Skip to the content
  • English
  • Portuguese (Brazil)
  • Spanish
  • Home
  • About Us
  • Industries
    • Financial
    • Health
    • Education
    • Industry
  • Solutions
    • Electronic Signature
      • Eval Sign
      • Crypto Cubo
      • Madics Sign
      • Digital Certificate
    • Data Protection
      • Data Protection on Demand – DPoD
      • CipherTrust
    • Payments
      • payShield
      • Crypto Pix
    • Financial
      • Crypto Compe
      • Crypto SFN
    • HSM (Hardware Security Module)
    • Professional Services
  • Resources
    • Blog
  • Career
  • Contact
Menu
  • Home
  • About Us
  • Industries
    • Financial
    • Health
    • Education
    • Industry
  • Solutions
    • Electronic Signature
      • Eval Sign
      • Crypto Cubo
      • Madics Sign
      • Digital Certificate
    • Data Protection
      • Data Protection on Demand – DPoD
      • CipherTrust
    • Payments
      • payShield
      • Crypto Pix
    • Financial
      • Crypto Compe
      • Crypto SFN
    • HSM (Hardware Security Module)
    • Professional Services
  • Resources
    • Blog
  • Career
  • Contact
Search
Close
  • English
  • Portuguese (Brazil)
  • Spanish
Facebook Instagram Linkedin

Category: News and Events

Categories
News and Events

[Retrospectiva] Cybersecurity in 2022: A year of great challenges and opportunities for companies

  • Post author By Arnaldo Miranda
  • Post date 27 de December de 2022
  • No Comments on [Retrospectiva] Cybersecurity in 2022: A year of great challenges and opportunities for companies

The year 2022 was quite challenging for companies in Brazil when it comes to Cybersecurity, where the unceasing destructive power of cyber attacks was shown.

With the consolidation of the digital environment as a business environment, cyber attacks have become constant and a big problem for many Brazilian companies. This has led to CEOs, CIOs, and CISO’s needing to understand the challenges and consider assertive solutions to address them.

On our blog, for example, we show in the article “
CiSOs: key areas to protect your company against cyber attacks
“, we showed besides the importance of the role of the Chief information security officer in the organization, we listed key areas that need to be prioritized by companies.

It was quite challenging, but it also brought opportunities for companies to use technology as a means of ensuring security and data protection.

In 2022, companies must be prepared for the new challenges that cybersecurity will bring.

In addition, it is important to explore the advantages of digital certification, which can be an advanced solution in security and data protection.

Why has investing in Cybersecurity become vital in 2022?

Investing in cybersecurity and protection has become strategic to every company’s business, and 2022 was no different. Cybercriminals have evolved rapidly in recent years, making attacks more sophisticated than ever.

The company becomes vulnerable to loss of confidential data, identity theft, or shutdown of operations by a successful malicious attack if it does not adequately protect itself.

It is worth remembering

In practice, we have seen in the course of the year critical incidents for different types of companies. Some stations were invaded, interrupting their daily programs. Google has also been notified of serious security flaws in its Chrome browser that could result in sensitive data being leaked.

In addition, just like Porto Seguro in 2021, Golden Cross also suffered an attack and had to stop its activities to adjust critical flaws in its technology architecture.

It is also worth remembering that the Banco de Brasília (BRB) was a victim of ransomware, where cybercriminals demanded about 50 bitcoins (R$5.17 million) as ransom for the data not to be leaked.

In the article “It may be too late. 79% of companies only invest in cybersecurity after a data breach“, we address how much companies are at risk today and what the best course of action is to avoid a data breach.

For this reason, it is vital that the structure of your business is equipped with the necessary resources to prevent breaches and maintain data security at all times.

A significant way to improve your organization’s security and data protection, adopted by many companies in 2022, is to implement the use of the digital certificate in business processes.

The digital certificate is an authentication mechanism used in many countries that secures the identity of any user and guarantees their privacy. It helps companies protect confidential information from threats and is a secure way to exchange data between partners, customers, and suppliers.

The importance of adopting the digital certificate and the electronic signature

We showed the importance of adopting the digital certificate and electronic signature in the article “
Why your company should consider using electronic signatures in the sales sector
“showing that different market sectors can benefit from the technology.

In addition, adopting other advanced security tools was also a feature that companies adopted this year and should remain a priority in 2023.

Including security features such as firewall, antivirus, and anti-malware systems has proven to be a strategic investment for companies. These tools are designed to detect potential threats before they can do real damage to the company’s operations.

