Facebook Instagram Linkedin

Tag: data protection

Categories
Data Protection

Mind The Sec: Eval participates in Latin America’s biggest cybersecurity event

The way we live, work, and play has been changed forever by the Internet. But with great change comes great risk, and nowhere is this more apparent than in the world of cyber security. This is why Mind The Sec is so important.

Held annually in São Paulo, the event is the largest conference of its kind in Latin America, bringing together business leaders, government officials, and security experts from around the world to discuss the latest threats and how best to protect ourselves from them.

This year’s conference was very special because we had the largest number of attendees and sponsors. The event offered valuable information on how to stay ahead of the ever-evolving threats. And as could not be otherwise, Eval marked its presence.

About Mind The Sec

The importance of Mind The Sec is undeniable. With an audience composed of experts in the field, the event serves as a venue for discussion about the main challenges and threats to information security. In addition, Mind The Sec is also an excellent opportunity for networking and establishing new professional contacts.

Eval’s participation in Mind The Sec 2022

Along with Thales, Eval attended this year’s Mind The Sec as an exhibitor and presented the latest trends in cybersecurity to visitors. It was a great opportunity for Eval to network with other companies in the sector and establish new partnerships.

In addition to participating as an exhibitor, Eval in partnership with Thales presented the talk “How to ensure sensitive data protection and accelerate compliance in the age of digital transformation.” The presentation was made by Abílio Branco, Head of Data Protection at Thales – Brazil.

If you missed our presentation at this year’s Mind The Sec, don’t worry! The event was recorded and you have the opportunity to watch it:

Once again, Eval consolidates its participation in events of great relevance to the market, such as Mind The Sec. Eval’s presence in such events demonstrates its commitment to innovation and the continuous improvement of the services offered to companies.

EVAL Professional Services has a team of specialized professionals with the best practices in the market

Benefit from our years of experience and expertise in information security and LGPD compliance. We will be your partner for realizing digitization projects in compliance with security and data protection regulations.

We share our expertise across all business flows in institutions to help you minimize risk, maximize performance, and ensure the data protection your customers and partners expect.

About EVAL

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Digital fraud will cause $48 billion in losses by 2023

In recent years there has been a significant increase in the number of digital frauds carried out over the Internet. This type of crime can take many different forms, such as credit card fraud, identity theft, and cyber attacks.

According to
study by Juniper Research
global losses from digital fraud are expected to reach $48 billion by 2023. This is up from the estimated $22 billion in 2018. The increase is due to several factors, including the growth of e-commerce and the increasing sophistication of fraudsters.

There are a number of steps that companies can take to protect themselves from digital fraud. Stay with us until the end of the article to better understand this threat scenario and see important tips that we have separated to minimize the risk of scams in your company.

Lack of analytical maturity of organizations is one of the causes of the growth of digital fraud

According to
study by Serasa Experian
, by March 2022, 389,788 fraud attempts were registered, representing an increase of 18.9% over the same period in 2021.

In practice, this means that every 7 seconds a Brazilian is a victim of fraudsters. The segment that has suffered most from this is retail, with a 74.1% increase in digital fraud attempts.

Basically, digital fraud is the use of illicit techniques to gain undue advantage. However, the modality is very broad and can take on different formats.

One of the main strategies used by criminals is phishing, which consists of creating fake websites to obtain personal data from the victims. Another modality is identity theft, where criminals use the stolen information to make purchases or access bank accounts.

The main forms of digital fraud recorded are:

  • Online credit card scamsOnline credit card scams: This type of crime is committed when the criminal obtains personal information from users, such as credit card number, expiration date, and security code, in order to make online purchases in their name;
  • Identity theftIdentity theft: This crime occurs when a criminal uses another person’s identity to gain financial advantages, such as opening accounts in his or her name or applying for loans;
  • Bank fraudDigital fraud: This type of digital fraud happens when the criminal is able to access someone else’s bank account and make transfers to your account.

The lack of analytical maturity of organizations is one of the main causes of the growth of digital fraud. Many companies still do not invest in data analysis systems that can detect fraud attempts, making the criminals’ job easier.

In addition, the growth of e-commerce has also contributed to the increase in digital scams, as criminals have found it easier to attack companies that offer online services.

What are the consequences of digital fraud for businesses and consumers?

