Apex Partners' cyber defense strategy is structured to ensure that the defense structure continually evolves at a speed compatible with the development of cyber risks and threats, increasing our resilience to attacks and reducing our vulnerabilities. In this way, Apex Partners' cyber defense structure evolves in line with the risks of the business areas.

The data of our employees, customers and business partners is secure with tools and processes implemented in several layers of security protection, including actions such as control and segregation of data access, token for customer access, periodic security tests and activation of biometrics for transactions.

Learn what you can do to make your experience safer

Be careful with your passwords

Below, we list best practices for managing your passwords:

• Don't share your passwords with anyone. Your passwords are used for services subscribed to by you and, therefore, should only be used for that purpose.
• Use complex passwords. Always combine the most complex combination possible and, if the system allows it, use special characters, uppercase letters combined with lowercase letters and numbers.
• Avoid personal information in your passwords, such as date of birth, children's names, children's birth dates, phone number, etc.
• Change your password frequently: at least every 90 days or when the system requests it.
• Use different passwords for each system (email, e-commerce, social networks, etc.). To manage these different passwords, you can choose to use a password manager.

Protect your devices

Our data is stored in systems that are in turn stored on electronic devices: tablets, cell phones, laptops, among others. In addition, these devices contain your email and banking apps, etc. These devices need to be protected to keep them safe from criminals.

Protection tips:

• Keep your system up to date – Get the security updates your devices require as soon as possible. These updates fix flaws that could be exploited by attackers.
• Use access passwords and do not share them with anyone. Follow the password usage instructions above.
• Be careful with suspicious apps – Especially betting apps, games and those that promise financial returns without much effort. These apps may contain viruses or files that steal passwords. Do not download apps from unofficial stores.

Beware of Social Engineering

In the context of information security, Social Engineering are techniques used by criminals to induce the victim to take an action, such as providing data, clicking on links, transferring money, among others.

Main scams:

• Phony emails (phishing) – Sending fake generic emails or emails targeted at a specific person or group.
• WhatsApp scams – Fraudsters pretending to be you and contacting other people or even “hijacking” your app account.
• Fake calls – Criminals get in touch pretending to be someone else (government or research agencies, for example) and faking situations to steal data.

Many of these scam attempts will attempt to manipulate the victim's feelings, with messages demanding urgent action, involving personal relationships or financial issues.

Understanding Phishing

Phishing is when a criminal sends seemingly genuine messages to a victim, expecting them to take a certain action. Today, phishing is the main way for hackers to enter a company. It is also an easy way to obtain valid credentials from ordinary people.

These emails may be impersonated as:

• Unmissable promotions in well-known stores
• Banks (reporting operations carried out, password blocking, etc.)
• System messages

They are sent to a large number of users and, when falling for phishing, the victim ends up passing on confidential data, credentials or even downloading malicious artifacts.

How to avoid being a victim of phishing?

Whenever you receive a message, be suspicious if:

• You don't know the sender
• The contact is different than usual
• There was a very impersonal tone
• There is a tone of urgency, such as “join now”, “I need urgent help”, etc.

Stay tuned!

• Criminals can create emails or websites that look very similar to a legitimate one by swapping or omitting some letters.
• If the matter involves payments or withdrawal of funds, always make sure through another channel that you are actually speaking to the right person.
• If you receive a suspicious message from a store, prefer to access the website through your browser (without clicking on links in the message) and check whether the promotion really exists or whether a transaction was actually made on your account.

A security ecosystem

Apex Partners embraces a security ecosystem that protects its internal assets and supply chain, recognizing security as a collective effort.

Our practices include:

• Rigorous Risk Assessments
• Processes such as Know Your Supplier (KYS)
• High standards of security, compliance and governance

These measures reinforce our commitment to data protection, business continuity and the prevention of cyber threats.