Client Result

How ROCK's Security Operations Centre protected a law firm's data

LegalCo*, a law firm in Cardiff, challenged ROCK to deploy SOC to secure its systems and data. Much of the firm's data was categorised as personal, sensitive and confidential and it recognised that a data breach could destroy their reputation and cost them significantly.

Share On:

At a glance

The situation

LegalCo challenged ROCK to strengthen its defences against potential cyber security attacks.

In strategic partnership with LegalCo, ROCK worked to learn about how its processes, systems and data supported its operations and how certain threats might impact the organisation. A single point of visibility for all potential threats was established to help in identifying weak links in LegalCo's defences.

It was discovered that LegalCo's disaster recovery and backup processes meant that if a data breach occurred, the most recent version of their data could not be recovered.

ROCK performed a series of tests wherein our engineers imitated the likely actions of cyber criminals. These were conducted both remotely and on-site, revealing several flaws that needed to be addressed. It was discovered that employees' lack of education in cyber security posed one of the strongest threats and this alongside poor anti-virus and firewall configuration meant phishing emails were highly likely to cause security issues.

Recommendations

  • Automate backup and recovery processes to produce three redundant copies of data on cloud daily, and implement manual processes for storing copies of data off-site on a hard drive
  • Educate current employees on workplace cyber security best practice and include automated education in employee onboarding process
  • Install optimum anti-virus software on all relevant endpoints and configure network firewall to restrict unwanted traffic

Outcome

ROCK worked with LegalCo to visualise its security threat landscape, including: endpoints, servers, software, services, traffic and processes so these assets could be configured in SOC proactive monitoring tools and analysed for threat 24/7/365. Proactive monitoring identified 13 potential threats in the first year and defended against them before an issue occurred.

Employees were educated on cyber security best practices. This included information on how to verify emails as secure and how to identify phishing emails and fake websites.  An ad hoc project was undertaken to include employee education videos and tutorials in the onboarding process so all new employees benefitted from the same education.

*We value our clients and their right to a confidentiality.  While the name has been altered, the results are real.

More Insights

Jane Onboarding Thumbnail 700x500.jpg
Performance Improvement

IT onboarding at ROCK

19/11/2019

View more
hotel of the future thumbnail.jpg
Digital Transformation

Hotels of the future: how IoT can transform the hospitality industry

06/01/2020

View more
data set amal thumbnail.jpg
Digital Transformation

Why data set amalgamation is key to superior decision making

05/11/2019

View more
best place to work IT thumbnail.jpg
Culture

How we built the best place to work in IT

03/12/2019

View more

Hello, welcome to the ROCK live chat.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×