Tag: data protection

Fraud and Data Theft: 11 Tips for Customer Security

Post author By Editorial Eval
Post date 20 de October de 2020

A Serasa Experian Global Identity and Fraud Survey 2020, shows that 57% of companies are facing increasing losses due to fraud and data theft year after year, despite claiming to be able to identify their customers accurately. That’s why we need to invest in data protection.

The reality shows that three out of five companies said there was an increase in fraud over the past 12 months.

In other words, the study carried out by Serasa Experian shows that companies’ concerns about the increase in fraud and data theft persist even with the investment in security and data protection made in recent years.

Furthermore, the average cost of a data breach in 2020 is $3.86 million, according to IBM’s data breach study. Despite the slight drop from 2019 (USD 3.9 million), it is still a very high amount to pay for fraud and its impacts with customers.

What happens when those responsible for protection are compromised by fraud and data theft?

In September 2017, consumer credit agency Equifax admitted its third cyber attack in two years, when hackers exploited a website vulnerability.

Key Facts About the Cyberattack suffered by Equifax

Some 143 million US customers have potentially become vulnerable by having their personal data compromised (with 400,000 in the UK);
Confidential information (including social security numbers, driver’s license numbers, dates of birth, medical history and bank account information) was compromised, leaving customers vulnerable to fraud and data theft;
Equifax has been criticized for being ill-equipped to manage the breach. It took five weeks to make the violation public, she set up a website for information and a hotline – where customers criticized the lack of information and the long delays;
In a notable gaffe, customers were also directed to a fake website in the company’s tweets;
Offers of a one-year free credit monitoring and identity theft service were deemed inappropriate;
A lawsuit has been filed accusing Equifax of negligence with customer data, with potential cost implications of $68.6 billion.

Consumers whose data has been leaked, stolen, or used in fraud don’t even know that their personal information is at risk for months or even years. But what choice do people have: don’t travel, don’t share, don’t use social media?

Ok, we can make these choices if we need to, but we still need to get health care services, use a bank or a credit union, be insured, or even get our Social Security benefits.

How can companies take the first steps to prevent fraud and data theft?

These are the top tips from experts to help you keep your company’s confidential information safe from fraud and data theft.

1. get rid of paper

If you must keep paper files, destroy them as soon as they are no longer needed. In practice, there are nine things that companies must destroy:

Any correspondence with a name and address;
Luggage tag;
Travel Itineraries;
Extra boarding passes;
Credit offers;
Price list;
Vendor payment receipts and paid invoices;
Cancelled checks;
Receipts.

2. Assess which data you most need to protect against fraud and data theft

Audit or evaluate your data. Every company is different. Each has different regulations, different types of data, different needs for that data, and a different business culture.

Hire an outside expert to assess what data you have, how you are protecting it (not how you think you are protecting it), and where that data is going.

While you may think it is an unnecessary cost, if you report to customers and prospects that you have done an external data assessment, you may find that it puts you at an advantage over your competitors.

3. Restrict access to your confidential data

Not everyone in the company needs access to everything. Does the project manager need pricing information? Does the seller need information about the operations?

By restricting the data to which each person has access, you limit your exposure when an employee decides what they want to steal or when the employee’s account is compromised by an outsider.

4. Apply internal and external data privacy controls

Make sure that third parties and service providers contracted by your company follow the same strict data privacy controls that you implement in your own organization.

Audit them periodically to ensure compliance with your security standards and reduce the risk of fraud and data theft.

5. Use strong passwords to protect computers and devices

Make it difficult for third parties to access your company and employees’ devices and computers if they are lost or stolen by protecting them with strong passwords and enabling remote wiping on all devices.

6. Install or enable a firewall

Even small companies with only a few employees have valuable data that needs to be protected. Make sure you have a firewall installed to prevent strangers from accessing your company’s network.

7. Secure your wireless network

Use a strong password and encryption and security to hide your wireless network from strangers. Don’t let neighbors or passersby get into your network or even see that it exists. You are increasing the risk of fraud and data theft.

8. Combat fraud and maintain good customer relations in accordance with LGPD

Adhering to the fundamental principles of the General Data Protection Law (LGPD) and preventing fraud and data theft, as well as having good customer relations, can go hand in hand.

Minimizing the amount of personal data collected, anonymizing this data and adopting privacy principles from the outset will not only ensure that your customers’ right to data privacy is preserved, but will also help mitigate your risks from the perspective of the LGPD.

9. Data minimization

Whether or not you rely on legitimate interest to acquire data, you should collect only the minimum data necessary to achieve your goal.

If you can combat fraud and data theft with only the smallest amount of non-direct identification information, it’s better. That will mean less data to protect later.

10. Anonymization

Make sure that all data is protected using tokenization or encryption.

In addition to increased security, a clear benefit is that mandatory breach reporting requirements are significantly reduced for anonymized data, as the risk of harm to the data subject is greatly reduced as long as the key is not compromised.

11. Privacy by design

Make data privacy an integral part of your organization’s thought process at all levels.

Make it a habit for all departments to ask questions about what data you need, how you will protect it, and whether or not you need consent. Not to mention that a well thought out privacy strategy will likely create a better user experience.

And don’t forget the authentication! Tampered and stolen credentials are a real threat to the security of your users’ data. This threat vector makes stronger authentication an essential component in the fight against fraud and data theft, as well as defending your users’ right to data privacy.

How EVAL can help your company fight fraud and data theft

EVAL has solutions for application encryption, data tokenization, anonymization, cloud protection, database encryption, big data encryption, structured and unstructured file protection on file server and cloud, and key management to meet different demands in the area of data security.

These are solutions for business to be compliant and protected against data leakage.

About Eval

EVAL has been developing projects in the financial, health, education and industry segments for over 18 years. Since 2004, we have offered Authentication, Electronic and Digital Signature and Data Protection solutions. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Tags data protection, frauds, lgpd

Personal health information: ensuring safety and security

Post author By Editorial Eval
Post date 28 de April de 2020

Personal health information refers, in short, to demographic information, medical histories, test and lab results, mental health conditions, insurance information, and other data that a healthcare professional collects to identify an individual and determine appropriate care.

