ROCK help education 2.jpg

Client Result

How ROCK helped an educational institution avoid the wrath of regulators

CollegeCo*, a UK further education college providing A levels, HNDs and other qualifications, contacted ROCK prior to the introduction of GDPR. They requested that we review their current cyber security measures and practices to ensure everything was in order and sufficiently robust.

Share On:

At a glance

  • Identified more than 130 unmanaged devices on staff network
  • 100% of all networked devices automatically patched
  • 25k emails placed in spam folder within six months of implementation

The situation

With GDPR legislation set to come into effect in just three months, CollegeCo contacted ROCK and requested that we audit their network, with a view to improving their cyber security posture. This, they explained, was to ensure that all possibilities had been considered. They were confident in the measures they had in place but, due to the highly-sensitive information they held, wanted to ensure every conceivable eventuality had been taken into account.

ROCK undertook an in-depth audit of not just the cyber security measures the client had in place but – in this instance, vitally – also common practices observed throughout the institution. This revealed that, whilst the organisation’s digital infrastructure was well managed and required few changes, they allowed staff to connect their own devices and flash drives to their network, but did not subsequently manage them. This generated a considerable and easily exploitable gap in their security.

Additionally, our research revealed that staff regularly took sensitive and unencrypted data off-site. Should this have continued following the implementation of GDPR, CollegeCo could have been issued with a significant fine.

Recommendations

Outcome

ROCK identified more than 130 devices present on CollegeCo’s staff network. All of these were, following staff having agreed to a new BYOD policy, added to a recently installed UEM system capable of installing required patches automatically. This software also allows administrators to identify specific devices that have been breached and isolate them accordingly.

Following the implementation of an email management solution for all staff email accounts (which were accessed on multiple devices), 25,000 emails received by staff members were placed into a spam folder within a six-month period – exemplifying the frequency with which malicious communications had been present on unpatched and fundamentally insecure devices.

Finally, ROCK ensured that all of CollegeCo’s data – whether stored on internal devices or those that were to be taken off-site – was subjected to encryption with ROCK managing the decryption keys centrally. 

*We value our clients and their right to a confidential consultation. While the name has been altered, the results are real.

More Insights

best place to work IT thumbnail.jpg
Culture

How we built the best place to work in IT

03/12/2019

View more
Jane Onboarding Thumbnail 700x500.jpg
Performance Improvement

IT onboarding at ROCK

19/11/2019

View more
data set amal thumbnail.jpg
Digital Transformation

Why data set amalgamation is key to superior decision making

05/11/2019

View more
hotel of the future thumbnail.jpg
Digital Transformation

Hotels of the future: how IoT can transform the hospitality industry

06/01/2020

View more

Hello, welcome to the ROCK live chat.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×