Digital fraud is a serious problem that can have devastating consequences for businesses and consumers. In the business world, digital fraud can result in:

  • Financial losses for the company: once a company is a victim of digital fraud, it can suffer significant financial losses. This is because fraud can lead to the loss of money, as well as the expenses incurred to investigate and reverse the damage caused by fraudsters;
  • Damage to the company’s reputation: Besides causing financial losses, digital fraud can also damage a company’s reputation. When consumers are victims of fraud, they can become frustrated and angry, which can negatively affect the brand image;
  • Increased risk to cybersecurity: Digital fraud can also increase the risk of other cyber attacks, because fraudsters can use the information obtained to carry out new attacks. In addition, companies that suffer from digital fraud may be more vulnerable to other types of attacks, as fraudsters can exploit the company’s security flaws to carry out their attacks.

Thus, it is clear that digital fraud can cause serious harm to businesses and consumers. It is therefore important that companies take steps to protect themselves against this type of attack, as well as to investigate and reverse the damage done by fraudsters.

 

 

How to avoid digital fraud in companies?

There are several ways to avoid digital fraud, both for businesses and consumers. For businesses, the top tips for avoiding digital fraud are:

  1. Implement security measures: companies must implement security measures to protect company data and systems against cyber-attacks. These measures can include implementing a firewall, encrypting data, controlling access, and other security measures;
  2. Investigate suspicious transactions: organizations must also investigate suspicious transactions to identify possible digital fraud. This can include checking data such as IP address, credit card number, and other information that might indicate a cyber attack.

For the workforce, the top tips for avoiding digital fraud are:

  • Be careful what you share on social networks: Consumers should be careful what they share on social networks, because the information they share can be used to carry out cyber attacks;
  • Check URLs before clicking: employees should also check URLs before clicking, because sometimes fraudsters use fake URLs to trick people into going to malicious sites;
  • Backing up data: although it is something very technical and usually done by IT teams, employees need to be aware of the backup processes for important data, as this can help recover lost information in the event of a cyber attack.

In addition to these tips, companies and their employees should also keep an eye out for digital fraud attempts and report any suspected cyberattacks to the proper authorities.

Digital fraud is a growing problem in the business world, and can cause serious harm to businesses and consumers. Therefore, it is important to take steps to protect yourself against this type of attack, as well as to investigate and reverse the damage done by fraudsters.

payShield 10K ensures payment security and combats digital fraud

With payShield 10K you are assured that your company meets the highest security standards in the financial industry, including protection against fraud.

The fifth generation of payment HSMs from Thales, an EVAL partner company, offers a suite of proven security features in critical environments, in addition to transaction processing, protection of sensitive data, payment credential issuance, mobile card acceptance, and tokenization.

The payShield 10K solution can be used throughout the global payments ecosystem by issuers, service providers, acquirers, processors, and payment networks, offering a number of benefits.

EVAL Professional Services has a team of specialized professionals with the best practices in the market

Benefit from our many years of experience and expertise in information security and LGPD compliance. We will be your partner for realizing digitization projects in compliance with security and data protection regulations.

We share our expertise across all business flows in healthcare organizations to help you minimize risk, maximize performance, and ensure the data protection your patients and partners expect.

About Eval

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Dangers of public WiFi: data of 2 million users leaked

In our connected world, using free public Wi-Fi has become a daily routine for some people. But secure and reliable connections are not always what they seem.

Public Wi-Fi access points are easy targets for cybercriminals who can use them to invade your privacy and steal your data.

This is what happened with WSpot, a WiFi management software company based in Brazil. It exposed data from about 2 million user companies, 5% of its customer base was affected by this leak.

About the leak and the relationship with public WiFi

Security research firm SafetyDetectives discovered the leak and warned that WSpot had an incorrectly configured Amazon Web Services S3 asset. Supposedly, the vulnerability found was unprotected and open to public access, which generated 10 GB of visitor data exposure.

About 226,000 files were exposed in this data leak. The leaked information includes personal details of at least 2.5 million users who have connected to the WSpot client’s public WiFi networks.

In addition, the information exposed included details of individuals who accessed the companies WiFi service, leaking information such as name, home address, email and taxpayer registration numbers, and plain-text login credentials created by users when getting registered to the service.

The company explained that the leak was caused by a lack of “standardization in information management”, which was stored in a specific folder. The company also noted that it has been dealing with the problem since SafetyDetectives notified it and the technical procedures were completed on November 18.

Why can using public Wi-Fi connections be dangerous?

Among the main dangers of public Wi-Fi are the risks of data breaches and malware infections. In the first scenario, cybercriminals can intercept the information you transmit over an unprotected connection.

In the second scenario, digital criminals may present you with an imitation of a legitimate website, tricking you into downloading malware.

Using an insecure public Wi-Fi network offers cybercriminals a great opportunity. Here is what makes it a vulnerable wireless network:

  • No or weak password protection;
  • Improperly configured Wi-Fi routers;
  • Outdated router software;
  • Many careless users;
  • Logging into a fake Wi-Fi access point.

By 2023, there will be almost 628 million public Wi-Fi access points. And as their number increases, so do the potential dangers. Let’s see what you risk by connecting to a free public Wi-Fi network.

What are the risks of using public WiFi?

Those who don’t know how to use public Wi-Fi safely can quickly find themselves in trouble. To avoid this, you should always keep your guard up against the following dangers of open wireless networks.

Identity Theft

Identity theft is a cyber crime with the primary goal of illegally obtaining someone’s data.

Most commonly, cybercriminals use public Wi-Fi hotspots to steal people’s credit card information and commit financial fraud. With enough information about an individual, criminals can apply for loans, withdraw money, make purchases, and commit other crimes, all in their name.

Data breach

Using public Wi-Fi safely is essential to avoid data breaches, which happen when criminals illegally access private information. While identity theft primarily involves financial information, data breaches can affect any type of information you store on your device.

If you don’t know how to use public Wi-Fi safely, cybercriminals can steal your photos, videos, documents, and contacts, among others.

Malware Infection

Using public Wi-Fi makes you an easy target for browser hijackers who distribute malware to unsuspecting surfers. You may just be opening a news website when a supposedly innocent-looking pop-up ad appears on your screen. What you don’t know is that by accidentally clicking on it, you get dangerous software directly on your phone or laptop.

How to stay safe on public WiFi networks

Here’s what you need to do if you want to minimize the security risks of public Wi-Fi:

Use a VPN on a public WiFi network

To stay secure on a public Wi-Fi network, use a Virtual Private Network (VPN) application. The application hides your IP address and encrypts the information you send online, making it unreadable to third parties.

Do not access or send your confidential data when accessing a public WiFi

You don’t want your sensitive data to be intercepted, so make sure you don’t expose any. Forget about online banking, shopping, and remote work when connecting to a public Wi-Fi.

Do not use any application that may contain confidential data. The sad truth is that many applications have security holes, so anything you do in them can be visible to hackers.

Use an antivirus

Unfortunately, an antivirus program does not save your personal data from interception, but it can protect your device from various malware. This includes malicious programs that hackers secretly send to your phone or laptop on a public Wi-Fi network.

Turn on the firewall when accessing via public WiFi

Enabling the firewall can save your laptop from suspicious data packets. Simply put, a firewall analyzes data traffic and protects your device from unauthorized access. So whenever you connect to a public Wi-Fi network, don’t forget to activate the protection.

There is no magic solution for data security. While website owners and retailers should clearly up their game in protecting our privacy, we also need to do our part to at least eliminate the easiest fruit for hackers.

Fortunately, with just a little attention and these simple steps, you can protect your data and still enjoy the convenience of public Wi-Fi.

Invest in data protection in 2022 and beyond.

The CipherTrust Data Security Platform solution allows companies to protect their structure against attacks even with access via public WiFi.

According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.

To handle the complexity of where data is stored, CipherTrust Data Security Platform provides strong capabilities to protect and control access to sensitive data in databases, files, and containers. Specific technologies include:

CipherTrust Transparent Encryption

Encrypt data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.

CipherTrust Database Protection

It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses.

CipherTrust Application Data Protection

It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.

CipherTrust Tokenization

It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.

CipherTrust Batch Data Transformation

Provides static data masking services to remove sensitive information from production databases so that compliance and security issues are alleviated when sharing a database with a third party for analysis, testing, or other processing.

CipherTrust Manager

It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.

CipherTrust Cloud Key Manager

It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.

CipherTrust KMIP Server

It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.

CipherTrust TDE Key Manager

Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.

The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables companies to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.

It simplifies data security, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.

The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading security company.

