To continue business during the coronavirus (COVID-19) pandemic, many companies have anticipated their digital transformation processes, betting on the remote working model (home office or teleworking).
It is known that, only in the beginning of the pandemic, in March of 2020, 43% of Brazilians companies migrated to the home office, according to a research made by consulting Betania Tanure Associated (BTA) and released by the portal Economic Value.
It is also not surprising that with the increase in distance work the data security of many companies has been compromised, worrying a large part of executives.
Almost 1/3 of companies had suffered cyberattacks in 2020, reveals a survey.
In the past year, almost 1/3 of companies have been attacked by ransomware, malicious software that, though links and misleading messages, can block computer screens and encrypt sensitive data.
In parallel, phishing attacks – cyberattacks that capture personal information, like passwords and credit card data through fraudulent promotions and disinformation campaigns (fake news) – increased and became even more harmful.
The data are from a report released by Gettap, a software recommendation company, that identified 10 trends of data security for this year.
Data security trends for 2021
Data security at home office is considered the main vulnerability
According to the research of Getapp, careless employees, unreliable apps and the security of mobile devices are among the top five concerns in the home office.
The practice of inadequate passwords, software and programming bugs and web application vulnerabilities were also mentioned as major concerns in teleworking.
The answers can be justified based on recent research by global digital data security companies.
According to surveys, although Brazil is the second country most cautelous in Latin America regarding mandatory internal information security guidelines, losing only to Colombia, 49% of Brazilian employees access the corporate network of their work place both on company’s computer and personal devices. Besides that, around 12% didn’t have cybersecurity solutions on their devices.
It is clear, therefore, the importance of companies to invest in tools and software that guarantee the data security when accessed remotely, as well as instructing employees to manipulate this data.
Full access to data makes a violation 4 times more likely.
Controlling the access to sensitive information is the main principle of least privilege data security. To avoid data leakage and malicious violation, it is necessary that companies adopt the principle of least privilege, where each employee has permission to access only the minimum data necessary to perform their function.
Half of the companies participating in the survey (50,7%), who reported a data violation in the last 12 months allow a total access to the company’s data. Only 12,6% of respondents affirmed strictly limited access to the data that employees need to do their jobs.
It was concluded, then, that companies that did not limit access to data to their employees are at 4 times more risk of suffering data violations when compared to those where the data access Is limited.
Data classification is widely used, but it is not enough by itself.
Critical data that can lead to financial, reputational or legal damage if compromised are frequently classified as confidential, sensitive or restricted. Business information that is available on the web or other media by free is often labeled as public.
Although there are no universal standards for data classification, the research concluded that the most used categories are public, internal and confidential.
According to the survey, 82% of employees report that the companies they work for use a data classification system. However, only these programs are insufficient to guarantee the security of confidential data.
The survey also concludes that 62% of companies that have data classification policy still provide employees with more access to data than they really need. These companies, in turn, are two and a half times more likely to suffer from a data leakage in comparison to companies that have a data classification policy and restricted access.
Phishing schemes are increasing in quantity and effectiveness
Another trend shown by the study was that in 2019, 73% of employees of the research teams claimed to have received suspect emails. In 2020, the quantity of employees that claimed to have received phishing emails increased to 80%.
The increased number of employees who click on malicious links suggests that the phishing emails are becoming increasingly difficult to detect.
When analyzing the sector of employees who most click on suspect links, it was concluded that the marketing sector was probably the one that did the most (38%).
It becomes clear, once again, the importance of executive leaders to invest in team training and data security solutions.
More than one in 3 employees have their accounts hacked.
The ATOs (account takeover), refer to digital crimes that usually result in non-authorized transactions and the leakage of confidential information.
According to the report, 37% of employees had their accounts hacked. Weak passwords and the increased confidence in e-commerce are some factors that have resulted in such an invasion.
In addition, it was found that 53% of consumers use the same passwords for many accounts, making it easier to access multiple accounts with a single hacked password.
63% of respondents who did not have an ATO claimed that their companies use email security software, in comparison to only 42% of the employers who are victims of accounting hacking.