This same detailed information about our health is also a product. In addition to their use for patients and healthcare professionals, they are also valuable for clinical and scientific researchers when anonymized.

For hackers this data is a treasure trove. After all, this is personal patient information that could be stolen and sold elsewhere. What’s more, they can hijack the data via ransomware until the medical institution pays the ransom.

Medical institutions deal with personal health information and this can be a risk

As we have seen, by the nature of the sector, healthcare institutions deal with confidential patient data. This information includes date of birth, medical conditions and health insurance applications.

Whether in paper records or in an electronic record system, personal health information describes a patient’s medical history, thus including diseases, treatments and outcomes.

To give you an idea, from the first moments after birth, a baby today is likely to have their personal health information entered into an electronic health record system, including weight, length, body temperature and any complications during delivery.

Tracking this information over the course of a patient’s life provides the clinician with the context of the person’s health. This way it is better for the professional to make treatment decisions.

When properly recorded, personal health information can be stored without identifying features and added anonymously to large databases of patient information.

These de-identified data can contribute to population health management and value-based care programs.

However, there are cases where data security, protection and privacy measures are not applied. This puts health institutions, staff and especially patients at serious risk.

Cybersecurity threats in healthcare affect patients and institutions

As technology advances, healthcare professionals work to implement innovations to improve care, but cybersecurity threats continue to evolve as well.

Ransomware attacks ransomware and healthcare data breaches remain top concerns for healthcare entities and business partners of all sizes.

Ransomware is a good example of a major impact for the healthcare sector. It is considered high-risk, as healthcare organizations are tasked with caring for people. Thus, if certain information is locked or inaccessible, this care may be affected.

The responsibility for the protection of personal health information lies with all institutions and their business partners.

A situation that is sometimes misunderstood by health institutions is that privacy and security of health information do not always move together.

While privacy requires security measures, it is possible to have security restrictions that do not fully protect the private information of patients and caregivers.

Let’s think of an example: if a healthcare institution or a cloud provider shares encrypted medical data to an outpatient clinic, protection and privacy may be at risk.

After all, institutions need to enter into a partnership agreement that includes requirements for data security processes and policies. If this does not occur, the information shared is at high risk.

Despite the high risk, it is possible to protect your organization from cybercrime by securing patient information

Ransomware and other cybercrime attacks occur when a hacker gains access to an organization’s network. In the aftermath, files are encrypted or stolen.

In the specific case of ransomware, the files are inaccessible by the target until a ransom is paid.

To protect your organization from attacks like this and other cybercrimes targeting the healthcare industry, data protection experts recommend ten practices for securing health information:

1. Define clear data protection and privacy policies and processes

An important step in the protection and privacy of patient and caregiver health information is to clearly define data protection and privacy policies and processes.

This is the kick-off for all the other safety recommendations for the benefit of medical institutions.

2. Protect patient information in the workplace

Use access controls to ensure that patient health information is accessed only by authorized staff.

3. Conduct staff training on health data protection and privacy policies and processes

A protected health organization must train all members of its workforce on the policies and procedures regarding personal health information.

Training should be provided to each new professional within a reasonable period of time after the person joins the institution.

In addition, staff members should also be trained if their roles are affected by a material change in policies and procedures in the defined privacy and protection rules.

4. Procedures for disclosure or sharing of health information must be documented and authorized

A written authorization from the patient is required when a healthcare facility needs to share or disclose psychotherapy, substance abuse disorder, and treatment records, information, or notes.

5. Define secure health data storage and retrieval procedures

Data should be backed up periodically. Incidentally, it is also a best practice to regularly back up data via hardware such as flash drives and external hard drives, and then copy the data through the cloud while it is being modified.

This redundancy ensures that critical information is readily available. If possible, health institutions should have backups in multiple locations.

6. Firewalls are essential to ensure that protected information is not improperly destroyed

Properly using a firewall can help prevent your organization from falling victim to unauthorized access that could potentially compromise the confidentiality, integrity or availability of patient health information.

7. Health data recorded on paper should be protected

The concern for data protection and privacy also applies to the use of paper and other physical files. In addition to policies and procedures covering the physical security of documents, staff should be instructed to immediately report all incidents that may involve the loss or theft of such paper records.

8. Personal health information should never be left unattended

Extra care should be taken when patient records are temporarily transported to other health care institutions.

This information must be supervised and protected by responsible professionals during the journey, delivery and storage of personal health information.

9. Document and device encryption must protect medical data from cybercriminals

In short, devices and documents should be protected using encryption and digital signature when sharing between institutions and other healthcare professionals.

10. Keeping anti-virus and anti-malware software up to date is vitally important for personal health information

In addition, software updates and patches must be applied in a timely manner to keep networks and systems secure.

It is also worth remembering that common sense is always a good best practice. Employees should never share passwords. Default passwords should be changed immediately after assigning a new application. Finally, they should not be reused between different systems and should also be changed if they are compromised.

The ultimate goal is to achieve high levels of data security, protection and privacy, thus ensuring the integrity of the personal health information of patients and other caregivers.

About Eval

A EVAL está a mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria, Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presente nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da EVAL atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Tags data protection, Digital Signature, encryption, information security, randomware

Digital Signature

Electronic signature with institution seal

Post author By Editorial Eval
Post date 26 de February de 2020

We did an article talking about the basic electronic signature and in it we explain that, despite the advantages, it does not offer good levels of information security and legal validity, although of course it has a more acceptable usability from the user’s point of view.

Today we will cover a safer way to use this technology. The electronic signature with the institution’s seal (or third-party seal) is very similar to other electronic signature models, but offers greater security.

It works as follows: The user signs the document with a basic electronic signature, authenticated electronic signature, or even a behavioral signature; after that, a digital signature is applied by a third party, which must be a trusted institution. This part can be done by the institution where you work, such as a bank, a brokerage house or a university, for example.

At the end of the signing process, both the document and the user’s electronic signature are signed with the institution’s digital certificate. In this way, the template ensures security for the authentication of the signer and the document, as well as linking both.

Electronic signature with digital signature of the institution

The greatest guarantee lies in the fact that the institution needs a digital signature to perform the process, as well as a digital certificate. The digital signature is a more secure model of electronic signature, and the digital certificate works as a kind of identity card in the virtual world.

In this way, the electronic signature with the institution’s digital signature is able to provide information about:

Identification of the person who made the signature;
The date and time when the signature was made;
Integrity, in which the document cannot be altered without being noticed, since it is protected by the digital signature of a third party;
The collection of the same data collected in the authenticated electronic signature.

More points on one important issue: safety

As we have shown above, usually the service provider also authenticates the user, and for this it can use either simple or two-factor authentication. All these processes ensure the integrity of the file, thus making it impossible to alter it without leaving marks.

Even the user’s electronic signature can be signed, which we call authentication. However, it is necessary for a third party to verify the authentication, such as a query of the authenticator’s service history.

Finally, another relevant aspect of the security of electronic signatures with a third-party seal is that if the solution is not implemented correctly, it can lead to legal problems. After all, both the electronic signature and the institution’s digital signature alone do not guarantee the level of security and legal validity required in more stringent situations. Always remembering that it is the institution’s legal department that must decide if the signature model meets the legal requirements to be used in each of the institution’s businesses. Therefore an institution can use several subscription models.

So what is the legal validity of the electronic signature with the institution’s seal?

It can be well accepted in juries, but it is important that the person offering the solution has a history with a good level of detail and security against tampering, i.e. has data integrity and is auditable.

However, there is a point of attention! If the company providing your signature solution closes its doors, or you decide to stop working with it, the legal evidence of the documents you sign can be rendered worthless and unrecoverable. So before you choose a company, make sure you know what happens to those records if the service is no longer provided. In other words, it must have an acceptable level of interoperability that guarantees future validation.

What to expect from usability?

For end users, the electronic signature with a third-party seal works in the same way as the authenticated electronic signature model. After all, the service provider’s signature is added automatically. By the way, documents can be signed from anywhere and at any time, which makes it very easy to use.

Conheça as vantagens da assinatura eletrônica para empresas brasileiras

Good communication with other devices and software

The electronic signature with the institution’s seal can be recognized and validated more easily than conventional digital signatures. In this type of solution, you can see data from the electronic signature as well as information about the digital signature of the institution, as if it were a dossier, or even a summary of the evidence of the signature made by the professional, facilitating the understanding of all involved.

What to expect for adoption and usage costs

Here we have a good advantage. This model does not require devices such as readers or specific software for the end user.

Another advantage of the electronic signature with the institution’s seal is that no digital certificate is required per user. This can be advantageous for certain types of businesses. So always check with the legal department to see if this subscription model fits the business you want to apply. S

Summary of the conversation

The electronic signature with the institution’s seal is capable of ensuring reasonable levels of security and legal validity, but for this it needs to be offered with secure processes and procedures for user authentication, integrity, and management of transaction histories. To add more security it is possible to identify the signer in a specific way.

In short, it is interesting to identify and protect each user’s signature to ensure the integrity of what each signer has found in the document. Information such as the date and time the document was signed is very good to give more strength to the signatures made.

Electronic signatures with the institution’s seal can also be time-stamped, but this makes them more expensive to adopt.

Additionally, it is worth remembering what MP 2200 says that regulates electronic signatures in Brazil. In particular Art 10, para 2 “The provisions of this Provisional Measure do not prevent the use of another means of proving authorship and integrity of documents in electronic form, including those using certificates not issued by ICP-Brasil, provided that it is admitted by the parties as valid or accepted by the person to whom the document is opposed.”.

Finally, always consult yourinstitution’s legal departmentfor help in defining which electronic/digital signature model you should use for each of your company’s businesses and thus help accelerate your company’s digital transformation.

About Eval

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Tags data protection, electronic signature, electronic signature with institution's seal, third party seal

Data Protection

10 vital recommendations for secure data transmission

Post author By Editorial Eval
Post date 27 de November de 2019
No Comments on 10 vital recommendations for secure data transmission

Protecting the data used in business operations is an essential requirement for an organization’s confidential information.

Malicious users can intercept or monitor plain text data transmitted over a network or via removable media and unencrypted mobile devices.

Thus they gain unauthorized access, compromising the confidentiality of data considered sensitive and strategic. This is why secure data transmission is so important.

Criptografia como solução de segurança

Protection in these cases is done with cryptographic algorithms that limit access to the data only to those who have the appropriate encryption feature and its respective decryption.

In addition, some modern cryptographic tools also allow for condensation or compression of messages, saving transmission and storage space.

We have converged the need to protect data transmissions together with existing technological resources. Therefore, we have separated 10 recommendations that are considered vital to be successful in the whole process of sending and receiving data.

Malicious users can compromise the confidentiality of information during a data transmission

Data considered sensitive or restricted with regard to data protection must be encrypted when transmitted over any network. This must be done in order to protect against interception of network traffic by unauthorized users. Attacks of this type are also known as Man-in-the-middle, click here to learn more.

In cases where the source and destination devices are within the same protected subnet, the data transmission must still be protected with encryption, due to the potential high negative impact of a data breach and theft. In addition, employees tend to have less concern when they are within a “controlled” environment, believing themselves to be safe from attack.

The types of transmission can include client-to-server communication, as well as server-to-server communication. This can include data transfer between main systems, between third party systems, or P2P transmission within an organization.

Additionally, when used to store restricted data, removable media and mobile devices should also use encryption of sensitive data appropriately, following security recommendations. Mobile devices include laptops, tablets, wearable technology, and smartphones.

Emails are not considered secure, and by default should not be used to transmit sensitive data unless additional data encryption tools from these services are used.

