*By Ricardo Rodrigues
Sharing and transferring files is becoming an ever-increasing part of our everyday lives. It is important to consider that, with the social distance that remote work situations implies (as we are living now), this procedure went from being very important to essential to streamline the flow of information and deliver content to the entire team. However, for this exchange to be really effective, it is necessary to ensure data protection in all transfers, whether by email or by sharing systems.
We know that cybersecurity is already a key agenda on the agenda of companies and government agencies since digital vulnerability records became frequent. In recent years, we've seen massive attacks on social networks and hackers breaking into data clouds. But with the arrival of the coronavirus, the alert became more evident, as citizens began to interact digitally much more often. In the first two months of 2021, for example, two mega-leakages frightened Brazil: in January, there was the exposure of 223 million CPFs and, in February, the leak of almost 103 million cell phone records, which compromised the data of millions of citizens .
However, it is not new that corporate and government IT infrastructures are targeted by hackers, and this occurs for two main reasons. First, because they store valuable personal information about citizens that cybercriminals can exploit for identity theft and financial fraud. Second, because in many cases they are not adequately protected. With this in evidence, the General Data Protection Law (LGPD) in Brazil promises to transform this reality, but there are still some steps to be taken to change the situation more effectively. Among them, IT teams may consider:
- Document and measure. The answers to IT security issues sometimes come simply by taking an inventory of hardware and software and documenting the security incidents that occur. Measuring and analyzing flows and processes can reveal patterns of failures or inconsistencies that indicate which solution can be applied.
- Simplify the architecture. The more complex the IT infrastructure, the more difficult it will be to protect it. A complex architecture requires that each of its components be well configured and updated against vulnerabilities. Thus, simplifying the environment makes it easier not only to create a secure network, but also to keep it up to date as cyber attack methods evolve. A simplified environment can also have lower costs, allowing for a larger security budget.
- Share experiences with other experts. Networking with IT professionals from other cities, states or even countries is a great opportunity to identify similar problems with different and effective solutions. This is a fruitful exchange of knowledge that saves unnecessary testing and work. One concrete possibility is to participate in events and conferences, albeit virtually, promoted by leading organizations in the sector.
- Train teams.Users and administrators know a lot about what's happening on their network and can help identify risks. They are also the way in which many cyber attacks occur through clicks on malicious links and attachments, for example. So getting their input and educating them about what not to do is an important step in improving safety.
- Look for and apply good practices.On a quick search, there are many online resources on security best practices that are freely available. Another possibility is to contact IT vendors and discuss policies and processes with their experts, as they too want their digital ecosystems to function properly.
In any case, it is important to remember that companies and government agencies in Latin America are many and have different levels. This creates loopholes for hackers to seek out and break into the most vulnerable cybersecurity systems. Therefore, in addition to the steps mentioned above, institutions need to use solutions that provide secure collaboration and automated transfer of confidential files and data, and that have encryption and activity tracking in compliance with regulations such as the PCI DSS and the LGPD.
It is therefore important to reduce the risk of data loss and adopt fully auditable and managed file transfer solutions, as well as extending these capabilities to users, partners and third parties. If organizations' defenses are well developed, there is a better chance of dodging the lurking hacker who will likely go in search of another less protected target. In this environment where companies and governments are widely vulnerable to cyber attacks, being more prepared is having a competitive advantage.
*Ricardo Rodrigues, Senior Systems Engineer at Progress in Latin America
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies