Spar Kjøp: From mail order to digital security

Read more about MDR
Save Buy

Spar Kjøp has a long and proud history that began in 1962, when married couple Helge and Reidun Knudsen started selling knitting yarn from their basement. Since then, the company has grown considerably - with 24 department stores around the country and a strong focus on online shopping.

With the digital development, the need for better IT security has also become clearer. When Jan S. van der Mark joined the company in 2022, he quickly realized how the threat landscape had changed and the need for a comprehensive security strategy became apparent.

Digital threats require a digital fire alarm

To find out where the shoe was on the other foot, Jan and his colleagues took a thorough approach to choosing their security partner:

- "We chose Netsecurity and the very first step was to carry out a thorough penetration test and phishing exercise to identify vulnerabilities. Once we had the results of these tests, we set up the strategic investment in security based on actual needs," explains Jan S. van der Mark.

Collaboration with Netsecurity

Since the summer of 2023, Spar Kjøp has worked closely with Netsecurity to strengthen its IT security. They have implemented the following security measures:

  • Security monitoring (MDR) of identities (Microsoft): Monitoring and responding to identity misuse via Entra ID/Active Directory. This ensures that no unauthorized persons gain access to the company's systems.

  • Security monitoring (MDR) of endpoints: Activity monitoring and response on servers and devices to detect and stop attacks before they have consequences.

  • Incident management (Incident Response): Handling unwanted activity in collaboration with NSM-certified incident handlers so that critical incidents are quickly addressed and contained.

  • Consulting and threat assessment: Ongoing evaluation of threats and improvement measures so that the security strategy is always up to date.
Read more about security monitoring and response

- It was particularly important for us that all new measures were implemented in a good way, so that everyone understood why we were doing this - and not least felt confident about what it was all about.

Jan S. van der Mark

Jan van der Mark_ round

Security in the culture

Ownership and anchoring in the management was also a decisive factor in Spar Kjøp's success. Digital security is now just as important as physical security. But good security doesn't work well in a strategy document or agreement, it needs to be embedded in the company's hub and backbone; the employees!

To build a stronger culture around IT security, the company therefore conducts awareness training and phishing simulations for its employees.

- The digital threat is only getting bigger. This is our digital fire alarm! Everyone needs to know what to do when the alarm goes off, just like a physical fire alarm

Jan S. van der Mark

- At the same time, we have made sure that the security measures do not feel invasive. In practice, this means that we have very clear rules for using phones and the internet abroad that everyone can live with.

Netsecurity has helped Spar Kjøp to establish a clear reporting structure:

- "If someone clicks on a phishing link, we need to remove the stigma around it. The most important thing is to report it quickly so we can stop the attack before it spreads.

The collaboration with Netsecurity has already yielded visible results


Spar Kjøp has already experienced the benefits in practice: A subcontractor was compromised and sent out credible phishing emails to employees. One of Spar Kjøp's employees quickly alerted to the suspicious email, and before the conversation was over, Netsecurity had isolated the threat and prevented damage.

  • Implementation of Multi-Factor Authentication (MFA), which ensures that only authorized users get access.
  • Stricter screen saver policy to protect idle devices.
  • Change of antivirus program after advice from Netsecurity.
  • Establishment of clear reporting routines for safety incidents.

A secure partner

Spar Kjøp has a small IT department and needs a reliable security partner:

- We are not experts in IT security and we need someone we can trust. Netsecurity takes responsibility and gives us the advice we need, without selling unnecessary solutions.

He emphasizes that Netsecurity distinguishes itself by being a sparring partner, not just a supplier.

- "I get a bit allergic when salespeople try to push products I don't need. Netsecurity helps me keep up to date with how the market is developing. Based on the current status, they give us recommendations that we discuss together. The fact that they respect our priorities and decisions based on our discussions means that they build trust and present themselves with a credibility that I can safely recommend to others," explains Jan.

One of the most important lessons learned in the process has been the value of the thorough penetration test. It revealed critical weaknesses and laid the foundation for further measures.

- This was the key to getting started. We now have a clear plan for the future.

Spar Kjøp understands that IT security is not about eliminating all risk, but about having a healthy relationship with it. With Netsecurity on the team, we feel that we have found the balance between security and user-friendliness - and at the same time secured ourselves against the many digital threats of the future.

Jan S. van der Mark
CTO - Spar Kjøp
Jan S. ven der Mark