When trying to protect data in transit, the security professional should consider the following recommendations for designing secure information transmission:

Top recommendations

Where the device (whether client or server) is accessible via a web interface, traffic must be transmitted over Secure Sockets Layer (SSL), using only strong security protocols and transport layer security;
Data transmitted by email should be protected using email encryption tools with strong encryption, such as S/MIME . Alternatively, before sending an email, users should encrypt data using compatible file data encryption tools and attach it to the email for transmission;
Data traffic not covered by the web browser should be encrypted via application-level encryption;
If an application database is outside the application server, all connections between the database and the application must also use encryption with cryptographic algorithms compliant with recommended security and data protection standards;
When application-level encryption is not available for data traffic not covered by the Web, implement network-level encryption, such as IPsec or SSL encapsulation;
Encryption must be applied when transmitting data between devices on protected subnets with strong firewall controls;
Develop and test an appropriate data recovery plan;
Follow the recommended requirements for creating strong passwords that should be defined in the organization’s security police. Also, adopt some management tool to store the access data and recovery keys;
After the data is copied to a removable media or mobile device, verify that it works by following the instructions for reading data using encryption. Also take the opportunity to include in your recovery and contingency plan tests of opening backups that have been encrypted;
When unattended, removable media (or mobile device) should be stored in a secure location with limited access to users as needed. And be aware of the keys that were used to encrypt the backup.

Support and internal policies are also very important

The last recommendation is to have proper supporting documentation for this entire data transmission process. Security policies and processes need to be validated through frequent testing that can guarantee the efficiency of all procedures to be carried out.

Finally, don’t forget to create an awareness policy made for the company’s employees. Adopt training and campaigns that demonstrate the importance of following the organization’s security and data protection policies and processes.

Data encryption tools to support secure transmission

End-to-end encryption is usually performed by the end user within an organization. The data is encrypted at the beginning of the communications channel, or earlier via removable media and mobile devices. In this way they remain encrypted until they are decrypted at the remote end.

To assist this process, the use of encryption tools provides the necessary support for secure data transmission.

There are several tools for encrypting data, but it is important to pay special attention to key management. For if you get careless and lose the key, you will lose the content that was encrypted as well.

Therefore, we always recommend the correct use of equipment and platforms that manage the key, its life cycle, as well as access control. After all, with a more comprehensive use, management can get complicated using only Excel spreadsheets.

The Challenge of Data Traffic

One of the main goals throughout history has been to move messages through various types of channels and media. The intention has always been to prevent the content of the message from being revealed, even if the message itself was intercepted in transit.

Whether the message is sent manually, over a voice network, or over the Internet, modern encryption provides secure and confidential methods for transmitting data. It also allows the integrity of the message to be checked, so that any changes in the message itself can be detected.

In short, the adoption of encryption should be a priority for all companies, regardless of their industry or size. Today, data protection has become critical to the success of any business and therefore cannot be ignored by any organization.

Finally, read more about data protection and privacy in our blog and learn how to apply encryption technology effectively in your company by contacting EVAL’s experts. We are happy to answer your questions and help you define the best ways to protect your organization against data leakage and theft.

About Eval

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Tags data encryption, data protection, data transmission

Data Protection

Secure Data Transmission: 10 Tips For Your Business

Post author By Editorial Eval
Post date 27 de November de 2019

Protecting the data used in business operations is an essential requirement for an organization’s confidential information. This is when secure data transmission, along with data encryption come into play.

Malicious users can intercept or monitor plain text data transmitted over a network or via removable media and unencrypted mobile devices.

Thus they gain unauthorized access, compromising the confidentiality of data considered sensitive and strategic. This is why secure data transmission is so important.

Protection in these cases is done with cryptographic algorithms that limit access to the data only to those who have the appropriate encryption feature and its respective decryption.

In addition, some modern cryptographic tools also allow for condensation or compression of messages, saving transmission and storage space.

Cybercriminals can compromise the confidentiality of information during a data transmission

Data considered sensitive or restricted with regard to data protection must be encrypted when transmitted over any network.

This must be done in order to protect against interception of network traffic by unauthorized users. Attacks of this type are also known as Man-in-the-middle, click here to learn more.

In addition, employees tend to have less concern when they are within a “controlled” environment, believing themselves to be safe from attack.

Emails are not considered secure, and by default should not be used to transmit sensitive data unless additional data encryption tools of these services are used.

When trying to protect data in transit, the security professional should consider the following recommendations for designing secure information transmission:

Top recommendations

Where the device (whether client or server) is accessible via a web interface, traffic must be transmitted over Secure Sockets Layer (SSL), using only strong security protocols and transport layer security;
Data transmitted by email should be protected using email encryption tools with strong encryption, such as S/MIME . Alternatively, before sending an email, users should encrypt data using compatible file data encryption tools and attach it to the email for transmission;
Data traffic not covered by the web browser should be encrypted via application-level encryption;
If an application database is outside the application server, all connections between the database and the application must also use encryption with cryptographic algorithms compliant with recommended security and data protection standards;
When application-level encryption is not available for data traffic not covered by the Web, implement network-level encryption, such as IPsec or SSL encapsulation;
Encryption must be applied when transmitting data between devices on protected subnets with strong firewall controls;
Develop and test an appropriate data recovery plan;
Follow the recommended requirements for creating strong passwords that should be defined in the organization’s security police. Also, adopt some management tool to store access data and recovery keys;
After the data is copied to a removable media or mobile device, verify that it works by following the instructions for reading data using encryption. Also take the opportunity to include in your recovery and contingency plan tests of opening backups that have been encrypted;
When unattended, removable media (or mobile device) should be stored in a secure location with limited access to users as needed. And be aware of the keys that were used to encrypt the backup.

Support and internal policies are also very important

The last recommendation is to have proper supporting documentation for this entire data transmission process.

Security policies and processes need to be validated through frequent testing that can guarantee the efficiency of all procedures to be carried out.

Finally, don’t forget to create an awareness policy made for the company’s employees.

Adopt training and campaigns that demonstrate the importance of following the organization’s security and data protection policies and processes.

Data encryption tools to support secure transmission

End-to-end encryption is usually performed by the end user within an organization. The data is encrypted at the beginning of the communications channel, or earlier via removable media and mobile devices.

