Six years after the enactment of the General Data Protection Law (LGPD), sanctioned in August 2018 and in effect since September 2020, many companies are still unaware of their obligations regarding the handling and confidentiality of their clients' and employees' information and end up neglecting the protection of their networks in the virtual environment. The warning comes from cybersecurity expert Fábio Fukushima, director of L8 Security, company specialized in information security
"When we talk about cybersecurity, we have a quite diverse universe", with companies at different levels of maturity that have specific demands for data protection. On the other hand, the LGPD applies to all companies, regardless of size or industry, and this requires special attention from managers so that they can act preventively to prevent data leaks from occurring, Fábio Fukushima stands out
He explains that each case should be analyzed individually, in order to identify which technologies available in the market best meet the company's needs. However, there are some solutions that can ensure a minimum security for the corporate network in general. Check the top three, in the specialist's assessment
1 – Firewall
This is the first device that any company should have for network protection. Through the firewall, it is possible to monitor and control user access to the network and protect sensitive data of clients and employees. In addition to protection, the firewall also logs who accessed each piece of information, helping to identify those responsible in cases of data breaches
2 – Password Vault
Once the network security is ensured, it is necessary to think about the protection of the access passwords of the employees, mainly for cases of remote access on mobile devices. With the password vault, all network access is mediated by the program that generates passwords randomly informing the user at each access. Thus, not even the account owner will know what your password is, ensuring the integrity of information available on the network and controlling access to company insider information
3 – Vulnerability tests
To keep up with the changes in the cyber world it is necessary to periodically test whether the protective barriers installed in the network are working properly and one of the ways is testing the vulnerability of the network, by means of penetration tests or intrusion tests. For this, there are specific solutions on the market that scan the network and identify possible vulnerabilities that could be used by cybercriminals and cause damage to the corporation.
Brazil is one of the countries most targeted by cybercriminals in the world and only in the first quarter of this year, the volume of attacks in the digital environment grew 38% in the country, According to a report released by Check Point Research,. The General Data Protection Act determines the responsibility of companies for the processing of, storage and sharing of sensitive information of natural and legal persons. Penalties range from warnings and fines (which can reach R$50 million), until the publication of the infringement and partial suspension or blocking of the database