Tool portfolio that guarantees data protection also with access via public WiFi

With data protection products from the CipherTrust Data Security Platform, your company can:

Strengthen security and compliance even when using a public WiFi

CipherTrust data protection products and solutions address the demands of a range of security and privacy requirements, including electronic identification, authentication and trust, Payment Card Industry Data Security Standard (PCI DSS), General Data Protection Act (LGPD), and other compliance requirements.

Optimizes team and resource efficiency

CipherTrust Data Security Platform offers the broadest support for data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.

With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.

In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.

Reduces total cost of ownership

CipherTrust Data Security Platform’s data protection portfolio offers a broad set of data security products and solutions that can be easily scaled, expanded for new use cases, and have a proven track record of protecting new and traditional technologies.

With CipherTrust Data Security Platform, companies can prepare their investments for the future while reducing operating costs and capital expenditures.

About Eval

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

How to avoid fraud with data protection and still maintain a good relationship with your customer

A Serasa Experian’s 2020 Global Fraud and Identity Surveyshows that 57 percent of companies are facing increasing losses due to fraud year after year, despite claiming to be able to accurately identify their customers.

The reality shows that three out of five companies said there was an increase in fraud over the past 12 months. In other words, the study done by Serasa Experian shows that companies’ concerns about the increase in fraud persist even with the investments in security and data protection that have been made in recent years.

Furthermore, the average cost of a data breach in 2020 is $3.86 million, according to IBM’s data breach study. Despite the slight drop from 2019 (USD 3.9 million), it is still a very high amount to pay for fraud and its impacts with customers.

But what happens when the companies responsible for protecting our identities and finances are compromised by fraud through cyber attack?

In September 2017, consumer credit agency Equifax admitted its third cyber attack in two years, when hackers exploited a website vulnerability.

Key Facts About the Cyberattack suffered by Equifax

  • Some 143 million US customers have potentially become vulnerable by having their personal data compromised (with 400,000 in the UK);
  • Confidential information (including social security numbers, driver’s license numbers, dates of birth, medical history, and bank account information) was compromised, leaving customers vulnerable to identity theft;
  • Equifax has been criticized for being ill-equipped to manage the breach. It took five weeks to make the violation public, she set up a website for information and a hotline – where customers criticized the lack of information and the long delays;
  • In a notable gaffe, customers were also directed to a fake website in the company’s tweets;
  • Offers of a one-year free credit monitoring and identity theft service were deemed inappropriate;
  • A lawsuit has been filed accusing Equifax of negligence with customer data, with potential cost implications of $68.6 billion.

Consumers whose data has been leaked, stolen, or used in fraud don’t even know that their personal information is at risk for months or even years. But what choice do people have: don’t travel, don’t share, don’t use social media?

Ok, we can make these choices if we need to, but we still need to get health care services, use a bank or a credit union, be insured, or even get our Social Security benefits.

How can companies take the first steps to prevent fraud and data theft?

These are top tips from experts to help you keep your company’s confidential information safe from data thieves.

1. get rid of paper

If you must keep paper files, destroy them as soon as they are no longer needed. In practice, there are nine things that companies must destroy:

  • Any correspondence with a name and address;
  • Luggage tag;
  • Travel Itineraries;
  • Extra boarding passes;
  • Credit offers;
  • Price list;
  • Vendor payment receipts and paid invoices;
  • Cancelled checks;
  • Receipts.

2. Evaluate which data you most need to protect from fraud

Audit or evaluate your data. Every company is different. Each has different regulations, different types of data, different needs for that data, and a different business culture.

Hire an outside expert to assess what data you have, how you are protecting it (not how you think you are protecting it), and where that data is going.

While you may think it is an unnecessary cost, if you report to customers and prospects that you have done an external data assessment, you may find that it puts you at an advantage over your competitors.

3. Restrict access to your confidential data

Not everyone in the company needs access to everything. Does the project manager need pricing information? Does the seller need information about the operations? By restricting the data to which each person has access, you limit your exposure when an employee decides what they want to steal or when the employee’s account is compromised by an outsider.

4. Apply internal and external data privacy controls

Make sure that third parties and service providers contracted by your company follow the same strict data privacy controls that you implement in your own organization.

Audit them periodically to ensure compliance with your security standards.

5. Use strong passwords to protect computers and devices

Make it difficult for third parties to access your company and employees’ devices and computers if they are lost or stolen by protecting them with strong passwords and enabling remote wiping on all devices.

6. Install or enable a firewall

Even small companies with only a few employees have valuable data that needs to be protected. Make sure you have a firewall installed to prevent strangers from accessing your company’s network.