In this way they remain encrypted until they are decrypted at the remote end.

To assist this process, the use of encryption tools provides the necessary support for secure data transmission.

Therefore, we always recommend the correct use of equipment and platforms that manage the key, its life cycle, as well as access control.

After all, with a more comprehensive use, management can get complicated using only Excel spreadsheets.

The Challenge of Data Traffic

Whether the message is sent manually, over a voice network, or over the Internet, modern encryption provides secure and confidential methods for transmitting data.

It also allows the integrity of the message to be checked, so that any changes in the message itself can be detected.

Finally, read more about data protection and privacy on our blog and learn how to apply encryption technology effectively in your business by contacting Eval’s experts.

We are happy to answer your questions and help you define the best ways to protect your organization against data leakage and theft.

About Eval

EVAL has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and the General Data Protection Law (LGPD). In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Tags data encryption, data protection, data transmission

Data Protection

Data protection with encryption: a challenge for companies

Post author By Editorial Eval
Post date 27 de November de 2019

Data protection with encryption, considered one of the most recognized and widely implemented security controls today, is still a major challenge for companies. According to the American company Vera Security, only 4% of data breaches are considered “secure”, where encryption renders the stolen files useless.

Encryption is usually purchased and deployed for purposes related to compliance with requirements. In other words, it is usually not aligned to deal with real-world security risks, such as data theft and accidental employee excesses.

In fact, applying encryption technology effectively is one of the main challenges organizations face in achieving satisfactory data protection performance.

To give you an idea of the situation, data presented in a survey by Vera Security shows that 61% of respondents believe that compliance drives the need for encryption, not the protection of user data.

This further increases the disconnect between encryption and security.

The report also cites perimeter-oriented encryption deployments as one of the main reasons why organizations’ encrypted data protection investments are misaligned with how employees and business partners actually use critical data.

The challenge of protecting data with encryption throughout the business lifecycle

For professionals specializing in security, privacy and risk, the speed and scale of how data moves through organizations and their partners today are the factors that most increase the need for data protection.

Especially in today’s collaborative post-cloud environment, organizations must invest in data protection with encryption throughout the business lifecycle.

The main approach is to use file security with always-on encryption to protect data during its lifetime. This ensures compliance with existing laws and regulations. This strategy aims to provide strong encryption, real-time access control and defined policy management.

Another important finding in the report is that almost two thirds of respondents rely on their employees to follow security policies. This is the only way to guarantee the protection of distributed files.

However, 69% are very concerned about the lack of control over documents sent outside the network or collaborated on in the cloud. Finally, only 26% have the ability to locate and revoke access quickly.

The survey also shows that only 35% of respondents incorporate data protection with encryption into security processes in general. Meanwhile, others cite difficulties in implementing technology correctly as the reason for its low prioritization in the organization.

One of the main conclusions of the research is that encryption is not seen as an “easy win”. It is also considered difficult to deploy and use.

Recommendations for turning this game around with cryptography

Despite the difficulties in adopting data protection with encryption in companies, it is worth noting that there are data-centric security technologies that can provide real-time tracking and access control, without inconveniencing the end user. The recommendations are as follows:

1. IT and business teams need to follow the company’s workflow to find security breaches

These teams will then be able to find hidden data exposures. In addition, it should be noted that encryption mechanisms generally cannot keep up with data and new user functions.

Thus, organizations need to study how employees actually use sensitive information to identify areas where data protection with encryption cannot reach or is disabled out of necessity.

However, a team that knows the organization’s sensitive data can help map it out so that IT can deploy encryption correctly. That’s why the business team must be a multidisciplinary team involving various areas of the company.

2. Invest in preventing attacks

Organizations should avoid reactive thinking about incidents (“actions to be taken only after the attack”). After all, in most organizations, well-intentioned employees make mistakes that outweigh malicious threats.

For this reason, companies are advised to ensure clear visibility of their processes to help employees and managers contain accidental data exposure and apply their policies to prevent data theft and loss of privacy.

The question now is when my company’s data will leak. With this in mind, it becomes clearer how to define an appropriate strategy that will prevent the attack and ensure that, if it does occur, the data remains protected.

3. Align the business, partners and technologies to protect data with encryption

Companies need to align their technological resources – and this includes encryption – to deal with cloud, mobile and third-party technologies. The multiplication of mobile devices and business partners presents a wide variety of new places where data must travel.

Routing this data access through cloud and other centralized services helps IT, security and business leaders restore visibility and consolidate control by including this data on platforms with built-in encryption and file access controls.

The strategy for meeting the challenge of data protection with encryption needs to be assertive

Finally, the main reasons given by those interviewed in the survey for adopting encryption were:

Data is not taken seriously enough (40%);
Implementing an encryption policy on all data is considered very difficult (18%);
It’s not easy to keep track of where data is being stored (17%);
Internal applications have not been tested to ensure that data is protected in accordance with the policy (13%);
Administrators are unable to configure encryption controls correctly (12%).

Against this backdrop, we can see that we have a major challenge ahead of us. Companies cannot leave the burden of data security to IT teams alone.

Instead, they must raise awareness, implement and properly test an assertive data protection strategy with encryption.

And for these security objectives, investing in technology is essential.

When planning encryption needs, map information flows across all applications and the tables that store relevant information. Then apply data protection with encryption for storage and transmission. And don’t forget data access control either.

Finally, to further protect the organization’s data, be careful with documents or applications shared between users. They are easy to access and share, but can put confidential information at risk.

Encryption-based access controls again ensure that only authorized users can access certain data. Track and monitor data usage to ensure that access controls are effective.

Read more about data protection and privacy on our blog and find out how to apply encryption technology effectively in your company by contacting Eval’s experts.

We are available to answer your questions and help you define the best ways to protect your organization against data leakage and theft.

About Eval

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Tags data encryption, data protection

Data Protection

Exposure of sensitive data: the weak point of companies

Post author By Editorial Eval
Post date 28 de October de 2019

Many companies are letting the exposure of sensitive data directly impact sensitive files exposed to the majority of employees, without proper access control, as well as keeping user accounts inactive and not changing passwords regularly.

