How can you improve the cybersecurity of your business?
Alertis is a technological SME with 110 employees that is active throughout Belgium. This West Flemish company specializes in all kinds of physical security, such as fire and burglary detection and camera surveillance.
“Our clients are companies for whom security is really critical, such as residential and care centers, hotels, industry, logistics. We also have a very specific niche with real estate, cities and municipalities”, explains CEO Guy Slagmulder. For all these clients Alertis designs the security plan, provides the materials, takes care of the commissioning as well as the maintenance and monitoring. It can proudly look back on 30 years of experience and 18,000 active installations across the country, with a focus on connectivity and service with the client.
Cybersecurity improvement project because security is crucial
This ‘serious’ company – their baseline happens to be ‘seriously safe’ – has always been a leader in terms of IT and integration of new technologies. When it comes to cybersecurity, they can't afford to take any chances. Their clients count on their highly confidential information (access codes, passwords, camera images, etc.) to be secured in the best possible way and not being tampered with by hackers. These confidential data are therefore protected by multiple layers of security.
We wanted to be sure that there were no possible holes or gaps in our security system.
A few years ago Alertis almost literally received a wake-up call. The telephone exchange was hacked, and the hackers made calls from the telephone exchange throughout the entire world. While such experiences are extremely unpleasant, they do spur on action. That is why Alertis decided to follow the cybersecurity improvement program by Flanders Innovation and Entrepreneurship (VLAIO). “Our participation in VLAIO’s improvement program came about because we wanted to be sure that there were no possible holes or gaps in our security system”, said Frank Vanden Driessche, Chief Digital Officer at Alertis.
Improvement path identifies the vulnerable spots
Alertis got in touch with EY Belgium through a personal contact, one of the 9 recognized service providers of the cybersecurity improvement program, and that got the ball rolling. In consultation with the client, EY agrees on where the focus of the program should be. This is different for a software company, for example, than for a physical security company like Alertis. Erik Aerts, Cybersecurity and Privacy Manager EY Belgium: “EY always starts with a preliminary process in which it performs a baseline measurement and provides a holistic insight into a number of aspects related to security: how to deal with passwords, with compliance, GDPR, how to ensure that your integrity is preserved ... ”. Then EY zooms in further on managing risks, how to protect your environment, identify cyber-attacks and how resilient you are if you get hacked.
EY's role was to put its finger on the sensitive area(s) of the security system on the one hand, and to provide several building blocks with which Alertis itself could complete the security circle of the company on the other hand.
On a technical level you can correct quite a lot, but people remain the most vulnerable link in an organization
During the project EY also issued a technical vulnerability report, in which vulnerabilities within Alertis were defined and immediately addressed by the Alertis IT department. In addition, EY also pinpointed several 'blind' spots within the organization which had been tackled at some time stage – for example, a password policy for the entire company – but which were not part of a broader policy. Erik Aerts points out: “On a technical level you can correct quite a lot, but people remain the most vulnerable link in an organization. The use of private data, Google Drive, One Drive, ... is accompanied by risks that need to be well defined in advance and recorded in a policy document where the best practices and methods are explained to employees, for example at onboarding”.
Prior to the project, Alertis already had a step-by-step plan in place to make itself even more secure. This gives Erik Aerts a good feeling: “Alertis already had the structure in place. This improvement project has provided some building blocks to further finish the house, and that is nice. At Alertis we have succeeded in integrating cybersecurity into operational management. And from our experience, that's something we don't come across very often in SMEs.”
Improvement path offers only benefits
“We are very satisfied with our cooperation, also because our contact person, Erik Aerts, is a professional who himself comes from the IT world. In the meantime, the known vulnerabilities have already been eliminated”, a satisfied Frank Vanden Driessche reflects.
“This report has also prompted us to tackle the remaining vulnerabilities. For example, we have 65 technicians on the road who each have a laptop, and for all these devices we have specifically ensured more secure management”, adds Guy Slagmulder. And he concludes, “Very useful things have come out of this process that we will definitely consider in the future. We have become more aware of the possible dangers and of the need to do something about them.”
Interested in the changes we have made here,
contact us to find out more.