7. Secure your wireless network

Use a strong password and encryption and security to hide your wireless network from strangers. Don’t let neighbors or passersby get into your network or even see that it exists. You are just creating problems.

8. Combat fraud and maintain good customer relations in accordance with LGPD

Adhering to the core principles of the General Data Protection Act (LGPD) and preventing fraud and still having good customer relations can go hand in hand.

Minimizing the amount of personal data collected, anonymizing that data, and adopting privacy by design principles will not only ensure that your customers’ right to data privacy is preserved, but will also help mitigate your risks from an LGPD perspective.

9. Data minimization

Whether or not you rely on legitimate interest to acquire data, you should collect only the minimum data necessary to achieve your goal.

If you can fight fraud with only the least amount of non-direct identifying information it will be better. That will mean less data to protect later.

10. Anonymization

Make sure that all data is protected using tokenization or encryption.

In addition to increased security, a clear benefit is that mandatory breach reporting requirements are significantly reduced for anonymized data, as the risk of harm to the data subject is greatly reduced as long as the key is not compromised.

11. Privacy by design

Make data privacy an integral part of your organization’s thought process at all levels.

Make it a habit for all departments to ask questions about what data you need, how you will protect it, and whether or not you need consent. Not to mention that a well thought out privacy strategy will likely create a better user experience.

And don’t forget the authentication! Tampered and stolen credentials are a real threat to the security of your users’ data. This threat vector makes stronger authentication an essential component in fighting fraud and defending your users’ right to data privacy.

How EVAL can help your company fight fraud

EVAL has solutions for application encryption, data tokenization, anonymization, cloud protection, database encryption, big data encryption, structured and unstructured file protection on file server and cloud, and key management to meet different demands in the area of data security.

These are solutions for business to be compliant and protected against data leakage.

About Eval

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Digital Signature

Electronic signature with institution seal

We did an article talking about the basic electronic signature and in it we explain that, despite the advantages, it does not offer good levels of information security and legal validity, although of course it has a more acceptable usability from the user’s point of view.

Today we will cover a safer way to use this technology. The electronic signature with the institution’s seal (or third-party seal) is very similar to other electronic signature models, but offers greater security.

It works as follows: The user signs the document with a basic electronic signature, authenticated electronic signature, or even a behavioral signature; after that, a digital signature is applied by a third party, which must be a trusted institution. This part can be done by the institution where you work, such as a bank, a brokerage house or a university, for example.

At the end of the signing process, both the document and the user’s electronic signature are signed with the institution’s digital certificate. In this way, the template ensures security for the authentication of the signer and the document, as well as linking both.

Electronic signature with digital signature of the institution

The greatest guarantee lies in the fact that the institution needs a digital signature to perform the process, as well as a digital certificate. The digital signature is a more secure model of electronic signature, and the digital certificate works as a kind of identity card in the virtual world.

In this way, the electronic signature with the institution’s digital signature is able to provide information about:

  • Identification of the person who made the signature;
  • The date and time when the signature was made;
  • Integrity, in which the document cannot be altered without being noticed, since it is protected by the digital signature of a third party;
  • The collection of the same data collected in the authenticated electronic signature.

More points on one important issue: safety

As we have shown above, usually the service provider also authenticates the user, and for this it can use either simple or two-factor authentication. All these processes ensure the integrity of the file, thus making it impossible to alter it without leaving marks.

Even the user’s electronic signature can be signed, which we call authentication. However, it is necessary for a third party to verify the authentication, such as a query of the authenticator’s service history.

Finally, another relevant aspect of the security of electronic signatures with a third-party seal is that if the solution is not implemented correctly, it can lead to legal problems. After all, both the electronic signature and the institution’s digital signature alone do not guarantee the level of security and legal validity required in more stringent situations. Always remembering that it is the institution’s legal department that must decide if the signature model meets the legal requirements to be used in each of the institution’s businesses. Therefore an institution can use several subscription models.

So what is the legal validity of the electronic signature with the institution’s seal?

It can be well accepted in juries, but it is important that the person offering the solution has a history with a good level of detail and security against tampering, i.e. has data integrity and is auditable.

However, there is a point of attention! If the company providing your signature solution closes its doors, or you decide to stop working with it, the legal evidence of the documents you sign can be rendered worthless and unrecoverable. So before you choose a company, make sure you know what happens to those records if the service is no longer provided. In other words, it must have an acceptable level of interoperability that guarantees future validation.

