law firm rock soc.jpg

Client Result

How ROCK's Security Operations Centre protected a law firm's data

LegalCo*, a law firm in Cardiff, challenged ROCK to deploy SOC to secure its systems and data. Much of the firm's data was categorised as personal, sensitive and confidential and it recognised that a data breach could destroy their reputation and cost them significantly.

Share On:

At a glance

The situation

LegalCo challenged ROCK to strengthen its defences against potential cyber security attacks.

In strategic partnership with LegalCo, ROCK worked to learn about how its processes, systems and data supported its operations and how certain threats might impact the organisation. A single point of visibility for all potential threats was established to help in identifying weak links in LegalCo's defences.

It was discovered that LegalCo's disaster recovery and backup processes meant that if a data breach occurred, the most recent version of their data could not be recovered.

ROCK performed a series of tests wherein our engineers imitated the likely actions of cyber criminals. These were conducted both remotely and on-site, revealing several flaws that needed to be addressed. It was discovered that employees' lack of education in cyber security posed one of the strongest threats and this alongside poor anti-virus and firewall configuration meant phishing emails were highly likely to cause security issues.

Recommendations

  • Automate backup and recovery processes to produce three redundant copies of data on cloud daily, and implement manual processes for storing copies of data off-site on a hard drive
  • Educate current employees on workplace cyber security best practice and include automated education in employee onboarding process
  • Install optimum anti-virus software on all relevant endpoints and configure network firewall to restrict unwanted traffic

Outcome

ROCK worked with LegalCo to visualise its security threat landscape, including: endpoints, servers, software, services, traffic and processes so these assets could be configured in SOC proactive monitoring tools and analysed for threat 24/7/365. Proactive monitoring identified 13 potential threats in the first year and defended against them before an issue occurred.

Employees were educated on cyber security best practices. This included information on how to verify emails as secure and how to identify phishing emails and fake websites.  An ad hoc project was undertaken to include employee education videos and tutorials in the onboarding process so all new employees benefitted from the same education.

*We value our clients and their right to a confidentiality.  While the name has been altered, the results are real.

More Insights

remote working insight-thumbnail.jpg
Digital Transformation

A remote possibility: why you need to develop a digital workplace

06/03/2020

View more
data set amal thumbnail.jpg
Digital Transformation

Why data set amalgamation is key to superior decision making

05/11/2019

View more
small data thumbnail.jpg
Performance Improvement

Small Data will be key to understanding your ‘new normal’

19/06/2020

View more
what is digital transformation banner.jpg
Digital Transformation

What is digital transformation?

20/11/2019

View more

Hello, welcome to the ROCK live chat.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×