Security with a human touch
Some say that people are the weakest link in cybersecurity, due to the prevalence of human error and social engineering attacks.
Discover what our customers are saying:
«Only amateurs attack machines, professionals target people.»
Bruce Schneier
We believe people are key to preventing cybercrime
Employees who know how to protect themselves, will also help protecting your company.
As Secure Practice founders, we had previous experience from developing security training and culture programmes in both large and medium-sized companies, with measurable results.
After experimenting with every possible approach to raise security awareness in various contexts, we gained a lot of experience on how people respond to different kinds of measures.
Unfortunately, we found that common security products default to poor user experiences without due respect to the time we ask our colleagues to spend on them.
We decided to challenge the perception of people as vulnerabilities, and rather turn security into something positive for everyone.
From scientific research, we also know that training must resonate positively with people's emotions to influence their behaviors.
Our approach to product development is therefore thoroughly people-centered, and we are proud to be different.
At the same time we use data-driven analytics to guide your security programme, and make use of user generated data in brand new ways.
Secure Practice combines innovative means to facilitate user engagement and actionable results, ranging from gamification on the one hand, to machine learning on the other.
Experience how we bridge the gap between security and people.
Our mission is digital security for everyone, by building what people have told us they want, and what science has shown us they need.
A security product that people actually love
And don't just take our word for it, see what some of our users are telling us:
Based on academic insights across several disciplines, we have developed a deep understanding for security related behavior beyond simply blaming human weakness and error.
We further combine these insights with advanced technology to take operational advantage of employee engagement for security.
We have been awarded the EU Seal of Excellence for our innovations, and have received financial support from both Innovation Norway and the Research Council of Norway on several occasions.
Our software service has also won the «Best new security product» award at the Outstanding Security Performance Awards (OSPA).
– 1800 pairs of eyes on security is better than ten
Financial services company Storebrand has chosen Secure Practice to help employees with safe handling of suspicious emails. Bjørn Richard Watne (CISO) says the solution greatly helps both preventive and operative security.
– MailRisk helps 50 times more people with suspicious email
Compared to the previously manual helpdesk process, more than 50 times as many cases are now handled with MailRisk for quick and frictionless analysis and reporting across a large customer base, with overall approximately the same effort.
– The collective benema is significant to us
Chief information security officer (CISO) Vigleik Hustadnes at energy and communications company Tussa, says that employee awareness and security culture is an important focus area for their security work, and that Secure Practice is a good match for their organization.
Security by design
As a trusted partner in securing your business, security is naturally made a high priority for ourselves. Our security strategy is based on demonstrable implementation of well-known standards, including:
- ISO 27001 Information Security Management System (ISMS)
for organizational and technical controls in line with best practice - OWASP Application Security Verification Standard (ASVS)
for structured security requirements in software development - Cloud Security Alliance (CSA) Continuous Self-Assessment
for risk management throughout the entire cloud supply chain
Privacy by design
European privacy legislation (GDPR) implements strong requirements for personal data processing. Our privacy strategy takes into account both your role as a controller, ours as processor, and end-user rights.
- Principles for data protection are adopted throughout our entire product development lifecycle, including data minimization.
- Data Processing Agreement terms govern the legal scope and requirements for processing, and responsibilities of each party.
- Transparent risk analysis baseline for customers who deploy our services include privacy impact assessments for personal data.
Would you like access to our CSA self-assessment, OWASP ASVS requirements table, ISMS policies, or a risk assessment baseline for our services?
Book a meeting →Partner with us
Our products can be great resources for both IT and security consultants alike, who are helping companies with information security, security culture, Office 365 and other IT services.
We offer both a collaboration model which is both simple and flexible, creating value for both partners and customers alike.
Let us know if you would like to discuss partnership opportunities!
Secure Practice creates security champions
We believe that every employee can contribute to better information security in your organization.
Motivate a secure mindset
Build awareness through positive interactions to get people involved.
Change comes easier when the tasks are easy, or motivation is high:
- Useful end-user tools to yield high visibility security results
- Gamification and nudges for user experiences that people simply love
- Rewarding feedback with long-lasting impact on positive behavior
Provide relevant training
Offer positive learning experiences, relevant to both work and life.
Stimulate a sense of mastery by aligning training with individual user needs:
- Personalized progress to resonate with knowledge and interest
- Bite-sized sessions for maximum learning retention
- High quality content with first class support on any device
Measure improved behaviors
Facilitate an empathetic dialogue about security in your organization.
Understand how people behave, and why, to strengthen your security culture:
- Survey your strengths and risky areas which require further attention
- Automate follow-ups without compromising individual employee privacy
- Collaborate on improvement with integrated historical data in a single system
Ready to get started?
We have written a guide for you to get started with human-centered security. Access our free resource now, and learn:
- How to nurture drivers for employee engagement
- How to avoid common obstacles for reporting
- Practical examples and steps to get started