By Fernanda Torres *
You Is using your access correctly to prevent data leakage?
Why should we look with another eye at data protection?
Nowadays the number of information left by companies on the internet is getting bigger and bigger, making it more vulnerable to hacking. Brazil, for example, ranks among the countries with the highest number of cyber attacks.
With the need for sensitive data protection in evidence, companies are investing in various action plans seeking prevent data leakage your business, employees and customers.
Several fraud and data loss prevention measures are identified with varying degrees of complexity, including segregation of duties - from English segregation of duties (SoD).
The importance of role segregation within the corporate environment
This action is one of the most common examples used in companies. Basically the function segregation activity consists of the principle of information security regarding the access to the minimum possible and necessary information - the accesses of a Jr. Analyst must be different from an Expert; An IT Support Analyst should not have access to the same documents as Accounting and HR employees.
The handling of irregular access provides greater control of the circulation of information, and yet companies are not really secure.
The number of ways data can be leaked is daunting, and in addition to the care of access to network folders and tools that are considered crucial for some type of operation, such as SAP, you should pay close attention to virtual drives (such as Sharepoint, OneDrive, Drop Box, and Google Drive) for personal use by the employee and social networks (especially those that provide file uploads such as WhatsApp).
According to the maturity of the company, its role in their respective areas of operation and internal demands, would it be convenient to allow access to these networks? Or even care with access, whatever they may be, would be necessary and of paramount importance? These are issues that should be widely discussed and evaluated with utmost caution.
A set of measures can, and should, be taken when thinking about segregation of duties actions. Let's see:
- Perform analysis of access to be delivered to your employees - should everyone be allowed access to social networks and drivers? Important to evaluate;
- Permissions to be given to your third parties and allies - whether internal or external;
- Periodic review of access to systems of high criticality to the environment - attention should be given to screening employees, third parties and allies to be blocked, excluded (mainly to deter access by those who are no longer part of the company);
- Increased attention to managerial access - A careful risk analysis defines the needs of this type of access within a team and / or area.
Solutions that can help mitigate data leakage
In addition to the above solution (SoD), many other ways are possible to contain the risk of leakage of sensitive information: Europe today relies on General Data Protection Regulation (GPDR) and Brazil is based on General Data Protection Act.
Solutions, mappings, interactions are needed in the face of these new concerns and adjustments - and you, while reading this article, have felt the need to strengthen your protections, contact us - we are available to assist.
* Fernanda Torres is Trainee from Safeway Consulting
Regarding the [SAFEWAY]
SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.
Today through more than 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.
Let's make the world a safer place to live and do business!
