*Per Carla Prado Manso
Among the various business consequences brought about by the pandemic, one of the most complicated to deal with is the high related to criminal attacks suffered by the internet, especially in the Brazilian context. According to a survey carried out by Fortinet Threat Intelligence Insider Latin America in 2021, the country ranked second among the American nations that suffered the most from this type of problem, with an exorbitant total of 88.5 billion registered cyber scam attempts.
One of the main reasons behind this rise in the number of cyber crimes is related to the gaps left by companies during the period. With the urgent need to speed up digitization processes during the pandemic, many of them ended up going through this procedure without protecting themselves with important actions for information security, as reported by the EY Global Information Security 2021 survey, which points out that 81% of the surveyed executives stated that the pandemic period forced them to bypass cybersecurity processes, which is not recommended under any circumstances.
Therefore, it is essential for companies to adopt measures aimed not only at cybersecurity in the environment, but also at improving control over management and ensuring compliance with regulatory demands. Given this context, a methodology that has drawn attention for the excellent results resulting from its implementation is the GRC. Based on the union of three pillars: Governance, Risks and Compliance, this system encompasses strategies that help organize operations, bring transparency to processes, maximize the performance of activities and diagnose possible threats that may cause damage to the business.
With the objective of developing the integration of a company's processes in a clear, unified and secure way, this methodology requires that these three practices act in an integrated manner, ensuring the implementation of internal policies to guide employees (through governance), complete in the procedures for the identification of flaws or problems harmful to the organization (due to the risk analysis), and the certification that the activities developed by the corporation comply with the norms and legislation (thanks to the work of compliance and/or compliance).
Following this line of reasoning, the company now has a standardized scheme of procedural methods, in addition to finding logic for decision making. The result of this sequence of improvements is, mainly, the minimization of threats and weaknesses against scams and fraud, in addition to a better use of opportunities and the potentialization of the company's strengths.
In addition, it is important to say that all this schematization ends up generating a significant cost reduction for the corporation, which prevents possible penalties and unnecessary expense cuts, in addition to guaranteeing an increase in productivity, since all this analytical content of the methodology creates a standardized and more efficient environment. It is also necessary to emphasize that the sum of all these factors are already perceived by the market, which ends up adding value to a company that has systems that meet the GRC.
If the benefits of implementing this methodology are many, the same can be said about the difficulty of this work. The application of a policy related to the GRC methodology represents adopting a series of restrictive measures, which often ends up forcing the organization to change its culture and the mindset of the entire team. It is a complex process that requires analytical support, an attitude that is attentive to changes and permanent performance management. In addition to all the support from the board, the company must be able to maintain a focused team and carry out an entire audit and prior analysis to monitor performance indicators throughout the process.
Applying the GRC methodology means raising the company's level thanks to an almost general change in the company's governance flow. The benefits of using these three factors well end up impacting various aspects of the organization, ranging from better fraud security and cost reduction to increased productivity. If, on the one hand, this is a concept that demands a lot of effort and discipline to be implemented, on the other hand, the rewards it brings make all the effort worthwhile, not only for the material return, but mainly for the gains in image and credibility.
*Carla Manso, DPO of computer, holds a law degree from Universidade Paulista and a lawyer certified by OneTrust – Privacy Management Professional, member of ANPPD (National Association of Data Privacy Professionals) and ANADD (National Association of Lawyers of Digital Law), with certifications by Exin of DPO ( ISFS, PDP, and PDPP).
Notice: The opinion presented in this article is the responsibility of its author and not of ABES - Brazilian Association of Software Companies