News

Anneli Ustav: information security gets shamefully little attention in Estonia

12.02.2020

According to Anneli Ustav, our Information Security Manager, in order to maintain the reputation of the leading digital nation in Estonia, more attention must be paid to ensuring information security. For example, the information security standard ISO27001, which is essentially mandatory in many international IT procurements, is today accredited to a handful of companies in Estonia.

ISO27001 is an international standard that defines the essential requirements for an information security management system. The certificate indicates that the company has identified information-related risks, such as cyber-attacks, hacking, data leakage or theft, and has established internal procedures to mitigate the risks.

“Since we are the creators of digital service solutions and partners with many private and public institutions, it is important for us to set an example in security issues. In recent years, we have invested heavily in implementing an information security management system and reviewing processes. We are proud to say that today information security is embedded in all company activities, and our team is well aware of security trends and safeguards,” commented Anneli Ustav.

The certificate demonstrates to both internal and external parties that, in addition to providing state-of-the-art technology solutions, security is of paramount importance to the Finestmedia team. “Based on the database of the Estonian Quality Association, we are the fourteenth company in Estonia to have been granted a security certificate. In the information society, cybersecurity is increasingly important, and all service providers should pay more attention in order to be reliable,” said Ustav.

Both digital and physical environments, as well as work organization and cyber behaviour of the employees, were reviewed in order to apply for an Information Security Certificate. “Attacks that try to gain access to our systems or user accounts are a daily occurrence - we are already familiar with them, and we know how to manage the risks. Well-thought-out rules and consistent staff training are the keys to success,” said Ustav.

ISO 27001:2013 Certificate, Photo: Finestmedia
ISO 27001:2013 Certificate, Photo: Finestmedia

For example, office access systems were upgraded, and the media used were checked for encryption. It was ensured that all sensitive documents and equipment were safely stored. In order to raise the awareness of the company's employees about the threats, Finestmedia began training all new employees to familiarize them with the company's information security policy, to identify possible attacks and to keep their computers and phones secure.

Cyber-attacks today are considered the biggest threat to the business world. The economic damage caused by cybercrime is estimated to be 0.8 percent of the global GDP. “The number of cyber-attacks is on the rise, and we hear news of various attacks, data leaks and thefts every day. Businesses take 200 days on average to detect data leaks from their systems, which is quite a worrying number. While ensuring security requires daily attention and multiple resources, preventing problems is certainly more effective and less costly than dealing with their consequences,” said Ustav.


Finestmedia is a software development and digital consulting company based on Estonian capital. Finestmedia provides life-cycle software solutions to both the private and public sectors, in particular in the areas of e-commerce and e-government. The headquarters of the company is in Tallinn, and its branch office is in Gdansk, Poland. Finestmedia employs over 100 people. For almost 20 years, Finestmedia has contributed to the success of Estonian e-government and the creation of several innovative solutions in the private sector. Finestmedia's work processes meet the requirements of ISO 9001: 2015 quality management and ISO 27001: 2013 information security.