This information was pointed out in the Data Gets Personal: 2019 Global Data Risk Report survey carried out by Varonis Data Lab in several different countries, including Brazil.

By focusing on keeping cybercriminals at bay, many companies have paid little or no attention to exposing sensitive data. After all, in many cases, important information and folders are freely accessible to all employees and are not monitored.

It’s a bit like having several ways to prevent your house from being broken into, but leaving a safe full and open in the middle of the living room. If someone passes, they’ll get a present.

These problems will have to be analyzed by companies, since it’s not just about security. After all, in addition to the risks in this regard, with the LGPD about to come into force, this type of case could lead to fines for non-compliance.

But we’ll go into this subject in more detail later in this article.

High exposure of sensitive data

The study analyzed 54 billion documents from 785 companies in 30 industries and 30 different countries. It was discovered that 53% of the organizations analyzed had more than 1000 sensitive files exposed to all employees.

To give you an idea, on average each employee had access to 17 million files.

It’s not just files, but document folders also get a lot of exposure. 51% of the companies analyzed had more than 100,000 folders open to all employees.

Beyond the numbers

Sensitive data with open access to many (or all) employees represents a high risk for companies. There are various ways in which cybercriminals try to get at sensitive company information.

If an employee is phished, for example, this could cause extensive damage to the company by exposing the organization’s sensitive data. We even recently reported on cases of phishing that caused extensive damage.

These problems are not difficult to solve. Simply manage access to files and folders, especially those containing data such as confidential information on employees, clients, partners and projects.

In addition, the use of cryptography, together with good governance of cryptographic keys, is very important for keeping information secure.

That way, if something does leak, whoever gets hold of the file won’t be able to access the data it contains.

Inactive users who don’t log out and passwords that don’t change

Another finding of the study is that inactive user accounts are not deleted. 58% of companies found accounts with more than 1000 inactive users.

In general, these are people who have left the company for some reason, but their access to computers and systems still exists. In addition, more than a third of employees had passwords that never expire.

Cybercriminals are the ones to thank for this. Although they are looking for valuable data, they need a way to get to that information and accounts that are sitting unused become a good option for hacking.

Passwords that don’t change are easier to crack by brute force and when that happens, these accounts become an excellent gateway for a long time.

Sensitive information working overtime when sensitive data is exposed

Generally, sensitive data stored by a company is needed for a certain period of time in order to meet usage needs or legal issues, but then it must be deleted.

It’s like discarding a credit card after it expires. When important data is no longer needed, there is no reason to continue storing it.

Keeping them is taking an unnecessary risk.

However, 72% of the file folders analyzed contained old information that should have already been deleted. In addition, 53% of the total data was old and should no longer be in the possession of companies.

Add these findings to the fact that most companies were working with permissions to more folders than they can manage and, to use a popular expression, we have a scenario with a lot of important information lying around.

Compliance and LGPD

The report mentions that “highly exposed data represents a major risk for organizations regardless of size, area or location”.

Apart from the main laws on the use of confidential and sensitive data, such as GDPR and LGPD, this widespread exposure of sensitive information can lead to legal problems for companies through other legislation.

But here in Brazil, with the General Data Protection Law knocking on the door, it is important that companies seek compliance so as not to be negatively affected anytime soon.

The LGPD has clear sections on data anonymization, as well as liability and access registration, but here we highlight article 46.

It states that “processing agents must adopt security, technical and administrative measures capable of protecting personal data from unauthorized access and from accidental or un lawful destruction, loss, alteration, communication or any form of improper or unlawful processing”.

In short, not just anyone can have access and even “accidental situations” must be taken care of.

Progress must be made on the challenge of exposing sensitive data

The study also found that only 5% of folders were protected. So there is an important road ahead.

In cases such as those mentioned in this article, it is necessary to change the culture regarding data storage and security measures.

You can’t be left behind by cybercriminals or out of compliance with the law.

About Eval

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Tags Data Exposure, data protection, lgpd

Data Protection

Encryption and Cryptography: 10 posts you need to read

Post author By Editorial Eval
Post date 26 de June de 2019

The concepts behind the emergence of cryptography are quite simple. However, knowing how to take advantage of the benefits of this technology and avoiding pitfalls in the management of your business are other issues.

Cryptography is an evolution and an alternative to techniques and methods against cyber attacks and data theft. It continues to evolve alongside technological advances. After all, new solutions are emerging and more companies are turning to encryption to guarantee privacy and protection.

Not so long ago, the industry defined cryptography as the method by which a plain text, or any other type of data, is converted from a readable format into an encoded version that can only be decoded by another entity that has access to a decryption key.

This definition has expanded and changed in recent years, as companies like Eval have entered the market with products that offer advances in encryption and practical solutions.

Thus, the innovation went beyond the main objectives of encryption. Since it currently has several benefits. These include, for example: reducing costs, increasing productivity and strategic management for different types of companies, regardless of size or segment.

Eval’s blog articles present a series of concepts and practices that readers can use at various stages of the acquisition, deployment and management cycle. That way, we can help them make the most of the benefits of encryption.

Implement digital signatures, adopt a document management-centric approach or invest in policies. There is information here that will certainly help your company in its quest for effective data protection.

Data protection as a priority

Before we even start our list, it’s important to highlight the consequences of a lack of investment in security and privacy. That’s why we’re going to show you the problems caused by a lack of data protection in your organization.

In this article, as well as understanding the importance of data protection through our list of publications, you can get an idea of the risks we are currently experiencing.

The fact is that data protection has become a concern for institutions such as the International Monetary Fund (IMF), the government itself and other organizations that have information security as a priority.

Now, let’s get to our list!

The basis for understanding the importance of cryptography

Basically, we’ll divide our list into two parts. The first of these serves to provide a foundation and teach good practices related to encryption and cryptographic key management.

1. About cryptography and key management

In the article Data encryption and key management, we covered aspects relevant to information security related to encryption.

