Protect information transmission channels

[rakhirhif8963]

Resolution of the Government of the Russian Federation No. 687 “On approval of the Regulation on the specifics of personal data processing carried out without the use of automation tools”;
Order of the FSTEC of Russia No. 21 of February 18, 2013
According to federal law, a company is required to collect consent to process customer and employee data. Those who outsource their systems need to:

make sure that the provider complies with the Federal Law “On Personal Data”;
conclude an agreement on the assignment of personal data processing.
Use protective equipment
The law requires the use of protection systems that have passed the FSTEC compliance assessment: software for protection against unauthorized access, which is installed on top of the operating system, a security scanner, spam protection, protection of the virtualization environment, etc.

When a company transmits information via a corporate belarus whatsapp data to branches or partners, there is a risk of it being intercepted while passing through the communication channel. FSTEC Order No. 21 requires the use of transmission channel protection tools.

Crypto gateways help protect data when transferred over the network. These are network devices that are installed on the border of the company's security perimeter and encrypt the communication channel during data transfer. Their installation is required by law. Some companies refuse to use crypto gateways due to their high cost. In addition, their setup and maintenance require the appropriate competencies of employees.

Store information in an isolated infrastructure
To reduce the risk of human error, it is important to ensure that personal data is not stored on digital media that the company does not control. Important data does not belong on employees' laptops or on an external hard drive. It is better to allocate a special infrastructure and use centralized databases, access to which is restricted at different levels.