The statistics suggests that the email data security software can considerably reduce account control from phishing emails. However, the best way to avoid this kind of cyber threat is to protect accounts using the two factors authentication (2FA) whenever it is possible.
Improved authentication methods
As suggested by the survey data the use of authentication methods considerably advanced between 2019 and 2020. Only in the use of biometric data security measures, there was an increase of 26%. This increase can be justified by the greater use of notebooks and mobile devices during the home office, since they generally have fingerprints and facial recognition as security measures.
The adoption of two factors authentication has also progressed considerably. The percentage of employees that claimed using 2FA for some or all business applications has increased from 64% in 2019 to 82% in 2020.
Ransomware reached almost 30% of companies
According to the survey, 28% of companies suffered from a ransomware attack between 2019 and 2020. Of these, 75% paid the rescue. The rest removed or decrypted the ransomware through a data backup system or accepted the permanent loss of data.
Of the companies who paid the rescue, 70% recovered their data and 30% received nothing in return, losing thousands of dollars.
You need to be aware that ransomware tactics are often evolving from direct extortion to blackmail, once the hackers threaten to expose the leaked data on the internet.
This way, the most advisable thing is to inform the authorities and the public about the attack, besides investing in cybersecurity solutions as soon as possible, avoiding fines and damages on the company’s reputation.
Employees receive more data security training and AR/VR training increase.
Other data concluded by the research were that, in last year, 17% of companies utilized Virtual reality and Increased reality for training purposes. In 2019, the percentage was only of 6%.
In some sectors, like digital marketing and accounting, this number arrived in 35%. The use of digital training tools also had an equivalent increase, parallel to a greater demand on the part of the company. 75% of the employees claimed to be obligated to realize, at least one data security training per year, against 57% in 2019.
It becomes clear, so, that companies continue to concentrated their training programs on data privacy and cybersecurity. These are fundamental to make employees and contributors aware about the risks that the leakage of confidential information can cause.
Concern about data privacy increases to 86% of organizations
Around 86% of respondents affirmed that their companies have become more concern about data security in the past year. The value corresponds to an increase of 12% when compare to a similar research made by the company in July 2019.
The increase can be justified to greater familiarity with the General Data Protection Law (LGPD) in force in Brazil since September 2020.
In addition, according to the survey, the percentage of IT professionals familiar with the European Union’s General Data Protection Regulation (GDPR) – the law that gave rise to the LGPD – rose from 66% to 78%.
Data security trends vary by company sector
The Getapp survey found that the results from the IT services sector were mixed. Although more TI companies have adopted a data classification system (from 73% to 93%), the percentage of employees with access to all company data has also increased (from 11% to 28%).
Although the IT services sector had experienced a number of phishing attacks, data violations and ATOs above average, the percentage affected by the ransomware was slightly below average.
The survey’s conclusion suggests that information security trends differ according to the sector of each company. However, the conclusions are unanimous in showing the importance of companies to invest in data security.
DNK innovates in data security solutions in call centers and contact centers
Understanding the importance of data security for companies, DNK offers the best and safest solutions for contact center and call center.
DNK is a technology company that offers smart and modern solutions to contact centers. With the mission of renovating and simplifying the relationship between companies and clients, count with last generation technologies, innovative and professionals’ functions with extensive experience in the the sector.
The company offers the best of call center solutions cloud, providing maximum security in data and information protection of its clients, besides guaranteeing quality and excellence at the service customer.
Aligned with the needs and trends of the market, DNK’s count on the help of strategics partners in offering solutions for protection of sensitive data and credential’s security.
With excellent cost-benefit, the solutions offered by DNK have three layers of security (gold, silver and bronze), where only the person in charge of the device will be able to access the information through a combination of fingerprint, facial recognition, PIN, pattern of blocking and voice phrase, all encrypted with AES-SHA 256 and stored locally.
In addition, count on IT resources (such as databases, web portals, servers) and even IoT (Internet of Things) devices and even future 5G devices, and so on; being the best option for the security of companies and call centers as it is a simple to use solution, easy to implement and with a highly competitive price.
