How to Avoid Data Leakage in the Company

The year 2021 was marked as the worst in history , when the topic is data leaks. Mainly companies, which are the main targets of cybercriminals .

New technologies, laws and customs were implemented to reduce risks and keep corporate data protected and confidential.

In this material you will see information about data leaks, major cases of 2021 and the main thing: how to avoid data leaks in the company.

Tools, actions, materials and articles, completely free and available for you to learn once and for all how to avoid this digital incident.

---

Download the eBook of this content

No time to read right now? Download the eBook with all the content on this page and definitely learn how to avoid data leaks in the company.

---

Index

1. What is data leakage?
2. How does a data leak happen in the company?
3. Biggest data leaks of 2021
4. LGPD and the influence on data leaks
5. 5 steps to deal with a data breach
6. What not to do against data leakage
7. An efficient and affordable solution for companies
8. Trends and news about data leaks
9. Free materials

---

A serious problem that exponentially increases the risks and the occurrence of scams and virtual fraud.

The data leak process causes losses of all types: financial, property, moral, strategic, competitive, personal, etc.

Data leakage is a process that involves at least three steps:

• Access (improper).
• Collection (unauthorized).
• Public disclosure or sale.

That is, before unauthorized exposure by “data owners” , there will be violations of improper access and collection.

In other words, data leaks do not happen overnight or in isolation. According to the definition of “process”, the crime of undue exposure of data occurs from a “continuous and ordered sequence” of actions.

---

• Data theft
• Cyber ​​attacks
• Malicious codes
• Using weak passwords
• Action by employees or former employees
• Loss or theft of equipment
• Negligence in disposing of equipment and media
• Unprotected data transfer
• Invasion of personal, business or data storage systems
• Improper and/or illicit collection of browsing data
• Malicious apps and websites
• Excessive data collection without users’ knowledge
• Lack of data security
• Outdated or pirated software and applications
• Account hacking
• Malpractice and/or recklessness online
• Insecure connections

---

PIX vulnerability

414,500 Pix keys were leaked of the State Bank of Sergipe (Banese). At the time, registration data was leaked, without exposing sensitive data (passwords and bank balances).

Finally, the same article reports a recent data leak, on January 21, 2022: more than 160 thousand Pix keys were exposed.

The security incident, which occurred between December 3 and 5, 2021, exposed names, CPFs, institutions, branch and account numbers . According to information from the BC, the data leak did not affect the movement of the 160.1 thousand customers of Acesso Soluções de Ação .

Click here and access the full article.

These are good examples of the risks and losses that data leaks can cause for people and companies.

The first in the world

On December 18, 2021, CNN Brasil published an interview with digital crime expert Wanderson Castilho .

In the report, the expert states that, after calculating the number of data exposed by the hacker attack on the Ministry of Health's system, “more than 227 million Brazilians' data were exposed ”.

Thus, Brazil surpassed the United States in more than 14 million exposed data. Know more .

Monster leak

Public website leaked 426 million personal data and 109 million CNPJs, in addition to Brazilian vehicle license plates . “A full platform for cybercriminals to carry out social engineering scams”, states the article.

This monster data leak was detected by dfndr enterprise . After identifying the “suspicious indexing”, the dfndr lab (Psafe’s digital security laboratory) sent a report to the National Data Protection Authority (ANPD).

Without identifying the origin or how this data leak occurred, the article warns of the seriousness of the situation. According to reports, with the exposed data, it would be possible to “open fake companies and accounts on social networks” .
Know more .

From bad to worse

According to a report published on CanalTech , on December 16, 2021, in the first 11 months of the year, 24.2 million profiles were exposed “through attacks or breaches in systems”. Know more .

Coincidence?

On October 4, 2021, WhatsApp, Facebook and Instagram went offline . This has definitely not been a good year for CEO Mark Zuckerberg.

Coincidence, or not, on that same day (October 4, 2021), news broke that data from 1.5 billion Facebook users would be for sale on a hacker forum on the dark web .

According to the article on the website Olhar Digital , in this case, the data leak did not originate from a hacker invasion. This database would have been obtained by scraping: a process that collects information left available due to users' carelessness (public profiles). Know more .

---

As a result, it impacts the administrative, legal, communication and marketing areas. But, mainly, internet access and information security technologies .

Therefore, the LGPD is an encouragement to adopt measures against data leakage and privacy protection.

Its purpose is to try to ensure that personal data is processed lawfully , appropriately and securely.

Both stored data (locally or in the cloud) and data in transit . As a result, individuals and companies have been looking for and researching solutions with security and privacy, such as VPN and DNS firewall .

