How can we help?

Safeonweb@work is an initiative of the Centre for Cybersecurity Belgium (CCB) aimed at Belgian organisations and companies. Its objective is to strengthen the cybersecurity of Belgian companies and organisations by providing them with advice, recommendations and tools to identify and mitigate the vulnerabilities of their systems and to be alerted to cyber threats.

Safeonweb@work aims to provide your organisation with tools to better arm yourself against cyber threats.

By enabling you to identify threats and vulnerabilities on your network and domain, you can proactively implement the appropriate protective measures to drastically reduce the risk of cyber attacks.

You can register your organisation and benefit from all our services for free.

Also discover all our tips to improve your organisation's cybersecurity, available for free to all.

Safeonweb@work offers several services to strengthen the level of cybersecurity of your company or organisation.

Some services are reserved for organisations registered on the platform.

Our services for registered organisations

These services are reserved for organisations registered on the Safeonweb@work platform.

Cyber Threat Alerts

The Cyber Threat Alerts service provides early warning of threats to your network. Safeonweb@work sends a specific alert if a vulnerability or an infection has been reported to Safeonweb@work on the network you have registered in the platform.

The CCB receives daily reports from its cybersecurity partners on infections and threats. Via Safeonweb@work, you can receive these notifications directly for your network and your domain. In concrete terms, once your organisation is registered on the platform, you just need to enter your network information (IP address(es) and domain name) and your contact details, and activate the service to be notified in case of the detection of a threat on your network. If a vulnerability or infection has been discovered, an e-mail with more details will be sent.

You can unsubscribe at any time by logging into the platform and turning off notifications.

Cyber Threat Alerts is a free online service for organisations registered on the Safeonweb@work platform.

You can find more information in our terms and conditions of use.

Please note that Safeonweb@work does not replace your antivirus software.

Register to activate your Cyber Threat Alerts service

Quick Scan Report

The Quick Scan Report service allows you to receive a report that will give you a overview of your organisation's online assets.

By entering your domain name, the application will inspect, through a non-intrusive scan, your network information to identify potential vulnerabilities. We will produce a report that we will send to you by e-mail with the discovered vulnerabilities and recommendations for remediation.

The Quick Scan Report is a free online service for organisations registered on the Safeonweb@work platform.

You can find more information in our terms and conditions of use.

Please note that Safeonweb@work does not replace your antivirus software.

Register to activate your Quick Scan Report service
 

Our services for all organisations

These services are publicly available and free to all organisations without registration.

Policy templates

We provide you with a set of customizable and editable cybersecurity policy documents to facilitate the implementation of information security management within your organisation.

Find our policy templates here

Self-assessment

Our self-assessment form allows you to evaluate your organisation's cybersecurity maturity level. After answering questions on cybersecurity topics, you will be able to measure your level of maturity, compare your level to that of similar organisations, and benefit from our practical recommendations in order to fill any gaps identified.

Find our self-assessment form here

Webinars

Our webinars aim to raise awareness of key cyber threats by providing practical advice to organisations on how to protect themselves and their data.

Find all our webinars here

Safeonweb@work services are intended for companies and organisations in Belgium.

Our services for all organisations (Policy templates, Self-assessment, Webinars, etc.) are deliberately designed to be accessible to all profiles, regardless of your level of knowledge in IT or cybersecurity.

It is important to note, however, that services for registered organisations (Cyber Threat Alerts and Quick Scan Report) may require more IT skills. So don't hesitate to call on your IT staff or your IT service provider to make the most of these services.

No, all Safeonweb@work services are completely free.

All entities registered at the Crossroads Bank for Enterprises with a Legal Representative can register on the Safeonweb@work platform.

Follow our step by step guide here : How to register your organisation on Safeonweb@work for the first time?

As with all online government and administration services, it is necessary to use your ID card and your eID reader or the itsme application to log in to Safeonweb@work.

You can download the eID software here: https://eid.belgium.be/en

You can download the itsme application here: https://www.itsme-id.com/

Find our help centre to connect with your eID card reader here: https://sma-help.bosa.belgium.be/en/eid-card-reader

Find our help centre to connect with your itsme application here: https://sma-help.bosa.belgium.be/

Find the generic support site for the itsme application here: https://support.itsme-id.com/hc/en-us

Yes, you can administer multiple organisations or be designated as a representative for multiple organisations. In this case you will have to select the organisation you want to administer in the Safeonweb@work platform right after you log in via eID/itsme.

Please note that defining a representative for your organisation for Safeonweb@work is done, as for all Belgian Government services, via eGov Role Management.

