Increased Cybersecurity Protocols & Awareness For A Large Commercial Construction Company

OVERVIEW

After being frustrated with the quality of service provided by their original IT-managed service provider, a large NYC-based commercial construction company contacted IVIONICS to assist with a recent ransomware attack that severely impacted the company’s daily operations. It was the company’s second ransomware attack within the last year, and they were concerned.

The company requested IVIONICS assist them with the remediation of the current damage caused by the ransomware attack, evaluate its current IT environment, and make recommendations for reducing cybersecurity risks going forward.

APPROACH

IVIONICS immediately evaluated the client’s backup data to determine if any of it could be restored. Fortunately, the cloud-stored data was available, and IVIONICS was able to begin restoring operations.

As the data was being restored, the team began evaluating the company’s overall cybersecurity vulnerability. Although the assessment was intended to cover the most common cybersecurity threats, the focus was immediately on functional areas that would provide the greatest protection against ransomware and other similar malware threats. There were several technology risk (TechRisk) items that needed to be addressed:

• Ensure that all users are using password protection best practices and that administrative access is granted to only IT personnel.
• Performing anti-virus and anti-malware updates on all servers, networks, and desktops.
• Assessing the effectiveness of the company’s spam filters in detecting and blocking spam emails.
• Checking that the external network entry, exit points, and company devices are protected by quality firewall protection.
• To ensure that the company remains secure, awareness training was provided to all employees explaining how to recognize cybersecurity threats to mitigate the risk of an incident from happening and if they think one did happen, the appropriate steps to follow to report an incident. Employees were also put through an extensive mock cybersecurity incident exercise to practice what they had learned.
• The client’s company IT policies were also reviewed.

RESULTS

As a result of increasing their overall awareness and strengthening their cybersecurity posture, the client had made great strides. IVIONICS implemented immediate solutions that helped reduce the client’s risk of falling victim to cybersecurity-related incidents and correct the damage caused by their last attacks.

• Saving the company from lost revenue by restoring data quickly so that the client could resume business.
• With the help of the cybersecurity assessment, all risk factors were addressed.
• Devices were updated with the latest anti-virus/malware software, firewalls, and password protection policies. Saving the client from the possibility of being open to an attack.
• Developed a cybersecurity strategy for both short- and long-term that worked for the client’s overall budget.
• Implemented a mobile device management platform to ensure that the company’s data on mobile devices is managed and protected centrally.
• Conducted company-wide training to better prepare employees on what to look for & what to do when confronted with an attack.
• Developed and communicated a company-wide “Acceptable Use Policy” that all employees had to read, sign, and follow. This was to ensure the safety of the company, employees, and their clients.