Security with a human touch

Some say that people are the weakest link in cybersecurity, due to the prevalence of human error and social engineering attacks.

Discover what our customers are saying:

«Only amateurs attack machines, professionals target people.»

Bruce Schneier

We believe people are key to preventing cybercrime

Employees who know how to protect themselves, will also help protecting your company.

As Secure Practice founders, we had previous experience from developing security training and culture programmes in both large and medium-sized companies, with measurable results.

After experimenting with every possible approach to raise security awareness in various contexts, we gained a lot of experience on how people respond to different kinds of measures.

Unfortunately, we found that common security products default to poor user experiences without due respect to the time we ask our colleagues to spend on them.

We decided to challenge the perception of people as vulnerabilities, and rather turn security into something positive for everyone.

From scientific research, we also know that training must resonate positively with people's emotions to influence their behaviors.

Our approach to product development is therefore thoroughly people-centered, and we are proud to be different.

At the same time we use data-driven analytics to guide your security programme, and make use of user generated data in brand new ways.

Secure Practice combines innovative means to facilitate user engagement and actionable results, ranging from gamification on the one hand, to machine learning on the other.

Experience how we bridge the gap between security and people.

Our mission is digital security for everyone, by building what people have told us they want, and what science has shown us they need.

A security product that people actually love

And don't just take our word for it, see what some of our users are telling us:

This is the friendliest security product I've ever seen!
Easy to use
Very good to get clear recommendations
Quick response, useful feedback

Fun with the simulation!
Super nice to get this instant feedback
I've become more critical to opening emails than before :)

Based on academic insights across several disciplines, we have developed a deep understanding for security related behavior beyond simply blaming human weakness and error.

We further combine these insights with advanced technology to take operational advantage of employee engagement for security.

We have been awarded the EU Seal of Excellence for our innovations, and have received financial support from both Innovation Norway and the Research Council of Norway on several occasions.

Our software service has also won the «Best new security product» award at the Outstanding Security Performance Awards (OSPA).

– 1800 pairs of eyes on security is better than ten

Financial services company Storebrand has chosen Secure Practice to help employees with safe handling of suspicious emails. Bjørn Richard Watne (CISO) says the solution greatly helps both preventive and operative security.

Read customer story →

– MailRisk helps 50 times more people with suspicious email

Compared to the previously manual helpdesk process, more than 50 times as many cases are now handled with MailRisk for quick and frictionless analysis and reporting across a large customer base, with overall approximately the same effort.

Read customer story →

– The collective benefit is significant to us

Chief information security officer (CISO) Vigleik Hustadnes at energy and communications company Tussa, says that employee awareness and security culture is an important focus area for their security work, and that Secure Practice is a good match for their organization.

Read customer story →

Security by design

As a trusted partner in securing your business, security is naturally made a high priority for ourselves. Our security strategy is based on demonstrable implementation of well-known standards, including:

  • ISO 27001 Information Security Management System (ISMS)
    for organizational and technical controls in line with best practice
  • OWASP Application Security Verification Standard (ASVS)
    for structured security requirements in software development
  • Cloud Security Alliance (CSA) Continuous Self-Assessment
    for risk management throughout the entire cloud supply chain

Privacy by design

European privacy legislation (GDPR) implements strong requirements for personal data processing. Our privacy strategy takes into account both your role as a controller, ours as processor, and end-user rights.

  • Principles for data protection are adopted throughout our entire product development lifecycle, including data minimization.
  • Data Processing Agreement terms govern the legal scope and requirements for processing, and responsibilities of each party.
  • Transparent risk analysis baseline for customers who deploy our services include privacy impact assessments for personal data.

Would you like access to our CSA self-assessment, OWASP ASVS requirements table, ISMS policies, or a risk assessment baseline for our services?

Book a meeting →

Partner with us

Our products can be great resources for both IT and security consultants alike, who are helping companies with information security, security culture, Office 365 and other IT services.

We offer both a collaboration model which is both simple and flexible, creating value for both partners and customers alike.

Let us know if you would like to discuss partnership opportunities!

Call us today →

Secure Practice creates security champions

We believe that every employee can contribute to better information security in your organization.

Motivate a secure mindset

Build awareness through positive interactions to get people involved.

Change comes easier when the tasks are easy, or motivation is high:

  • Useful end-user tools to yield high visibility security results
  • Gamification and nudges for user experiences that people simply love
  • Rewarding feedback with long-lasting impact on positive behavior

Provide relevant training

Offer positive learning experiences, relevant to both work and life.

Stimulate a sense of mastery by aligning training with individual user needs:

  • Personalized progress to resonate with knowledge and interest
  • Bite-sized sessions for maximum learning retention
  • High quality content with first class support on any device

Measure improved behaviors

Facilitate an empathetic dialogue about security in your organization.

Understand how people behave, and why, to strengthen your security culture:

  • Survey your strengths and risky areas which require further attention
  • Automate follow-ups without compromising individual employee privacy
  • Collaborate on improvement with integrated historical data in a single system
Human security sensors ebook cover

Ready to get started?

We have written a guide for you to get started with human-centered security. Access our free resource now, and learn:

  • How to nurture drivers for employee engagement
  • How to avoid common obstacles for reporting
  • Practical examples and steps to get started

Download free PDF →