Large companies often have the resources to handle data security with their own IT departments or dedicated security staff. However, 99 per cent of all Norwegian companies are small and medium-sized enterprises that employ fewer than 250 employees.
- They usually do not have as good conditions for maintaining their own computer security, says Morten Stoa who is head of cyber security at Experis.
The service Experis has developed is called Experis Secure Foundation365 and is a simple, affordable and understandable security service that is adapted to managers and employees in small and medium-sized companies. The service provides companies with help in dealing with digital risk, and assistance in implementing concrete measures against the most common threats.
It's about doing the right things
Digital security is about doing the right things in the face of the digital, but also about attitudes and norms for how to handle security internally. Good digital security is not only technical but is also very much about behavior and the human factor. Good digital security does not have to be as difficult as many people think. It is often about good education and increased awareness.
- The biggest threat is rarely targeted hacker attacks, but instead attempts to deceive employees through emails to get them to provide sensitive information. Training is therefore crucial for users to be more aware of any threats, Stoa continues.
Experis Secure Foundation365 consists of an e-learning module in digital security and within GDPR. In addition, the service contains several useful elements, one of which is a condition measurement that helps companies evaluate the safety condition. Based on the condition measurement, Experis proposes measures that the company should do something about.
Help stop dangerous emails
Everyone who has the security package gets their own button in Outlook. The button makes it possible to analyze e-mail you are unsure of with one click. You get a quick reply back with thumbs up or thumbs down, and you also get feedback on what made this particular email dangerous. That way, it's easier not to be fooled the next time you get a similar email.
- As a customer, the company also gets access to carry out phishing campaigns where you can send out this type of e-mail as pure training for your own employees, Morten Stoa explains.
Your own security advisor
Experis Secure Foundation365 also comes with a dedicated security advisor who assists the business along the way, and who provides suggestions on what to start with first. The advisor is a dedicated resource throughout the agreement period. All the material is also available at all times, so that you can, for example, give all new employees the same training. The phishing campaign can also be used at any time.
- This is about making security relevant to all employees. Building competence around security at all levels will increase total security in Norway. Since the value chains between small and large companies are closely linked, better security for the small ones will also lead to better security for the large ones.
It is also important to keep in mind that security is in fact a competitive advantage, and that more and more large companies are placing stricter requirements on good IT security for their subcontractors. Therefore, it only becomes more and more important to take IT security seriously, concludes Morten Stoa.