If you have any questions about the content of your Cyber Threat Alerts report or Quick Scan Report, please contact your IT staff or your IT service provider.

Remember that these reports are confidential and should only be shared with members of your company or organization or contracted service providers.

Due to the huge diversity of contexts, installations, infrastructures, software, threats, infections, etc., the Safeonweb@work team cannot commit itself to answering all questions arising from the use of Safeonweb@work services.

Threats are alerts that are specific to your network.

The Centre for Cybersecurity Belgium (CCB) receives daily information from partners about infected or vulnerable systems in Belgium. The sole purpose of the CCB is to provide information and warnings based on the information received and available.

Entering at least one of your IP addresses is required to activate the Cyber Threat Alerts service.

By entering your IP address, we can warn you of "threats". Threats" are alerts specific to your network. These alerts are delivered by different partners. Safeonweb@work does not scan your network.

Entering at least one of your domain names is required to activate the Quick Scan Report service.

By filling in your domain name, we can send you an analysis report of your internet-connected assets, potential vulnerabilities identified and recommended remediation measures.

• Safeonweb@work will only use this information to send you specific alerts, not to scan your network.
• You can disable a service at any time from the services home page.
• Please note that you can only register a network if you are the owner or if you have received a written authorization from the owner to receive Safeonweb@work alerts.
• By registering your network you declare that you have read and accepted the terms and conditions of use and the personal data processing policy.

Entering at least one reporting e-mail address is required to activate our Cyber Threat Alerts and Quick Scan Report services.

This reporting e-mail address will be used to send you your regular threat reports and your report on your assets and potential discovered vulnerabilities.

In addition to this reporting e-mail address, we invite you to provide a management contact e-mail address for administration of your account in the event of updates, important information or service interruptions, and a technical contact e-mail address that may be contacted in some cases by our technical team.

• You can currently register up to 3 reporting e-mail addresses, 1 manager contact e-mail address and 1 technical contact e-mail address.
• You can disable a service at any time from the services home page.
• Please note that you can only enter an e-mail address if you are the owner or this address if you have received written authorization from the owner to receive Safeonweb@work alerts.
• By registering your e-mail addresses you declare that you have read and accepted the terms and conditions of use and the personal data processing policy.

Once you have entered your network and contact information you can freely activate and deactivate the different services from the services screen.

Entering at least one IP address and one reporting e-mail address is required to receive your Cyber Threat Alerts report via e-mail.

Entering at least one domain name and a reporting e-mail address is required to receive your annual Quick Scan Report via e-mail.

No, the Safeonweb@work platform only works for static IPs.

Information about infections is provided by various cybersecurity partners, from both commercial and open sources. Safeonweb@work does not get information about infections directly from your network information. Safeonweb@work does not scan your network.

No. Information on infections is provided by various partners, both commercial and open source. 

Because we have no information about a current threat on your network.

You can unsubscribe from e-mail alerts at any time by logging into the Safeonweb@work platform and disabling the Cyber Threat Alerts service from the services home screen.

Yes, but we advise to only share with trusted IT providers with whom you have a contractual relationship.

No, please allow some processing time.

This cybersecurity risk assessment report is based on data collected by CCB partners using non-intrusive techniques and threat signals gathered from trusted commercial, open-source, and proprietary sources. These threat signals are open and accessible from the public Internet, which means only non-intrusive techniques are used to gather information. Non-intrusive techniques never attempt to bypass any security controls an organisation has in place.

Non-intrusive or passive scanning techniques use standardized and publicly accessible network-based protocols to query hosts. In contrast, intrusive or active scans often attempt to compromise a system and thereby highlight security vulnerabilities.

Some attributes that can be scanned passively include for example Open ports, SSL/TLS certificates or DNS records. These three examples are non-intrusive, as the information is publicly accessible and there is no attempt to exploit the vulnerabilities found. While messages are sent to servers to trigger a response, these messages never try to take advantage of misconfigurations or simulate attacks. 

Quick Scan Reports are sent within 72h. If you haven't received an email from us after this period, please contact us.

You can choose 1 domain per Quick Scan Report. Your Quick Scan Report will include observations for the linked sub-domains.

If the website at the address of your domain name does not respond for various reasons, it will be considered non-existent and cannot be registered on our platform.

In order to link the data of a user to that of their company or organisation, the Safeonweb@work platform queries the public data of the Crossroads Bank of Enterprises (BCE-KBO) via the BCE-KBO Public Search tool, in order to be able to retrieve the information of a company or an organisation (Name, BCE-KBO number, physical address) for which a user is designated.

This information is used to associate a user with an entity registered with the Crossroads Bank of Enterprises; to allow a user to select the entity or entities for which they are responsible; to ensure user control; and to ensure compliance with the terms and conditions of use of the Safeonweb@work platform.

