According to a report by Kaspersky “Digital Footprints and their relationship with people and companies”, more than a third (37%) of Latin American employees claim to have access to confidential information of customers registered in their company’s database, such as full name , personal documents and address.
The unnecessary exposure of sensitive data of customers can result in data leaks, fines and loss of reputation for companies, Kaspersky says.
Within the regional scenario, Brazil is the country of Latin America where employees most report access to this type of information (46%), followed by Argentina (41%), Colombia (40%) Chili (37%), Peru (35%) and Mexico (26%).
Easy access to sensitive customer data by more employees than necessary can be a worrying factor for businesses. Despite the fact that 82% of those surveyed in Latin America indicated that this access only occurs through a password or other type of restriction, the scenario is worrisome if many employees know the password and the company does not have an effective cybersecurity system. o Offer assertive and regular training for staff.
Unnecessary access to sensitive customer data is associated with a weak culture of cybersecurityas it has a high potential for access to fall into the wrong hands and result in financial and reputational damage to the organization.
For example, if the password is the only way to protect company data, it is in danger of becoming a breach that cybercriminals can exploit to enter the corporate network and launch hacking attacks. ransomware.
Another concern is the leakage of sensitive customer data, as this information can be used by cybercriminals to commit fraud, which can lead to serious consequences such as: high fines for non-compliance with legal provisions, such as the laws of personal data protection. This point becomes even more worrying since almost half (47%) of Latin American employees said that companies do not provide training on local regulations on the matter.
This data corroborates the lack of information on data protection within a company, which is subject to risks newspapers by cybercriminals because it is not prepared to avoid any type of external damage. An example of a recent threat analyzed by Kaspersky was emotet, a group that served as a gateway for ransomware attacks against large companies.
“A prepared company with a culture of regular training and informed employees is capable of mitigating an attack, whether it is a compromised website, spam or exploiting a vulnerability. Data Protection laws and regulations should not be the only concern and focus of a company. Today, more advanced technologies are needed, such as computerized incident detection and response, and intelligence reporting to anticipate, isolate, and prevent any attack and stay one step ahead of criminals,” says Claudio Martinelli, General Manager for the Americas. Latina at Kaspersky.
For companies to avoid the exposure of sensitive data and the consequences that this entails, Kaspersky recommends:
· Educate your employees on how to protect the corporate environment through customized training courses, such as those provided in the Kaspersky Automated Security Awareness Platform. For password protection it is important that employees understand the dangers of a data breach and the consequences that this can have for the company.
- Back up your data regularly and make sure you can access it quickly in an emergency.
- Use the latest Threat Intelligence to stay on top of the Tactics, Techniques, and Procedures (TTPs) used by threat actors.
- Use solutions like Kaspersky Endpoint Detection and Response and Kaspersky Managed Detection and Response, which help identify and stop attacks in the early stages, before attackers can reach their ultimate goals.
- And of course, in the case of alerts about cyber attacks using remote access tools (RATs) or using passwords that have been leaked, change all keys used on the system immediately.
The complete survey “Digital footprints and their relationship with people and companies” can be consulted here.