Skip to content

Ferragens Negrão took control of their data and fulfilled their regulatory obligations thanks to Safetica

Ferragens Negrão secures all of their company’s data with Safetica and is ready for data protection regulations. Safetica also helps control company hardware and the application of control rules for machines.

Problem: Ensure regulatory compliance and facilitate collaboration
Ferragens Negrão, a Brazilian agricultural and construction equipment distributor, wanted to prepare for the new Brazilian General Data Protection Law (LGPD). Furthermore, the company needed to control their data and thus facilitate collaboration amongst employees. The company chose Safetica to accomplish these goals.

Results: Control over data and LGPD-ready
Safetica helped the company keep track of their employees, both in their home offices and at company workplaces, and facilitated compliance with LGPD.

Safetica’s management reports presented Ferragens Negrão with a comprehensive overview of their data security situation, thus giving them the tools they needed to make better business decisions. Safetica provided the company with the ability to create machine-control rules, monitor activities and restrict risky behavior.

Safetica helped the company to have a better control of our users, both on home office and internal, and facilitated the fulfilment of demands coming from LGPD. Because of the management reports, Ferragens Negrão gained overview of the data security situation that supports better decision-making. Safetica lets create machine-control rules, their overview and control.

 

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Ponemon Institute Study 2022: Data incidents caused by insiders up 34 percent from 2020

Ponemon Institute released its ​2022 Ponemon Institute Cost of Insider Threats: Global Report commissioned by the security company ProofPoint.

The company surveyed over one thousand IT and IT security professionals from companies that experienced at least one insider caused incident. The companies were based in North America, Europe, Middle East, Africa, and Asia-Pacific regions.

The report concludes that over the last two years, the frequency and costs of insider data threats have increased across all three insider threat categories

  • careless or negligent employees/contractors
  • criminal or malicious insiders
  • cybercriminal credential theft.

The reason for this increase is the remote and hybrid work environment that led up to The Great Resignation, according to ProofPoint.

Main findings of the report

  • The number of incidents: up by 44 percent in just two years.
  • The frequency of incidents per company: 67% of companies experienced between 21 and 40 incidents per year (up from 60 percent in 2020).

 

Composition of the threat: A negligent insider is the root cause of most incidents.

  • 56% of reported insider threat incidents were the result of a careless employee or contractor (average cost $484,931 per incident).
  • Malicious or criminal insiders were behind 1 in 4 incidents (26%) (average cost per incident of $648,062).
  • Incidents including credential theft, stealing users’ credentials and accessing critical data represent 18% (almost double from the last study). At an average of $804,997 per incident, credential theft is the costliest to remediate.

Cost of the insider threats

  • Organizations impacted by insider threats spent an average of $15.4 million annually (up 34 percent).
  • It takes an average of 85 days to contain an insider incident (up from 77 days). The longer the incident takes to contain, the higher the price (more than 3 months – $17.19 million, less than 30 days – average of $11.23 million). The bigger the company, the higher the price (headcount of more than 75,000 – $22.68 million; headcount below 500 – $8.13 million).
  • The cost of insider threat is greatest in the North America and Europe ($17.53 million and $15.44 million).
  • Financial services and professional services have the highest average activity costs ($21.25 million and $18.65 million, respectively).

In a nutshell, insider threats continue to rise in frequency and remediation cost alike. The risk of malicious insider threats also continues to increase and the verticals that are affected the most are financial and professional services.

Source: ProofPoint.com

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Data protection: All you need to know about data and why to protect it

Do you know where all your company’s data is and how it flows through your operations and processes? Company data flows on both official and unofficial channels, such as email, cloud, printers, instant messaging, etc. If employees don’t treat data with the proper care, it can very easily be lost. Read more about data protection – why it is important and how to do it best.

How companies produce data

Business data is any information that is relevant for running a company. There are two types of data – input data and output data. Input data is provided by the users, and computers provide output data.

Companies gather data from various sources and channels, and they do so via different software or AI. More sophisticated tools are used for Big Data processing.

Examples of data that companies usually have:

  • Financial information
  • Company strategic information (long-term vision, business objectives, staff development, equality and diversity, etc.)
  • Business and sales forecasts
  • Customer information
  • Personal data
  • Website traffic statistics
  • Campaign details (social media, emailing, etc.)
  • Sales results
  • Warehouse and inventory data
  • HR data (employee information, salaries, interactions between teams, etc.)
  • Customer and partner information from CRM systems
  • Source code
  • Blueprint and designs

What is data flow

Data flow is the movement of your company’s data throughout your systems. Data can flow via both software and hardware and can be changed during the process of moving.

Different employees and teams have access to the data at specific points in the data flow. They can change data, provide data to other departments or vendors, or even delete data.

Data can leak at any moment, and every stage of the data flow can be risky in terms of data protection.

Where companies store their data

In the past, company data was stored on paper – in files and folders in offices and archives. During the process of digitization, all data was moved to digital formats. Data can be found and moved via the following channels (both official and unofficial):

  • File sharing websites and social media (WeTransfer, Twitter, Facebook, Send Anywhere)
  • Email (Webmail, POP3 / IMAP, SMTP)
  • Internet (HTTP, HTTPS, FTP, FTPS, P2P)
  • Cloud (OneDrive, Dropbox, Google Drive, Box, SharePoint)
  • Microsoft 365 (Exchange Online, SharePoint Online)
  • Instant messaging (Teams, Skype, Slack)
  • Removable storage (USB, Memory cards, External drives, Optical discs)
  • Media (CD, DVD, Blu-ray, Printers)
  • Connections (Bluetooth, FireWire)
  • Operations (Copy and Paste, Drag and Drop, Screen capture)


Why you should protect data

Insiders don’t treat data with care

Insider threats are on the rise due to trends in digital workspaces, flexible and remote work, and agile and BYOD approaches. The overall number of incidents has increased by 44 percent in the last two years. Most of these threats are unintentional – 56% were caused by negligent insiders, whereas 26% were malicious.

Read more about insider threats here.


Data ends up in a competitor’s hands

Data has great value for companies and can easily generate another revenue stream. There are even companies whose business is based on data generation. So, employees might be motivated to steal a company’s data and sell it to competitors or other companies.


Reputation risks for a company

When a data breach occurs, a company’s reputation is at risk. Negative media coverage can lower the number of customers, and hence lower profit.

According to the US National Cyber Security Alliance, about 60 percent of small businesses close within six months of a major data leak and 85% of companies experience a data breach.

Data breaches caused by insiders are very costly

The costs of breaches can be enormous. The overall costs of an insider threat incident have increased from $11.45 million in 2020 to $15.4 million in 2021. The longer it takes to detect an internal threat, the higher the costs. On average, it takes nearly three months (85 days) to contain an insider threat incident. Incidents that took more than 90 days to discover cost companies $17.19 million, the average cost of incidents that were discovered in less than 30 days was $11.23 million.


Regulatory compliance and GDPR

In the event of a data breach legal authorities may impose fines. The strictest regulation is GDPR. Companies that violate GDPR can expect the following fines:

  • The lower level is up to 10 million euros, or 2% of the worldwide annual revenue from the previous year, depending on which is higher.
  • The upper level is up to 20 million euros, or 4% of the worldwide total revenue from the previous fiscal year, depending on which is higher.

Read more about GDPR in this article.


How companies lose their data

As stated above, the majority of insider threats are unintentional and occur for various reasons, such as hybrid modes of working, or BYOD approaches. Insider threats can also happen because employees are tired, work under stress, or are not aware of the security processes and importance of data security.

Let’s have a look at a few real-life situations that will show you how insider threats are a part of daily business operations.

James is rushing to kindergarten

James needs to pick up his child and doesn’t have enough time to update the customer database for the next day’s emailing. He might be able to do it from home, but according to the company’s policies, it is not possible to log in without a VPN. And he has just bought a new laptop but hasn’t set up the VPN yet.

Meanwhile his child is crying, and the teacher is calling James to see if he’s on his way. He is in a rush, so he copies the Excel sheet and uploads it to his personal Google Drive and decides to do his work at home in the evening. But his Google Drive is full of photos from his vacation and there’s not enough free space to upload the Excel sheet. So James uploads it to WeTransfer. With no encryption and no password.

Laura was interrupted by a colleague while sending out an email

Laura is working on an important email with financial documents for her company’s CFO, when suddenly her phone rings. It’s her colleague with an important issue that needs to be resolved right away. Laura is on the phone with her colleague when selecting a recipient’s email address. She is under pressure and therefore instead of the CFO’s name, she chooses the client’s email address from the suggestion.