When we talk about LGPD and data leaks, we must pay extra attention. After all, the fines are heavy . But, above all, because the damage to companies' reputations can be irreversible.

---

• Invest in and improve measures for internet access and information and data security.
• Structure an internet access, control and data security policy in accordance with existing standards and legislation ( LGPD ).
• Create and maintain a crisis management team. Qualified personnel who must know what to do, how to do it and when to do it to stay ahead of the company and actions during company data leaks or other security incidents.
• Plan and incorporate into the control policy and internet access policy, control and data security, a tactical and operational plan for times of crisis. It will be the guide that the crisis management team must follow .
• Notify victims (holders of leaked data) and the National Data Protection Authority (ANPD). At a minimum, the company must complete the incident reporting form made available by the ANPD (click here to access).

---

• Proving identity through static information – They no longer protect as they used to.
  Static information invites data leakage, and fraud prevention techniques based on it are becoming outdated and increasingly subject to scams.
• SMS for two-factor authentication – Cell phones are very easy to clone and, therefore, a direct channel for data leaks in the company. The National Institute of Standards and Technology (NIST) has already declared that SMS is an unreliable technology as a security method for authentication.
  
• Password authentication in mobile applications – Passwords and cell phones are insecure.
  Furthermore, usability and experience are much better without using passwords. The tendency is to use other, more secure authentication methods, such as facial or digital recognition, for example.
• Confirm or provide data online – Do not provide or confirm data over the phone or in insecure applications (WhatsApp, Telegram and Signa, for example).
  Even if the applicants appear to be genuine. Especially when they appear to be real, such as banks, the Judiciary, the Public Ministry, large companies, etc.
• Reply to SMS messages – To prevent data leakage by employees, companies must provide information and knowledge.
  Therefore, when you receive SMS messages that, for example, report an atypical and recognized operation, the correct action is not to respond! Furthermore, responding already provides data that can confirm personal or business identity.
• Access links in SMS or WhatsApp – No link is reliable if it was received via SMS, free messaging applications (WhatsApp, Telegram and Signal, for example).
  Especially, in messages like “the prize is yours, just…”, “this notification refers to the fine…”, “see the prohibited photos of the famous person…”. These are certainly links that contain viruses and malicious software that can do great damage, such as collecting bank and social network passwords. When the internet is corporate, then the risk of data leakage by employees is extremely high.
• Make payments or transfers of amounts – This guidance is aimed at employees in companies’ financial departments. After all, they are the targets of this type of scam. Digital criminals use applications or make phone calls, with the help of previously leaked data and information. They invent stories and situations that are very close to possible reality and abuse the good faith (and lack of training and information) of employees. Thus, with social engineering, they try to dissuade employees from paying or depositing undue amounts. In 100% of companies that do not invest in data security and staff training, the chance of this scam being successful is very high.

---

Much more than just prevention, there are solutions and tools that offer advantages and benefits .

From compliance with the LGPD National Data Protection Authority standards , to security, cost reduction, productivity, information and reports that assist in the BI (business intelligence) analysis process ).

Among the solutions available on the market, you will know the Lumiun Box . However, I reinforce that business owners, IT professionals and managers must research and compare .

Certainly, the best way to decide on the solution that best meets the need for security and productivity and also offers features and functionalities that suit the company's needs.

Lumiun Box is the security and internet access management service recommended for small and medium-sized companies. Because, in addition to seeking efficiency in protecting against internet threats and improving team productivity rates, they also seek savings and cost reduction .

Therefore, the main benefits of Lumiun Box are:

• SECURITY – to protect against threats on the company’s internet.
• PRODUCTIVITY – to increase the productivity of work teams and reduce wasted time.
• ECONOMY – to reduce expenses with security and device maintenance.
• INFORMATION – to generate management reports on employees’ internet use.

Based on DNS filtering, Lumiun Box manages internet access requests on the corporate network, on all connected devices. In addition to blocking websites, it prevents access to harmful, dangerous or out-of-scope websites. Lumiun Box has some features such as:

• Business VPN
• Internet Access Management and Control
• Internet security and risk prevention
• Firewall and network protection
• Traffic management and internet performance
• Management information and reports
• Compatibility and integrations
• Support, service and customer success

Discover, in detail, some of the main features of Lumiun Box .

---

The largest number of digital privacy violations in Brazilian history that occurred in 2021, signals that we will see an increase in the number of virtual threats and the greater risk of data leaks in companies from 2022 onwards.

That's why we focus so much on the relevance of information , prevention and investment in security solutions, technologies and systems . Since the lack of these conditions is what makes data leaks in companies one of the most frequent .

The purpose is to share information so that business owners, IT professionals and managers know that, despite being serious, preventing data leaks is possible.

