Je kent ze wel, die mailtjes waarin je wordt verteld dat jij de winnaar van die fan-tas-tische prijs bent. Of waarin je ‘internetleverancier’ vraagt om abonnementsgeld over te maken op hun bankrekening, omdat de incasso is mislukt. Phishing, jij trapt er niet in… toch? Ook heb je jouw onwijs moeilijk te achterhalen wachtwoorden goed beveiligd en lock je áltijd je scherm als je even wegloopt van je pc. Jouw informatie is goed beveiligd, maar die van je collega daarentegen… Voor die collega’s van jou is er Insite Security.
No party from IT
The people at Insite Security map out the information security risks of organizations and help them reduce those risks and get their security in order. “Many people think that information security is an IT party,” says Jasper de Vries, “while human behavior actually plays the biggest role. We show companies that – if you really want to protect your company information properly – you need to take the human and organizational aspects into account.” Jasper has been one of the directors of Insite Security for a year now. When he started his employment, he immediately found himself in a fresh, new and completely renovated workplace. Insite Security has been housed in our new office building on Sylviuslaan since 2016. They had outgrown their Peizerstate location and it was time for something new. They sat down with Waarborg and ended up on Sylviuslaan. “We liked the idea of moving into the first floor of this office building on the south side of Groningen.” They have now also conquered the second floor of the building. “We are growing fast,” Jasper beams.
In(site) a nutshell
Insite Security was founded in 2009 by Erik Rutkens. At that time, consultancy and secondment in the field of IT formed the common thread in the service provision, but in 2012 the focus shifted completely to information security. Jasper says: “Erik always had security as a spearhead. He saw that the issues in this area were increasing and becoming more comprehensive and that the supply of good information security specialists was lagging behind; Erik seized that opportunity and built a company that specialized fully in information security.” The Insite Security team performs risk analyses and audits, among other things, and guides and implements improvement processes around information security of organizations. “We have grown to a team of 80 men and women,” says Jasper. Things moved quickly, especially in 2016, with the takeover of the Haarlem IT sec. “Suddenly we had a team of 25 hackers.”
Characteristic of Insite Security's services is that the organizational and human aspects play a major role in the advice. "You can have the technical part of your security in order, but if one of your employees just scribbles his passwords in a notebook, then all those firewalls and other technical measures are of little use." In addition, Insite Security strives for a continuous cycle with customers, in which information security within the organization is further optimized. "Security risks are constantly changing. In order to be able to respond to this, we work according to fixed protocols. By implementing structured changes, we can respond to current threats."
Psychologists, hackers and mathematicians
The fact that Insite Security takes the three aspects of information security seriously is evident from the great diversity in their workforce. “For example, we employ psychologists who provide training, set up e-learning courses and have even developed a game to make employees aware of their own behavior. Furthermore, we employ lawyers who advise on (privacy) legislation, economists, business experts, computer scientists and information scientists and even a mathematician. The latter makes risk analyses and does the conceptual thinking.” By working together in multidisciplinary teams on information security for clients, the Insite Security team is certain that all aspects are covered. “That is necessary; we want to be the best independent consultancy in information security.”
Mystery visits
Verreweg het meest tot de verbeelding sprekende onderdeel van de dienstverlening van Insite is de mystery visit. Misschien ken je het programma ‘Undercover in Nederland’ wel, waarin Alberto Stegeman de beveiliging van grote organisaties onder de loep neemt. Dit doet Insite Security ook. “Een van onze collega’s gaat – natuurlijk in opdracht van de klant – ‘op bezoek’ bij een organisatie: hij loopt simpelweg binnen en kijkt wat hij aan gevoelige informatie kan bemachtigen. In sommige gevallen kunnen we in no time – en dan hebben we het echt over minuten – tot de kern van een organisatie doordringen. Tja, dat is voor de directie wel even schrikken als ze het beeldmateriaal terug zien.”
Three tips from an expert
As mentioned, information security is not just for smart IT specialists. You can do a lot yourself to secure company information. Jasper gives three tips:
- Our specialists often encounter situations where updates on PCs have not been performed. Make sure that your colleagues always perform all updates and that the security software is up to date. The ransomware Wanna Cry that paralyzed thousands of organizations in the spring of this year took advantage of the fact that people did not run their Microsoft updates.
- Make sure your colleagues do not choose obvious passwords and never write down their passwords in a notebook. A good password manager offers a solution. This way your colleagues can choose more difficult passwords that they do not have to remember.
- Many companies forget that their staff poses the greatest risk. If you work with sensitive information, screening your staff can't hurt. Moreover, people generally display different behavior than you would like. For example, because it is not feasible to lock your screen every time you walk away from your PC. Or because a phishing email looks very real and the administrative employee cannot distinguish it from other emails with invoices. By simply talking to your colleagues about this subject, you increase awareness and you already catch many risks. You also find out what works and what doesn't. If you really want to take it seriously, there are many training courses or you can teach them what the risks are yourself through a game.
More tips? Insite Security shares via their website interesting weblogs and news in the field of IT and security.