Brand Abuse, Digital Fraud, Data Leakage, Sales Abuse, Threat Intelligence

Digital Compliance: Risk Management Beyond the GDPR

By Andre Luiz R. Silva on
SHARE

Of course, you’re interested in digital compliance. Before we talk about that, take a look at the following list of risks:

  • Phishing and malware
  • Data leakage
  • Fake social media profiles
  • Similar domains
  • Unauthorized sales
  • Fraudulent apps
  • Other brand misuse

 

Quite probably, the first two items are the ones you’re most concerned about or hear discussed the most. But when we’re dealing with compliance in the digital environment, the concern goes well beyond what’s covered by the General Data Protection Regulation (GDPR). Comprehensive brand protection has proven indispensable in mitigating many other risks, which can, by the way, occur as a chain reaction.

 

Why shouldn’t digital compliance be limited to the GDPR?


One of the most important pillars of a compliance program is auditing and monitoring. This means keeping your eyes open at all times (or thinking of a way to optimize the vigilance) so that the entire program, including your risk management, functions properly. And this concern should extend to the digital environment as well, though it may seem like a monstrous behemoth.

A survey done in 2017 by Deloitte in Brazil, a giant in the corporate auditing and consulting sector, showed that one of the five pillars of enterprise risk is cybernetics. If you are part of the business environment, any discussion of digital risks quickly takes you to the GDPR, which has been in force since June, 2018, penalizing companies that do not comply with the rules established for protecting their clients’ data (such as passwords or credit card data).

The ethics of treating clients’ data responsibly and avoiding any kind of leakage are pretty obvious. But the emergence of a law that severely punishes companies that are careless with those issues shows that the government itself is well aware of the intrinsic relationship between two growing (and very important) fields: (1) compliance and corporate responsibility; and (2) the dangers that an individual may be exposed to in a virtual environment.

Deloitte also indicated, in their most recent panorama of cybernetic risks, from March 2019, that only 31% of companies monitor social media; that is, show concern for other kinds of trademark infringement.

 

What is the extent of digital risk, anyway?


Let’s admit it: the size of the Internet is immeasurable. But it’s possible to monitor it, and that’s what we like to do here at Axur. In our constant hunt for online crime, we see that many of them are interconnected. Some examples are:

 

Fake profiles that disseminate phishing attacks, fake job openings, unauthorized sales or scams.

blackfriday-fake-account

Every fake profile (on Instagram, Facebook or any other social network) has its own purpose. In general, they try to:

  • Hunt for data (logins, passwords and credit card numbers) via phishing
  • Announce fake job openings—at the same time demanding financial compensation
  • Conduct unauthorized sales and/or piracy
  • Practice scams

 

Domains that may host phishing or scams

similar-domain-names

A domain such as “yourbr4nd.com” with no content hosted may appear harmless, but it’s always important to record all occurrences of this type to be sure that no phishing or scams emerge on that page. Also, remember to confirm that there is nothing on the mobile version. On Google Chrome, just hit the keys Ctrl + Shift + i.

 

Tips for a good digital compliance program


There are three valuable spheres in a company that can be attacked in the immense virtual environment: brand reputation, consumer confidence and revenue. These are factors that can lead to success or failure, and investing in a good digital presence shows the consumer that you are willing to deliver the best product or service.

Prevention is always the first step, and it’s always important. But it often becomes even more crucial to be on the lookout for any kind of infringement appearing on the web — that is, digital monitoring. After all, no company is immune to attack.

Reaction time is another important benefit of digital monitoring. The sooner you find out about a leak or fake profile the better, so you can respond proactively, right?

 

Recognizing digital risks

The explosion of smartphones and Internet access demonstrates the need to pay attention to the increase in the amount of data circulating out there—often without your knowledge. Just note the existence of the deep and dark web, for example. Therefore, map all of the potential risks that your company may be facing.

A good way to start mapping is to note previous cases of digital fraud and crimes that have already affected companies similar to yours or in the same sector. Such cases provide you with insight and strategy in your monitoring plan.

 

Adopting Integrated Risk Management (IRM)

IRM is the adoption of a set of practices in a single (and integrated) risk vision. For Gartner, an international consulting firm, the sixth and last attribute of that kind of management is technology, the tool through which the entire process of unified management can be engineered. In other words: use good software and security platforms to be able to expand results!

This practice also includes dialog and strict partnership with the company’s Information Security sector. After all, that is the team that will deal with the “heavier” digital fraud and crime, such as phishing and malware.

 

Code of conduct: Communicate about security

The code of conduct you develop in your compliance program must include warnings to your employees (and, of course, your customers) regarding cybersecurity. One of the four essential building blocks of this element of risk management is, after all, Relationships.

 

How can technology help in digital compliance?


PwC, another of the world’s largest auditing firms, showed in a 2019 study that it is important (and also a trend) for companies to use technology applications that assist in monitoring legal and regulatory requirements as well as warning notifications.

In the report, there are three kinds of businesses with a well-defined commitment to this concern: among startups, only 28%; active companies, 40%; and dynamic companies, 70%. It’s apparently no coincidence that a synonym for dynamic is aggressive, right?

 

Axur can give you a hand (along with our robots). We monitor the entire web in search of all sorts of violations that could be jeopardizing your brand and your digital presence. Then you can request their removal with just a few clicks on our platform, Axur One.

Our offerings include solutions for phishing, malware, brand misuse, the deep and dark web and more! It’s possible to create a safer Internet, and risk management does not have to be complicated.

event-image

ESPECIALISTA CONVIDADO

Eduardo Schultze, Coordenador do CSIRT da Axur, formado em Segurança da Informação pela UNISINOS – Universidade do Vale do Rio dos Sinos. Trabalha desde 2010 com fraudes envolvendo o mercado brasileiro, principalmente Phishing e Malware

AUTHOR

Andre Luiz R. Silva

A journalist working as Content Creator at Axur, in charge of Deep Space and press activities. I have also analyzed lots of data and frauds here as a Brand Protection team member. Summing up: working with technology, information and knowledge together is one of my biggest passions!