Malling thrives on its high credibility. As Norway's leading advisor on commercial real estate, the company handles large amounts of data. Digital breaches leading to data loss must therefore not occur.
This was also the reason why IT manager Even Falkenberg ordered an independent review of the security in the Microsoft 365 environment for the group with over 300 employees. He says this is something he has been thinking about for a long time.
"We purchase all IT as a service from a third party. Therefore, I wanted an extra round to check that our solution was set up with the correct security recommendations, both from the service provider's side, but also what I can influence and adjust myself."
Sicra was chosen for this as I am familiar with several of the consultants in the company from before, and I was also reassured by other customer references.
Wanted answers on what he could do himself
Sicra's advisors spent about a week going through all settings and configurations.
"I wanted answers on what I could do myself to raise the security level," he says.
Falkenberg has conducted major security checks before and averted several direct attacks on the company. Although he is well-versed in security, he finds that developments are moving so quickly that it is challenging to keep up with all new updates and changes from Microsoft.
"A lot happens in a user environment, and Microsoft makes changes at a rapid pace. When we know that colleagues' machines are the most security-exposed, this is also the area that is most important to prioritize," says Falkenberg.
Good enough is not enough for Malling
Sicra's report showed that security was well taken care of, but that there was still room for improvement. Sicra believed that some of Microsoft's default settings are not good enough with today's threat landscape. There were also some additional new security features that could have been activated, says Falkenberg.
The report from Sicra came as a schematic overview with all recommended measures. A kind of roadmap with prioritized actions that Falkenberg can tackle himself.
"Some settings were set to default as delivered by Microsoft, but fortunately none of our settings were below the minimum requirements recommended by Sicra."
Falkenberg is making the improvements step by step and can then follow in the report how the security level continuously improves.
"It's fun to see that there are more and more green points. We had no serious security holes, but quite a few individual areas where we should adjust and tighten up. The report is worth its weight in gold in a company where management is committed to delivering security at the highest level," he says.
An important one-time investment
Falkenberg says he expected Sicra to find something to nitpick, but emphasizes that such checks are important to be able to meet the threats that come.
He is glad that the management at Malling chose to back him in making this investment.
"Sicra was great to work with. The report is designed so that once I have corrected all the settings, I don't need a new major review. Therefore, the report is a one-time investment, but Falkenberg does not rule out the need to do some spot checks on a regular basis."
"I could have gotten help from Sicra to improve security. I chose to do it myself to thoroughly familiarize myself with the entire setup of our environment. This has been a useful reminder that you should not trust anyone when it comes to security," he concludes.
Explore more
Oslo Taxi secures the platform for the future with Sicra and River Security
Ransomware attack caused headaches for one of Norway's largest chains
Removed a False Sense of Security at Montel