Charlie doesn’t enjoy his job anymore

Charlie has issues with his manager and decides to find a new job. He is talented and has already received an offer from a competitor. Charlie knows that his company’s client database will be helpful in his new job and decides to take it with him. He thinks it’s risky to send it via email, so he uploads a few screenshots and database exports to his USB drive.


As you can see from the examples, insider threats mostly don’t have malicious intentions, however, the consequences might be as harmful to a company as a malicious act would be.

Whose hands your data might end up in

  • Hackers/ransomware groups might blackmail you, threatening the data will be published unless you pay some money to them.
  • Competition would be one step ahead of you in case they get access to your customers’ data, business plans, or know-how.
  • Contractors would be negotiating lower prices because they would be aware of your conditions, calculations, and margin.

How to protect your company’s data

No matter how many channels your company uses, there are a few universal ways of protecting your data.

  • Perform a data audit and find all your sensitive data. It is good to know what type of data your company operates with, where the data is stored and who has access to work with it or can change it.
  • Implement policies that specify how sensitive data can be handled and who can access it and for which purposes. Make sure your policies are easy to understand.
  • Educate your employees and explain to them the importance of data security. They should be aware of what type of data your company operates with and what are the consequences of misusing it.
  • Encrypt your data and make sure that even if you lose your flash drive or phone your data will remain safe.

A few more data security tips:

  • File sharing websites, social media and instant messaging – Block upload of the data, or notify employees about risky operation
  • Email – Restrict sending data to unknown external email addresses, notify employees about potential breach
  • Internet, cloud, O365 – Restrict uploading data to unofficial channels outside the company or notify employees
  • Printers – Check what type of documents your employees print based on contextual information and discover potential data breaches; restrict printing specific sensitive documents

How Safetica protects your data

Monitors your data flow

Safetica offers features to track and protect various data flow channels your company uses. Safetica checks your company’s outgoing communication channels and gives you an overview of how data travels in your company. Once you know your data flows you can set security measures. Notify your users about risky behavior or block dangerous file sharing actions.


Helps you to be compliant with regulations

Safetica helps you to monitor the data flow within your IT environment as well as when it leaves the perimeter of your company. You can set specific rules that help you to comply with GDPR or other data protection regulation. You will be able to see how employees work with personal and other sensitive data, and it allows you to eliminate the risk of misuse or accidental policy violation. The system notifies you in real-time in the event of a security threat.


Encrypts your data

Safetica gives you the option to manage encryption of USB devices and disks using BitLocker. The solution takes care of security key management and recovery.


Protect your data against insider threats

Safetica checks the users’ behavior and notifies you when finds anomalies. In case a user starts to send bigger amounts of data at night or works with different types of data out of a sudden, there is a potential incident, and the system notifies you, and you can take appropriate action.

Safetica notifies employees about risky operations, hence educating them about data security. It is important to trust your employees, however, let’s not forget we are all people, and people make mistakes. Safetica mitigates these risks, and you can go to sleep in peace knowing that data, people, and your company are protected.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Safetica NXT, next-gen SaaS DLP, brings extremely fast time-to-protection of data

Safetica, the data security company with more than ten years of experience in developing the easiest to implement enterprise Data Loss Prevention*, enhances its next-gen SaaS DLP with easy management and the fastest implementation. Now any company with a hybrid workplace can deploy Safetica NXT with a single click and begin to protect their data in a matter of hours.

Implementation of legacy DLP (Data Loss Prevention) solutions used to be highly costly and inefficient projects with unclear outcomes. Safetica directly addresses this by continuously improving its SaaS product to turn this situation around for good.

Safetica NXT the next-gen SaaS (Software as a Service) DLPnow provides truly easy-to-use data protection enhanced with automation and built-in templates. It’s continuing Safetica’s tradition of best practices in data security for SMB and small enterprises.

Developed to run and reside natively in the secured cloud, deploying Safetica NXT is possible in minutes. No in-house hardware infrastructure is needed.

Once Safetica Clients have been remotely installed on Windows or macOS devices, it takes as little as one day to complete setup and configuration (with the help of our new product guide). Then you can immediately audit data flow, classify sensitive data and begin protecting it.


According to our most recent experience with Safetica NXT deployment, it takes, on average, just ten days to collect all necessary information from a customer’s environment, evaluate it and produce the first report, including a sensitive data-flow audit and incident overview,  

says David Klíma, Product Manager, Safetica.  

