Entrevista Zamak: Saiba como proteger seus dados e evitar riscos

Our CEO Kleber Leal was invited for an interview on security, business continuity, cloud computing, and the Internet of Things, among other topics, by the firm Prime & Llonk - a renowned consulting, accounting, and auditing office. The interview was published by them, and below you can see the full article prepared by Prime's communications team: In 2018, The Ponemon Institute (an American institute specializing in privacy and data protection) released a report called “2018 Cost of Insider Threats: Global Organizations.” In the study, 90% of participating organizations stated they are prone to internal attacks because they are not prepared against them. The factors that most influence this response are the increase in devices with confidential access, users with exclusive access to software, and the increasingly complex information technology. Furthermore, more than half of the participants experienced internal attacks in the last year. In contrast, companies are investing more in monitoring users and their access to sensitive data, with most of them having or implementing a program to protect data from insider threats. With 20 years of experience in the technology services and solutions market, Kleber Soares Leal, from Zamak Tecnologia da Informação, explains more about the subject. In the interview below, he emphasizes the importance of data security and explains what tools are used for this purpose - check it out: Kleber, regarding The Ponemon Institute report, we see that many companies do not prioritize data security. With so much cutting-edge technology available on the market, how can you protect yourself from insider threats? The question is not if a disaster will happen, but when. Whether due to an internal threat, external threat, carelessness, accident, or tragedy in the environment, the disaster will happen! And it can be vital to the business that the company is prepared. The information technology industry has undergone numerous and constant changes over the years. Not to mention the various new services and functions in the sector that are being created to meet the new business demands that arise along the way. Everything is very new for many people, and when people start to get used to it, technology has evolved again. And for any company that wants to be competitive, perpetuate itself, and evolve in the market, it is necessary to keep up with all these advances. Everything, at some point, goes through computer systems. The ways of producing and delivering demands have changed; the ways of selling, serving, and relating have changed and will continue to change. And along with this voracious evolution comes the challenge of constantly training employees and maintaining operational security. There is no doubt that, for the vast majority of companies, the biggest threat is within the house; the biggest security risk lies with the users of their systems. Whether due to a malicious user or, mainly, carelessness or lack of preparation, the threat is a constant, full-time reality. And if you are not a market giant with large financial resources to invest in technology, infrastructure, and a highly qualified technical team, the challenge is even greater. And this is one of our main missions at Zamak Technologies: to increase the level of information security and service continuity for small and medium-sized companies, delivering services and solutions that were previously only accessible to large companies. There are a series of measures that need to be taken and monitored to protect against internal and external threats, and robust professional tools exist to help with this. However, the start of the work begins with the perception of risk, which many companies still ignore or cannot imagine the size of, and with the definition of policies and strategies involving the role of information technology in the corporate governance of your business. And it was with this role that we had the opportunity to develop a successful partnership with Prime & Llonk. We are very honored by the trust and the possibility of offering greater security to their employees and clients. Kleber, what is the importance and advantages of investing in cloud computing, is it safe? Cloud computing arrived to fulfill an old desire of the information technology industry, which is to deliver software as a service, what we call SaaS (software as a service). With advances in hardware engineering and access to high-speed internet, this became possible. Cloud computing is an undeniable reality and is where everything is heading. It represents a huge advance in the availability of resources, a huge gain in mobility, and the possibility for any company to access technologies that were previously financially unfeasible. Today, a very high investment is no longer needed to buy, set up, and maintain an excellent server infrastructure. The company can access all of this through a small monthly subscription, and in a scalable way, adjusting to its demand without the need for reinvestments. Increasingly, the computers we use tend to become just means of accessing resources that will be in the cloud. Kleber, IoT (Internet of Things) is already a reality here in Brazil. What is it and how to implement this innovation within the company? The Internet of Things is already the new great technology revolution in our lives and in relationships with this new world. Some markets are ahead, like retail, for example. Today, there are already refrigerators and cabinets capable of recognizing what is running out in your stock and