Ferragens Negrão secures all of their company’s data with Safetica and is ready for data protection regulations. Safetica also helps control company hardware and the application of control rules for machines.

Problem: Ensure regulatory compliance and facilitate collaboration 

Ferragens Negrão, a Brazilian agricultural and construction equipment distributor, wanted to prepare for the new Brazilian General Data Protection Law (LGPD). Furthermore, the company needed to control their data and thus facilitate collaboration amongst employees. The company chose Safetica to accomplish these goals.

Results: Control over data and LGPD-ready

Safetica helped the company keep track of their employees, both in their home offices and at company workplaces, and facilitated compliance with LGPD.

Safetica’s management reports presented Ferragens Negrão with a comprehensive overview of their data security situation, thus giving them the tools they needed to make better business decisions. Safetica provided the company with the ability to create machine-control rules, monitor activities and restrict risky behavior.

Safetica helped the company to have a better control of our users, both on home office and internal, and facilitated the fulfilment of demands coming from LGPD. Because of the management reports, Ferragens Negrão gained overview of the data security situation that supports better decision-making. Safetica lets create machine-control rules, their overview and control.

Safetica gives us more control over our data – something that is very important for collaboration within our company.

Danilo Rafael de Lima Cabral, IT at Ferragens Negrão

Do you know where all your company’s data is and how it flows through your operations and processes? Company data flows on both official and unofficial channels, such as email, cloud, printers, instant messaging, etc. If employees don’t treat data with the proper care, it can very easily be lost. Read more about data protection – why it is important and how to do it best. 

How companies produce data

Business data is any information that is relevant for running a company. There are two types of data – input data and output data. Input data is provided by the users, and computers provide output data.

Companies gather data from various sources and channels, and they do so via different software or AI. More sophisticated tools are used for Big Data processing.

Examples of data that companies usually have:

• Financial information
• Company strategic information (long-term vision, business objectives, staff development, equality and diversity, etc.)
• Business and sales forecasts
• Customer information
• Personal data
• Website traffic statistics
• Campaign details (social media, emailing, etc.)
• Sales results
• Warehouse and inventory data
• HR data (employee information, salaries, interactions between teams, etc.)
• Customer and partner information from CRM systems
• Source code
• Blueprint and designs

What is data flow

Data flow is the movement of your company’s data throughout your systems. Data can flow via both software and hardware and can be changed during the process of moving.

Different employees and teams have access to the data at specific points in the data flow. They can change data, provide data to other departments or vendors, or even delete data.

Data can leak at any moment, and every stage of the data flow can be risky in terms of data protection.

Where companies store their data

In the past, company data was stored on paper – in files and folders in offices and archives. During the process of digitization, all data was moved to digital formats. Data can be found and moved via the following channels (both official and unofficial):

• File sharing websites and social media (WeTransfer, Twitter, Facebook, Send Anywhere)
• Email (Webmail, POP3 / IMAP, SMTP)
• Internet (HTTP, HTTPS, FTP, FTPS, P2P)
• Cloud (OneDrive, Dropbox, Google Drive, Box, SharePoint)
• Microsoft 365 (Exchange Online, SharePoint Online)
• Instant messaging (Teams, Skype, Slack)
• Removable storage (USB, Memory cards, External drives, Optical discs)
• Media (CD, DVD, Blu-ray, Printers)
• Connections (Bluetooth, FireWire)
• Operations (Copy and Paste, Drag and Drop, Screen capture)

Why you should protect data

Insiders don’t treat data with care

Insider threats are on the rise due to trends in digital workspaces, flexible and remote work, and agile and BYOD approaches. The overall number of incidents has increased by 44 percent in the last two years. Most of these threats are unintentional – 56% were caused by negligent insiders, whereas 26% were malicious.

Read more about insider threats here.

---

Data ends up in a competitor’s hands

Data has great value for companies and can easily generate another revenue stream. There are even companies whose business is based on data generation. So, employees might be motivated to steal a company’s data and sell it to competitors or other companies.

---

Reputation risks for a company

When a data breach occurs, a company’s reputation is at risk. Negative media coverage can lower the number of customers, and hence lower profit.