When you have an overview of your data security posture, you can efficiently detect insider threats and risks, prevent data leaks, and audit incidents right away, adds David Klíma.

Effective data protection requires fast implementation, the least amount of time to administer, and the ability to respond to detected incidents rapidly. Safetica’s years of DLP experience and focus on easy implementation and use have been acknowledged by SoftwareReviews. In 2021/2022, Safetica was recognized as an industry Champion and Gold medalist in the DPL marketplace.

 

 

Safetica has been developing a risk-driven SaaS solution with a focus on simplicity and automation. Straightforward settings and a pre-configured environment help to free up admins’ hands. Smart auto-detection of risk, continuous auto-definition of the company’s safe digital workspace, and auto-generated security reports further support low-maintenance operations. So Safetica NXT only takes a couple of hours per week to manage.

Based on the constant analysis of sensitive data flow, Safetica NXT evaluates the risk level of each operation and every protected user. Holistic risk classification is presented in a simple format of low to high-risk indicators to help managers focus only on events that require fast response.



The admin can always decide which category of high-risk events should be automatically blocked or which situations warrant notifying users about a potential risk and letting them proceed with logging the event.

This is especially beneficial for hybrid workspaces with remote workers and employees working from home. Furthermore, smart scanning dynamically recognizes when an employee is used to working, regardless of normal business hours, to ensure more accurate risk evaluation and incident detection.


Implementation projects and administration of traditional DLP solutions have a terrible reputation. That’s why we decided to transform ours into a service that keeps sensitive data from falling into the wrong hands by detecting security risks and preventing incidents from day one, says Zbynek Sopuch, CTO of Safetica.


Availability  

Monthly and annual per-user subscriptions to Safetica NXT are available immediately through Safetica channel partners. The free web trial is open to any interested party via www.safetica.com.

Subscriptions include cloud-native management with easy-to-set sensitive data detection and protection rules and easy-to-read reports and logs for incidents investigation, plus Safetica Client installed on endpoint devices (Windows and macOS).

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Linkedin group for partners? Let us know what you think!

In order to provide our partners consistent support and guidance and to give them a platform for discussing and sharing, we have decided to set up a dedicated Linkedin group. This group is for our partners, distributors and resellers, so they can exchange their best practices, discuss their issues and be inspired by others.

If you are one of our partners, we would like to hear your feedback on this group. Please be so kind and take a minute to fill out our 2 question survey. Thank you!

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Thanks to Safetica, Suntex reduced their number of data security incidents to zero.

Suntex Pte, Ltd. is an apparel manufacturing company from Cambodia with over 30 years of experience. After the company replaced their previous data loss prevention solution with Safetica, the number of data security incidents was reduced to zero.

Suntex Pte serves global sports apparel brands, so their data on product design, manufacturing processes, and customers is extremely valuable.

The company wasn’t happy with their previous data loss prevention solution provider. With help from their system integrator, Suntex chose Safetica, because it met their primary data needs: data security audit, endpoint data protection, and performance monitoring.

The implementation process took three months, and Safetica has proven to be a very reliable product.

Since we’ve implemented Safetica, the number of data security incidents has been reduced to zero.

Keo Sopheak, IT officer”

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

What is GDPR? The scope, purpose, fines and how to comply

GDPR stands for General Data Protection Regulation. GDPR is a European Union protection regulation that came into force on May 25, 2018. It applies to all organizations that process the personal data of EU residents. This means that companies in the EU and abroad are affected. GDPR is the strictest and most complex personal data protection regulation in the world.

Types of data
There are two types of data – personal and non-personal.

  • Personal data
    Personal data is any information that can directly or indirectly lead to an identified or identifiable natural person. General Data Protection Regulation uses the term ‘information’ rather than ‘data’ since the data tends to have an informational value. Any type of personal information can be linked to a specific living person.
  • Non-personal data
    Non-personal data is never linked to an identified or identifiable natural person. This category includes data that was previously classified as personal, although the linkage to a natural person has been removed.

What is personal data processing
Various types of actions with personal data are considered to be personal data processing: Collecting, recording, organization, structuring, storage, adapting or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure or destruction.

GDPR rules apply to companies that process personal data wholly or partly, using automated or manual processing, or if the data is a part of a structured filing system.