And speaking of security investments, we published the article “
ROI in cybersecurity: How do you quantify the value of something that doesn’t occur?
“, showing the challenge of quantifying the value of something that is practically intangible.

Besides being a very interesting topic, we show in the course of the publication how to calculate the ROI in cybersecurity. This article is well worth a look.

In addition to cybersecurity challenges, companies also had great opportunities for improvement

We reached the end of 2022 not only with the growth of cybercrime and its challenges, we also had many new developments in terms of technological innovation.

We had, for example, the launch of 5G technology, the new generation of mobile wireless technology. It promises more speed with higher data capacity and lower latency, and the ability to connect many devices at the same time. We deal with this subject in the article “
How to extend user security and privacy using authentication in 5G networks
“.

In addition, we have seen over the course of the year the growth in the importance of ESG for companies and its relationship to technology, cybersecurity, and sustainability. It is worth taking a look at what we published in the article “
ESG: 5 different views on sustainability
“.

In fact, this year, after a long period of pandering, we have seen that companies not only need to be ready for digital transformation. They need to be prepared for drastic changes in the business model.

This is what we saw in the article “
How digital agriculture associated with electronic signature is changing Brazilian agricultural production
“.

Much more than preparing for population growth, sectors of the economy, such as agriculture, have seen the need to adapt. This has caused them to seek a new approach that uses technology to improve efficiency and sustainability.

The automation of contracts and chargeback prevention have also shown themselves to be present in this new reality for companies. The digital medium has become the main avenue for new business, hence the importance of pursuing innovation in business processes.

Be sure to take a look at the articles “
Contract automation: security guarantee for your business
” e “
Don’t be the next company to be a victim of Chargeback
“where we deal with these topics.

The year 2022 was also transformational for EVAL

In this retrospective we could not fail to remember what happened to EVAL during the year. A lot has happened, including the remodeling of our brand and the launch of new products and services.

Important milestones have been reached by the “new EVAL”. We consolidated our participation in the Mind The Sec 2022 event in partnership with Thales.

You can even watch our lecture in the article “Mind The Sec: Eval participates in Latin America’s biggest cybersecurity event“where Abilio Branco, Head of Data Protection at Thales – Brazil, showed how to ensure the protection of sensitive data and accelerate compliance in the era of digital transformation.

Let’s not forget that this year EVAL became a member of the PCI Security Standards Council. This means that we now work with PCI SSC to help protect payment data worldwide through the development and adoption of the PCI Security Standards.

This important milestone was portrayed in the article “
EVAL TECHNOLOGY was approved as a member of the PCI Security Standards Council
“. It is well worth taking a look at what this approval represents, not only for EVAL as a company, but for Brazilian companies dealing with payment methods.

A lot has happened in the course of this year regarding cybersecurity, but 2023 promises even more

There is a lot of progress being made in the field of cybersecurity in recent years and EVAL has done its part in this evolutionary process. This means that there is a lot of anticipation for 2023 when the time comes for these emerging technologies to reach Brazilian companies.

To stay competitive in this highly dynamic field, organizations need to invest in proper training for employees involved in cybersecurity-related processes. In addition, it is necessary to implement preventive measures with a focus on the emerging trends presented in this article.

By doing so, companies can be sure that they are prepared to deal with any digital security threat potentially damaging to their reputation or net income in the near future.

About EVAL

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval safety is value.

  • Tags 5G, cybersecurity, Mind The Sec 2022, PCI Security Standards Council, security investment

Categories
News and Events

Suddenly LGPD: 10 questions and answers your company needs to know to meet the requirements of the Data Protection Act

  • Post author By Arnaldo Miranda
  • Post date 2 de September de 2020
  • No Comments on Suddenly LGPD: 10 questions and answers your company needs to know to meet the requirements of the Data Protection Act

It may seem controversial to imagine that suddenly the General Law of Data Protection (LGPD), will come into force throughout the country. After all, Law No. 13,709/2018, which defines the new legislation, was sanctioned on August 14, 2018, establishing an 18-month adaptation period, scheduled to begin in 2020.

However, the law went through postponements in the same year it was to take effect (2020), and then it was expected to be extended to 2021 due to the COVID-19 pandemic.

But, between comings and goings in the National Congress and presidential approvals and vetoes, we are expecting the Law to come into effect at any moment. Unfortunately, these changes generate a lot of instability regarding the new legislation and a risk that can directly impact the main objective of the law: the protection and privacy of Brazilians.