The aim was to present the basics of cryptographic technology, cryptographic services and, finally, cryptographic key management.

We also show the importance of correctly managing cryptographic keys for programming cryptographic services.

2. Why manage cryptographic keys?

After all, why should you manage cryptographic keys? In this article, we show you that management means protecting against loss, theft, corruption and unauthorized access.

Therefore, data protection is not just about adopting encryption in business processes, management and sharing. After all, you need to efficiently manage all the elements related to the use of technology.

3. What if the encryption keys are still lost?

For those who haven’t been convinced of the importance of managing cryptographic keys, or haven’t understood the problem of mismanagement, the article The truth no one ever told you about key loss shows the consequences.

4. The search for the best way to protect data

So far, you’ve seen the concepts, the benefits of adopting cryptography in business and the impacts of managing cryptographic keys.

In the article ” Is native encryption the best way to protect data?”, we showed that Enterprise Key Management (EKM) solutions in companies have become essential to comply with existing market regulations.

This type of solution also provides access to other important data protection benefits for any organization.

5. Important facts about cryptography

To close the first part of our list, we have the article What you didn’t know about encryption software. He clarifies doubts and shows important points about this subject, which companies and professionals are often unaware of.

Therefore, we conclude this stage by pointing out issues that cannot be ignored in a technology adoption process.

Encryption in practice

There’s no point in theory without practice, is there?

These success stories demonstrate that the use of cryptography is one of the main ways to guarantee information security and data protection.

So let’s begin the second stage of our list of articles on encryption.

6. Where encryption applies

In the article Places where you use cryptography and don’t even know it, we show everyday situations where technology is applied and often we don’t even know it.

An interesting piece of content that shows how technology is successfully applied, guaranteeing privacy and data protection.

7. The famous relationship between cryptography and the financial market

Cryptography has become well known through its applicability in the financial market.

That’s why it’s only fair that our first success story is featured in the article How does crypto benefit the financial market?

8. Encryption goes through our credit card

One of the most critical points when it comes to data theft is the misuse of credit cards and other forms of payment that are part of our daily lives.

By the end of the article Encryption for financial records and payment data, the reader will understand why this technology has become so vital for our financial transactions and personal information.

9. Yes, encryption is also in communication

This is yet another case that shows that technology is in our daily lives and we don’t even realize it.

In the article Encryption for communication applications: learn more, the reader will realize that privacy and data protection go through our main channels of conversation.

The main messaging apps have already adopted this technology as their main data security tool.

10. Our information is kept confidential through the use of encryption

To conclude our list of articles, the content Secrecy and origin verification using asymmetric cryptography shows the case of applying this technique to find out where a message came from.

Despite being conceptual, the article makes an analogy with a real situation: the importance of the confidentiality of the information we share on a daily basis.

What did you think of our list? Did it help you understand the concepts and importance of encryption in your professional and personal life? Keep following our blog to find out more about E-VAL’s technology and news.

About Eval

A Eval está há mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria. Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presentes nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.

Com valor reconhecido pelo mercado, as soluções e serviços da Eval atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.

Eval, segurança é valor.

Tags data protection, encryption, key management

Data Protection

How does a lack of investment in security affect a company?

Post author By Editorial Eval
Post date 16 de May de 2019

A lack of investment in cybersecurity and a data breach can have three major consequences: financial, reputational and legal.

In fact, cyber security is no longer just a matter of technology, but an essential aspect of business.

Gone are the days when companies could hand over data protection responsibilities to the IT department alone. After all, it has become strategic and affects all sectors.

The impact of lack of investment in security

Lack of investment in security results in substantial financial losses:

Theft of corporate information;
Theft of financial information (e.g. bank details or card details);
Theft of money;
Business interruptions (e.g. inability to carry out online transactions);
Loss of business or contracts;

Companies that suffer cyber breaches usually also have costs associated with repairing systems, networks and devices.

This is especially important as companies are becoming increasingly digital, which means they will be exposed to a greater number of threats if they don’t manage security risk properly and make the necessary investment.

Reputational damage is greater than financial damage

Many companies have not yet realized or measured the real impact of the loss of credibility. Trust is undoubtedly an essential element in customer relations.

After all, cyber attacks and data theft can damage your organization’s reputation and completely break down the trust that consumers have in you.

This, in turn, can lead to consequences such as:

Loss of customers;
Loss of sales;
Significant reduction in profits;
Bankruptcy.

The effect of reputational damage due to a lack of investment in security can impact even your suppliers, as well as the relationships you have with partners, investors and third parties involved in your business.

Understanding the importance of changing the mindset when it comes to investing in cybersecurity has become vital. In the midst of the digital transformation era, companies cannot risk suffering an attack or not knowing how to handle an incident.

Legal consequences of a lack of investment in security

We mustn’t forget that failing to invest in security also results in legal problems. After all, the General Data Protection Act (LGPD) requires your company to manage all the personal information it holds, whether it’s about your staff or your customers.

If this data is accidentally or deliberately compromised, and you fail to implement the appropriate security measures, you could face fines and regulatory sanctions that could make your business unviable.

Recent global breaches have impacted more than 200,000 computers in 150 countries and cost millions; nothing could make the importance of investing in cyber security clearer, as it impacts companies as a whole, not just IT departments.

The risk of attacks is real and affects every company

It’s not enough to read this post, agree that we need to invest in security and do nothing. Because you have to be aware that the risk is real and will affect your company’s operations cycle at some point.

A simple risk analysis is enough to see what can happen to your organization, employees and, above all, customers:

Physical loss of data. You can lose immediate access for reasons ranging from flooding to power outages. This can also happen for simpler reasons, such as a disk failure;
Unauthorized access to data. Remember that if you have confidential client information, you are often contractually responsible for protecting it as if it were your own;
Interception of information in transit. The risks include data transmitted between company sites or between the organization and its employees, partners and contractors, at home or elsewhere;
Your data could fall into the hands of other people. Do you share this information with third parties, including contractors, partners and other important data? What protects them while they are in your hands or those of your partners?
Data corruption, intentional or not. This can modify them to favor an external party or because of a software error.