Examples of personal data
General Data Protection Regulation applies to the processing of personal data. Companies need to protect the following personal data:

  • Employee personal data (name, address, date of birth, etc.)
  • Information about customers/patients/residents (marketing databases, medical records, contact lists)
  • Non-public personal data of business partners and providers
  • Personal data that is transferred to and processed by third parties (accounting books, credit registers, direct marketing)
  • Images and sound recordings
  • Encrypted data (IP addresses, MAC addresses, cookies if they can be linked to a natural person)
  • Photos of individuals
  • Video recordings

The purpose of GDPR

The purpose of the General Data Protection Regulation is to protect the privacy of citizens. Therefore, companies are obliged to protect the personal data of these citizens and cannot process it or sell it to any third parties without their consent.

In the past, companies would have sold data to one another without the consent of the data subjects. GDPR aims to create a uniform standardized norm for personal data protection within the EU.

Another purpose of GDPR is to modernize the former rules so that they align with the modern digital society.

Rights of the individual
GDPR is intended to help EU citizens understand how their data is being used and how to file complaints. The goal is to give individuals control over their personal data. Citizens have the following rights:

  • right to be informed
  • right to access
  • right to rectification
  • right to erasure/to be forgotten
  • right to restrict processing
  • right to data portability
  • right to object and rights in relation to automated
  • decision-making and profiling

The Scope of GDPR
General Data Protection Regulation impacts all organizations that process the personal data of EU citizens, including every company that offers goods and services or employs people in the EU even if an entity is based outside the EU.

GDPR applies to companies, associations, organizations, authorities and in some cases private individuals.

GDPR covers the whole European Union, and it applies to all the member states and covers the European Economic Area countries, such as Iceland, Lichtenstein, Norway, and the United Kingdom.

The Seven Principles of GDPR
GDPR stands on seven principles for the processing of personal data.

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

GDPR violations – fines
In the event of a GDPR violation, there are two types of fines that companies may be obliged to pay.

  • The lower level is up to 10 million euros, or 2% of the worldwide annual revenue from the previous year, depending on which is higher. Violations connected with record-keeping, data security, etc.
  • The upper level is up to 20 million euros, or 4% of the worldwide total revenue from the previous fiscal year, depending on which is higher. These fines are usually issued for violations relating to data protection principles, the legal basis for processing, the prohibition of processing sensitive data, denial of data subjects’ rights, or data transfer to non-EU countries.
    The GDPR fines apply to all types of businesses, from large to small.

The fines are set for each individual case and must be effective, proportionate and dissuasive. There is a catalog of criteria that is used for setting an appropriately high fine. The following criteria are considered:

  • whether the violation was intentional
  • the number of people affected
  • what type of measures the company took to mitigate the damage
  • the level of collaboration with authorities etc.

 

Differences in GDPR within the EU
Germany’s BDSG
When GDPR came into force, so did the new Germany Privacy Act (BDSG-new). It complements, specifies, and modifies the GDPR and focuses on specific topics. The BDSG-new applies to private companies that are based in Germany and which process personal data in Germany, but also to companies that offer goods and services in Germany or monitor the behavior of data subjects in Germany.

Five Privacy laws in the world similar to GDPR


Brazil
Brazil launched the LGPD in September 2020, right after GDPR. They are very similar in terms of scope and applicability. Companies that want to conduct business in Brazil’s economy have to comply with LGPD.

South Africa
South Africa’s Protection of Personal Information Act (POPIA) is applicable as of July 2020. There are a few differences between GDPR and POPIA regarding how strict the laws are. GDPR has higher fines, but POPIA includes criminal charges.

Turkey
Turkey’s Law on Personal Data Protection (LPDP) has been amended several times since 2016 and it is approaching GDPR, especially when it comes to personal data processing.

USA
Every state has their own privacy laws. In the State of New York there is 23 NYCRR 500, which applies to financial institutions operating in New York. In California, there is the California Consumer Privacy Act (CCPA), which closely resembles GDPR.

The CCPA is intended to further consumers’ constitutional right to privacy by giving them an effective way to control their personal information. The bill was passed by the California State Legislature and came into force on January 2020.