According to the US National Cyber Security Alliance, about 60 percent of small businesses close within six months of a major data leak and 85% of companies experience a data breach.

Data breaches caused by insiders are very costly

The costs of breaches can be enormous. The overall costs of an insider threat incident have increased from $11.45 million in 2020 to $15.4 million in 2021. The longer it takes to detect an internal threat, the higher the costs. On average, it takes nearly three months (85 days) to contain an insider threat incident. Incidents that took more than 90 days to discover cost companies $17.19 million, the average cost of incidents that were discovered in less than 30 days was $11.23 million.

---

Regulatory compliance and GDPR

In the event of a data breach legal authorities may impose fines. The strictest regulation is GDPR. Companies that violate GDPR can expect the following fines:

• The lower level is up to 10 million euros, or 2% of the worldwide annual revenue from the previous year, depending on which is higher.
• The upper level is up to 20 million euros, or 4% of the worldwide total revenue from the previous fiscal year, depending on which is higher.

Read more about GDPR in this article.

How companies lose their data

As stated above, the majority of insider threats are unintentional and occur for various reasons, such as hybrid modes of working, or BYOD approaches. Insider threats can also happen because employees are tired, work under stress, or are not aware of the security processes and importance of data security.

Let’s have a look at a few real-life situations that will show you how insider threats are a part of daily business operations.

James is rushing to kindergarten

James needs to pick up his child and doesn’t have enough time to update the customer database for the next day’s emailing. He might be able to do it from home, but according to the company’s policies, it is not possible to log in without a VPN. And he has just bought a new laptop but hasn’t set up the VPN yet.

Meanwhile his child is crying, and the teacher is calling James to see if he’s on his way. He is in a rush, so he copies the Excel sheet and uploads it to his personal Google Drive and decides to do his work at home in the evening. But his Google Drive is full of photos from his vacation and there’s not enough free space to upload the Excel sheet. So James uploads it to WeTransfer. With no encryption and no password.

Laura was interrupted by a colleague while sending out an email

Laura is working on an important email with financial documents for her company’s CFO, when suddenly her phone rings. It’s her colleague with an important issue that needs to be resolved right away. Laura is on the phone with her colleague when selecting a recipient’s email address. She is under pressure and therefore instead of the CFO’s name, she chooses the client’s email address from the suggestion.

Charlie doesn’t enjoy his job anymore

Charlie has issues with his manager and decides to find a new job. He is talented and has already received an offer from a competitor. Charlie knows that his company’s client database will be helpful in his new job and decides to take it with him. He thinks it’s risky to send it via email, so he uploads a few screenshots and database exports to his USB drive.

As you can see from the examples, insider threats mostly don’t have malicious intentions, however, the consequences might be as harmful to a company as a malicious act would be.

Whose hands your data might end up in

• Hackers/ransomware groups might blackmail you, threatening the data will be published unless you pay some money to them.
• Competition would be one step ahead of you in case they get access to your customers’ data, business plans, or know-how.
• Contractors would be negotiating lower prices because they would be aware of your conditions, calculations, and margin.

How to protect your company’s data

No matter how many channels your company uses, there are a few universal ways of protecting your data.

• Perform a data audit and find all your sensitive data. It is good to know what type of data your company operates with, where the data is stored and who has access to work with it or can change it.
• Implement policies that specify how sensitive data can be handled and who can access it and for which purposes. Make sure your policies are easy to understand.
• Educate your employees and explain to them the importance of data security. They should be aware of what type of data your company operates with and what are the consequences of misusing it.
• Encrypt your data and make sure that even if you lose your flash drive or phone your data will remain safe.

A few more data security tips:

• File sharing websites, social media and instant messaging – Block upload of the data, or notify employees about risky operation
• Email – Restrict sending data to unknown external email addresses, notify employees about potential breach
• Internet, cloud, O365 – Restrict uploading data to unofficial channels outside the company or notify employees
• Printers – Check what type of documents your employees print based on contextual information and discover potential data breaches; restrict printing specific sensitive documents

How Safetica protects your data

Monitors your data flow

Safetica offers features to track and protect various data flow channels your company uses. Safetica checks your company’s outgoing communication channels and gives you an overview of how data travels in your company. Once you know your data flows you can set security measures. Notify your users about risky behavior or block dangerous file sharing actions.

