At a glance
When a college contacted ROCK and requested that we audit their cyber security solutions, we identified issues concerning the management of employees' personal endpoint devices. Looking to undertake our Premier IT Management service they were keen for us to conduct a review of their cyber security measures and practices.
The situation
CollegeCo's* internal IT team was struggling to both keep on top of service requests and foster innovation. CollegeCo* were therefore looking to outsource their IT externally, focused on better supporting their users and driving technological advancement to empower learners to study remotely.
With GDPR legislation also set to come into effect in just three months, CollegeCo* were looking for us to audit their network, with a view to improving their cyber security posture. Due to the highly sensitive information the college held, they wanted to ensure every conceivable security eventuality had been taken into account, concerned about the rise in hacker sophistication.
ROCK thus undertook an in-depth audit of not just the cyber security measures the client had in place but, vitally common practices observed throughout the institution. This revealed that whilst the organisation’s IT infrastructure was well managed and required few changes, they allowed staff to connect their own devices and flash drives to their network but did not subsequently manage them.
This generated a considerable and easily exploitable gap in their security. Additionally, our research revealed that staff regularly took sensitive and unencrypted data off-site. Should this have continued following the implementation of GDPR, CollegeCo* could have been issued with a significant fine.
How we helped
- Improved productivity by over 20%
- Reduced average ticket resolution time from 24 hours to 12 minutes
- Identified more than 130 unmanaged devices on the staff network
- 100% of all networked devices automatically patched
- 25k emails placed in spam folder within six months of implementation
Our recommendations
- 24/7/365 access to our award-winning service desk
- Implement a Unified Endpoint Management system that would allow administrators to manage the security of all networked endpoints
- Develop a policy concerning BYOD (Bring Your Own Device) practices
- Enact data encryption policies
Outcome
Thanks to our Premier IT service CollegCo* were able to successfully drive innovation, users reported five times the level of satisfaction and productivity rose by over 20%. Learners were also empowered to adopt a hybrid learning model, at their discretion, leading to a consequential rise in both customer satisfaction and new college applicants.
ROCK identified more than 130 devices present on CollegeCo’s* staff network. All of these were added to a recently installed UEM system capable of installing required patches automatically. This software also allowed administrators to identify specific devices that have been breached and isolate them accordingly.
Following the implementation of an email management solution for all staff email accounts (which were accessed on multiple devices), 25,000 emails received by staff members were placed into a spam folder within a six-month period – exemplifying the frequency with which malicious communications had been present on unpatched and insecure devices.
Finally, ROCK ensured that all of CollegeCo’s* data – whether stored on internal devices or those that were to be taken off-site – was subjected to encryption with ROCK managing the decryption keys centrally. *We value our clients and their right to a confidential consultation. While the name has been altered, the results are real.
*We value our clients and their right to a confidential consultation. While the name has been altered, the results are real.