As you probably noticed the number of cyber attacks has increased the recent months. Last weekend the residential care centre in Willebroek was the target and earlier this month the manufacturing company Picanol was severely impacted.
Asco is still recovering from the cyber attack in June 2019. At that time, the manufacturer of aircraft parts did not accept to pay the ransom and chose to solve the problem itself. The recovery of the affected production systems is still in progress after 6 months. This has serious financial and reputational consequences for Asco.
In response to these various cyber attacks, we would like to share a few best practices to prevent cyber attacks on your company’s infrastructure.
Within your Office 365 environment:
- Implement multi-factor authentication to login.
- Block mail forwarding so that hackers cannot forward and read sensitive information.
- Monitor unsuccessful login attempts and automatically block the Office 365 account after e.g. 5 unsuccessful attempts.
- Regularly check the error messages in the Office 365 administrator account
In addition to this specific configuration, we recommend you to:
- Regularly test your IT systems for possible security risks and vulnerabilities e.g. by an ethical hacker.
- Continuously train your staff by providing awareness training on phishing, ransomware, etc. The root cause of a successful cyber attack is often a human error.
- Minimize the use of mobile devices e.g. USB sticks, external harddrives, memory cards, etc
- Limit single sign on (SSO), especially to access business critical systems.
- Isolate critical machines in a separate VLAN with limited or no access to the Internet or internal network.
- Make sure all systems e.g. Firewall, PC's,... have the latest security updates.
- Use preferably an anti-virus that has "containerized" capabilities so that email attachments are not opened locally, but by default in the cloud. Ransomware will be less likely to spread locally in your network.
- Make sure to have a cyber insurance to partially cover your financial risks.
If you need help with the implementation of the above topics, do not hesitate to contact RSM IT Advisory.
Ask for our free brochure on penetration testing of your website, Ethical Hacking and 24/7 Treath Detection & Response Services.
RSM IT Advisory regularly organizes workshops on Digital Transformation, Cyber Security and GDPR, click here to subscribe to our newsletter so you are informed about the next workshop.
You can already register for our Cyber Insurance workshop at [email protected]
Contact details:
Steven Vermeulen
Partner IT Advisory
[email protected]
+32 494 51 86 03
+32 3 449 57 51