This is evident from the Kaspersky report “Digital footprints and their relationship with people and companies”more than a third (35%) of Peruvian employees claim to have access to confidential customer information registered in their company’s database, such as full name, personal documents and address. Within the regional scenario, Brazil is the Latin American country where employees report the most access to this type of information (46%), followed by Argentina (41%), Colombia (40%), Chile (37%) and Mexico (26% ) ).%).
Easy access to sensitive customer data by more employees than necessary can be a worrying factor for companies. Despite the fact that 91% of respondents in Peru stated that this access only takes place through a password or other form of restriction, the scenario is worrying if many employees know the password and the company does not have an effective cybersecurity system or assertive and periodic training for personnel.
Unnecessary access to sensitive customer data is associated with a weak cybersecurity culture, as access is likely to fall into the wrong hands, resulting in financial and reputational damage to the organization. For example, if the password is the only way to protect company data, it risks becoming a breach that cybercriminals can exploit to penetrate the company network and carry out hacking attacks. ransomware.
Another concern is the leakage of sensitive customer data, as this information can be used by cybercriminals to commit fraud, which can have serious consequences, such as: high fines for non-compliance with legal provisions, such as data protection legislation personal data. This point becomes even more concerning as nearly half (49%) of Peruvian workers said companies do not provide training on local regulations in this area.
This data confirms the lack of data protection information within a company, which is exposed to risks from cybercriminals on a daily basis because it is not prepared to avoid any kind of external damage. An example of a recent threat analyzed by Kaspersky was Emotet, a group that served as a gateway for ransomware attacks against large enterprises.
“A prepared company with a culture of regular training and knowledgeable employees is capable of thwarting an attack, whether it be a compromised website, spam or exploiting a vulnerability. Data protection laws and regulations should not be a company’s only concern and focus. Today, more advanced technologies, such as automated incident detection and response and intelligence reporting, are needed to anticipate, isolate and prevent any attack and stay one step ahead of criminals.” remark Claudio Martinelli, general manager for Latin America at Kaspersky.
For companies to avoid the exposure of sensitive data and the consequences that this entails, Kaspersky recommends the following:
- Teach your employees how to protect the business environment through tailor-made training, such as those provided at Kaspersky automated security awareness platform. For password protection, it is important that employees understand the dangers of a data breach and the consequences this can have for the company.
- Back up your data regularly and make sure you can access it quickly in case of an emergency.
- use the Threat Intelligence latest to stay abreast of the tactics, techniques, and procedures (TTPs) used by threat actors.
- Use solutions like Kaspersky Endpoint detection and response And Kaspersky managed detection and responsethat can identify and stop attacks at an early stage, before attackers can reach their ultimate goals.
- And of course, in case of warnings about cyber-attacks using Remote Access Tools (RATs) or using passwords that have been leaked, immediately change all keys used on the system.
The full study “Digital Footprints and their relationship with people and companies” can be consulted here.