Nations, Livraria Cultura, and Information Security by check
All over the world, awareness of information security has been taken with extreme importance, including in Brazil we have several associated companies that are responsible for excellent work in this sector, but the banal failures that occurred in the last days, expose data never thought before, and large companies by the way.
United, through the domain "voucherunidas.com.br", they displayed booking information, emails exchanged from customers, among other sensitive information, without even a password or even any protection, with free access to any desired information. Even taking it offline, it is still accessible through Google's cache and / or sites that archive sites on the web. (Have you heard of archive.org? Welcome!).
Livraria Cultura was also another company involved in scandals for disclosing confidential customer data.
This shows that even in Brazil, we have alarming cases of lack of information security by large companies, as well as small companies and software houses spread over São Paulo, Curitiba, or Rio de Janeiro, cities that are advancing in the development of critical systems for big companies every day.
Rushing is the enemy of perfection, together with the economic crisis, hiring professionals with lower salaries, without qualification, certification, and / or without due experience in the profession, can be risks that can affect the company's image.
If Unidas S.A. had shares on the stock exchange, the market would certainly have matched the time for this failure, and investors will surely be more concerned day after day with security breaches of this type.
Publishing a system on the internet, involves risks, the system is usually developed with a view to a type of public, which is the population that will use the system, but when the system is published on the internet, it is exposed to any user who can do what well understand, these are risks that must be dealt with and mitigated in some way, the elementary one, obviously, is password control.
Not having a password control, in something so important, even if it is not important for the company, is important for those who are not part of that organization, being able to use this information for other purposes.
We are in the world where money is no longer the great villain, yes, money is no longer elementary, but information is everything, we live on information all the time, all the time, wrong information in the wrong hands, can cost the life of a company , if not years of work, and immediate fall in their shares.
No comments