose of compliance with the principle of accountability and accountability.
The ANPD recommends caution position. That is, the communication of safety incidents should be done even in cases where there is doubt about the relevance of the risks and damage involved.
It points out that the subvaluation of risks and damages by companies, can be considered breach of personal data protection legislation.
Therefore, communication needs to be very detailed and accompanied by documents to assist to evaluate the incident, risks and measures taken.
ANPD provides in this link a form for incident communication and generation of the safety incident report .
Personal data holders have a number of rights and may require information. It is critical that companies become aware of this.
For the non -compliance with the legislation will be the subject of inspection of the ANPD . And non -compliance with providing information, for example, can culminate in sanctions .
This content is available on the ANPD website. Access the full article on security incidents with personal data by clicking on this link .
What to do when email or password are exposed
See the easiest and less painful paths.
- Password: Change the combination with a safer one and use a two -step check method.
- E-mail: Avoid opening links and attachments of unknown senders, redouble your attention to the messages received.
Redoing attention is essential. Once data is exposed, it is almost impossible to get it from the internet. Therefore, attempts at scams, which are already common, become even better elaborate. After all, when cybercriminals have precise personal information, they are more likely to confuse users during the approach.
Full Article: What to do in case of personal data leakage?
5 steps to face a data leakage at the company
Implement solutions, tools, and data protection compliance processes. See what else is needed to face a data leakage at the company and other security incidents.
- Invest and improve management and control management measures and information and data security.
- Structure a policy of internet access, control and data security in accordance with existing standards and legislation ( LGPD ).
- Create and maintain a crisis management team. Qualified personnel who should know what to do, how to do it, and when to go to the company and actions during data leakage at the company or other security incidents.
- Plan and incorporate the policy of control and policy of internet access, data control and security, a tactical and operational plan for times of crisis. It will be the booklet that the crisis management team should follow.
- Notify victims (owners of the leaked data) and the National Data Protection Authority (ANPD) . At least, the company must complete the incident communication form provided by ANPD ( click here to access ).
Prevention and information are keywords against security incidents
Being well-informed, learning about data leakage and acting preventively contributes to reducing damage, avoiding damage and preserving your company's reputation .
Internet access management and control processes do not need to be difficult or complex. Investing in solutions to prevent information security incidents is the most accessible and intelligent strategy.
It is essential for your company to act in accordance with the legislation ( LGPD ). Also, to preserve privacy rights and personal data security of users/consumers/citizens .
In practice, in addition to prevention , the best solutions in the market productivity and profitability indicators . Just search and compare.
Subscribe to our newsletter and receive more news and materials.
