Open post

A national safety discussion secured by Shield

A national safety discussion secured by Shield

A meeting between military Officers and the ministry of defense is held with security support from Shield

Mobile phones are relatively easy to use for eavesdropping on meetings. Phones are therefore an attractive target for foregin powers who want to conduct espionage. They can be hacked through downloaded apps that have access to the microphone and by physically getting a hold of the phone to install malicious software. This means that a phone should never be left out of sight and that a phone never should be laying around during a meeting where sensitive information is discussed. An obvious cyber security conundrum.

Safety meeting

Shield is our solution to this problem, a noise-box especially developed to make phones less of a security risk. Here is an example of how Shield can be useful in a meeting between politicians and national defense.

Two high ranked officers have a meeting with the defense ministry and two politicians from the ruling party. None of the participants want to leave their phone out of sight as it is a security risk for them. They enter the meeting room and put their phones in Shield. One of the politicians has a smartwatch that she puts in the Shield. The meeting is held at full discretion.

Read more about Shield here.

Welcome Henrik Nilsson!
Open post

Cyber security for the toughest security requirements.

Cyber security for the toughest security requirements

More of everything
We feed more people with fewer resources, we educate more humans faster and more people live in luxury. All thanks to the printing press, the agricultural revolution and the industrial revolution. It's now clear that digitalization is taking over in order to optimize and improve society further. Products are being connected, information is being created and shared in real-time, people are meeting, value is being saved on blockchain networks, and the list goes on. Society is changing fundamentally and everyone is affected.

Cybersecurity
What was once protected by guards, locks, and long distances need new types of defense in our digital world. Cybersecurity is essential to maintain function and security in society. Our product portfolio is the result of 16 years of helping organizations and businesses meet the highest security requirements. We offer the market-leading off-the-grid laptop Outpost, which is used by hundreds of customers. Outpost is the best in the industry and ensures compliance with the highest security requirements in Sweden.

Full control
Government agencies, businesses, municipalities, defense forces, infrastructure, and individuals are all interconnected. The economies of scale are obvious and the challenges are many.

How do we protect critical infrastructure? How can we digitize government agencies without jeopardizing the integrity of the citizen? How can we link domains with different security classifications? How do we give people access to data without making them targets for extortion? How do we make it easy for citizens to administer their personal data without enabling manipulation from anyone else?

Welcome Henrik Nilsson!

Take back control
To have full control, meet data security requirements and privacy guidelines, the solution in many cases is a so-called on-premises solution. We are specialists in this area. A number of cases have taught us how a government agency or company can maintain its effectiveness without having servers, data storage or processor power outsourced to a third party. Full control without compromise.

Adaptability
The digital landscape is constantly changing, so adaptability is key. We deliver ongoing modular solutions to help our customers who constantly face new needs, requirements, and threats. We are a long-term and reliable partner in an ever-changing world of cybersecurity.

Contact us for a free initial consultation on how we can work together to address your cybersecurity needs.

Welcome Henrik Nilsson!
Open post

Shield preventing insider trading within big pharma

Shield preventing insider trading within big pharma

Shield helps to safely reveal test results from cancer medicine research within a pharmaceutical company

Mobile phones are relatively easy to use for eavesdropping on meetings. Phones are therefore an attractive target for competing companies and insider traders who can benefit from conducting espionage. They can be hacked through downloaded apps that have access to the microphone and by physically getting a hold of the phone to install malicious software. This means that a phone should never be left out of sight and that a phone never should be laying around during a meeting where sensitive information is discussed. An obvious cyber security conundrum.

Shield is our solution to this problem, a noise-box especially developed to make phones less of a security risk. Here is an example of how Shield can be useful when sensitive information is to be discussed at a big pharmaceutical company.

Insider trading prevention

A publicly traded pharmaceutical company that is a lucrative target for insider traders has an internal meeting to go through test results for a new cancer medicine. The information of discussion will heavily affect the stock price. None of the participants can leave their phone out of sight since an unattended phone is at risk of being manipulated. All phones and smartwatches are put inside Shield before anything regarding the tests results are discussed. Shield is placed inside the meeting room.

Read more about Shield here.

Welcome Henrik Nilsson!
Open post
sections consulting services

The NIS2 Directive

What is the NIS and NIS2 directive?

About the NIS directive (The Directive on security of network and information systems)
The purpose of the NIS directive is to heighten the security levels for critical infrastructure in the European Union.

link22 and the NIS Directive
The NIS Directive affects each company and organization differently, there is no one-size-fits-all solution to meet the requirements and stay efficient. It can be hard to assess whether or not the NIS Directive affects your company at all. We have helped governments, organizations and companies with challenges like this for 16 years and can be of use in many ways. It can seem complicated to determine what this means for you; what are you obliged to do or not to do? If you are unsure about this we suggest that you book a demo with us where we make an assessment together. Based on your situation we reason together and specify what you need to do to meet the new requirements and most importantly to secure what's valuable in your possession.

What does the term “directive” mean in this context?
It means that it can be incorporated differently in every member state to functionally harmonize with local legislation. In Sweden, the NIS-directive came into force on august the first in 2018 though The information security law.

Why does the NIS directive exist?
The NIS-directive was created to protect european citizens by heightening security around critical infrastructure within the member states. Specifically by improving information security related to critical infrastructure.

Digitalization gave rise to NIS and NIS2
The number of hacker attacks from criminal organizations and nation states has increased significantly. Attacks are more sophisticated and so are the motifs. Hackers are not just in it for money, elections and national security is also at stake. Cyberwar is a fact. There is good reason to prevent and prepare for attacks to keep critical infrastructure intact. The NIS and NIS2 directive is ultimately meant to serve european citizens.

The NIS directive affects certain industries
Energy, health care, transport, finance, water supply and digital infrastructure are considered critical according to the NIS directive. Companies and organizations within these sectors are obligated to secure their information according to the NIS directive.

Welcome Henrik Nilsson!

The NIS directive in reality
The NIS directive means generally stricter security requirements around information security. Concerned entities must consider people, process and technology when securing information. They need to classify information and systems. These entities must also prepare for the eventualities that an attack may lead to and specify action plans to increase resilience. Continuous knowledge gathering by incident reporting is mandatory with the purpose of always becoming more prepared. Companies and organizations are expected to direct their NIS-related actions towards network and information-systems

To oblige- and benefit by the NIS-directive
The NIS directive is a useful place from which to start making valuable cybersecurity improvements. Best practice in this case may be to first create an overview of the organization as a whole and then extract potential and useful changes in order to improve information security. Some processes are crucial for core functionality, some individuals have access and responsibilities that make them targets for extortion and some parts of the technical infrastructure are more vulnerable than others. This is properly complemented by an external assessment of the external cybersecurity landscape, specifically what kind of attacks that are common and what kind of attacks that may become common in the future. Information transfer between security domains and/or networks are, for example, one of the most exposed and vulnerable situations in cybersecurity today. Implementation of data diodes, countersign and encryption are three actions that will make a significant difference for many organizations in the coming years. Separate domains for different security levels is a good idea that can be implemented when one has specified what information is more important than the other. A clear information hierarchy is necessary to maintain efficiency and security.

The NIS-2 directive to improve the NIS directiveThe NIS directive includes continuous review to ensure incremental improvements and adaptations to meet the change rate of the digital world. This has resulted in NIS 2.

Welcome Henrik Nilsson!

Identified weaknesses

  • European companies do not have sufficient ability to defend themselves against cyber attacks
  • European companies do not have sufficient ability to stay operational during a cyberattack
  • European companies do not have sufficient ability to return to normal functionality after a cyberattack
  • Some sectors and states are significantly stronger than others, the European digital landscape has obvious weaknesses
  • The cyber threat awareness among EU member states is low
  • There are no common crisis management practices regarding cyberattacks within the EU

Improvements through the NIS 2 Directive
The NIS directive has been extended to further enhance security. Here are some of the most important add ons:

  • New sectors have been added
  • Increased minimum security and reporting requirements
  • Stricter supervisory measures for nation authorities
  • Stricter compliance requirements for nation authorities
  • Administrative fines has been made possible
  • Increased cooperation and increased information sharing between Member States' authorities

The NIS2 Directive affects more entities
NIS2 covers more sectors and more companies and organizations within each sector. The original NIS-directive considers energy, healthcare, transport, finance, water supply and digital infrastructure as critical for a functional society. With NIS2, public administration, pharmaceutical production, critical medicine technology and space has been added to the list.

The NIS2-directive also affects sectors in the periphery of critical infrastructure, these include; waste disposal, chemicals, post service, food, motor vehicles, production of medical machines, computers and electronics, machine equipment and digital suppliers

The majority of affected entities are medium and large enterprises within the above mentioned sectors but some small companies may also be affected depending on their profile.


link22 and the NIS Directive
The NIS Directive affects each company and organization differently, there is no one-size-fits-all solution to meet the requirements and stay efficient. It can be hard to assess whether or not the NIS Directive affects your company at all. We have helped governments, organizations and companies with challenges like this for 16 years and can be of use in many ways. It can seem complicated to determine what this means for you; what are you obliged to do or not to do? If you are unsure about this we suggest that you book a demo with us where we make an assessment together. Based on your situation we reason together and specify what you need to do to meet the new requirements and most importantly to secure what's valuable in your possession.

Click here to book a demo.

Open post

Shield preventing insider trading at a municipality

Shield preventing insider trading at a municipality

Discussing a stock price-affecting construction permit at a municipality

Mobile phones are relatively easy to use for eavesdropping on meetings. They are therefore an attractive target for people who seek to steal information of value. Phones can be hacked through downloaded apps that have access to the microphone and by physically getting a hold of the phone to install malicious software. This means that a phone should never be left out of sight and that a phone never should be laying around during a meeting where sensitive information is discussed. An obvious cyber security conundrum.

Stop insider trading crimes

To enable free conversations around classified information, we created Shield, a noise-box especially developed to make phones less of a security risk. Here is an example of how Shield secures a construction permit meeting.

A large construction permit is to be approved or denied. The decision affects stock prices, housing prices and more prices that are subject to potential insider trading crimes. To minimize the risk of eavesdropping the municipality has a meeting room especially designed for meetings around sensitive information. The meeting room is equipped with a Shield in which all phones and smartwatches are put whenever a meeting is hosted.

Read more about Shield here.

Welcome Henrik Nilsson!
Open post

Shield safeguarding a M&A-process

Shield safeguarding a M&A-process

A possible merger is discussed between two large industrial companies under the protection of Shield

Mobile phones are relatively easy to use for eavesdropping on private conversations. They are therefore an attractive target for hackers who aim to sell or use valuable information during an M&A-process that have significant impact on the stock market. Phones can be hacked through downloaded apps that have access to the microphone and by physically getting a hold of the phone to install malicious software. This means that a phone should never be left out of sight and that a phone never should be laying around during a meeting where sensitive information is discussed. An obvious cyber security conundrum.

Shield safeguarding

Shield is our solution to this problem, a noise-box especially developed to make phones less of a security risk. Here is an example of how Shield can play an important role for safeguarding and information security during a M&A-process.

During a six months long merger process between two large corporations, meetings are held biweekly. Whether done intentionally or accidentally, any information leakage may be the end of the merger and could also be used to conduct insider trading. Before all meetings the participants are expected to put their phones and smartwatches in Shield.

Read more about Shield here.

Welcome Henrik Nilsson!
Open post

Integrity and personal information safeguarded by Shield

Integrity and personal information safeguarded by Shield

A family with secret identities meets with social services and speaks freely thanks to Shield

Mobile phones are a security risk for people in vulnerable situations. A hacked phone can reveal a secret identity or location. A perpetrator can, by placing malicious software in a phone or using a regular app with microphone access, threaten and hurt his victim. This means that a phone should never be left out of sight and that a phone never should be laying around during a meeting where sensitive information is discussed. An obvious cyber security conundrum.

