It's not possible to prevent any and all cyber attacks, but there are things you can do. Cyber experts and security firms continue to insist that basic security actions can make a big difference, not only for individual internet users but also for companies and organizations: recognize and warn about phishing, use strong passwords and two-factor authentication (2FA), and patch and update systems in a timely manner.
- We advise companies and organizations to develop, update and test a (cyber) emergency plan on a regular basis. It is important for every employee to know what to do in the event of a cyber incident. (Webinar on cyber incidents: https://www.youtube.com/watch?v=-cHcTidmT1Y)
- Keep contact lists up to date and also store them on paper.
- Enlist assistance from an external partner/firm if necessary. Make arrangements for this in advance.
- Use two-factor authentication (2FA) whenever possible, both on individual accounts, and on the company's or organizations' social media accounts.
- Make sure your systems are up to date and always make sure to keep relevant and necessary backups offline.
For a full overview of security measures, consult the Cyberfundamentals Framework https://ccb.belgium.be/en/cyberfundamentals-framework
Checklist to quickly bolster your security
Preventing ransomware or wiperware
- Make sure to implement 2FA or MFA for key business access points.
- It is important that your devices are protected with antivirus software, but in addition, specific protection against ransomware is also a must. Install anti-ransomware.
- It's also still important to identify false messages in time and to inform employees
- Regularly perform updates on all your systems.
- Finally, regularly make backups in case you do become a victim.
- Provide a business continuity and recovery plan with a tested backup system
- Have your IT security architecture & policy reviewed by a specialist (including policies around patching, user training, network segmentation, etc.)
- Read our full advice https://www.cert.be/sites/default/files/ransomware_2019_nl.pdf
Mitigate DDoS attacks
- Be prepared for a DDoS attack. Check that your Internet-facing systems are adequately protected against a DDoS attack.
- Watch out for other attacks that "hide" behind the DDOS attack.
- There are services and products that help mitigate a DDoS attack. Assess whether the use of such services is relevant to your organization.
- Read our full paper here: https://www.cert.be/nl/paper/ddos-bescherming-en-preventie
Identify phishing in a timely manner
- Watch out for possible phishing attacks.
- Make employees aware that unusual communications from professional contacts are also suspicious.
- Ask employees to report suspicious emails to the IT department.
- Always forward suspicious messages to firstname.lastname@example.org
Detect disinformation campaigns quickly
- The spread of disinformation through hacked channels is a threat. Watch out for possible misuse of your organization's public communication channels (websites and social media)
- Monitor activity on your organization's social media accounts. Look out for suspicious and anomalous login attempts. Use two-factor verification.
- Remind employees to be careful when sharing information on social media.
Detect anomalous activities in your professional networks
- Invest in logging and monitoring.
- Watch out for anomalous traffic on the systems and in the network.
- Ensure that anti-virus solutions are up-to-date.
- Link to webinar: logging and monitoring https://www.youtube.com/watch?v=SQEyC_wJEF0&feature=youtu.be
Find and update vulnerable systems
- Follow our advice and warnings on cert.be
- Check key systems and internet-facing systems for known vulnerabilities.
- Also pay extra attention to commonly used vulnerabilities, e.g.. Log4j. https://www.cert.be/en/warning-active-exploitation-0-day-rce-log4j
- In some cases, no update to address a vulnerability is available. In such cases, take mitigating measures, such as limiting access to a vulnerable system.
What to do after a cyber attack?
- First port of call in the event of a cyber attack https://www.cert.be/en/first-port-call-event-cyberattack
- Watch the webinar https://www.youtube.com/watch?v=qcIk1bwXPuk
- If you are a victim of a cyber attack or have noticed a very unusual action on your networks, please file a report via https://www.cert.be/en/report-incident-0