Security for most Norwegians

For those of us who do not take in or work with digital security every day, knowledge is often limited. Since the only thing we may experience or hear about is password leaks or hacking of Facebook profiles in our close circle, we may have a somewhat passive approach to the topic. Do you recognize yourself in it?

This is one of the many reasons why we will talk even more about security in the future. Because for us, the message should be that Digital Security Month offers apply all year round. So that we Norwegians are better equipped to face what is happening in the digital world. But first we will get to know our expert a little better!

Did you know that through the journey to the cloud, several of your values ​​are secured no matter where you are or where you work from? Read more about the cloud. 

Why are there attacks?

To get some more answers as to why someone chooses to carry out digital attacks, we have asked one of our security experts, namely Freddy Andreassen. He started with us in June this year, and has worked with digital security for over 15 years. He advises our customers on a daily basis on how to prepare for digital attacks, and also assists if companies experience attacks. We are so proud to have him on our team.

What is your idea about digital attacks, Freddy? What do you think is behind it?

-What we see is that finances and financial gain are most often the motive. Whether it is bank trojans, stealing usernames and passwords through phishing, various attacks such as denial of service or encryptions to demand ransom.

The latest example of an attack where ransom was demanded is Østre Toten municipality, which lost everything overnight in February this year. Freddy also mentions that there are a lot of vulnerabilities in software during the day. His impression is that there is a "bomb" about weekly in this field. Therefore, it is important to choose suppliers with high credibility.

Microsoft has a solution called 365 Workplace. With this solution, you can interact across the organization while maintaining security at all levels. Read more here. 

How should we prepare for this then?

-First, I would say that very, very often an attack can be stopped, so it is rare for the average company that it is impossible to protect themselves. By updating systems, averting phishing attacks, securing identities, and protecting against malicious code, we stop many of these attacks. Normally, a whole series of events is needed for an attempt to be a successful attack and thus you have the opportunity to stop the attack in each step.

This is what you and your business should do

First, companies should take a look at themselves. Where are their values? What values ​​are there? How vulnerable is the industry you operate in? All of these questions are important for a company to ask itself, Freddy shares.

-These are the same questions we find the answers to when we take an overall assessment of companies that want advice from us. We often discover things they have not thought of themselves. Which is not so strange, because we work with this every single day, he says with a smile.

We have experts who work with security every day, but we also have systems that work for us. Do you miss a good backup system or do you want to hear more about our antivirus program? Take a look here. 

Freddy mentions several things you and your business should do. The most important thing is to involve all employees in the work once a safety process is underway. Because when it comes down to it, all employees can make a difference, according to Andreassen. He says that if employees have been trained in detecting shady e-mails or suspicious activity, it can often help to prevent an attack from escalating and thus can be called successful.

In addition, he recommends using what is built into the solutions you purchase, such as the Microsoft services. Such services now offer features such as two-factor authentication, antivirus, firewall and the like.

- Here it is important to ensure that all employees receive good training in how to use the entire service and that they actively use the safety functions in their everyday work. Then you have already done an important job!

Why is training so important? And what could be the consequences of employees not knowing the software they are going to take in every day? We have written more about that here.

Freddy's checklists

We asked Freddy if he would put together a small list for us with his safety advice and expert tips. How much can you check off on the lists yourself?

How to secure yourself as a private person:

  • Download an Authenticator app for your mobile and use two-factor where you can, social media, email, etc.
  • Have a conscious relationship with how you create passwords and how often you change passwords. Learn more about it here: Password Hygiene
  • Keep in mind that what is posted on the internet very often stays there.
  • Email is the way most people spread it, so be wary of unknown senders. Ask an expert once too often, rather than the other way around.
  • Have some form of security software on your PC, as a private person you often get access to this, for example through an internet provider or online banking.

How to secure yourself as a company:

  • Use two-factor authentication to protect user accounts, especially administrative rights.
  • Keep track, what you do not know about you can not do anything about.
  • Protect systems from malicious code, have security software on clients and servers.
  • Update systems regularly, serious vulnerabilities are, as mentioned, a lot of during the day.
  • Set up the systems according to the manufacturer's recommendations, with a view to safety as well as making it work.
  • Emails are often the starting point for attacks, have traffic filtering and train employees to detect fake emails.
  • Make a plan for what you do if something happens.

Do you want experts on the team? We can assist.

Could not check the entire list? We know that there are many employees out there with more hats on in their everyday work. Often the IT hat can be a little too small or only be on standby when the e-mail is down. Unfortunately, there is usually no quick fix to achieve comprehensive and good security, often the picture is complex and it requires time and resources to stay up to date and be ahead. We have people who work with this full time, in addition to collaborating with leading players in the IT security industry.

We can assist with guidance, in everything from doing a value assessment of information, risk assessment where we look at what threats exist for your company, to deliver equipment or advice to protect most parts of the infrastructure in data centers and in the cloud.