What to expect from usability?

For end users, the electronic signature with a third-party seal works in the same way as the authenticated electronic signature model. After all, the service provider’s signature is added automatically. By the way, documents can be signed from anywhere and at any time, which makes it very easy to use.

Good communication with other devices and software

The electronic signature with the institution’s seal can be recognized and validated more easily than conventional digital signatures. In this type of solution, you can see data from the electronic signature as well as information about the digital signature of the institution, as if it were a dossier, or even a summary of the evidence of the signature made by the professional, facilitating the understanding of all involved.

What to expect for adoption and usage costs

Here we have a good advantage. This model does not require devices such as readers or specific software for the end user.

Another advantage of the electronic signature with the institution’s seal is that no digital certificate is required per user. This can be advantageous for certain types of businesses. So always check with the legal department to see if this subscription model fits the business you want to apply. S

Summary of the conversation

The electronic signature with the institution’s seal is capable of ensuring reasonable levels of security and legal validity, but for this it needs to be offered with secure processes and procedures for user authentication, integrity, and management of transaction histories. To add more security it is possible to identify the signer in a specific way.

In short, it is interesting to identify and protect each user’s signature to ensure the integrity of what each signer has found in the document. Information such as the date and time the document was signed is very good to give more strength to the signatures made.

Electronic signatures with the institution’s seal can also be time-stamped, but this makes them more expensive to adopt.

Additionally, it is worth remembering what MP 2200 says that regulates electronic signatures in Brazil. In particular Art 10, para 2 “The provisions of this Provisional Measure do not prevent the use of another means of proving authorship and integrity of documents in electronic form, including those using certificates not issued by ICP-Brasil, provided that it is admitted by the parties as valid or accepted by the person to whom the document is opposed.”.

Finally, always consult yourinstitution’s legal departmentfor help in defining which electronic/digital signature model you should use for each of your company’s businesses and thus help accelerate your company’s digital transformation.

About Eval

A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Categories
Data Protection

10 vital recommendations for secure data transmission

Protecting the data used in business operations is an essential requirement for an organization’s confidential information.

Malicious users can intercept or monitor plain text data transmitted over a network or via removable media and unencrypted mobile devices.

Thus they gain unauthorized access, compromising the confidentiality of data considered sensitive and strategic. This is why secure data transmission is so important.

Criptografia como solução de segurança

Protection in these cases is done with cryptographic algorithms that limit access to the data only to those who have the appropriate encryption feature and its respective decryption.

In addition, some modern cryptographic tools also allow for condensation or compression of messages, saving transmission and storage space.

We have converged the need to protect data transmissions together with existing technological resources. Therefore, we have separated 10 recommendations that are considered vital to be successful in the whole process of sending and receiving data.

Malicious users can compromise the confidentiality of information during a data transmission

Data considered sensitive or restricted with regard to data protection must be encrypted when transmitted over any network. This must be done in order to protect against interception of network traffic by unauthorized users. Attacks of this type are also known as Man-in-the-middle, click here to learn more.

In cases where the source and destination devices are within the same protected subnet, the data transmission must still be protected with encryption, due to the potential high negative impact of a data breach and theft. In addition, employees tend to have less concern when they are within a “controlled” environment, believing themselves to be safe from attack.

The types of transmission can include client-to-server communication, as well as server-to-server communication. This can include data transfer between main systems, between third party systems, or P2P transmission within an organization.

Additionally, when used to store restricted data, removable media and mobile devices should also use encryption of sensitive data appropriately, following security recommendations. Mobile devices include laptops, tablets, wearable technology, and smartphones.

Emails are not considered secure, and by default should not be used to transmit sensitive data unless additional data encryption tools from these services are used.

