How Alertis integrated cybersecurity into its business operations

Alertis is a technological SME with 110 employees that is active throughout Belgium. This West Flemish company specializes in all kinds of physical security, such as fire and burglary detection and camera surveillance.

“Our clients are companies for whom security is really critical, such as residential and care centers, hotels, industry, logistics. We also have a very specific niche with real estate, cities and municipalities”, explains CEO Guy Slagmulder. For all these clients Alertis designs the security plan, provides the materials, takes care of the commissioning as well as the maintenance and monitoring. It can proudly look back on 30 years of experience and 18,000 active installations across the country, with a focus on connectivity and service with the client.

Cybersecurity improvement project because security is crucial

This ‘serious’ company – their baseline happens to be ‘seriously safe’ – has always been a leader in terms of IT and integration of new technologies. When it comes to cybersecurity, they can't afford to take any chances. Their clients count on their highly confidential information (access codes, passwords, camera images, etc.) to be secured in the best possible way and not being tampered with by hackers. These confidential data are therefore protected by multiple layers of security.

A few years ago Alertis almost literally received a wake-up call. The telephone exchange was hacked, and the hackers made calls from the telephone exchange throughout the entire world. While such experiences are extremely unpleasant, they do spur on action. That is why Alertis decided to follow the cybersecurity improvement program by Flanders Innovation and Entrepreneurship (VLAIO). “Our participation in VLAIO’s improvement program came about because we wanted to be sure that there were no possible holes or gaps in our security system”, said Frank Vanden Driessche, Chief Digital Officer at Alertis.

Alertis got in touch with EY Belgium through a personal contact, one of the 9 recognized service providers of the cybersecurity improvement program, and that got the ball rolling. In consultation with the client, EY agrees on where the focus of the program should be. This is different for a software company, for example, than for a physical security company like Alertis. EY always starts with a preliminary process in which it performs a baseline measurement and provides a holistic insight into a number of aspects related to security: how to deal with passwords, with compliance, GDPR, how to ensure that your integrity is preserved ... . Then EY zooms in further on managing risks, how to protect your environment, identify cyber-attacks and how resilient you are if you get hacked.

EY's role was to put its finger on the sensitive area(s) of the security system on the one hand, and to provide several building blocks with which Alertis itself could complete the security circle of the company on the other hand.

During the project EY also issued a technical vulnerability report, in which vulnerabilities within Alertis were defined and immediately addressed by the Alertis IT department. In addition, EY also pinpointed several 'blind' spots within the organization which had been tackled at some time stage – for example, a password policy for the entire company – but which were not part of a broader policy. On a technical level you can correct quite a lot, but people remain the most vulnerable link in an organization. The use of private data, Google Drive, One Drive, ... is accompanied by risks that need to be well defined in advance and recorded in a policy document where the best practices and methods are explained to employees, for example at onboarding.

Prior to the project, Alertis already had a step-by-step plan in place to make itself even more secure. This improvement project has provided some building blocks to further finish the plan. Together with EY, Alertis succeeded in integrating cybersecurity into operational management.

“In the meantime, the known vulnerabilities have already been eliminated”, a satisfied Frank Vanden Driessche reflects. “This report has also prompted us to tackle the remaining vulnerabilities. For example, we have 65 technicians on the road who each have a laptop, and for all these devices we have specifically ensured more secure management”, adds Guy Slagmulder. And he concludes, “Very useful things have come out of this process that we will definitely consider in the future. We have become more aware of the possible dangers and of the need to do something about them.”