With these seven tips from Koen Tamsyn (Inetum) on cybersecurity, companies can optimally protect themselves against malicious actors
Following recent cyberattacks on Belgian government websites and supermarkets, concerns about digital security are rising again. Not only government services but also companies are vulnerable to hackers. “Yet I see that many organizations still continue to make common mistakes,” says Koen Tamsyn, Business Unit Lead Cybersecurity at Inetum in Belgium.
According to Tamsyn, companies can already significantly better arm themselves against cyber threats with a number of simple but well-considered measures. “It’s often not about expensive technology, but about digital awareness,” he explains. Below, he shares seven concrete recommendations for every business.
1. Use long sentences as passwords
A strong password is necessary, but it must also remain usable. “People often think that a password like Xr%z12@! is safer, but they forget it immediately. Then they write it on a post-it,” says Tamsyn. His solution? Use long passphrases that you easily remember, like I-like-to-go-to-the-market-on-Sunday!
The longer the password, the harder it is to crack. “You combine convenience with security, and that’s exactly what you want to have.” Koen also notes that MFA is not yet fully established and still poses a barrier for many companies. That’s a shame because, together with a not too complex password phrase, it’s the safest thing you can do.
2. Manage your passwords professionally
Many companies still store passwords in Excel files or even on paper. That needs to improve. “A password manager is actually indispensable,” says Tamsyn. “You store all passwords encrypted, and you only need to remember one master password.”
For companies with high compliance requirements (such as in healthcare or defense), Tamsyn recommends a local password manager. It’s less dependent on external cloud platforms. “But for those who work a lot in hybrid environments, a cloud-based solution might be more practical. It’s a matter of the risk profile.”
3. Activate Multi-Factor Authentication
Multi-factor authentication (MFA) adds a second layer of security to logins. Even if a password is leaked, the account remains protected. Yet MFA is not standard everywhere.
“Many organizations find it cumbersome for users,” Tamsyn notes. “But with clear explanation and good support, that barrier is quickly removed. MFA is a basic requirement today.”
4. Avoid Public Wi-Fi or Use a VPN
Public Wi-Fi networks are easily misused by malicious actors. “An attacker can set up a fake network with the name of a hotel or café. You won’t notice the difference, but you’re surfing through their connection,” warns Tamsyn.
The solution? “Use your mobile hotspot. Or, if that’s not possible, make sure you connect via a VPN. It encrypts your data stream so an attacker can’t do anything with it.”
The type of activities also matters: “Feel free to look up a restaurant via public Wi-Fi, but don’t do online banking or logins. Limit yourself to the strictly necessary.”
5. Apply the 3-2-1 rule for backups
A good backup strategy is essential. Tamsyn mentions the classic 3-2-1 rule: three copies of your data, on two different media, with one at an external location.
“You have your original file, a backup on, for example, a NAS, and then another one in the cloud or at a physically different location,” he explains. “And most importantly: test your backups. Many companies think they’re well-covered, until it turns out their only backup is unusable.”
6. Update software and systems proactively
According to Tamsyn, all successful ransomware attacks that Inetum has seen in recent years can be traced back to known vulnerabilities. “Hackers actively search for systems that aren’t patched. If you delay critical updates, you’re opening the door yourself.”
For large companies that depend on custom-made software, patching can be complex. “But then focus on the critical vulnerabilities. You really need to address those first.”
7. Know your data and limit access
“This is perhaps the biggest blind spot in many organizations,” Tamsyn observes. “They don’t know where their data is, who has access, and how it’s shared.”
Especially with the advent of AI tools like Microsoft Copilot, this is dangerous. “If your permissions are not set correctly, such a tool can retrieve sensitive information in one click — for example, the salary data of all employees. Copilot does check permissions, but if they’re incorrectly assigned, things can still go wrong.”
Tamsyn recommends regularly evaluating access rights and restricting them where necessary. “This isn’t an IT trick, it’s risk management.”
Prevention is Better Than Cure
Even with all precautions, something can go wrong. Tamsyn therefore also advocates for a clear incident response plan. “Who does what in case of a data breach? How do we communicate if email doesn’t work? Such a plan prevents panic.”
Additionally, he recommends modern XDR (Extended Detection and Response) tools. “These combine data from firewalls, endpoints, and cloud systems in one dashboard and automatically build timelines of attacks. You immediately see where things went wrong and what you need to report.”