It digitized Norway
Norway is one of the most digitized countries in the world. We can be proud of that, but it also carries with it some dark sides. Most Norwegians are a bit naive in the face of what we are in Braathe calls "everyday security". Many companies still have employees who have not activated two-factor authentication, who do not know what a phishing attack might look like and who have no idea how vulnerable an organization is with employees without security skills. Values are then potentially exposed to being stolen.
It is difficult to apportion the blame for why we are not better at everyday security, and for a long time we have been able to excuse ourselves with the fact that digitized Norway is still new. But now that is no longer an excuse, the European Union has decided. It is now expected that all businesses, private and public, maintain a standard worthy of 2023.
The EU tackled the security requirements last year. On 10 November 2022, they adopted certain directives that also affect the security work of Norwegian businesses. With a series of requirements and rules, the EU will make everyone aware of the time we are in. One where cyber attacks are the No. 1 threat. Now it's your job to follow the directives!
This is a "must have" for all companies in 2023
Safety training and safety hygiene are a "must have". Many have already been started, and in a good way too. However, that does not mean that it is up to standard. Because just like training at the mill, a lap at the mill in the first week after the New Year is not enough. Safety training must be repeated again and again, until you have reached the goal of zero accidents or clicks that should not have been made. It must be incorporated and become a routine, just like when you brush your teeth every single night. Security must be tested regularly throughout the year. Only then will you know where your risk lies.
While safety training takes place regularly, safety hygiene should be maintained every day. We became quite skilled at using antibac during Covid-19, now it's time to get really good at double-checking email addresses, deleting shady SMSes, keeping track of where files are sent and who has access to what. We have a long way to go there.
The EU particularly wants to set stricter requirements for industries that are critical to society or "essential", as they say themselves. This applies to businesses that operate in energy, transport, banking and finance, health, digital infrastructure and, of course, public agencies. Do you belong to one of these industries?
These are the EU's directives to Norwegian companies
The EU wants companies to be obliged to have a plan for:
- Risk management in the face of digital attacks
- Reporting obligation of its security work
- Information sharing to employees, partners and suppliers
The EU also sets requirements for how companies set up:
- Shipping Costs incident response if the worst were to happen
- The safety of the supply chain without
- encryption of data in the organization
- Systems for detection and notification of vulnerabilities in own systems and purchased systems
Don't be one of those who lag behind
Are you not keeping up with your safety work? It can quickly become expensive and taste very bad. Now is the time to set the security standard for 2023. Digitization continues and so must you.
If you are not sure where to start - start here: i the security portal our. There we give you some tips and tricks, tell you about our services and give you more advice Our BLOG.
Source of the EU directive adopted on 10 November 2022: https://www.europarl.europa.eu/news/pt/press-room/20221107IPR49608/cybersecurity-parliament-adopts-new-law-to-strengthen-eu-wide-resilience