Thailand
In February 2019 the Thailand Personal Data Protection Act (PDPA) was approved, but the date of effect was delayed. The law will be effective as of June 1, 2022. The PDPA is like the GDPR, in that it includes a broad definition of personal data, the requirement to establish a legal basis for collection and use of personal data, and high penalties for violation. The fines are lower, although there is a possibility of imprisonment.

Top 3 biggest GDPR fines

#1 Amazon – fine of €746 million
A fine of €746 million was issued by the Luxembourg National Commission for Data Protection (CNDP) to Amazon.com Inc. An investigation was opened due to a complaint filed by 10,000 people against Amazon in May 2018. CNPD found that Amazon had violated GDPR when its advertising targeting system failed to obtain proper consent from users.

#2 WhatsApp – fine of €225 million
Ireland’s Data Privacy Commission (DPC) issued a GDPR fine to WhatsApp Ireland on September 2, 2021. The principle of transparency was violated by WhatsApp Ireland Ltd, and the company didn’t provide proper information to users. In 2021, WhatsApp updated its User Privacy Notice to increase transparency about the processing of users’ personal data.

#3 Google LLC – fine of €90 million
CNIL (The Commission nationale de l’informatique et des libertés) issued a fine of €90 million to Google LLC. YouTube users in France were not allowed to refuse cookies as easily as accepting them. When users are discouraged from refusing cookies, the company benefits, and that is considered a GDPR violation.

 

5 steps to secure data for GDPR compliance
1 Perform a data audit

You should know what type of personal data your company generates and where the information is stored.

2 Implement document handling guidelines

Create a set of rules that specify how personal data can be handled.

3 Educate your employees

Every employee should be aware of how to handle personal data.

4 Encrypt your data

GDPR recommends that all media and external devices should be encrypted.

5 Protect your data against leakages and insider threats

Data loss prevention is a comprehensive strategy that should be implemented not only due to GDPR but because data is one of the most valuable assets that companies have. Secure your data and communication methods, such as e-mail, cloud storage, instant messengers, print, USB drives, mobile devices, etc.

 

How to align with GDPR with Safetica

Safetica helps you to monitor the data flow within your IT environment as well as when it leaves the perimeter of your company. You can set specific rules that help you to comply with GDPR. You will be able to see how employees work with personal and other sensitive data, and it allows you to eliminate the risk of misuse or accidental policy violation. The system notifies you in real-time in the event of a security threat.

Privacy and personal data protection should be an absolute right of everyone in the modern world. That’s why we at Safetica place these protections at the heart of each of our products,”

says Safetica CISO Radim Trávníček.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Safetica NXT – SaaS DLP introduction

Safetica NXT, the next-gen SaaS DLP, is a cloud-native solution with super-easy management and flexible subscription. Its risk-driven incident detection is powered by data analytics.

With Safetica NXT, you get:

  • Data discovery (Full audit of sensitive data flow)
  • Data protection (setting up of data protection rules)
  • Incident detection and response (risk assessment)
  • Regulatory compliance (GDPR, HIPPA, PCI-DSS)
  • Fast alerts and intuitive reports

Information at your fingertips:
Overview of the Safetica NXT environment
When opening Safetica NXT, you will land on the Dashboard. It will give you an overview of the most pressing issues that transpired in the environment and show you what might need your attention.

The Data security section lets you scan files for sensitive data, create your own rules for risk detection, create your own protection rules, and investigate detected events for data leaks.

The Workspace section displays the results of our smart detection in your company’s digital workspace, so you can immediately see which web upload domains, outgoing email domains, and external devices (USBs) can be considered as safe or which ones needs to be reviewed. In this section you can also move safe domains and devices into a safe zone.

The Employees section lets you see the number of protected users, their risky events and endpoint use. You can install Safetica to a new endpoint by visiting the endpoint tab.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

Data Loss Prevention, Guide for 2022

Data is the most precious asset a company has, from copyrights and client lists to sensitive information about employees. Most data is now in electronic form. It is created and accessed through software, databases, and other tools, making it vulnerable to loss and theft. 

What You Will Learn:

Let’s start with a real-life experience. When working with an advertising agency, one of my colleagues sent an internal document with all invoices, including prices related to an essential client, to the their account manager’s email address. But unfortunately, instead of choosing the Company/Account she chose the client Company – and the client ended up with a ready-made argument on how to lower their fee. The colleague soon became an ex-colleague, and the client left the agency shortly afterward. 
Even though this scenario may seem like an exaggeration, these kind of mistakes happen in every company. Furthermore, they are compounded by malicious intent, such as a disgruntled employee stealing a client’s database to sell to acompetitor, or a contractor downloading a list of every transaction made. 