In addition to the definition (or lack of clear definition), of the effective date of the LGPD, the Federal Government has recently established the structure of the National Data Protection Authority (ANPD)the body responsible for overseeing the protection of personal data, elaborating guidelines for the National Policy on Personal Data Protection and Privacy, inspecting and applying sanctions in cases of non-compliance with the legislation, among other duties defined in Law 13,709.

Expectations aside, companies and organizations need, more than ever now, to be prepared for the requirements that will soon be imposed by data protection law. Despite all this transition period, there are still questions about the LGPD that companies need to understand in order to comply with the new legislation.

To help clarify the main doubts, we have put together a list of the most important questions and answers so that you can adapt the LGPD to your business.

Questions and answers about LGPD that your company needs to know to comply with the data protection law

Although there is no universal checklist applicable to all cases, some problems arise more frequently than others. And these questions and answers about the LGPD will be relevant for years to come, as the new legislation has no expiration date.

#1. Are you a data controller or data processor – do you determine the purposes and means of the processing of personal data or do you process personal data on behalf of another party?

Answering this question is crucial to determining the scope of your obligations under data protection law. Of all the questions and answers about the LGPD, this one will probably guide you to most of the actions that need to be taken going forward.

Data controllers decide what data is collected, for what purpose, how it is processed, and for how long. This means that you are responsible for fulfilling a wide range of obligations, such as protecting the data, meeting the objectives of, for example, data minimization and processing transparency. You are also the one who has the obligation to respond to and facilitate the exercise of the data subject’s rights.

On the other hand, if you are a data processor, you process data on behalf of a controller and only within the scope that it has determined. Therefore, you cannot make decisions about what personal data is processed and how. Your primary duty is to protect the data you process from unauthorized access, modification, etc.

#2. Do you perform all processing activities yourself or do you use third-party processing services, such as server rental?

If you use a third-party processing service, you must enter into a specific written agreement (including in electronic form), which should regulate in particular the object and duration of the processing, the nature and purpose of the processing, the types of personal data and categories of data subjects, and the obligations and rights of the controller.

Remember that even if you do not process the data yourself, you are still responsible for the processing. Choose only those companies that guarantee to implement appropriate technical and organizational processing measures to meet the requirements of the LGPD and ensure data protection.

The set of questions and answers about the LGPD also apply to third-party companies.

#3. Who can access your company’s personal data? Are there different levels of access for different positions?

The fact that you, as the controller or processor, have the right to process the data does not mean that all your employees can access it – it should only be the people whose position within your company requires that they have these rights.

Remember to specify the scope of the authorization – what kind of data they can access (e.g. customer data, employment-related data) and what they can do with the data. Some people will need to have full access, including the right to enter, modify or delete the data, while for others just the right to view the data will be sufficient.

#4. Is all the data you collect really necessary for the purpose of your processing?

One of the main rules of personal data protection is data minimization. It obliges the controller to limit – by default – to the minimum necessary the amount of personal data collected, as well as the extent of its processing, the period of its storage, and its accessibility.

Remember to take this into account when auditing your databases and when designing new data flows (creating forms, making decisions about activity tracking, etc.).

#5. How is the collected data used – what is the purpose of processing personal data?

Data may only be processed for specified, explicit, and legitimate purposes and may not be processed in a way incompatible with those purposes.

# LGPD 6. Do you collect sensitive data – such as health records, data on racial or ethnic origin, religious or philosophical beliefs, etc.?

Processing sensitive data is prohibited by default and can happen only in specific circumstances described in the LGPD, so a general recommendation would be to avoid processing such data altogether. If this is not possible, seek legal advice to identify remedies that provide a legal basis for processing such data.

#7. Have you checked whether there are processes in your company that require a data protection impact assessment to be performed?

Such an assessment must be carried out in the case of processing that – taking into account its nature, scope, context and purposes – is likely to result in a high risk to the rights and freedoms of individuals, in particular due to the use of new technologies.

It may be necessary in specific cases, including:

  • The systematic and comprehensive assessment of personal aspects relating to natural persons that is based on automated processing, including profiling, and upon which decisions that produce legal effects on the natural person or significantly affect him/her are based.
  • The processing of sensitive data on a large scale.
  • The systematic monitoring of a publicly accessible area on a large scale.

#8. How will the right to data portability be handled? In what format will the data be provided to the data subject or to another controller at the data subject’s request?

