HSElife UPDATE #31 - EN version

What is cyber security? Cyber

Security

Cyber security focuses on protecting computer systems from unauthorised access or from being otherwise damaged or made inaccessible. Information security is a broader category that protects all information assets, whether in hard copy or digital form. Both of these categories are in use by all of Energy industry companies and are often also connected to the Operational technologies.

In our ever-evolving digital world we are confronted daily with numerous threats from malicious individuals and/ or groups. From identity thefts and false money schemes to industrial espionage and sabotage. Here are some of the most common types of cybercrime activities:

! Phishing and Scam

! Identity theft

! Ransomware attack

! Denial-of-service (DDos) attack

! Hacking / Misusing computer networks

! Internet fraud

Without going into too much detail, they all represent serious threats to our finances, data and personal integrity. When attackers succeed in breaching our digital protection, they can further explore the unauthorized activities with malevolent intent. Stealing money from our bank accounts (phishing / scam), making unlawful purchases (identity theft), blackmail us to gain access to our computers / network (ransomware attack) and so on.

“But there is a whole another dimension of potential crime here”, says our Cyber Security expert Leonard. “Gaining access to your IT systems is worrying but that can unfortunately be just the beginning of the nightmare”.

Asset integrity and Operational technologies vulnerability

Leonard explains: “The majority of the IT services is connected, if not totally synced, with Operational technologies. When security is breached, and if it goes undetected, it provides the possibility to take control or even sabotage the operational system of industrial processes. Well known examples are shutting down the power plant in the USA or using the Stuxnet virus to attack Iran’s nuclear program, thereby rendering the Uranium enrichment facility useless.”

Gaining access to your IT systems is just a beginning of the nightmare

.

Cyber

expert

THEME: CYBER SECURITY Human Factor

“Both of these known examples (and thousands of lesser-known) were caused by hackers with bad intentions on one side and human error on the other. Even when these facilities are protected by the ‘state-of-the-art’ IT security systems, one careless action such as inserting an USB drive can nullify the protection in so called ‘air-gapped’ systems. When this happens… the Pandora's box is ready to be opened!” Leonard concludes.

Protection

Knowing how digital technology is becoming more and more integrated in Operational systems by companies in the Energy industry, these scenarios are quite a possibility we all need to be aware of. Just imagine the (financial) loss one company could suffer when hackers gain access and block the operation of certain industrial facilities… not to mention the horror that can occur when sabotage is committed.

Undoubtedly your company is doing everything it can to protect the integrity of its assets and to assure uninterrupted operations, and also ensuring safety of their employees as well. The question is: is there anything that you can do to avoid an inadvertent external breach, risking asset and operational integrity and putting your colleagues at risk?

Prevention is always better…

As proven by thousands of years of inadvertent mistakes, prevention is always better than cure. This certainly counts when we talk about using digital systems, for example to communicate with your coworkers. We will not waste your time explaining the risks of using common systems like email, WhatsApp, Viber, Snapchat, etc.

Why not avoid the risk and use the communication system that is absolutely separated from your operational environment and therefore completely safe to use? Separating your communication from well-known platforms also lowers your dependency on those systems to be operational. With that, you have multiple ways of communicating with your co-workers.

SOLUTION 1

: OPSlife Messenger is such a cloud-based system. Highly valued in our industry allowing direct and secure communication. It is part of our Management Systems (HSElife NL and HSEQ Direct) and is highly recommended by the cyber security experts, saying: “start using the OPSlife Messenger and you get two HSEQ Management systems for free as a bonus!” We couldn’t agree more!

SOLUTION 2

: Another one of such system that is available to all users of HSEQ Direct and HSElife NL is the knowledge maintenance system XLR Academy. Besides giving you some tips for Cyber security, read on to discover what these two systems can do for you and your company. >

When security is breached the Pandora box is ready to be open!

