Some security recommendations to prevent your data from being used by unauthorized persons. Make every effort and avoid falling victim to scams or virtual fraud.
1-) What can be done to mitigate the threat of a phishing attack?
Phishing is a term that in short refers to a type of online identity theft.
How it works: This action consists of the fraudster sending an electronic communication (mainly by email, instant message, SMS, etc.) that is supposedly official and attractive, so that the recipient illicitly provides their personal data, which can be passwords, financial data, bank details, credit card numbers or simply personal data.
Most common scam: Scammers send millions of messages a day, characterized as SPAM, in the hope of finding several inexperienced users who may fall victim to the attack, with links that redirect them to pages that users normally access (hotmail, email, etc.). usually access (hotmail, Gmail, etc.), and without paying attention to the web address, the victims end up typing in their email address and password in an attempt to access the site, whereupon the victim ends up entering their personal information and ends up falling for a scam. into a scam.
How to prevent it:
- Password policies
1) Periodic password changes (minimum change period);
2) Password complexity including special characters such as (&%$#, etc).
3) Simple and weak passwords, such as the numerical sequence "123456", date of birth, document number, and passwords known in password dictionaries such as P@ssw0rd, etc., are not recommended;
4) The most popular insecure password in the world in 2020 is the traditional "123456", which appeared in second place in 2019. The combination was adopted by more than 2.5 million users and was exposed more than 23 million times in the leaks used to compose the study. According to NordPass, it would take less than a second to be discovered by software that tests combinations to guess passwords.
5) Automatic blocking of passwords after "X" attempts;
6) Password history so that they are not reused for "X" number of months;
7) No sharing of passwords by users;
8) Whenever possible, enable a second authentication factor;
NOTE: All the recommendations mentioned on this page require users to pay attention to the confidentiality of their "personal" password. If this password is shared with another user, they will have access to all the data stored in this mailbox. stored in this mailbox, which does not constitute any kind of intrusion.
- Anti-Spam: Use of a specific Anti-Spam tool;
- Antivirus: Free antivirus is not a good corporate option;
- Training: Implement a training policy to make users aware of how to handle receiving e-mail, opening attachments and sending sensitive documents;
- Updates: Security patches for Windows servers, firewalls, or other security systems. Do not maintain operating systems that are not supported by manufacturer updates.
- Personal Data Protection Officer (DPO)
At add it Cloud Solutions, we guarantee the protection of our customers' and employees' personal data in accordance with the LGPD. In the event of incidents involving data privacy, we offer direct contact channels for reporting and rapid resolution:
E-mail: dpo@addit.com.br
Phone: 11-2842-1100 option 6
Contact form: https://addit.com.br/#contato
Our specialized team is ready to investigate, implement corrective measures and notify the competent authorities if necessary. We count on your trust as we continue to guarantee high standards of security and data protection at add it Cloud Solutions.
at add it Cloud Solutions.
add it has appointed a DPO (Data Protection Officer), who can be contacted at the following e-mail address: dpo@addit.com.br
Want to know more about the LGPD? Visit the official website: General Data Protection Law - LGPD - Portuguese (Brazil) (www.gov.br)
Sources:
- Most common passwords of 2020 | NordPass
- http://www.darkreading.com/vulnerabilities—threats/7-tips-for-mitigating-phishing-and-business-email-hacks/d/d-id/1323608?
- http://seguranca.uol.com.br/antivirus/dicas/curiosidades/como-proteger-ataques-phishing.html#rmcl
-
https://googleonlinesecurity.blogspot.com.br/2012/01/landing-another-blow-against-email.html
Letter of Appointment of the Data Controller - DPO
Letter of Appointment of the Data Controller - DPO
ADD IT Serviços e Consultoria de Informática Ltda, headquartered at Av. Fagundes Filho, 145, 12º. Andar, sala 122, Vila Monte Alegre, São Paulo, SP, CEP 04304-010, represented by the managing partner Mr. Marcio Villalba, called "Operator", appoints Mr. Alex de Almeida Souza, e-mail alex.souza@addit.com.br, as the person in charge of processing personal data, under the terms of art. 41 of the General Personal Data Protection Law (LGPD).
The appointment will take effect on the date of publication of this letter of appointment and will be for a period of 12 months, which may be renewed automatically.
Duties and tasks of the Data Controller
The Data Controller will carry out the following tasks in accordance with Article 41 of the General Data Protection Act:
1) inform and advise the Operator and its employees who carry out data processing operations of their obligations under the General Personal Data Protection Law (LGPD) and any applicable data protection law;
2) monitor compliance with the General Personal Data Protection Act (LGPD) and any other applicable data protection provisions;
3) monitor the Operator's strategies for the protection of personal data, including the allocation of responsibilities, awareness and training of personnel involved in data processing operations and related checks;
4) upon request, advising the Operator on carrying out a data protection impact assessment and its implementation, under the terms of the General Personal Data Protection Law (LGPD);
5) cooperate with the National Data Protection Authority;
6) acting as a point of contact for the National Data Protection Authority on issues related to the processing of personal data, including prior consultations on the data protection impact assessment under the terms of the General Data Protection Law (LGPD), when appropriate Data Protection Act (LGPD), where appropriate, advising on all other issues;
7) to act as a contact point for exercising the rights of data subjects under the terms of the General Personal Data Protection Act (LGPD) and to process their queries relating to data processing activities;
8) carry out the other duties determined by the Operator in Article 41 of the General Data Protection Act or established in complementary regulations;
9) attend meetings of the Privacy Steering Committee to make joint decisions.
Position of the Data Controller
In the performance of their duties, the Data Controller:
1) must always report directly to the highest management level of the Operator;
2) must participate in meetings and activities of the Privacy Management Committee and other relevant Unimed departments, serving as a channel between the departments and the senior management;
3) must act autonomously and independently in all their tasks;
4) shall have no power to represent the Operator;
5) shall not carry out any tasks as Data Controller that would constitute a conflict of interest;
6) In this regard, the Data Controller confirms, by signing this letter, that his/her appointment will not result in any conflict of interest;
7) The Data Controller also undertakes to immediately notify the Operator, in any event without undue delay, if a conflict of interest arises in the future;
Operator's duties
The Operator undertakes to:
1) to provide the Data Controller with all the necessary means, financial resources and personnel, in order to allow the proper performance of his/her tasks and functions;
2) promptly involve the Data Controller in all matters relating to the protection of personal data;
3) refrain from providing instructions on how the Data Controller should carry out his/her tasks;
4) refrain from removing or penalizing the Data Controller as a result of carrying out his/her tasks;
5) verify that the Data Controller carries out his/her tasks autonomously and independently;
6) refrain from assigning tasks to the Data Controller that could lead to or result in a conflict of interest;
7) deciding without delay on the taking of adequacy measures and damage mitigation measures, addressing breaches and incidents, communications to the public and authorities, and other executive decisions on privacy and protection brought to the attention of the senior management by the Data Controller;
8) to decide without delay on the taking of measures for adequacy, mitigation of damage and addressing of risks, breaches, incidents and other issues related to information security, privacy and data protection brought to the attention of the by the Data Controller;
9) approving releases, communications and responses to the authorities and the general public;
10) keep the contact details of the Data Protection Officer publicly available.
11) The name and contact details of the Data Controller (company name, address, telephone number, e-mail address, etc.) will be shared by the Operator and, where necessary, officially communicated to the National Data Protection Authority and the public.
Authority and to the public.
Finally, please find the e-mail address of the Data Controller so that Data Subjects can exercise their rights: dpo@addit.com.br