automatically placing a purchase order with your supermarket or supplier. The healthcare area is also advancing with wearables capable of monitoring information from your body and automatically sending it to your doctor wherever they are. Home or corporate environment automation is also advancing significantly. Imagine turning on the air conditioning or heating your bathtub remotely, while you are still in traffic, so when you get home, you already find and enjoy that prepared environment. For the gaming area, there are already many augmented reality gadgets providing incredible experiences. For the services area, we have powerful smartphones and tablets that practically put your computer within reach in your pocket or bag; almost everything you do on a computer can already be done with mobility on a cell phone or tablet, except working for hours on end. You buy and sell everything on your cell phone, we consume a lot of content on our cell phones all the time, newspapers and magazines have had to completely reinvent themselves. I believe it may not be long before we use smart glasses in our daily lives, which, in addition to protecting against the sun's rays, can help relay texts or speeches, recognize and provide information about people, or inform routes on a map. A lot is coming, and regardless of what your business is, it is better to stay tuned to use these new technologies and offer a different experience to your customers. All these resources connected to the internet will generate infinite personal information that will later allow new analyses and new services that we haven't even imagined yet… It is truly incredible, and at the same time frightening. (Laughs) Could you give us tips on how to increase the company's internal data security? There are some very well-known and basic administrative routines for security in any environment, such as implementing strong password policies that expire periodically, imposing access restrictions according to positions and functions, being attentive to removing or blocking users of dismissed employees, reviewing third-party access restrictions, etc. However, to protect yourself from so many threats, it is essential to dedicate greater attention to these and other aspects. The first concern should always be backup! This is our mantra here at Zamak Technologies. First step: ensure backup and restoration. This must be done in a fully automated way to local and external repositories, without human intervention; after all, where there is human intervention, there are failures. It is essential to use a robust tool, with high encryption, excellent data compression to facilitate the traffic of the volume of information, have retention policies for predetermined periods, and very clear and defined recovery strategies. I often say that the correct thing would not be to talk about how to do the backup, but rather to talk about how to restore the operation. For many businesses, being without their data and systems for a few days, or even just a few hours, can mean the closure of the company's activities. So, even with all the redundancies your company may have, when the disaster happens, how long will it take to get your company back online? That is assuming you trust your backup strategy. Having a backup and recovery strategy that offers an acceptable level of security, the next step is to think about how to protect the information that your structure is in possession of. Whether it's confidential accounting and asset information in accounting firms, judicial processes in law firms, market strategies for investment funds or industries, patient histories for healthcare companies, or your client data for other service and commercial companies, for example. Whatever your business, it is important to maintain the confidentiality and integrity of your files and databases. In this sense, it is possible to increase the security level with a good Firewall at the edge of the connection between your company and the internet, thus filtering everything that can enter or leave your computer network. In addition to the Firewall, it is necessary to have a good licensed corporate security system (antivirus) properly sized for your company, with centralized management, 24/7 monitoring, and well-defined group security policies. And do not be fooled by the argument that computers that do not use Microsoft Windows, such as those from Apple or those with Linux, do not get viruses. The threat exists in the same way. Another important point is the correct licensing of software. Many people use pirated software thinking the risk of an inspection is low, and with the argument that it is expensive. But they forget that the biggest risk is already realized: having malicious software active in your environment. Think about it. Do you really think the hacker broke the program license activation security just to sell you a CD or DVD for a few measly reais? Believe it: the bonus package comes along with it, and your entire company is already compromised. In this sense, if your company cannot afford a particular software at the moment, look for another way to fulfill your need, but never use already compromised pirated software. With all software licensed, you have the possibility to apply the updates that manufacturers frequently provide, and it is essential that you ensure all machines are applying these updates as soon as they are released. They address critical fixes for security gaps that new viruses exploit, and bugs that cause malfunction. By keeping everything up to date, you greatly increase your security level and avoid service