The right to data portability can be exercised if the data subject has provided data to a controller. The processing is performed by automated means and is based on one of the following legal bases – the data subject’s consent or a contract to which the data subject is a party.

It allows the data subject to request a copy of their data in a structured, common, and readable format. The LGPD does not provide further specifications of this format, so it is up to the controller to choose it, keeping in mind that the data subject may request that the data be transmitted directly to another controller.

#9. How can a user request access to his/her data, including receiving a copy of his/her personal data being processed? Will this process be conducted manually or automatically? In what format will the copy be provided?

The data subject may ask the controller for a copy of his or her personal data being processed. When this right is exercised for the first time, the controller must provide this copy free of charge, but in case of further requests, the controller may charge a reasonable fee based on administrative costs.

Unless otherwise requested by the data subject, if the request is made by electronic means, the information must also be provided in electronic format.

In preparing for the data subject to exercise their data rights, the controller must ask itself a handful of important questions, the most important being:

  • How the request can be made – using a dedicated website, with a request form and instructions, or perhaps, for example, by e-mail;
  • This process will be conducted either manually or automatically;
  • In the first case, there are enough trained personnel to handle the incoming workload;
  • The existing procedures and organizational means allow such requests to be met without undue delay.

#10. Will data be shared with third parties, including within your group? When, how, on what legal basis?

When you are the data controller, sharing data with other entities can take two forms:

  • The processing will be carried out on your behalf, you specify its purpose, duration, the obligations of the processor, and so on – in this case you need to conclude a contract regulating all these issues with the processor, and you do not have to ask the data subject for his or her consent to do so;
  • Your company loses control over the data it shares and its processing, and the recipient becomes an independent controller of that data – in which case you will need a legal basis for sharing personal data (e.g. consent from the data subject specifying with whom you share the data and for what purpose).

Questions and answers about the LGPD that went beyond the basic concept

Basic questions like “What is LGPD?”, ” What is personal and confidential data?”, “When does LGPD go into effect?” have been left out to show that data protection law is directly linked to your company’s business processes, and therefore the goal of data protection law implementation should be something more in-depth.

This means that questions and answers about the LGPD should focus on tools, features such as the adoption of electronic signatures, encryption, training, among other points that were not portrayed in our list. It is necessary to go further.

With a little over a year to go, companies need to keep an eye on the next steps of the General Data Protection Law. That is, the execution of the necessary compliance actions before the LGPD went into effect.

Companies like EVAL help you implement your strategy to meet expected requirements before LGPD takes effect with solutions to assess risks, enforce policies, protect data, respond to incidents and requests, and prove compliance.

EVAL can help your company unify business operations with data protection and security, enabling risk measurement across the organization to assist in implementing a comprehensive LGPD compliance plan.

About Eval

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

  • Tags general data protection law, lgpd
  • Home
  • About Us
  • Industries
  • Solutions
  • Resources
  • Career
  • Contact
  • Home
  • About Us
  • Industries
  • Solutions
  • Resources
  • Career
  • Contact
  • English
    • Portuguese (Brazil)
    • Spanish

Posts recentes

  • [Retrospectiva] Cybersecurity in 2022: A year of great challenges and opportunities for companies
  • On Black Friday, protect your e-commerce against fraud
  • CISOs: key areas to protect your company against cyber attacks
  • How to set up an efficient digital workflow
  • Contract automation: security guarantee for your business

Comentários

No comments to show.

Arquivos

  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • June 2022
  • January 2022
  • October 2020
  • September 2020
  • February 2020
  • November 2019
  • August 2018
  • June 2018
  • June 2017

Categorias

  • Data Protection
  • Digital Signature
  • Electronic Signature
  • News and Events
  • Uncategorized
  • About Us
  • Financial
  • Solutions
  • About Us
  • Financial
  • Solutions
  • Blog
  • Career
  • Contact
  • Blog
  • Career
  • Contact

Where We Are

Rua Paulistânia, nº 381, 2º andar,
Sumarezinho
São Paulo - SP,
ZIP CODE:05440-000

Contact

(11) 3670 - 3825
(11) 3865 - 1124
[email protected]

Facebook Instagram Linkedin
logo-tales-azul
pci-logo-teal
keyfactor-logo
logo-valid-certificadora-digital
google-safe-browsing
Privacy Policy

Copyright © 2023, EVAL TECNOLOGIA EM INFORMÁTICA. All rights reserved - CNPJ 05.278.889/0001-97