---

Helps you to be compliant with regulations

Safetica helps you to monitor the data flow within your IT environment as well as when it leaves the perimeter of your company. You can set specific rules that help you to comply with GDPR or other data protection regulation. You will be able to see how employees work with personal and other sensitive data, and it allows you to eliminate the risk of misuse or accidental policy violation. The system notifies you in real-time in the event of a security threat.

---

Encrypts your data

Safetica gives you the option to manage encryption of USB devices and disks using BitLocker. The solution takes care of security key management and recovery.

---

Protect your data against insider threats

Safetica checks the users’ behavior and notifies you when finds anomalies. In case a user starts to send bigger amounts of data at night or works with different types of data out of a sudden, there is a potential incident, and the system notifies you, and you can take appropriate action.

Safetica notifies employees about risky operations, hence educating them about data security. It is important to trust your employees, however, let’s not forget we are all people, and people make mistakes. Safetica mitigates these risks, and you can go to sleep in peace knowing that data, people, and your company are protected.

Safetica NXT, the next-gen SaaS DLP, is a cloud-native solution with super-easy management and flexible subscription. Its risk-driven incident detection is powered by data analytics.

Information at your fingertips:

Overview of the Safetica NXT environment

When opening Safetica NXT, you will land on the Dashboard. It will give you an overview of the most pressing issues that transpired in the environment and show you what might need your attention.

The Data security section lets you scan files for sensitive data, create your own rules for risk detection, create your own protection rules, and investigate detected events for data leaks.

The Workspace section displays the results of our smart detection in your company’s digital workspace, so you can immediately see which web upload domains, outgoing email domains, and external devices (USBs) can be considered as safe or which ones needs to be reviewed. In this section you can also move safe domains and devices into a safe zone.

The Employees section lets you see the number of protected users, their risky events and endpoint use. You can install Safetica to a new endpoint by visiting the endpoint tab.

Safetica, the data security company with more than ten years of experience in developing the easiest to implement enterprise Data Loss Prevention*, enhances its next-gen SaaS DLP with easy management and the fastest implementation. Now any company with a hybrid workplace can deploy Safetica NXT with a single click and begin to protect their data in a matter of hours.

Implementation of legacy DLP (Data Loss Prevention) solutions used to be highly costly and inefficient projects with unclear outcomes. Safetica directly addresses this by continuously improving its SaaS product to turn this situation around for good.

Safetica NXT – the next-gen SaaS (Software as a Service) DLP – now provides truly easy-to-use data protection enhanced with automation and built-in templates. It’s continuing Safetica’s tradition of best practices in data security for SMB and small enterprises.

Developed to run and reside natively in the secured cloud, deploying Safetica NXT is possible in minutes. No in-house hardware infrastructure is needed.

Once Safetica Clients have been remotely installed on Windows or macOS devices, it takes as little as one day to complete setup and configuration (with the help of our new product guide). Then you can immediately audit data flow, classify sensitive data and begin protecting it.

Effective data protection requires fast implementation, the least amount of time to administer, and the ability to respond to detected incidents rapidly. Safetica’s years of DLP experience and focus on easy implementation and use have been acknowledged by SoftwareReviews. In 2021/2022, Safetica was recognized as an industry Champion and Gold medalist in the DPL marketplace.

 

 

Safetica has been developing a risk-driven SaaS solution with a focus on simplicity and automation. Straightforward settings and a pre-configured environment help to free up admins’ hands. Smart auto-detection of risk, continuous auto-definition of the company’s safe digital workspace, and auto-generated security reports further support low-maintenance operations. So Safetica NXT only takes a couple of hours per week to manage.

Based on the constant analysis of sensitive data flow, Safetica NXT evaluates the risk level of each operation and every protected user. Holistic risk classification is presented in a simple format of low to high-risk indicators to help managers focus only on events that require fast response.

The admin can always decide which category of high-risk events should be automatically blocked or which situations warrant notifying users about a potential risk and letting them proceed with logging the event.

