Basic security
It's not possible to prevent any and all cyber attacks, but there are things you can do. Cyber experts and security firms continue to insist that basic security actions can make a big difference, not only for individual internet users but also for companies and organizations: recognize and warn about phishing, use strong passwords and two-factor authentication (2FA), and patch and update systems in a timely manner.
- We advise companies and organizations to develop, update and test a (cyber) emergency plan on a regular basis. It is important for every employee to know what to do in the event of a cyber incident. (Webinar on cyber incidents: https://www.youtube.com/watch?v=-cHcTidmT1Y)
- Keep contact lists up to date and also store them on paper.
- Enlist assistance from an external partner/firm if necessary. Make arrangements for this in advance.
- Use two-factor authentication (2FA) whenever possible, both on individual accounts, and on the company's or organizations' social media accounts.
- Make sure your systems are up to date and always make sure to keep relevant and necessary backups offline.
For a full overview of security measures, consult the Cyberfundamentals Framework https://ccb.belgium.be/en/cyberfundamentals-framework
Checklist to quickly bolster your security
Preventing ransomware or wiperware
- Make sure to implement 2FA or MFA for key business access points.
- It is important that your devices are protected with antivirus software, but in addition, specific protection against ransomware is also a must. Install anti-ransomware.
- It's also still important to identify false messages in time and to inform employees
- Regularly perform updates on all your systems.
- Finally, regularly make backups in case you do become a victim.
- Provide a business continuity and recovery plan with a tested backup system
- Have your IT security architecture & policy reviewed by a specialist (including policies around patching, user training, network segmentation, etc.)
- Read our full advice https://www.cert.be/sites/default/files/ransomware_2019_nl.pdf
Mitigate DDoS attacks
- Be prepared for a DDoS attack. Check that your Internet-facing systems are adequately protected against a DDoS attack.
- Watch out for other attacks that "hide" behind the DDOS attack.
- There are services and products that help mitigate a DDoS attack. Assess whether the use of such services is relevant to your organization.
- Read our full paper here: https://www.cert.be/nl/paper/ddos-bescherming-en-preventie
Identify phishing in a timely manner
- Watch out for possible phishing attacks.
- Make employees aware that unusual communications from professional contacts are also suspicious.
- Ask employees to report suspicious emails to the IT department.
- Always forward suspicious messages to suspicious@safeonweb.be
Detect disinformation campaigns quickly
- The spread of disinformation through hacked channels is a threat. Watch out for possible misuse of your organization's public communication channels (websites and social media)
- Monitor activity on your organization's social media accounts. Look out for suspicious and anomalous login attempts. Use two-factor verification.
- Remind employees to be careful when sharing information on social media.
Detect anomalous activities in your professional networks
- Invest in logging and monitoring.
- Watch out for anomalous traffic on the systems and in the network.
- Ensure that anti-virus solutions are up-to-date.
- Link to webinar: logging and monitoring https://www.youtube.com/watch?v=SQEyC_wJEF0&feature=youtu.be
Find and update vulnerable systems
- Follow our advice and warnings on cert.be
- Check key systems and internet-facing systems for known vulnerabilities.
- Also pay extra attention to commonly used vulnerabilities, e.g.. Log4j. https://www.cert.be/en/warning-active-exploitation-0-day-rce-log4j
- In some cases, no update to address a vulnerability is available. In such cases, take mitigating measures, such as limiting access to a vulnerable system.
What to do after a cyber attack?
- First port of call in the event of a cyber attack https://www.cert.be/en/first-port-call-event-cyberattack
- Watch the webinar https://www.youtube.com/watch?v=qcIk1bwXPuk
- If you are a victim of a cyber attack or have noticed a very unusual action on your networks, please file a report via https://www.cert.be/en/report-incident-0