What is Data loss prevention? How to take care of your data security  

Data loss prevention (DLP) is simply a process of securing your sensitive data from being lost, accessed by unauthorized persons, or misused. This process usually uses a tool, such as DLP software and platform, to classify data and determine what to protect, and actual protection of that data by implementing/enforcing security policies.

This approach is not only in the company’s business interest, but also legally required by regulations such as GDPR, HIPAA and PCI-DSS. And of course, this process needs to be embedded into company processes and data handling. Every company to some extent, needs to resolve the following issues:  

  • The protection of intellectual property and trade secrets is vital for your organization’s financial results and your brand reputation. 
  • Regulatory compliance to ensure the compliance with information protection security acts, to detect and prevent regulatory violation.
  • Insight into your organization effectivity to optimize internal processes and resources, such as hardware or software use. 

The Main Components of DLP: A short glossary 

Let’s take a look at DLP and what you need to take into account when setting up this process. This will come in handy when discussing the uses and advantages of specific data loss prevention software. 
 
The most important asset is data. 

  • Data at rest: data stored in archives and databases that is not actively accessed or processed. 
  • Data at motion:  data in transit or in flight that is moved from one location to another, i.e., by copying or downloading. This transfer may happen within an organization network or outside it. Both types need to be protected and are most vulnerable to attack or threat. 
  • Data in use: active data that is currently being read, processed, updated or deleted by the system. 

Data loss prevention software protects this data against some types of data incidents. These incidents may vary according to their intentionality (from mistakes to thefts) and with different levels of severity and extent. 

  • Data loss: event that results in data being deleted, corrupted, or made unavailable  
  • Data leakage/data leaks: unauthorised transmission of data 
  • Data breach: intentional or unintentional release of sensitive information 

Even though the actual name “data loss prevention” implies that it prevents data loss, most software protects against data leakage and, in some scenarios, against data breaches. The term “data loss prevention” is used so widely, and has been for such a long time, it will probably remain the preferred way to describe a solution that makes it difficult for sensitive data to be leaked or misused outside a company. 
 
These data issues can happen at endpoints, like on devices such as computers, mobile phones, tablets, or printers and USBs, or on shared folders, NAS, or servers. Endpoint security is a critical part of data protection in times of hybrid work and BYOD. 

The most critical process is determining the value of data, since not all data was created equal.

It is important to consider the following when determining the value of data:

  • Data identification and classification simply means discovering where the data is and if it needs to be protected, and to what extent. This process may be manual, using rules and metadata, or semi-automatic using content & context classification and end-user classification. In the future, AI and ML could theoretically enable fully automated classification (but should still be subject to human control). Data classification is done using content and context. 
  • Content of the data: if a document contains credit card numbers or hospital patient information, it would be worth preventing it from being sent to persons outside the company or even unauthorized persons within an institution. 
  • Context of the data: where and when the information was created, where was it stored, and how it was changed.
  • And finally, with all these components in place, you may be able to detect data leaks and/or prevent them. Detection means having the information after the fact (such as an alert that an employee sent a sensitive file outside the company). In contrast, prevention means making sure a leak doesn’t happen (e.g., when attempting to upload a file to the internet, the upload is blocked).    

Data loss is caused by internal and external actors. 

“Next time we run a company, no employees.” Chief data security officers would agree, since around half (from 40% to 60%, according to different sources) of data breaches are internal. They come from employees, contractors, and other actors connected to the company. What are the most common scenarios? 

Mistakes: sharing sensitive data outside a company can happen in a blink: replying to all or sending to the wrong person. This unintentional or negligent data exposure constitutes the majority of data leaks. 

Intentional disclosure of the information: an internal actor, such as an employee or a contractor, moves sensitive data outside the organization for their own benefit. 

Use of incorrect software or process: uploading a client’s file on a public repository, or using a public computer or wifi areexamples of another common problem. “Shadow IT”, i.e., the use of unauthorized software and services, may be improved through employee training, but data loss prevention software can systematically solve this issue, like blocking data transfers to those services. 

Theft or loss of devices: hybrid work results in the increased portability of company devices and therefore more occasions for loss or theft. You may remember the Secret service agent’s stolen laptop that contained Hillary Clinton’s emails. Or read our article about the risks of external devices.

