‒ We implement a lot of technical security measures, but you cannot ignore the human factors.
Secure Practice helps us with increased awareness of email related risk, says chief information
security officer (CISO) at Tussa, Vigleik Hustadnes.
Tussa is a leading energy and communications enterprise, headquartered in Ørsta on the
beautiful west coast of Norway. They started using Secure Practice during fall 2018, and launched
the button internally through a collaboration between their ICT and communication departments.
In addition, they performed a simulated phishing rehearsal. This resulted in more than half of their
employees taking the button into use already on the first day, and the response from people is
‒ We receive regular reports of suspicious emails from employees, explains the chief
information security officer.
Time saving security help
At the same time, he experiences that Secure Practice saves him time for following up on suspicious
emails in their company.
‒ There are always someone who are uncertain whether an email is safe or not. When emails like these
have previously been forwarded to our IT staff, it usually takes several messages back and forth
before we receive the information we need. All of this goes by itself when people use the MailRisk
add-in in Outlook.
Moreover, it is not only the individual user who can get help. Secure Practice efficiently makes
visible emails which several colleagues have been suspicious about.
– The collective benefit is significant to us, confirms Elling Dybdal, who is the CEO
He explains that he regularly receives attempts of fraud in his inbox, which he find pretty simple to
detect himself. Nevertheless, he appreciates that his colleagues can help each other with computer
security. The culture for security is also emphasised by Hustadnes, who adds that efficient
notifications makes it possible to detect and stop potentially dangerous emails more efficiently.
Environment and security
In addition to sustainable energy production, Tussa can be proud of running the greenest data center
in Norway. Ivar Driveklepp, who is managing director in the subsidiary Tussa ICT, describes how
energy from computing equipment is recycled in their facilities. Heating for the company's entire
headquarteres is covered by surplus heat from the data center. Moreover, this energy can be stored
in the mountain below, and be delivered as remote heating to others.
But the environment is not the only important topic for Tussa ICT. The company also works
systematically to become certified according to the ISO 27001 standard for information security.
This requires both technical and organizational controls, awareness, and also a system to monitor
Along with statistics for reported emails on a daily basis, results from simulated phishing
exercises can be used as measuring tools in the certification process.
‒ We see that Secure Practice fits well along with other security controls we have implemented,