BACEN - STWBrasil

DATA LEAKAGE CAN CAUSE BILLIONAIRE LOSSES

It is necessary to prevent criminals from having access to bank details and carrying out fraudulent financial transactions. Resolution No. 4,658 of Central Bank of Brazil, provides for cyber security policy and requirements for contracting data processing and storage and cloud computing services to be observed by financial institutions and other institutions authorized to operate by BACEN.

This Standard is intended to prevent cyber risks and protect financial institutions, in addition to requiring institutions regulated by the Central Bank to develop a cyber security policy, an incident response action plan and requirements for contracting outsourced services. The contracting of any outsourced service and processing, data storage and cloud computing performed by the financial institution must be previously communicated to the Central Bank at least 60 days in advance. Institutions have until December 31, 2021 to comply with the Resolution, in order to avoid the risk of BACEN sanctions.

PREPARATION OF A CYBERSECURITY POLICY

- Cybersecurity objectives of the institution; - Procedures and controls adopted to reduce vulnerability to incidents; - Specific controls that ensure the security of sensitive information; - Recording and analyzing the causes and impacts of incidents for the institutions activities; - Definition of action plan, processes and guidelines for the discovery and response to security incidents;

- Prevention of information leaks; - Periodic testing and scanning to detect vulnerabilities; - Protection against malicious software; - Establishment of traceability mechanisms; - Access controls and segmentation of the computer network and maintenance of backup copies of data and information.