‒ We implement a lot of technical security measures, but you cannot ignore the human factors. Secure Practice helps us with increased awareness of email related risk, says chief information security officer (CISO) at Tussa, Vigleik Hustadnes.
Tussa is a leading energy and communications enterprise, headquartered in Ørsta on the beautiful west coast of Norway. They started using Secure Practice during fall 2018, and launched the button internally through a collaboration between their ICT and communication departments.
In addition, they performed a simulated phishing rehearsal. This resulted in more than half of their employees taking the button into use already on the first day, and the response from people is positive.
‒ We receive regular reports of suspicious emails from employees, explains the chief information security officer.
Time saving security help
At the same time, he experiences that Secure Practice saves him time for following up on suspicious emails in their company.
‒ There are always someone who are uncertain whether an email is safe or not. When emails like these have previously been forwarded to our IT staff, it usually takes several messages back and forth before we receive the information we need. All of this goes by itself when people use the MailRisk add-in in Outlook.
Moreover, it is not only the individual user who can get help. Secure Practice efficiently makes visible emails which several colleagues have been suspicious about.
– The collective benefit is significant to us, confirms Elling Dybdal, who is the CEO of Tussa.
He explains that he regularly receives attempts of fraud in his inbox, which he find pretty simple to detect himself. Nevertheless, he appreciates that his colleagues can help each other with computer security. The culture for security is also emphasised by Hustadnes, who adds that efficient notifications makes it possible to detect and stop potentially dangerous emails more efficiently.
Environment and security
In addition to sustainable energy production, Tussa can be proud of running the greenest data center in Norway. Ivar Driveklepp, who is managing director in the subsidiary Tussa ICT, describes how energy from computing equipment is recycled in their facilities. Heating for the company's entire headquarteres is covered by surplus heat from the data center. Moreover, this energy can be stored in the mountain below, and be delivered as remote heating to others.
But the environment is not the only important topic for Tussa ICT. The company also works systematically to become certified according to the ISO 27001 standard for information security. This requires both technical and organizational controls, awareness, and also a system to monitor security performance.
Along with statistics for reported emails on a daily basis, results from simulated phishing exercises can be used as measuring tools in the certification process.
‒ We see that Secure Practice fits well along with other security controls we have implemented, Hustadnes finishes.
«The collective benefit is significant to us»
Increased awareness: CISO Vigleik Hustadnes (from the left) and Ivar Driveklepp, managing director at Tussa ICT, tell that Secure Practice contributes to security awareness and time saved at Tussa.
– 1800 pairs of eyes on security is better than ten
Financial services company Storebrand has chosen Secure Practice to help employees with safe handling of suspicious emails. Bjørn Richard Watne (CISO) says the solution greatly helps both preventive and operative security.
– MailRisk helps 50 times more people with suspicious email
Compared to the previously manual helpdesk process, more than 50 times as many cases are now handled with MailRisk for quick and frictionless analysis and reporting across a large customer base, with overall approximately the same effort.
– The collective benema is significant to us
Chief information security officer (CISO) Vigleik Hustadnes at energy and communications company Tussa, says that employee awareness and security culture is an important focus area for their security work, and that Secure Practice is a good match for their organization.
Ready to get started?
We have written a guide for you to get started with human-centered security. Access our free resource now, and learn:
- How to nurture drivers for employee engagement
- How to avoid common obstacles for reporting
- Practical examples and steps to get started