When trying to protect data in transit, the security professional should consider the following recommendations for designing secure information transmission:

 

Top recommendations

  1. Where the device (whether client or server) is accessible via a web interface, traffic must be transmitted over Secure Sockets Layer (SSL), using only strong security protocols and transport layer security;
  2. Data transmitted by email should be protected using email encryption tools with strong encryption, such as S/MIME . Alternatively, before sending an email, users should encrypt data using compatible file data encryption tools and attach it to the email for transmission;
  3. Data traffic not covered by the web browser should be encrypted via application-level encryption;
  4. If an application database is outside the application server, all connections between the database and the application must also use encryption with cryptographic algorithms compliant with recommended security and data protection standards;
  5. When application-level encryption is not available for data traffic not covered by the Web, implement network-level encryption, such as IPsec or SSL encapsulation;
  6. Encryption must be applied when transmitting data between devices on protected subnets with strong firewall controls;
  7. Develop and test an appropriate data recovery plan;
  8. Follow the recommended requirements for creating strong passwords that should be defined in the organization’s security police. Also, adopt some management tool to store the access data and recovery keys;
  9. After the data is copied to a removable media or mobile device, verify that it works by following the instructions for reading data using encryption. Also take the opportunity to include in your recovery and contingency plan tests of opening backups that have been encrypted;
  10. When unattended, removable media (or mobile device) should be stored in a secure location with limited access to users as needed. And be aware of the keys that were used to encrypt the backup.

Support and internal policies are also very important

The last recommendation is to have proper supporting documentation for this entire data transmission process. Security policies and processes need to be validated through frequent testing that can guarantee the efficiency of all procedures to be carried out.

Finally, don’t forget to create an awareness policy made for the company’s employees. Adopt training and campaigns that demonstrate the importance of following the organization’s security and data protection policies and processes.

Data encryption tools to support secure transmission

End-to-end encryption is usually performed by the end user within an organization. The data is encrypted at the beginning of the communications channel, or earlier via removable media and mobile devices. In this way they remain encrypted until they are decrypted at the remote end.

To assist this process, the use of encryption tools provides the necessary support for secure data transmission.

There are several tools for encrypting data, but it is important to pay special attention to key management. For if you get careless and lose the key, you will lose the content that was encrypted as well.

Therefore, we always recommend the correct use of equipment and platforms that manage the key, its life cycle, as well as access control. After all, with a more comprehensive use, management can get complicated using only Excel spreadsheets.

The Challenge of Data Traffic

One of the main goals throughout history has been to move messages through various types of channels and media. The intention has always been to prevent the content of the message from being revealed, even if the message itself was intercepted in transit.

Whether the message is sent manually, over a voice network, or over the Internet, modern encryption provides secure and confidential methods for transmitting data. It also allows the integrity of the message to be checked, so that any changes in the message itself can be detected.

In short, the adoption of encryption should be a priority for all companies, regardless of their industry or size. Today, data protection has become critical to the success of any business and therefore cannot be ignored by any organization.

Finally, read more about data protection and privacy in our blog and learn how to apply encryption technology effectively in your company by contacting EVAL’s experts. We are happy to answer your questions and help you define the best ways to protect your organization against data leakage and theft.

About Eval

A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Categories
Data Protection

8 problems caused by not having data protection

Protecting data has become a mandatory and strategic prerequisite for all companies that intend to conduct transactions over the Internet. This includes private and public institutions from the municipal to the federal level.

Security incidents involving government agencies are becoming more and more frequent. Many of us do not know, but in the very quiet underworld a real cyberwar is waged between countries. Based on this theme let’s talk about the importance of protecting data.

The protection of your country is constantly at risk

Recently a study by the International Monetary Fund (IMF) raised an alarming fact. Central banks around the world are suffering constant attacks that have already resulted in the theft of millions of dollars. And that’s not all, it turns out that the data of thousands of customers and employees has been compromised.

In recent years the financial sector and the government have been the main targets of these attacks. After all, both have migrated their operations to the online world where the risk of hacking and data theft is higher.

A strong adaptation is required from these institutions in the face of a paradigm shift. In summary, the major operations of banks and strategic government sectors used to take place offline or in a restricted fashion on private networks. However, now they are on the Internet, an open and risky world.

In recent years all these institutions have undergone a major disruption in their business models. Thus, protecting the data has become a priority.

Attackers can be recreational hackers, crackers, or terrorists. Problems can arise in front of business entities and interests, as well as for the public sector and the government. For example, we can cite banking institutions, energy, state agencies, hospitals, businesses, education, and even social issues as possible targets.

All these institutions rely heavily on their online presence and have therefore started to take risks. With information flowing over the Internet on different networks around the world, there is a growing need to protect personal information, funds, and assets, as well as national security.

About Eval

A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Data Care

It is clear that adopting a strategy to protect data is necessary. Citizens must have confidence in using online public services, and if they feel they are under threat in areas such as health and welfare, their use of them will certainly decrease.

