How ROCK mimicked hackers and secured a regional estate agent’s infrastructure

At a glance

• Employee productivity increased by 20%
• 0% downtime in 2019

The situation

EstateCo’s internal IT department continuously found the company’s network infected by various forms of Malware. This had not, as far as they were aware, resulted in data breaches or any other event that would typically be viewed as severe, but did hinder network performance and also resulted in downtime.

In spite of the fact that this team tried multiple different types of anti-virus, infections would return within days of the previous one having been removed. This led them to contact ROCK and request our assistance in determining the best means of securing their network.

As a result, ROCK performed a series of penetration tests wherein we mimicked the likely actions of cyber criminals. These were conducted both remotely and on-site, revealing several flaws that needed to be addressed.

Recommendations

• Implement ROCK's patch management services
• Educate employees on their role concerning cyber security
• Implement encryption policies throughout EstateCo's data landscape

Outcome

ROCK observed that patching and updating was undertaken on a sporadic basis and that this generated exploitable gaps. In order to address this, ROCK implemented measures that automated such updates in their entirety, and employed our patch management service, which moved the job of checking and installing patches directly over to ROCK with monthly status reports sent to EstateCo's internal IT team.

It was also noted that whilst EstateCo’s staff were mindful of the threat posed by malicious emails, they were less familiar with other ways their actions could compromise devices and networks. ROCK delivered tailored on-site cyber security training to employees in order to address this problem. Staff were tested throughout the next year with engaging training content, and their progress was monitored. When surveyed, staff on the whole felt 'very confident' that could identify malicious behaviour on the network and their emails.

Finally, ROCK implemented encryption policies. This further enhanced the robustness of EstateCo’s cyber security solutions and ensured the company adhered to stipulations set out in GDPR legislation. As a result of these changes, the performance of EstateCo’s network improved significantly. This yielded a 20% improvement in terms of employee productivity and, vitally, the company suffered no downtime in 2019.

*We value our clients and their right to a confidential consultation. While the name has been altered, the results are real.