Data loss prevention software: why and how to choose   

DLP software identifies, detects, and protects an organization’s sensitive data, whether they are at rest, in motion or in use on its different endpoints.

The main advantages of data loss prevention software are protecting a company’s reputation and upholding its business value by detecting or preventing data leaks. In the first case, it lets you take appropriate measures and mitigate incidents; in the second, it prevents incidents from even happening. In the wrong email address example, detection could mean determining that a sensitive document was sent to an unauthorised address; prevention would be not allowing the employee to send the material at all.

Another long-term benefit of these solutions is employee education. Because they are warned or notified of unauthorized data-related operations, they learn and internalize the correct way to manage sensitive. As demonstrated, the weakest link of every security solution is human. By educating employees, contractors, and other internal actors, a company can improve its data security in the long run. Some DLP platforms incorporate this already: a user can upload a sensitive file by justifying the action, knowing that everything is logged. 

How to choose a DLP solution? First, you need to determine what legal frameworks apply to your company and what main scenarios you want to protect: audit and monitor your data, protect your data against insider threat or audit your company’s use of resources.  

Questions to ask potential vendors

  • Does it cover the security scenarios of your organization?  
  • Is it sufficient for the size and complexity of your organization?  

Your ideal vendor should work with you during each step to help you determine the extent of the solution you need, starting with a data management audit. Implementing data loss prevention does not stop with the choice of vendor and setting up the software. Even though it is usually the IT department who runs this initiative, all employees should be aware of the process and educated about the use of the selected software and correct data-related behavior.
 
While the end-user of DLP software is often a single technician, the information gathered offers essential information concerning company-wide issues, such as the rise in data incidents, a sudden surge of insider threat, or sub-optimal use of company resources.
 
If you want your platform not only to deliver protection and prevention when it comes to data security but also offer you valuable insights, incorporate them into your reporting stack and make it part of your data-driven management. 

Your data is your most important asset – protect it accordingly.  

Data loss prevention software helps not only protect company sensitive data against insider threat and loss but also helps to future-proof your organization when it comes to business continuity, reputation, and knowledge management. It is an important part of data-driven decision-making, helping you prevent or resolve data-related incidents and educate employees about the necessity of treating data as the most critical business asset.
 
Choosing and implementing DLP software are integral parts of a company-wide initiative for general data management and protection. Just as it is normal for a company to protect its data against external attacks by using antimalware and firewalls, antimalware, and secure web gateways, it should also be natural to use DLP software to protect the data against loss and insider threat.

Why Safetica

Learn how can Safetica meet company sensitive data protection and operation audit goals.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.

SoftwareReviews: Safetica is a DLP Emotional Footprint Award Champion

DLP software users evaluated how they feel about their products across 26 dimensions, from vendor-client relationship to product effectiveness. Safetica and McAfee DLP both placed in the Champion Quadrant.

In February, SoftwareReviews published their Emotional Footprint Awards 2022. Safetica and McAfee were the only companies to reach the Championship Quadrant for Best Data Loss Prevention Software.

Safetica: DLP Diamond Champion

With 53 reviews, Safetica earned a +95% emotional footprint. The only other DLP provider to place in the DLP Diamond was McAfee DLP.  McAfee received 20 reviews and had a final score of +98%.

This is what Safetica customers think of us. And we are very proud of it.

  • Service Experience 
    Safetica was highly rated as respectful, caring, time saving.

  • Conflict Resolution
    Customers appreciated client-friendly policies, altruism, and trustworthiness of Safetica.

  • Negotiations and Contracts
    Users believe Safetica is generous, transparent, friendly in negotiations, and that they over deliver and put client’s interests first.

  • Strategy and Innovation
    According to users, Safetica helps innovate, is continually improving, includes product enhancements, is inspiring.

  • Product Impact
    Users consider Safetica performance enhancing and protecting security.

    (Safetica placed in the top two in each of the areas above.)


We at Safetica believe that data protection should make running your business easier, not harder. We are very pleased that our customers agree that we make their bussines more secure – and that our cooperation is a pleasant and nice experience.

Richard Brulík

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Safetica
Safetica is to provide small and mid-sized companies with the same quality data protection that corporations have – affordably, and without any additional IT administration or disruptions in operation.