Here we rectify some of the most frequent mistakes regarding OT and IT security.
TOP 5 mistakes of OT Security
5 “We have an antivirus or firewall solution. That protects us from cyber attacks.”
It is true that they are indispensable but they don’t eliminate the risk. Don’t forget to update and configurate them!
4 “Our production is not connected to the Internet”
For remote maintenance Internet is required. Or the IT department applies the necessary operating system patches via a patch server connected to the Internet. Current windows operating system also requires a regular Internet connection.
3 “We are too far insignificant, no one wants to hack us anyway”
Cyberattaks take place everyday, no matter what, no matter who
2 “We believe that our OT network is safe and hardened”
You need to monitor the systems constantly because production plans are subject to a constant change. Belief does not mean knowing.
1 “We have an IT department. They take care of it.”
The situation in the OT network is very different and requires a different education and experience compared with the office enviroment. The tools of the office network are also not easily adaptable in automation technology.
– Marcus Woehl
8 biggest Cybersecurity Mistakes
- OPENING ATTACHMENTS FROM UNKNOWN PEOPLE
• Check the context of the email message. If something looks suspicious or the person is asking you something that they wouldn’t usually ask you to do, it’s more than likely spam.
• Check the sender. Don’t recognize it? Google the domain name to see if it is a legitimate business.
- FORWARDING EMAILS WITH ATTACHMENTS FROM UNKNOWN PEOPLE
• Do not forward the email to anyone else in your organization. This increases the chance of a malicious attachment being clicked on accidentally.
- USING EASY PASSWORDS
• We still see employees using yourname123and yourbirthday as passwords.
• Re-work your current passwords, using numbers and capital letters.
- LEAVING YOUR PASSWORDS WRITTEN ON YOUR DESK
• Anyone could gain access to files or systems with confidential information.
- USING THE SAME PASSWORD FOR SEVERAL ACCOUNTS
• It is important to change your passwords frequently.
• Do not use the same password for different accounts. Having different passwords for your accounts minimize the possibility of all of your accounts being compromised at once. Complexity and length are very important.
- NOT PUTTING A PASSWORD OR PASSCODE ON YOUR WORK DEVICES
• It is highly recommended having a password or passcode for the devices you use at work.
• When you walk away from your computer, lock it . Devices with no passcode entice people to use them for malicious activity.
- CLICKING ON ADVERTISEMENTS
• Many ads are harmless, but the ones that are too good to be true are often clickbait advertisements that could lead you to sites with malware.
- SURFING THE DEEP WEB
• Work computers should be used only for working, lots of deep web sites will instantly track you and install malicious code.
– Helen Littl