This is especially beneficial for hybrid workspaces with remote workers and employees working from home. Furthermore, smart scanning dynamically recognizes when an employee is used to working, regardless of normal business hours, to ensure more accurate risk evaluation and incident detection.

Availability  

Subscriptions include cloud-native management with easy-to-set sensitive data detection and protection rules and easy-to-read reports and logs for incidents investigation, plus Safetica Client installed on endpoint devices (Windows and macOS).

Data is the most precious asset a company has, from copyrights and client lists to sensitive information about employees. Most data is now in electronic form. It is created and accessed through software, databases, and other tools, making it vulnerable to loss and theft. 

What You Will Learn:

• What is data loss prevention? How to take care of your data security
• Main Components of DLP: A small glossary
• Data loss prevention software: why and how to choose
• Questions to ask potential vendors

Let’s start with a real-life experience. When working with an advertising agency, one of my colleagues sent an internal document with all invoices, including prices related to an essential client, to the their account manager’s email address. But unfortunately, instead of choosing the Company/Account she chose the client Company – and the client ended up with a ready-made argument on how to lower their fee. The colleague soon became an ex-colleague, and the client left the agency shortly afterward. 
Even though this scenario may seem like an exaggeration, these kind of mistakes happen in every company. Furthermore, they are compounded by malicious intent, such as a disgruntled employee stealing a client’s database to sell to acompetitor, or a contractor downloading a list of every transaction made. 

What is Data loss prevention? How to take care of your data security  

Data loss prevention (DLP) is simply a process of securing your sensitive data from being lost, accessed by unauthorized persons, or misused. This process usually uses a tool, such as DLP software and platform, to classify data and determine what to protect, and actual protection of that data by implementing/enforcing security policies.

This approach is not only in the company’s business interest, but also legally required by regulations such as GDPR, HIPAA and PCI-DSS. And of course, this process needs to be embedded into company processes and data handling. Every company to some extent, needs to resolve the following issues:  

• The protection of intellectual property and trade secrets is vital for your organization’s financial results and your brand reputation. 
• Regulatory compliance to ensure the compliance with information protection security acts, to detect and prevent regulatory violation.
• Insight into your organization effectivity to optimize internal processes and resources, such as hardware or software use. 

The Main Components of DLP: A short glossary 

Let’s take a look at DLP and what you need to take into account when setting up this process. This will come in handy when discussing the uses and advantages of specific data loss prevention software. 
 
The most important asset is data. 

• Data at rest: data stored in archives and databases that is not actively accessed or processed. 
• Data at motion:  data in transit or in flight that is moved from one location to another, i.e., by copying or downloading. This transfer may happen within an organization network or outside it. Both types need to be protected and are most vulnerable to attack or threat. 
• Data in use: active data that is currently being read, processed, updated or deleted by the system. 

Data loss prevention software protects this data against some types of data incidents. These incidents may vary according to their intentionality (from mistakes to thefts) and with different levels of severity and extent. 

• Data loss: event that results in data being deleted, corrupted, or made unavailable  
• Data leakage/data leaks: unauthorised transmission of data 
• Data breach: intentional or unintentional release of sensitive information 

Even though the actual name “data loss prevention” implies that it prevents data loss, most software protects against data leakage and, in some scenarios, against data breaches. The term “data loss prevention” is used so widely, and has been for such a long time, it will probably remain the preferred way to describe a solution that makes it difficult for sensitive data to be leaked or misused outside a company. 
 
These data issues can happen at endpoints, like on devices such as computers, mobile phones, tablets, or printers and USBs, or on shared folders, NAS, or servers. Endpoint security is a critical part of data protection in times of hybrid work and BYOD. 

The most critical process is determining the value of data, since not all data was created equal.

It is important to consider the following when determining the value of data:

• Data identification and classification simply means discovering where the data is and if it needs to be protected, and to what extent. This process may be manual, using rules and metadata, or semi-automatic using content & context classification and end-user classification. In the future, AI and ML could theoretically enable fully automated classification (but should still be subject to human control). Data classification is done using content and context. 
• Content of the data: if a document contains credit card numbers or hospital patient information, it would be worth preventing it from being sent to persons outside the company or even unauthorized persons within an institution. 
• Context of the data: where and when the information was created, where was it stored, and how it was changed.
• And finally, with all these components in place, you may be able to detect data leaks and/or prevent them. Detection means having the information after the fact (such as an alert that an employee sent a sensitive file outside the company). In contrast, prevention means making sure a leak doesn’t happen (e.g., when attempting to upload a file to the internet, the upload is blocked).    