Safeonweb@work keeps the data needed to operate its services. This is the contact data you provide (name, surname, e-mail address, phone number), the network information you provide (IP addresses, IP ranges, domain names), your organisation's data (Name, BCE-KBO number, physical address – which is public information obtained via BCE-KBO Public search) and your National Registration number.

More information on the processing of personal data in Safeonweb@work.

The data used by Safeonweb@work is the following: the contact data you provide (name, surname, e-mail address, telephone number), the network information you provide (IP addresses, IP ranges, domain names), your organisation's data (Name, BCE-KBO number, physical address – which is public information obtained via BCE-KBO Public search) and your National Registration number.

The IP address is sent from the application to Safeonweb@work. Safeonweb@work then checks whether cybersecurity partners have reported infections for your IP address. If this is the case, Safeonweb@work will send a specific alert via the e-mail address you provided.

More information on the processing of personal data in Safeonweb@work.

The Safeonweb@work platform stores the National Registration number of its users for security purposes in order to ensure the control of users and to ensure compliance with the terms and conditions of use of the platform and its services.

An antivirus software scans your entire device. It is the most important piece of software to protect your computer and your data, so never remove your antivirus. The Safeonweb@work platform does not scan your device, but gives you information about the infections detected on your network. Safeonweb@work is a protection tool for your network, just like an antivirus is for a specific device. If you use Safeonweb@work, we recommend that you continue to use your antivirus software on all your devices.

More information about antivirus software. 

This error message means that the Safeonweb@work platform is temporarily unavailable due to an update or to the work of our support teams. We recommend that you try again later and refresh the page or log out and log back in.   

You can forward all suspicious messages to suspicious@safeonweb.be.

More information

It is a good idea to close and restart your web browser. If the problems persist, check that your device and web browser are still using a recent version. We recommend that you update as soon as possible and use the latest version of your operating system and web browser.

If your organisation is registered in Belgium, the first step to improve the score of your organisation's website is to register your organisation and domain on Safeonweb@Work.

All organisations can improve their score by ensuring they purchase a higher certificate from a trusted  Certificate Authority.

The scores of different domains are computed separately, thus make sure to register all your domains on Safeonweb@Work (for organisations registered in Belgium) and/or to have Certificates from trusted CAs for all of them (for all organisations).

Subdomains scores are seperate. However, this depends on the SSL Certificate which can either be associated to one domain (single-domain certificate) or a domain and its subdomains (wild-card and multiple-domain certificate).

Non-public domains (e.g., intranet) are not assessed by the Extension.

No, the Extension only checks whether the domain is registered on Safeonweb@Work, your domains Certificate and Certificate Authority.

The extension only processes your browsing activity to the extent that it is necessary in order to provide information on the trustworthiness of the websites you visit. All information is anonymised as soon as possible.

The Extension is currently available on all Chromium Web Browsers via the Chrome Web Store. This includes Google Chrome, Microsoft Edge, Opera, Vivaldi, Brave, etc. Future developments will be made to include additional browsers.

No, the Extension is not currently available on any browser on mobile devices.

It helps to close and restart the browser. If you continue to have problems, check that your device is still running a recent version of your browser. We recommend that you perform updates as soon as possible and always use the latest available version of your browser. 

No, the Safeonweb Browser Extension is a tool to help you assess the degree of trust to be placed in a website's domain but does not check the contents of the website, what is exchanged with the website or anything already present on your device.

An antivirus scans your device in its entirety. It is the most important piece of software to protect your computer and your data. Do not remove your antivirus. 

You can always click on the Extension icon and then select the "Report malicious website" link. This will notify the Centre for Cybersecurity Belgium to verify the website.

Yes, next to changing its color, the Safeonweb icon is also accompanied by a sign reflecting the trust level of the website you are visiting. The signs are:

• OK for a high level of trust
• ! for a medium level of trust
• X for a low level of trust

To ensure a smooth user experience, the CCB already preloaded some known trustworthy domains in Safeonweb@work. Please make sure to register your domain to validate this preload as soon as possible.

No, the Safeonweb services are completely free of charge.

Yes, but avoid registering the website in the name of your own organisation. Instead, ask your clients to delegate the permission to you via My Egov Role Management.

Right now only organisations with an Enterprise Number can register their domain names. The investigation of the possibility to allow private individuals to register their domain names is on our future development roadmap.

Right now only Belgian organisations or non-Belgian organisation with an Enterprise Number can register their domain names. The investigation of the possibility to allow European organisations to register their domain names is on our future development roadmap.