The advancement of technology has brought major changes to the corporate scenario in some business segments. The use of digital mechanisms automated several operations, improving operational efficiency and reducing costs.
However, this intelligence has been used not only to enhance productivity , but to harm various business sectors that make use of technology combined with the internet and that normally do not care about data security.
attacks and strategies for theft of confidential information structured by digital criminals, known as “hackers”, emerge more and more quickly
Some business segments must be extra careful when it comes to information security.
Therefore, in this article, we will list the most sensitive segments and the reasons why they deserve more care.
Financial
Nothing better than starting with the most obvious or most common when talking about security, especially data: financial.
The segment includes some branches such as:
- Bank agencies
- Finance and credit companies
- Brokers
- Lotteries
- Transport of valuables and documents
- Accounting companies
We can say that they are all branches that are very concerned with physical security, armed security guards and bulletproof doors, but few with digital security.
Companies in the financial segment are highly sought after targets by digital criminals for several reasons:
- Financial transactions being executed daily
- Handle banking information such as passwords, registration data and billing
- Use unified systems full of sensitive data
- They use the internet daily for many important tasks
In this environment, it is common to identify the ease and practicality of carrying out banking transactions on the internet. However, it has become increasingly common for hackers to focus on attacks on companies in this sector. Last year, the Capital One bank in Whashington, United States, suffered an attack that exposed data from 100 million credit card and bank account customers.
Therefore, it is essential that companies in this segment are extra concerned about data security.
Human Resources
As in practically all business segments today, computerized systems improve team productivity. In HR companies, this process becomes fundamental, requiring the organization and documentation of all information relating to employee and client company contracts.
See a list of documents that companies in the HR segment typically have and that are targets of criminals:
- Negotiation documents and financial settlements
- Specific agreements and terms with companies and employees
- Proof of receipt of benefits, taxes
- Copies of company and employee documents
- Team attendance control documents
- Work safety control documents
For handling such important information, a well-structured information security policy is essential, avoiding the loss of sensitive documents such as these and also future problems with legislation and labor rights of client companies.
An example of an attack this year was the Brazilian HR consultancy company, manager of a job advertisement website, called Catho, which affected login data, full name, CPF, address, email, date of birth and password for 195 customers.
Industry
Large-scale production companies, or companies that use equipment and systems connected to the internet for industrial production on a daily basis, are subject to interrupting all their production if they suffer a cyber attack.
In an article on our blog, we talked about the attack on Honda Motor this year, where the multinational had to interrupt its production due to ransomware.
Imagine a small industry with considerable demand, stopping all its production, delaying its delivery deadlines and taking all its employees out of their work activities, due to a cyber attack. Depending on the type of attack, and the importance of the company's attack sector, production could be inactivated for an indefinite period of time.
Because they depend on technology so that their work can be carried out in an organized and predictable manner, companies in the industrial segment are extremely sensitive to information security, and must worry daily about keeping their data protected.
Real estate
Companies in the real estate segment do their work daily with data from properties, owners, tenants and other companies. Some of the most relevant information is:
- Real estate rental intermediary
- Real estate sales intermediary
- Documentation control and sales processes
- Control of documentation and rental processes
- Review and draft rental and sales contracts
- Sales and rental value assessment
- Property delivery inspection
Normally these data and documents are archived digitally, however, in some cases, they are documents relating to purchases that can exceed R$1 million. Losing or having data hijacked can interrupt the company's activities and also cause major problems with old contracts or future changes.
A good example of a attack was the website of Fortune 500 title insurance giant First American Financial Corp, which leaked hundreds of millions of documents related to mortgage business since 2003 last year.
Health
Protecting patient data and privacy is a fundamental aspect for any healthcare institution, public or private.
In 2016, Hollywood Presbyterian Medical Center suffered a cyber attack and had to pay US$17,000 to regain access to data on the systems used by the organization.
In cases like this, the services may be able to continue, but the document organization and the extra work generated must have made all the processes that should be done digitally chaotic.
Companies and health centers must be very concerned about information security, after all, unlike other business segments, they are part of one of the few that rarely have their services interrupted.
Public sector
Due to its importance, the public sector will always be the target of attacks, which requires greater care with data security.
Tax handling sectors, for example, have a higher level of data importance than other sectors, as they involve the economy of public authorities.
City halls, for example, have data on IPTU, electricity and water bills. Attacks on public databases are usually catastrophic in the event of data loss.
Public sectors are typically less concerned about data security, which is why they are constant targets for cyber criminals.
In May this year, some government websites in the State of Mato Grosso do Sul suffered hacker attacks According to the attacker, he gained access to the systems with an authorized user's “weak password”.
How to prevent data security problems
Maybe some tips seem simple, but as we see weekly in our newsletter , attacks in companies usually happen due to basic errors resulting from the attitudes of the employees themselves . Some business segments will certainly need more sophisticated protection systems commensurate with the importance of the data they store. However, some relatively simple methods can prevent many problems, as we will see below.
Test your internet security
We believe that the first step to maintaining your company's data security is to identify the most fragile points of your internet network. In other words, you can do an internet security test, identifying which categories of websites are free to access.
In the test, access requests will be made to several websites that are within the categories considered insecure, using your internet connection, such as:
- Phishing and online fraud
- Malware and spyware
- Access anonymizers
- Drugs and alcoholic beverages
- Games and bets
- Pornography and nudity
- Violence, terrorism and racism
9 data security tips
Furthermore, to help companies, we have listed below some basic tips that can help companies with most problems related to information security:
- E-mails with offers, from “banks” or “government entities” should attract attention, as they may be camouflaged with malware.
- Install a good, basic anti-virus , choosing preferably paid software that offers complete protection for your system, according to your needs.
- Keep operating systems and software always up to date. Remember that old versions are more vulnerable to cyberattacks.
- It is essential to keep a good firewall always active, avoiding being attacked by several of the attacks mentioned above.
- Keep passwords strong and secure . Periodically change your passwords and avoid saving them on computers where there is high user turnover.
- back up your files. Always keeping an up-to-date copy of all your data is essential and will make things much easier if you suffer an attack.
- For home office teams providing remote access, it is essential to use a VPN connection so that all access to the company's sensitive data is secure and controlled.
- Block access to websites and applications outside the scope of work, avoiding access to websites that normally carry a high chance of infection and cyber attacks.
- Have solutions and tools for the IT sector that are always up to date and in line with the company's needs, facilitating processes and identifying problems in the most automated way possible, making the responsible professional's time more optimized, eliminating tasks of low importance and prioritizing those of great importance , such as data security.
Conclusion
At the end of this article, it is interesting to highlight that the segments that were not mentioned here should also be concerned with data security, after all, those listed only hold more sensitive information than some other areas, but all business information has its importance internally.
Therefore, it is essential to maintain preventive measures involving equipment, systems and employees to create a culture of information security in the company and avoid cyber attacks.
In this way, I hope to have helped you and your company to understand the importance of the topic and also the dangers that can be found on the internet in all business segments.
To the next!
2 comments
Comments closed