Leonard

Cyber Security expert

7 tips for Cyber Security

Because of continuos increase of cyber threats we give you a starting shot with these 7 steps that you use instantly to protect your systems!

1. Back up!

Limit the damage of a cyber incident with a good backup. Make one or more copies of your company data. Keep at least one backup in another location. Consider a vault or at your home. Do you have an IT service provider who handles this for you? Then ask for an overview of your copied company data at regular intervals. That way you know exactly what and how it is backed up.

2. Use multifactor authentication

Prevent someone else from accessing your account with multifactor authentication. Multifactor authentication is also called two-factor authentication, two-step verification, or 2FA or MFA for short. It works like an extra lock on your account. You log in not only with your password, but also, for example, with your fingerprint or a code you receive via text message or an app. Enable this at least on your business email account and your most important business applications.

3. Turn on automatic updates

Software updates often include security updates in addition to user improvements. Hackers actively search for vulnerabilities in outdated software. Therefore, don't wait to update your software and turn on automatic updates. In addition to your computers, consider tablets, phones and smart devices. That way, you will be protected against harmful computer viruses, or malware.

4. Use antivirus software

Install an antivirus program and make sure it stays upto-date. Do this on all computers and servers within your company. Such a program detects and removes digital threats. In addition, the software alerts you to suspicious emails and Web sites. Using an antivirus program also indirectly protects the devices of your customers and suppliers, for example. Many viruses invade your email program and spread through your email traffic with others.

5. Check your e-mail security standards

Check the security of your e-mail address via internet.nl On this website you can look up whether your domain name, the part after the @-sign, uses security standards. And which ones they are. Does your domain name not use security standards? Ask your IT service provider how to improve it. With good security standards, cybercriminals cannot abuse your identity to send spam such as phishing.

Prevent cyber threats right now!

Select the next page and print it as a poster (on any format) to start raising awareness amongst your coworkers.

6. Recognize phishing

Phishing is a major danger to any business. In this form of digital scam, fraudsters trick you with fake emails, fake QR codes and fake text or WhatsApp messages. Make sure your employees recognize phishing. For example, practice with the online phishing quiz or phishing bingo. Or start a phishing test in cooperation with an IT service provider.

7. Use secure independant systems

Many IT security breaches can occur when using general communication systems such as WhatsApp, Viber, Snapchat and others. Because of a wide use and huge numbers of users these platforms are often targeted by criminals. To be absolutely sure that you don't endager your IT and Operational systems it is always better to use secure, independant, notconnected communication systems like OPSlife Messenger and XLR Academy. In an unlikely event that something goes wrong all you have to do is to log-out and log-in again - it's that simple!

You can also continue reading this newsletter and learn how to prevent potential cyber security threats by using two independant communication and knowledge maintenance systems - OPSlife Messenger (SOLUTION 1) and XLR Academy (SOLUTION 2).

Inform, motivate, activate and improve. All with just one app: OPSlife Messenger 2.0. A must-have in the field of processes, safety and company culture.

OPSlife Messenger 2.0 is an interactive app...

... that enables organisations to reach their employees easily. To inform them about important developments, for example. But it is also a way to motivate and activate staff to help achieve organisational goals and improve work processes, promote safety in the workplace and build a positive company culture.

Interaction

The great thing about this app is that the admin can publish on-demand announcements, which are sent straight to employees via a push notification. But it is not just about sending messages: this is an interactive app, also including such options as open questions and surveys.

receive a response from your team(s)

GOAL USAGE RESULT

Inform your team directly, make requests, focus on a topic and test knowledge.

Team leader sends notifications, informing or asking for a response.

Direct, efficient and secure communication throughout the workplace.

ask (ad-hoc) questions to your team(s)

Would you like to know how to protect your assets, your employees and guarantee the continuity of your operations?

How can you make sure that the knowledge remains at a sustainable level after a training?

(see Ebbinghaus forgetting curve)*

Is there a solution for that?