Integrity and privacy

To help people in vulnerable situations safely share information we have created Shield, a noise-box especially developed to make phones less of a security risk. Here is an example of how Shield can be an important piece of a truthful conversation between social security and a family living under protected identities.

A mother and her child living under protected identities have a meeting at social services. They have been living under threat for a long time and are extremely cautious not to be found. To respect the family's integrity and privacy the social services have a Shield in the meeting room where all phones are put in sensitive meetings. This also gives the mother a well needed sense of safety.

Read more about Shield here.

Welcome Henrik Nilsson!
Open post

Shield protecting client information at a law firm

Shield protecting client information at a law firm

Earn trust with superior meeting room security through Shield

Mobile phones are relatively easy to use for eavesdropping on meetings. They are therefore an attractive target for hackers who aim to sell or use valuable information. Phones can be hacked through downloaded apps that have access to the microphone and by physically getting a hold of the phone to install malicious software. This means that a phone should never be left out of sight and that a phone never should be laying around during a meeting where sensitive information is discussed. An obvious cyber security conundrum.

Shield protecting client

Shield is our solution to this problem, a noise-box especially developed to make phones less of a security risk. Here is an example of how Shield protection can help a law firm win the trust of an important client.

A large corporation is about to sign a partnership agreement with a law firm to handle everything from patents to M&As. The law firm explains to their guests that phones are a major security risk and their security policy requires everyone to put their phones in Shield before any business is discussed. The potential client is impressed by the seriousness of the law firm and decides that they are by far the most reliable long term partner.

Read more about Shield here.

Welcome Henrik Nilsson!
Open post
eSam - Digital samarbetsplattform för offentlig sektor

Swedish government prove to be adaptable and aware around digitalization and cybersecurity

Swedish government prove to be adaptable and aware around digitalization and cybersecurity

Welcome Henrik Nilsson!

Swedish authorities are in a very complex situation regarding digital work, digital collaboration and cyber security. They operate in the thin threshold between; laws that protect the privacy of citizens, laws that protect the security of the kingdom, and a system that allows employees to work efficiently. The same threshold is the starting point for our product Outpost Collaboration.

We are a well-established supplier of IT security solutions for Swedish authorities, especially those under the security protection regulation. We have learned that a well-functioning solution must balance requirements for, among other things, functionality, usability, IT security and compliance with regulations in order to be used efficiently and effectively in the agency's daily operations. An essential part of this is choosing proven components with a good reputation.

When the pandemic hit, the threshold for the authorities shrunk and became even smaller as the requirement for remote work appeared overnight. Authorities then showed good digital adaptability and started using the tools that were available, including Skype/Teams.

Cyber security is not a destination, to keep up you need to constantly evaluate yourself and your own solutions. Swedish authorities are setting a very good example. At the same time that Skype was implemented to meet the changed situation that the pandemic meant, they chose to critically review the software.

The report: "Digital collaboration platform for the public sector" from eSam in November 2021, states:

 

"During the spring of 2021, the Swedish Tax Agency and the Kronofogdemyndigheten (Kronofogden) jointly investigated the conditions for replacing the software Skype for Business (hereafter Skype) with the cloud service Teams as the main video and collaboration platform.1 The investigation was carried out due to the announcement that support and maintenance for Skype would end within about five years and a judgment from the European Court of Justice in which the court, in simplified terms, judged that the design of the American intelligence and surveillance programs did not meet the EU's requirements for how personal data may be handled. The court also ruled that personal data could not be transferred to the United States unless it could be ensured that the personal data transferred there was not accessible to the US authorities.”

