There has been a lot of talk in recent months about the importance of adapting to the General Data Protection Law, but companies always have the false impression that nothing will happen with them.
But companies that are more mature in terms of compliance or compliance with legislation know the importance of keeping their database secure.
Since the beginning of the LGPD, we have had security incidents in many companies and government agencies, but before commenting on them, I want to make the reader aware of what a security incident is.
There is a belief that a data security incident is just the moment a hacker breaks into your system, but this is a mistake.
Every time an unauthorized person has access to data etc.
To make it easier to understand, I’ll give you an example: Imagine that a document, containing personal data, is printed on the single printer on the floor and the sender takes a long time to pick up the document and it goes into the hands of someone else, this is an incident with personal data.
So, the reader should reflect on how many incidents happen a day in your company, such as: leaving documents on the table, leaving the monitor lit with personal data on the screen, etc.
But, going back to the big incidents, with the participation of those known as Hackers, but who are actually Crackers, we had a series of them since last year and we can mention some more publicized by the media such as: Mercado Livre, Vivo, Claro, LinkedIn, Chilli Beans and some government agencies such as the Ministry of Economy, Ministry of Health, Detran SP and the STJ.
But last week the invasion of large retailer Renner drew attention, which had its operations suspended throughout Brazil by a ransomware attack, when cyber criminals hijack the database in exchange for a ransom, whose payment must be made in bitcoins, which are not traceable.
But this whole story doesn’t have the power to alarm readers, it just shows that all systems are vulnerable, no matter how hard cybersecurity professionals strive to protect them.
That’s because criminals use the so-called “social engineering”, where with the mental triggers of curiosity, fear, desire or greed makes a system user click on a link that “opens the doors” of the system for the attacker’s access.
When we talk about companies’ compliance with the General Data Protection Law, the first phase of the adaptation process is the awareness, not only of senior management, but of all company personnel, including contractors, about the importance of changing behavior here on.
The bad news is that from now on, invasions and attacks only tend to increase and to be more and more creative, therefore, every company needs, in addition to protecting the system itself, to provide training from P to P, in other words, from the Presidency of the Ordinance on how each one’s behavior should be from now on.
It is up to you, the accountant, to make your customers aware of the importance of adapting to the General Data Protection Law so that they are not the next victims, after all there are two types of companies: those that have already been invaded and those that will be.