Yes, there is! XLR Academy provides exactly that!

What is the XLR Academy?

The XLR ACADEMY is a scientifically proven* training support tool that maintains training knowledge where it should be - at the highest possible level.

GOAL USAGE RESULT

To decrease loss of training knowledge.

Five self made or ready to use questions and solutions about HSEQ issues to incite ongoing engagement.

Training knowledge is maintained at the highest level, raising HSEQ awareness at the workplace.

How does the XLR Academy work?

Triggering interaction and involvement of employees by distributing questions on various subjects and situations related to their everyday’s work. You, as a Manager or a Team Leader, are in total control of the questions, be it work process or product related.

Want to gain more insight in your team expertise? You can use the XLR Academy to discover those painfull spots in their knowledge or behaviour.

*Source: Ebbinghaus forgetting curve.

Discover what the XLR Academy can do for you and your Company. Watch the short promo video here >

Together with Operators and 480 Contractor organisations, we have been working on the new HSEQ ‘INCENTIVE MODEL’.

See the components of the tools and services of HSElife NL, briefly summarised in GOAL, USAGE and RESULT in the BRIEF & CLEAR brochure >

Would you like to know how to protect your assets, your employees and guarantee the continuity of your operations?

Schedule a max. 30-minute personal talk here.

THEME: CYBER SECURITY

Keeping the Pandora's box closed

You have read in this newsletter how to inform, motivate and activate your employees in a direct and secure way by using the OPSlife Messenger, you have also read how to make sure that the knowledge remains at a sustainable level after a training by using the XLR Academy. Both of these standalone systems, completely separated from your operational environment are integral part of HSEQ Direct and HSElife NL, the Management Systems for creating a safer and healthier workplace.

Major benefits of using HSEQ Direct and HSElife NL are improvement of your company’s Safety Performance, promoting a strong Safety Culture and reducing substantially your HSEQ spending* - resulting in less incidents!

To navigate easier through a wealth of TOOLS & SERVICES that our members can use, we divided them in several THEMES, which you can use and implement directly in your company, whenever and however it fits your daily routine. Here are the current themes that are available:

CYBER SECURITY DANGEROUS SUBSTANCES

AVOIDING INJURIES

HEALTH PROTECTION

WORKING AGREEMENTS SAFETY AWARENESS

WORK PREPARATION

ENVIRONMENTAL PROTECTION COMMUNICATION

MAINTAINING KNOWLEDGE

OPSlife Messenger 2.0, XLR Academy + 7 tips free poster

Asbestos, Mercury, Chromium-VI, Methanol, Caustic Soda, Dust, smoke and fumes from heavy metals, H2S, Natural Gas condensate,...

ATEX, Flange Joints, Confined spaces, Avoiding hand injuries, PPE, Working at height,... PPE, Dust, smoke and fumes, NORM/LSA, H2S, Nitrogen Gas, Benzene,... Work permits, LMRA, TRA, Reporting incidents, Electrical safety,... Lithium-ion batteries, Health and Safety signs, ATEX, High pressure,... Induction training On-Offshore, PtW, TRA, LMRA,... Spills, NORM/LSA, Caustic Soda, Nitrogen gas, Mercury,... OPSlife Messenger 2.0, HSElife UPDATE newsletter, Social Media,... XLR Academy

partially sponsored by The WAT Group >

Let’s create a safer & healthier workplace together!

Would you like to know the benefits of using both Management Systems for you and your organization or do you have questions?

You can also start using both platforms directly! Visit hseqdirect.com and sign-up!

15,-

The costs for using the HSEQ Direct and HSElife NL, including the OPSlife Messenger and XLR Academy, are: We start at €15,- per month (ex. VAT, billed annually in advance). This example includes 1 organisation and max. 10 users of the platforms (giving more participants an access is always possible). Join the more than 480 organizations who are already members of our platforms!