‒ We implement a lot of technical security measures, but you cannot ignore the human factors. Secure Practice helps us with increased awareness of email related risk, says chief information security officer (CISO) at Tussa, Vigleik Hustadnes.
Tussa is a leading energy and communications enterprise, headquartered in Ørsta on the beautiful west coast of Norway. They started using Secure Practice during fall 2018, and launched the button internally through a collaboration between their ICT and communication departments.
In addition, they performed a simulated phishing rehearsal. This resulted in more than half of their employees taking the button into use already on the first day, and the response from people is positive.
‒ We receive regular reports of suspicious emails from employees, explains the chief information security officer.
Time saving security help
At the same time, he experiences that Secure Practice saves him time for following up on suspicious emails in their company.
‒ There are always someone who are uncertain whether an email is safe or not. When emails like these have previously been forwarded to our IT staff, it usually takes several messages back and forth before we receive the information we need. All of this goes by itself when people use the MailRisk add-in in Outlook.
Moreover, it is not only the individual user who can get help. Secure Practice efficiently makes visible emails which several colleagues have been suspicious about.
‒ The collective benefit is significant to us, confirms Elling Dybdal, who is the CEO of Tussa.
He explains that he regularly receives attempts of fraud in his inbox, which he find pretty simple to detect himself. Nevertheless, he appreciates that his colleagues can help each other with computer security. The culture for security is also emphasised by Hustadnes, who adds that efficient notifications makes it possible to detect and stop potentially dangerous emails more efficiently.
Environment and security
In addition to sustainable energy production, Tussa can be proud of running the greenest data center in Norway. Ivar Driveklepp, who is managing director in the subsidiary Tussa ICT, describes how energy from computing equipment is recycled in their facilities. Heating for the company's entire headquarteres is covered by surplus heat from the data center. Moreover, this energy can be stored in the mountain below, and be delivered as remote heating to others.
But the environment is not the only important topic for Tussa ICT. The company also works systematically to become certified according to the ISO 27001 standard for information security. This requires both technical and organizational controls, awareness, and also a system to monitor security performance.
Along with statistics for reported emails on a daily basis, results from simulated phishing exercises can be used as measuring tools in the certification process.
‒ We see that Secure Practice fits well along with other security controls we have implemented, Hustadnes finishes.