November 1, 2024

|

Endorsement story

CIO: “The decisive factor for me was that Passguard is an independent organization”

Information security is gaining increasing attention in healthcare organizations. We spoke about this with a large healthcare organization in the south of the Netherlands. Information security is an important theme for them: they continuously map out vulnerabilities and implement improvements. One of the tools they use for this is Passguard. Why? We asked the CIO.

The Why

Why did you want to map out dark web risks? 

"Many companies only look at their own systems to check their security, for example, by conducting penetration tests. That's important, but it doesn't give a complete picture. There's so much more going on in the big, bad outside world that you have no visibility of. I wanted to map out these vulnerabilities more broadly."

And why did you specifically choose Passguard? 

"The decisive factor for me was that Passguard is an independent organization: not an existing service provider with vested interests in the outcomes of a scan. Because of Passguard’s free quick scan, I could quickly see what was happening. This helped me make its importance tangible to the Board of Directors. We were able to act swiftly to map out and mitigate the risks."

Findings

What were the findings? 

"You know that things can surface during such a scan. That was the case for us too. For example, it became clear that there was a lot of 'interest' in our organization. Our insight: We can better protect information by preventing unauthorized access to internal systems through employee accounts. You have some sense that it can happen, and you hear the stories. But after such a scan, you see the real facts. It gave everyone a very clear picture of where we stand.

Was there a particular finding that stood out? 

"From one private device infected with infostealer malware, we detected serious access. Furthermore, it became clear that most risks arise at the intersection of work and private life. This creates risks that we want to get ahead of."

Addressing Infections

What did you do with the findings? 

"We immediately acted on the major risks. Then, we continued to address them. But not by using the findings as a stick to beat people with, but as a way to give more priority and attention to information security. This means taking controlled actions to neatly resolve the risks without creating other problems.

We also use the outcomes of the Passguard study to raise awareness within the organization. This applies not only to our management team and the Board of Directors but also to awareness campaigns for staff."

Was there a specific Passguard feature that stood out? 

"Sorting at the account level is fantastic, as it gives you an immediate cross-section, which is great for raising awareness."

In Conclusion

And now? 

"Now we keep going. This wasn't a one-time step for us. That's why Passguard will continue to measure and monitor what's happening so that we stay up to date with these risks."

Would you recommend Passguard? 

"I would certainly recommend it, for three reasons:

  1. Because of its independence, as I mentioned earlier.
  2. The speed with which the information is presented.
  3. The pleasant way of working together and explaining things. Sitting down with colleagues has been well received by us. Not with a wagging finger, but to share insights and brainstorm together. This makes the topic accessible."