Attention: important security updates [FTP15]
maio 16, 20244 important cybersecurity measures to follow
julho 30, 2024
Dear Colleague,
as explained in November 2023 in this bulletin and reminded in March 2024 (cf. Engage), logging in with a private account to a browser used for work can cause dangerous synchronization of work passwords on the private account and on personal devices connected to it. This synchronization poses a serious risk to the Company and its Customers, because highly confidential work credentials are transferred to systems that are not managed nor protected by the Company. Such systems are more vulnerable and exposed to attacks by third parties, that our security tools cannot detect.
Despite the above bulletins, we continued to detect access to browsers with private accounts and password synchronization on personal devices.
To avoid serious reputational, economic and legal consequences on our Company, we had to disable the access to browsers with accounts not belonging to our Organization.
This action prevents additional passwords from being saved to private accounts, but does not delete any passwords already synchronized on non-company devices.
Therefore, if you have used private accounts (e.g. Gmail, Mozilla, Hotmail, etc.) on company browsers, we ask you to remove any work passwords left on your private accounts or on other devices (PC, smartphone, tablet).
Detailed instructions for the main browsers are included in this bulletin on Engage.
We remind you that each of us is responsible for protecting the work data entrusted to us (including credentials) and that it is strictly prohibited to transfer such data to personal devices and accounts.
Kind regards
Group Information Security Office