 

The report concluded that Skype/Teams is not a solution for the future. Another section in the same report states:

"In their investigation, the Swedish Tax Agency and the Norwegian Kronofogden were able to determine that the use of Teams as the main video and collaboration platform would be incompatible with the rules that apply to the authorities' operations. The main justification was that if Teams were to be used in the same way that Skype is used today, it would expose large amounts of information to Microsoft in a way that was not compatible with data protection and privacy regulations. The Swedish Tax Agency and Kronofogden also considered risks of lock-in effects, costs, continuity, suitability and continuous changes to the solution3 in their report. Several other authorities, i.a. Arbetsförmedlingen, Försäkringskassan and Trafikverket later joined the Tax Agency and Kronofogden's assessment."

Authorities worked together to investigate the matter both more closely and more broadly in a comprehensive report. They concluded that solutions that have historically been used no longer meet the requirements. The outside world changes and authorities change with it, so must the IT systems that the authorities use to ensure the integrity of citizens and the security of the kingdom.

Our opinion is that the Swedish public sector is awake both from a general IT-perspective and from a specific Cyber security perspective.

In the report Cybersecurity in Sweden – Threats, methods, shortcomings and dependencies, published in 2020 by the Swedish Armed Forces Radio Institute, the Armed Forces, the Swedish Agency for Community Protection and Preparedness, the Swedish Police Agency and the Security Police, states, among other things, the following:

 

"Outsourcing of IT infrastructure also means that there is a dependency on the service provider. When IT services are outsourced, it is often done to global service providers, which means that the dependency that arises is international. This is sometimes expressed as a risk of loss of digital sovereignty, a concept used in the EU context and means that a state loses parts of its control over its independence, autonomy and freedom of action in the digital area.”

We agree, for every authority that places its digital environment in the hands of a supplier from another legal domicile, the nation in question decreases her digital sovereignty.

Sweden is one of the world's most connected countries and we have such good conditions for data storage that international giants locate their data centers in Sweden. We consider the conditions for being a digital sovereignty to be very good. We interpret it as eSam making the same assessment when we read the appendix to the report: "Digital collaboration platform for the public sector". There, solutions with functionality for, among other things, are investigated:

  • Video conference
  • Document storage
  • Fixed chat rooms
  • Kanban (virtual board for visualizing work tasks, among other things)
  • White board

In addition to functionality, it was also important that:

  • Data storage can take place in a way that meets the authority's requirements
  • Authorities do not get locked into a system
  • There are good collaboration opportunities with authorities and third parties that use other systems

We are pleased to note that the investigation highlights Nextcloud as one of two candidates that best meets the requirements for an overall solution. We make the same assessment and have therefore chosen to integrate Nextcloud into our collaboration platform Outpost Collaboration.

We strongly believe in a society where authorities and private companies work together for citizens' integrity and society's safety. We think it is smart not to put all your eggs in one basket, to use systems that can be combined with other systems. We believe that it is wise to keep citizens' data at home and we believe that if there is any country that can do it, it is Sweden.

Want to see how we take this challenge on? Book a demo here.

Related Products: Outpost Collaboration

Open post
Secure Transfer 3.9

Product Launch – Secure Transfer 3.9

Product Launch - Secure Transfer 3.9

Secure Transfer 3.9

We are proud to announce the launch of Secure Transfer 3.9. Transferring information in a secure way is now faster, more reliable and easier to use than ever before. Our engineers have made the product smarter and more powerful to further push the limit for cybersecurity.

It is smarter to do more with less. The new Flow Priority Agent helps to configure priorities between transfer flows. We know there will always be more data than bandwidth and it is therefore inevitably a question of what to prioritize.

I/O bound filters to optimize even further. Secure Transfer 3.9 make the most out of the CPU capacity by using intelligent I/O bound filters.

Built for humans first. The world we are building is not for machines, it is for humans. This is why we have made user interface improvements in all user applications.

Major new functions:

  • Flow Priority Agent
  • I/O bound filter optimization
  • Improved user interface in all user applications
  • New configuration parameters for Active Directory certificate mappings
  • Improved log messages
  • Enhanced stability and reliability

Read more about Secure Transfer 3.9 and how to apply it here.

Request a demo for Secure Transfer 3.9 here.

 

Posts navigation

1 2
Scroll to top