interruptions due to crashes. Meeting all these basic requirements, your company will already have an infrastructure with a considerable level of security, however, one critical point remains: the user. To protect the user, and also to protect yourself from them, there are some important strategies, and at this point you will need to measure how much you want to protect versus how much you are willing to restrict activities. With the right tools, it is possible to centrally implement resource usage policies with specific access levels for each position. In other words, if that position does not require a certain access, the user should not access the resource, and you can keep it blocked. For example, open USB ports allow the connection of flash drives, which are a major source of viruses and large-volume information copies; a freely available wireless network presents the same risks; if you are going to offer this resource, it is essential to ensure that this Wi-Fi network is truly isolated from the internal network, and even so, if someone accesses child pornography starting from your wireless network, you will be the one who has to explain it to the police. I have seen it happen; improper permissions on folders or access levels in management systems can cause a lot of headaches; among others. It is important to have these policies well-defined, implemented, and monitored. Kleber, what technological solutions does Zamak Technologies offer to its clients? After all these concepts we've covered, a great challenge remains: how to apply, maintain, and monitor all of this efficiently and centrally? This is exactly the proposal of Zamak Technologies for its clients. Our mission is to instruct and deliver all of these services in an accessible way to small and medium-sized companies, to offer a better experience for their employees and greater guarantees to their clients that their data is being well handled. We have developed a series of solutions and strategies aimed at bringing the role of information technology as part of the corporate governance of your business. And we are happy to be able to implement these concepts with Prime & Llonk, due to the notoriety and prominence they have in their market area. Zamak Technologies provides excellent services in Backup, Antivirus, Software Updates, Web Protection, Edge Security, Group Policies, all automated, centralized, and managed, to maintain the security and productivity of your users and your company. If you still do not have a technical team responsible for delivering all of this, we can help you. If you already have your technical team, we can help your team and provide all this support and backing. We will be their best partner. Managed Backup: has everything needed to protect your servers and workstations. It also supports all current versions of Microsoft Windows, Apple OS X, and Linux, in addition to server products aimed at general use, such as Microsoft Exchange, SQL, and SharePoint Server. Even entire virtual machines from Hyper-V® or VMware® can be protected (host-level backup). With Zamak Technologies Backup & Recovery, all features are included in a simple and predictable price range. And we have strategies capable of getting your operation back up and running in minutes. Managed Antivirus: Managed Antivirus not only keeps your network security up to date with protection against the latest known threats using additional signature-based protection, but also protects against new viruses using exploratory checks and sophisticated behavioral scans of your system. In addition to automatic reaction policies and monitoring alarms. It's more than a corporate antivirus solution; we elevate your company's security to a new level. Update Management: patch management (updates and fixes for critical and security flaws) is essential for greater stability and security of your processes. Zamak Technologies' management technology integrates patch management, offering granular control over your patching policies centrally for all your workstations and servers. Whether you want to automate the entire process, customize patches for certain devices, or manually approve/deny patches, we provide peace of mind while the work is done. Web Protection: with it, you keep your network secure with internet browsing content filters, constant monitoring and protection against threats, improves user productivity with total control, management reports, and customized policies, messages, and URLs. And everything managed by our team of experts in our network operations and monitoring center. Kleber, 20 years in the IT market. What to expect for the coming years in the area of data security? Working with information technology is, in fact, a huge challenge. This is the area that evolves the fastest and promotes changes in all other areas. Keeping up with this market that impacts the lives and ways of relating of companies and people is a task that requires constant reinvention. And it's not about adapting. Many times, we need to deconstruct concepts to build new ones. It is exhausting, but also enchanting. I believe we can expect great revolutions very soon in this market, not only from the Internet of Things but also from the concepts of Artificial Intelligence and Blockchains. Great times are coming soon! (laughs). And we will be here following along and bringing solutions to our partners and clients. I am very grateful for the opportunity to grant this interview and bring a bit of information about our sector. A big hug, much success and great business to everyone! Interview originally published on the website of Prime & Llonk.