Since the General Data Protection Regulation came into force in the European Union and, in that same year of 2018, Brazil published the General Law for the Protection of Personal Data – LGPD – there has never been so much talk about information security, privacy and the protection of personal data in our country. To the point that the average citizen becomes suspicious when asked for their CPF at a pharmacy cashier.
Companies’ investments in digital tools
Platforms that meet the requirements of the Law, of technical measures to protect data from db to data access, are absolutely necessary and fully justifiable in annual strategic plans, reinforced by the daily news coming from around the world about ransomware attacks and other types of scams.
And what about the administrative measures
Mentioned in the LGPD? Privacy, data management, cookie and other policies are usually. Some good information security practices are also adopte. Some processes are improved, a communication basic set of requirements for the presenter with the owner is implemented (not always effective) and a data manager is appointed – very often, a DPOaaS – who does not have in-depth knowledge of the organization and does not have a well-defined focal point within it, someone who is the strong link between him/her and employees and suppliers.
Oh, and the trainings?
Yes, they occasionally carry out privacy weeks, as if they were spastic measures that would resolve the necessary acculturation of the employee to comply with privacy by default.
Under the constant threat of social engineering, a phishing scam, or a potentially malicious or distracted collaborator, vulnerabilities become imminent risks of materializing.
For example, how about talking to employees about shoulder surfing, the famous squinting over the shoulders to look at computer screens, cell phones, and documents? What about emails sent to the wrong recipients with confidential information? Or even emails sent to all those recipients in copy, blatantly violating the LGPD’s principle of necessity, just so they “become aware” when they shouldn’t even be?
There are countless ways in
which data b2c fax can manifest themselves daily without us realizing it. Like slowly dripping taps, while we keep our eyes wide open and focused on those that, ironically, should already well technically.
Just like physical exercise, which will only be effective if the training is regular and constant, administrative measures to prevent, contain and mitigate incidents will only have effective results if they are “in the veins” of the employee, if good information security practices are as natural to him as the relaxation of “Friday”.