The biggest threat to small and medium-sized businesses is not targeted hacker attacks, but attempts to trick employees into opening attachments, providing sensitive information, or sending money. The digital value chains are not stronger than the weakest link. After all, the security of your business can be crucial to protecting your customers. As early as 2015, the National Security Authority warned that hackers use small subcontractors to break into large companies. It can give them control over great values and critical infrastructure.
Experis Secure Foundation365 consists of six modules that are an annual safety and maturity evaluation of the company, with tailored recommendations to management, protection against attacks via e-mail, an e-learning program and regular safety tips for all employees. Experis Secure Foundation365 consists of the following six services:
The supplier offers a method for evaluating the customer's processes within security. This is done annually.
The method is based on recognized standards and frameworks and is designed as an understandable questionnaire that the Customer answers himself.
The questionnaire does not require in-depth knowledge of digital security, and it touches on the areas:
- Management and management of digital security
- Privacy and GDPR
- Training and safety culture
- Operation and management of IT
- Identity and access control
- Contingency and incident management
The Customer receives a report indicating the security condition and maturity within the various areas, and a recommendation on what the Customer should do to increase its security. The recommendation is given in a separate meeting with the customer.
The supplier offers the MailRisk service for protection against malicious email.
MailRisk lets employees check if the email is safe, or if there are any criminals trying to hit the company.
The service is very easy to install and use. With a few simple steps, all employees get a new button in Outlook, whether it is on PC, Mac, webmail, iOS or Android.
When the employee receives an email, they are unsure of, pressing the MailRisk button will send the email to a manual check by experts. This gives the company an opportunity to detect and deal with email threats, while the employee learns more about what dangerous emails are.
The service ensures continuous protection against threats by email, and the customer has access to a cloud-based tool for monitoring and following up emails and threats that are analyzed by the service.
Simulated phishing involves sending a secure but allegedly malicious email to employees, using the same tricks as a cybercriminal.
People will hopefully not say "this would never happen to us," since someone was fooled by the simulation (this always happens).
The first experience of (almost) being cheated is very memorable and contributes to positive behavior change.
The customer's employees need knowledge of how to secure the company's digital values. It means knowledge about secure processing of information and devices, how to create and manage secure passwords, how to recognize attempts at manipulation and fraud, to name a few.
Safety knowledge must be learned and repeated and is a prerequisite for a good safety culture in the company.
The supplier offers e-learning courses in digital security and GDPR that are suitable for all employees, and there is no requirement for prior knowledge. With our solution, the employee can take short course modules at their own pace, and when it suits them. In this way, the company can ensure that everyone can learn what they need to contribute to the safety of the company, without having to attend time-consuming courses.
The courses are always available so that the employees can take the modules again when needed.
Cyber security is about doing the right things regarding the digital, but also about attitudes and norms for how to do things at the individual company.
The course in cyber security and GDPR gives all employees a good foundation, but it is also important to give all employees small and regular reminders in a busy everyday life.
This is important because there is a lot to remember, and new things appear that the employees need to know. Perhaps a new threat has emerged that they should be aware of, or that experts have found new ways to ensure safety.
The supplier sends out safety tips directly to the employee, so they can stay up to date. The safety tips are adapted to small and medium-sized companies. They are short and concrete. The safety tips are sent out 1-2 times per month and will be linked to changes in the threat picture and to seasonal events that are important for cyber security.
Cybersecurity Customer Manager (CCM) is the point of contact for our customers and follow up our customers on security.
CCM ensures that our customers experience the greatest possible effect and value of the services we provide, and conducts agreed tasks in the future, as well as providing advice on what is appropriate and sensible in relation to the company's goals and ambitions for security.
As a supplier, we focus on close dialogue, and follow-up with regular status meetings to follow up on ongoing and planned activities.