But then, what's next?

On the following pages you will see some predictions from internet security experts for the coming months.

In addition to the already known cyber threats, new cyber risks and security challenges will be present in 2022. Here are some of the main trends.

1. Ransomware attacks

Ransomware has disrupted the data breach threat landscape in 2021. Not only the targeted nature of the attacks, but also the increasing sophistication of threat actors, has resulted in major losses for insurers and organizations around the world.

2. Cybersecurity Talent Lack

Recruiting and retaining the best cybersecurity professionals to face the challenges presented by the current cyber threat landscape will certainly be a significant business challenge from 2022 onwards.

As of 2021, there are around 4.19 million cybersecurity professionals across the world . An increase of more than 700 thousand compared to 2020, according to the 2021 Cybersecurity Workforce Study from the International Information System Security Certification Consortium.

Despite this rapid growth in the cybersecurity workforce, the study also notes that “global demand for cybersecurity professionals continues to outpace supply.”

Furthermore, cybersecurity is no longer an information technology or information security risk – it is a corporate governance risk.

3. Cloud Service Challenges

As more companies and processes migrate to cloud-based solutions, cybercriminals will look for ways to exploit and infiltrate.

However, moving to a cloud-based solution does not mean that companies no longer have to deal with security.

It's an inappropriate thought. While a cloud provider offers some security, it is still up to companies to take additional security measures.

4. Security incident insurance market

Policyholders and potential insurance buyers can expect the cyber insurance market to remain tense in 2022.

Because the high frequency and substantial severity of claims such as data breaches, coupled with increased legislative and regulatory enforcement activity, have caused cyber insurance markets to require certain minimum controls for insurance qualification, coverage limits, and capacity reductions. and limits.

As insurers' understanding of the causes of losses deepens, underwriting requirements will evolve. However, the requirement for strong controls will not change, even if we could see prices start to decline in late 2022 or sometime in 2023.

Access the complete material.

5. Acceleration of security incident regulatory activity

Internationally, 2021 saw China's Personal Information Protection Law come into force, penalties in Brazil's General Personal Data Protection Law become applicable, and the EU's final implementing decision on standard contractual clauses.

The size and scope of regulatory activity will likely continue to increase. Starting in 2022, we will see the introduction of new regulations, as well as amendments, supporting regulations, adjustments and notices related to many of these recently enacted laws.

6. Cybersecurity improves awareness and culture against data leaks

It is difficult to financially quantify the damage caused by cybercriminals in recent years. But the negative impact these attacks have had on individuals, companies and public entities is immense.

On the other hand, a positive impact of the current cyber risk environment is a greater awareness of the need for attention, risk management strategies and business resilience.

In a 2021 survey, Gartner found that 88% of corporate boards now view cybersecurity as a business risk .

7. Rising operational technology threats

With the acceleration of digital transformation came the convergence of operational technology (OT) and information technology (IT). Now computer hardware and software are used to manage equipment and operating systems.

Vulnerabilities in OT environments cannot be overlooked or ignored . After all, strategic infrastructure sectors depend heavily on OT (energy, industry, manufacturing, logistics, oil and gas, telecommunications and utility management).

8. Reliance on machine learning and artificial intelligence

At the same time that many companies have begun to adopt the use of automated solutions, others are investing in artificial intelligence and machine learning to support operational and business functions. Some of this appears to be driven by the Covid-19 pandemic .

While automation and machine learning have been around for a while, they are relatively new technologies. Therefore, problems with coding, incorrect configuration, insufficient testing and conflicts with other systems and platforms may arise.

As more companies move towards automated solutions, cybersecurity risks must be managed properly and effectively.

9. Supply chain at risk

Targeted attacks against multiple supply chains create major turbulence. Despite hitting a large organization, they result in substantial destruction because many others depend on the target organization.

Cybercriminals will continue to deploy this strategy, which has already proven to be very profitable – supply chain disruptions will continue throughout 2022.

10. More collaboration to prevent data leakage

The digital and digitized world has historically been considered an IT problem. But a recent report published by the JP Morgan International Council noted that “cyber is the world’s most dangerous weapon – politically, economically and militarily.”

Therefore, combating and mitigating risks and data leaks can only be carried out with shared responsibility between companies, employees and customers.

---

We periodically seek to produce materials that can help business owners, managers and IT professionals in the search for improvements in the control and security of companies' internet.

Below, you will see tools, ebooks, documents, infographics, guides and kits with free educational content, which can be applied to people management and the internet of companies.

Feel free to share with your colleagues and friends, they are all free !

---

Download the eBook of this content

No time to read right now? Download the eBook with all the content on this page and definitely learn how to avoid data leaks in the company.