We implement a lot of technical security measures, but you cannot ignore the human factor. Secure Practice helps us with increased awareness of email-related risk.
Manual, time-consuming email metadata collection
Siloed feedback that only helped the person who reported, but not everyone on the team
Laborious process to identify threats targeting multiple colleagues which slowed down response and remediation
Automatic follow-ups on suspicious emails that help every colleague, not just the one who reported it
Daily statistics and simulated phishing results that support compliance certifications
Smooth integration with the organizations’ existing security ecosystem
Founded over 70 years ago, Tussa is a leading energy, IT, and telecommunication enterprise, headquartered in Ørsta on the beautiful west coast of Norway.
With over 200 employees and operations that span energy production, data centers (the greenest one in Norway), smart homes, and IT consultancy, the enterprise is a prime target for malicious hackers. And email is one of the main channels they use to deliver their threats.
Even Tussa’s CEO, Elling Dybdal, regularly receives fraud attempts in his inbox. Although he is quite adept at spotting them, he is well aware that his colleagues’ skills and experience differ - and that they all deserve the same speed and quality of feedback from their security team.
There is always someone who is uncertain whether an email is safe or not. When emails like these were previously forwarded to our IT staff, it usually took several messages back and forth before we received the information we needed.
Tussa’s CISO needed to improve this while also making it easier for IT and security teams to support all their colleagues - more efficiently and significantly faster.
Tussa started using Secure Practice during fall 2018, and launched MailRisk internally through a collaboration between their ICT and communication departments.
The benefits of everyone in the company having a one-click button to report suspicious emails were instant.
We now receive regular reports of suspicious emails from employees.
As for collecting essential data which IT and security need to analyze email threats (e.g. Return-Path, Reply-To Field, Message-ID), they automated it entirely with MailRisk, saving hundreds of hours they previously spent doing this manually.
All of this happens automatically when people use the MailRisk add-on in Outlook.
The CEO appreciates that his reports help his colleagues - and that everyone in the company can do the same for each other.
It is not only the individual user who gets help. Secure Practice efficiently makes visible emails which several colleagues are suspicious about. The collective benefit is significant to us.
Instantly corroborated data about threats that reach the inboxes of several colleagues means IT and security specialists react faster and more effectively than working on a case by case basis.
Efficient notifications make it possible for us to detect and stop potentially dangerous emails more efficiently.
For an enterprise as complex as Tussa, having a security platform that integrates well with their existing ecosystem is fundamental. The team was satisfied that both implementation and integration went smoothly.
We see that Secure Practice fits well along with other security controls we have implemented.
Developing the habit of reporting suspicious emails was a key component in Tussa’s strategy for improving their security culture. That’s why they performed a simulated phishing rehearsal through Secure Practice to give everyone a chance to see how MailRisk works and how it gives them instant feedback on their security-minded action.
This resulted in more than half of their employees using the MailRisk button on the first day, and getting a positive response from colleagues.
Introducing MailRisk and simulated phishing exercises in the organization paid off in more ways than one. Daily statistics for reported suspicious emails combined with results from simulated phishing are helpful for tracking progress on key security and compliance metrics which the certification process for ISO 27001 requires.
Tussa used Secure Practice as a source of data and proof of implementing technical and organizational controls, cybersecurity education, and a system to monitor their internal security performance.
We, the team at Secure Practice, are grateful to support an organization that’s not only dedicated to sustainable energy production, but that also cares about delivering those products and services safely.
