By Celso Souza, COO of Dinamo Networks
We live in a competitive world, marked by constant changes and innovations. Nowadays, it only takes a second for a company to lose market leadership due to a failure in its security system. The premise that strategic information within the corporation is more valuable than all its material assets combined has never been truer. Carrying out corporate risk management and incorporating security solutions into all processes are, therefore, essential actions to protect a company's image and ensure its growth.
A study by the IDC consulting firm estimates that the cost for Brazilian companies to reduce the damage caused by data theft will be US$ 5.6 billion in 2014. A survey by Symantec pointed out Brazil as the country in Latin America that suffered the most cyber attacks in 2013. The numbers are frightening and reveal that, despite having been debated for a long time, information security is still seen as an expense and not an essential component of a company's business strategy.
One of the methods that can help entrepreneurs to reverse this scenario, and which has been increasingly adopted in the market, is encryption. Used since ancient times to guarantee the privacy of military communications, the technique protects the information transmitted and stored through encryption, that is, it "scrambles" the message content, so that it can only be read by those who have the key correct to “unshuffle it”. Protection coverage is extensive: passwords, financial data, backup, devices, emails, banking transactions, among others. In addition, encryption can be used both to protect data stored (on your computer, cell phone or in the cloud) and information transmitted over the network, wired or wireless.
However, encryption is useless if your keys are generated, used or even stored incorrectly. Thus, operations involving security keys must take place in highly secure environments with good processing power, which ensures agility in accessing information by users. One of the solutions that meet these characteristics is the Hardware Security Module (HSM). In addition to allowing the management of the cryptographic key's lifecycle, the product offers digital signature and certification and total integrity, inviolability and confidentiality of information.
Another point to emphasize when discussing data protection is the importance of establishing an internal security policy aimed at employees and partners. A survey conducted by PwC Brasil with 9,600 companies, 700 of them Brazilian, revealed that the majority of respondents attributed security incidents to known internal “enemies”, such as active employees (31%) or ex-employees (27%). In addition, the employee (35%) and customer (31%) records top the list of compromised data categories in the survey. It is necessary for the company to invest in educational training, aiming to show the user how to use technological resources safely and effectively. It is also worth implementing measures to control activities that may expose confidential data to unauthorized persons. Rules for storing, printing and forwarding documents digitally are some examples.
Ensuring information protection is a daily challenge, but not impossible. The key is to be aware of the changes taking place in the market and the arrival of new technologies, especially with the growing development of mobile computing and the Internet of Things. Being up to date has therefore become a pre-requisite for identifying new digital threats and applying the necessary controls to avoid them.
EN 
PT 