Because of this growing threat public and financial sector organizations must adhere to appropriate cybersecurity standards. In this way, they can ensure the protection and security necessary for the use of the online environment in their operations.

Data protection must be a priority

For the government, cybersecurity is not only a challenge, after all, it is a major obstacle in the face of the long-awaited digital transformation. What’s more, the stakes are sky-high: hacking into public sector information can jeopardize national security.

Let’s give a better idea of the consequences of cyber attacks and information theft from financial institutions and the government. For this we have listed 8 problems generated by the lack of data protection.

  1. Invading vital systems with the aim of disabling them;
  2. Wreak havoc on the entire digital infrastructure of the country;
  3. Gain access to systems to steal sensitive data;
  4. Stealing document numbers (HR, CPF, CNH, others) or tax declarations;
  5. Make illegal financial transfers;
  6. Disrupt strategic government operations;
  7. Manipulate data and code to introduce harmful instructions;
  8. Obtain employee records and national security files.

The impact of suffering cyber attacks through financial institutions and government agencies goes far beyond financial losses. The exposure of each citizen’s information, for example, is an irreversible damage and that because of its extension becomes impossible to measure the size of the loss.

Meeting the Cyber Security Challenge

The threats are growing in volume, intensity, and sophistication, and recent attacks show that new intrusion attempts are likely to happen frequently.

A big question arises. After all, how can governments reverse the growing gap between security investment and effectiveness? Traditionally, cyber security has focused on intrusion prevention, defense using firewalls, port monitoring, and the like.

However, the evolving threat landscape requires a more dynamic strategy to protect data. So a new approach in this regard involves three key areas built around being safe, vigilant, and resilient. These three principles reflect the fact that defense mechanisms must evolve.

Government actions cannot rely solely on perimeter security, they must also develop robust capabilities for detection, response, recognition, recovery, and data protection.

Reliability must be maintained

Cybersecurity is about building a secure environment with the use of technology in order to ensure the trust and stability of society.

Consequently, building reliability requires activities and operations that can ensure it:

  • Reduction and prevention of threats and vulnerabilities;
  • Implementation of protection policies;
  • Incident Response;
  • Fast recovery in case of incidents;
  • Data and information assurance;
  • Enforcement of cybersecurity-related laws;
  • Intelligence operations related to cyberspace security;
  • Among other actions.

You must have an incident response plan

Organizations need to have a really clear understanding of what to do in the event of a security incident. This requires an incident response plan that is well planned and regularly tested.

However, it is worth pointing out that the threats and attacks that occur today do not follow normal detection and response standards. Traditional requirements are focused only on common threats.

For financial and government institutions, the reality shows that we have threats that have been enhanced and that pose a great risk. And to combat this scenario will require developing a solid framework to manage the risks and apply new standards to detect and respond to much more advanced threats.

This goes far beyond simply testing systems for vulnerabilities. It means, for example, understanding what data is most at risk, what types of criminals would be most interested in this type of information, what type of attacks could be used, and finally developing preventive and corrective actions to protect the data.

How to position yourself in the current digital security scenario

Agencies must make significant efforts to study emerging threats by looking at key risk indicators and understanding the actors, criminals, foreign countries, and hacktivists, that threaten government and financial systems.

Whether it is an internal or external threat, organizations are finding that the use of firewalls alone is not effective in anticipating the nature of threats.

The evolving action of cyber threats requires collaborative networked defense, which means sharing information about vulnerabilities, forms of attack, and solutions among the community, governments, businesses, and security vendors.

Thus, cyber security when developed efficiently in each country encompasses virtually all citizens, providing everyone with a sense of trust and credibility in institutions.

Now you know the problems generated by not protecting the data. Keep yourself always updated, subscribe to our newsletter and stay on top of EVAL news and technologies. Keep following our content on the blog and also on our Linkedin profile.

About Eval

A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Where We Are

Rua Paulistânia, nº 381, 2º andar,
Sumarezinho
São Paulo - SP,
ZIP CODE:05440-000

Contact

(11) 3670 - 3825
(11) 3865 - 1124
[email protected]

Facebook Instagram Linkedin
logo-tales-azul
pci-logo-teal
keyfactor-logo
logo-valid-certificadora-digital
google-safe-browsing
Privacy Policy

Copyright © 2023, EVAL TECNOLOGIA EM INFORMÁTICA. All rights reserved - CNPJ 05.278.889/0001-97