Every company needs to have a security investment program

A lack of cyber security needs to be seen as a business risk and not just a technology problem. It is therefore necessary to follow guidelines that help the organization achieve adequate levels of protection.

So no matter what size your company is, it needs to have an investment plan to guarantee the security of its information assets.

This plan is responsible for all the policies and processes for creating a cyber security program, as well as making you think holistically about your organization’s data protection.

In short, a program provides the framework for keeping your company at an adequate level of security, assessing the risks you face, deciding what to prioritize and planning how to have up-to-date practices.

Investing in security means protecting its confidentiality, integrity and availability

Having a security investment program means that you have taken steps to reduce the risk of losing data in various ways and have defined a lifecycle for managing the information and technology in your organization.

Fortunately, cybersecurity technologies are available to companies of different sizes and segments, so they adapt to their business realities and help them meet the challenges of data protection.

How to minimize the impact of cyber attacks on companies

As we have seen, security breaches can devastate even the most resilient companies.

It is extremely important to manage the risks according to the nature of the business before and after an attack takes place, make the necessary investments and create an effective cyber incident protection and response plan. Since it can help your company:

Prevent and reduce the impact of cyber attacks;
Report incidents to the responsible authorities;
Recover the affected systems;
Getting your business up and running in the shortest possible time.

In this way, we can see that making an investment in security means training, educating and raising awareness among your organization’s users on an ongoing basis and, of course, acquiring technologies and services, always seeking to guarantee the protection of customer data and business continuity, enabling the company’s continued growth.

Do you have any questions about this? Our experts will be happy to answer your questions and contribute to your information security projects.

About Eval

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Tags data protection, information security, security investment

Data Protection

Is Proper Key Management Really a Challenge?

Post author By Editorial Eval
Post date 28 de January de 2019

Data protection leads companies to implement various encryption solutions. In this sense, one aspect that cannot be overlooked is the need for proper key management.

This is mainly due to the widespread use of encryption as a result of governance and compliance requirements. This shows that we have made progress in terms of data protection, but exposes the major challenge of key management.

After all, it’s common to manage keys in Excel spreadsheets, which can bring a great risk to organizations, since losing control or even losing cryptographic keys can cause the company to lose its data.

Key Challenges of Proper Key Management

Management is vital for the effective use of encryption. The loss or corruption of keys can lead to loss of access to systems and render them completely unusable.

Proper key management is a challenge that increases with the size and complexity of your environment. The larger your user base, the more difficult it will be to manage efficiently.

Some of the biggest challenges involve:

User training and acceptance

Users don’t like change. Although not really part of the key management process, failure to accept them can be a major impediment to the success of a project.

Therefore, it is necessary to map the impact of adopting and using cryptography in your production cycle and the difficulties in recovering or resetting keys or passwords.

Listen to user feedback and develop appropriate training to address their specific concerns or difficulties. Develop system benchmarks to check performance before and after the product is implemented.

In other words, manage user expectations.

System administration, key maintenance and recovery

These problems can have a major impact on the organization and should be addressed with the supplier before they are purchased. On an enterprise scale, manual key management simply isn’t feasible.

Ideally, management should integrate with the existing infrastructure, while providing easy administration, delivery and recovery of secure keys.

Recovery is a fundamental process, especially in situations such as an employee leaving the organization without a proper return or when a key is damaged and can no longer be used. It should also be a simple but very safe process.

In proper key management, the generation procedure should be restricted to one person. In practice, we have, for example, a product process that allows a recovery key to be split into several parts.

From there, the individual parts of the recovery key can be distributed to different security agents. Owners must be present when it is used. This process is simple, but secure, because it requires several parties to recreate the key.

What’s more, forgotten passwords can have an additional impact on the support team. The process must therefore not only be simple, but also flexible. Remote and off-network employees need to be considered as well as internal ones. In this case, remote key recovery is an indispensable feature.

Best practices for proper key management

When dealing with key management problems, who can organizations turn to for help?

The specifics of proper key management are largely dealt with by cryptographic software, where standards and best practices are well established.

In addition, like the National Institute of Standards and Technology (NIST) and the Brazilian Public Key Infrastructure (ICP-Brasil), standards are developed for government agencies that can be applied in any business community. This is usually a good starting point when discussing encryption products with your suppliers.

In the meantime, here are some industry best practices to get you started:

The usability and scalability of proper corporate key management should be the main focus of product analysis. The ability to leverage existing assets must play an important role in decision-making. Integration with an authentication environment will reduce costs and eliminate the need for redundant systems;

Two-factor authentication is a necessary security measure for financial organizations. Due to the increased processing power and capabilities of today’s computers, the strength of passwords alone is no longer enough.

Control and training

Management means protecting encryption keys from loss, corruption and unauthorized access. Therefore, at the end of the procedures and techniques applied to the management process, it is necessary to guarantee:

That the keys are kept securely;

That they undergo regular change procedures;

That management includes who the keys are assigned to.

Once the existing keys have been controlled, the policies and processes for provisioning, monitoring, auditing and termination need to be rigorously applied. For this reason, the use of automated tools can greatly ease the burden of responsibility.

Finally, information security professionals, infrastructure professionals, database professionals, developers and other professionals who need to use encryption keys should be trained, as a lack of awareness of the risks of protection failures is one of the main factors in problems.

If there is no control over access, there will be no security.

For more tips on proper key management and other more strategic topics for information security and data protection, subscribe to our newsletter and stay up to date!

About Eval

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Tags Cyber Security Policy, data protection, EKM, key management, Key Management Policy, lgpd

Posts recentes

Comentários

Arquivos

Categorias

Where We Are

Rua Paulistânia, nº 381, 2º andar,
Sumarezinho
São Paulo - SP,
ZIP CODE: 05440-000

Contact

(11) 3670 - 3825
(11) 3865 - 1124
[email protected]

Copyright © 2023, EVAL TECNOLOGIA EM INFORMÁTICA. All rights reserved - CNPJ 05.278.889/0001-97