Information security according to Insite Security: not a party for IT, but for the entire organization!

You know them, those emails in which you are told that you are the winner of that fan-tas-tic prize. Or in which your 'internet provider' asks you to transfer subscription money to their bank account, because the direct debit has failed. Phishing, you don't fall for it... right? You also have your incredibly difficult to figure out passwords well secured and you always lock your screen when you walk away from your PC. Your information is well secured, but that of your colleague on the other hand... For those colleagues of yours there is Insite Security.

No party from IT

The people at Insite Security map out the information security risks of organizations and help them reduce those risks and get their security in order. “Many people think that information security is an IT party,” says Jasper de Vries, “while human behavior actually plays the biggest role. We show companies that – if you really want to protect your company information properly – you need to take the human and organizational aspects into account.” Jasper has been one of the directors of Insite Security for a year now. When he started his employment, he immediately found himself in a fresh, new and completely renovated workplace. Insite Security has been housed in our new office building on Sylviuslaan since 2016. They had outgrown their Peizerstate location and it was time for something new. They sat down with Waarborg and ended up on Sylviuslaan. “We liked the idea of moving into the first floor of this office building on the south side of Groningen.” They have now also conquered the second floor of the building. “We are growing fast,” Jasper beams.

In(site) a nutshell

Insite Security was founded in 2009 by Erik Rutkens. At that time, consultancy and secondment in the field of IT formed the common thread in the service provision, but in 2012 the focus shifted completely to information security. Jasper says: “Erik always had security as a spearhead. He saw that the issues in this area were increasing and becoming more comprehensive and that the supply of good information security specialists was lagging behind; Erik seized that opportunity and built a company that specialized fully in information security.” The Insite Security team performs risk analyses and audits, among other things, and guides and implements improvement processes around information security of organizations. “We have grown to a team of 80 men and women,” says Jasper. Things moved quickly, especially in 2016, with the takeover of the Haarlem IT sec. “Suddenly we had a team of 25 hackers.”

Characteristic of Insite Security's services is that the organizational and human aspects play a major role in the advice. "You can have the technical part of your security in order, but if one of your employees just scribbles his passwords in a notebook, then all those firewalls and other technical measures are of little use." In addition, Insite Security strives for a continuous cycle with customers, in which information security within the organization is further optimized. "Security risks are constantly changing. In order to be able to respond to this, we work according to fixed protocols. By implementing structured changes, we can respond to current threats."

Psychologists, hackers and mathematicians

The fact that Insite Security takes the three aspects of information security seriously is evident from the great diversity in their workforce. “For example, we employ psychologists who provide training, set up e-learning courses and have even developed a game to make employees aware of their own behavior. Furthermore, we employ lawyers who advise on (privacy) legislation, economists, business experts, computer scientists and information scientists and even a mathematician. The latter makes risk analyses and does the conceptual thinking.” By working together in multidisciplinary teams on information security for clients, the Insite Security team is certain that all aspects are covered. “That is necessary; we want to be the best independent consultancy in information security.”

Mystery visits

By far the most imaginative part of Insite's service provision is the mystery visit. You may be familiar with the programme 'Undercover in Nederland', in which Alberto Stegeman examines the security of large organisations. Insite Security does this too. "One of our colleagues goes - of course on behalf of the client - 'visits' an organisation: he simply walks in and sees what sensitive information he can get his hands on. In some cases we can penetrate the core of an organisation in no time - and we're talking minutes. Well, that's quite a shock for the management when they see the footage again."

Three tips from an expert

As mentioned, information security is not just for smart IT specialists. You can do a lot yourself to secure company information. Jasper gives three tips:

1. Our specialists often encounter situations where updates on PCs have not been performed. Make sure that your colleagues always perform all updates and that the security software is up to date. The ransomware Wanna Cry that paralyzed thousands of organizations in the spring of this year took advantage of the fact that people did not run their Microsoft updates.
2. Make sure your colleagues do not choose obvious passwords and never write down their passwords in a notebook. A good password manager offers a solution. This way your colleagues can choose more difficult passwords that they do not have to remember.
3. Many companies forget that their staff poses the greatest risk. If you work with sensitive information, screening your staff can't hurt. Moreover, people generally display different behavior than you would like. For example, because it is not feasible to lock your screen every time you walk away from your PC. Or because a phishing email looks very real and the administrative employee cannot distinguish it from other emails with invoices. By simply talking to your colleagues about this subject, you increase awareness and you already catch many risks. You also find out what works and what doesn't. If you really want to take it seriously, there are many training courses or you can teach them what the risks are yourself through a game.

More tips? Insite Security shares via their website interesting weblogs and news in the field of IT and security.