At a glance
Prior to GDPR legislation having come into effect, ROCK was contacted by a large company operating within the financial services sector. They informed us that their in-house IT department was concerned their cyber security measures were insufficient and that the company would fall foul of new laws as a result. Accordingly, they requested that ROCK audit their current setups and evaluate their cyber security.
Shortly before GDPR legislation came into force, multiple organisations were concerned that their existing security setups were lacking the robustness needed to ensure adherence and – fearful of the potential fines they could receive – sought help. Amongst these companies was CreditCorp*, a financial services provider based in the South East of England.
CreditCorp* contacted ROCK following their in-house IT department having determined that they did not believe the company’s existing security measures would be deemed adequate once GDPR had come into force. As a direct result, the company instructed ROCK to audit relevant systems and setups.
Following the completion of our cyber security audit, ROCK identified multiple potential improvements. These included updating existing anti-virus solutions and firewalls, implementing automated patching and, most importantly, developing more robust authentication processes.
Having observed that CreditCorp* utilised multiple virtual platforms – many of which contained sensitive data pertaining to customers – and that logs suggested several were persistently subjected to brute force attacks, ROCK implemented multi-factor authentication to enhance cyber security. In turn, all login attempts required at least one further form of verification to be undertaken before a user was able to access resources. IP checks were also leveraged in order to enhance security; login attempts from non-whitelisted addresses were prevented from accessing portals entirely.
With employees typically using several online applications each day, however, there was a significant possibility that enhanced login procedures could consume time and generate inefficient practice. To address this, ROCK utilised Smart Single Sign-On, a feature that affords users one set of credentials for multiple platforms and signs users into several applications simultaneously. Bespoke configurations were then leveraged in order to ensure this did not generate deficiencies in security.
How we helped
- 98% reduction in malicious login attempts
- 13% increase in employee productivity
Within several weeks of changes being implemented, server logs were analysed and it was determined that malicious login attempts had fallen to almost zero.
Furthermore, by utilising single sign-on practices, CreditCorp’s* employees benefited from systems that allowed them to undertake their work in a more efficient manner. As a result, employee productivity grew by 13%.
*We value our clients and their right to a confidential consultation. While the name has been altered, the results are real.