Data loss is caused by internal and external actors. 

“Next time we run a company, no employees.” Chief data security officers would agree, since around half (from 40% to 60%, according to different sources) of data breaches are internal. They come from employees, contractors, and other actors connected to the company. What are the most common scenarios? 

Mistakes: sharing sensitive data outside a company can happen in a blink: replying to all or sending to the wrong person. This unintentional or negligent data exposure constitutes the majority of data leaks. 

Intentional disclosure of the information: an internal actor, such as an employee or a contractor, moves sensitive data outside the organization for their own benefit. 

Use of incorrect software or process: uploading a client’s file on a public repository, or using a public computer or wifi areexamples of another common problem. “Shadow IT”, i.e., the use of unauthorized software and services, may be improved through employee training, but data loss prevention software can systematically solve this issue, like blocking data transfers to those services. 

Theft or loss of devices: hybrid work results in the increased portability of company devices and therefore more occasions for loss or theft. You may remember the Secret service agent’s stolen laptop that contained Hillary Clinton’s emails. Or read our article about the risks of external devices.

Data loss prevention software: why and how to choose   

DLP software identifies, detects, and protects an organization’s sensitive data, whether they are at rest, in motion or in use on its different endpoints.

The main advantages of data loss prevention software are protecting a company’s reputation and upholding its business value by detecting or preventing data leaks. In the first case, it lets you take appropriate measures and mitigate incidents; in the second, it prevents incidents from even happening. In the wrong email address example, detection could mean determining that a sensitive document was sent to an unauthorised address; prevention would be not allowing the employee to send the material at all.

Another long-term benefit of these solutions is employee education. Because they are warned or notified of unauthorized data-related operations, they learn and internalize the correct way to manage sensitive. As demonstrated, the weakest link of every security solution is human. By educating employees, contractors, and other internal actors, a company can improve its data security in the long run. Some DLP platforms incorporate this already: a user can upload a sensitive file by justifying the action, knowing that everything is logged. 

How to choose a DLP solution? First, you need to determine what legal frameworks apply to your company and what main scenarios you want to protect: audit and monitor your data, protect your data against insider threat or audit your company’s use of resources.  

Questions to ask potential vendors

• Does it cover the security scenarios of your organization?  
• Is it sufficient for the size and complexity of your organization?  

Your ideal vendor should work with you during each step to help you determine the extent of the solution you need, starting with a data management audit. Implementing data loss prevention does not stop with the choice of vendor and setting up the software. Even though it is usually the IT department who runs this initiative, all employees should be aware of the process and educated about the use of the selected software and correct data-related behavior.
 
While the end-user of DLP software is often a single technician, the information gathered offers essential information concerning company-wide issues, such as the rise in data incidents, a sudden surge of insider threat, or sub-optimal use of company resources.
 
If you want your platform not only to deliver protection and prevention when it comes to data security but also offer you valuable insights, incorporate them into your reporting stack and make it part of your data-driven management. 

Your data is your most important asset – protect it accordingly.  

Data loss prevention software helps not only protect company sensitive data against insider threat and loss but also helps to future-proof your organization when it comes to business continuity, reputation, and knowledge management. It is an important part of data-driven decision-making, helping you prevent or resolve data-related incidents and educate employees about the necessity of treating data as the most critical business asset.
 
Choosing and implementing DLP software are integral parts of a company-wide initiative for general data management and protection. Just as it is normal for a company to protect its data against external attacks by using antimalware and firewalls, antimalware, and secure web gateways, it should also be natural to use DLP software to protect the data against loss and insider threat.

Why Safetica

Learn how can Safetica meet company sensitive data protection and operation audit goals.

• Learn more in our DLP guide.
• Data Quadrant for DLP solutions.