Industrial product design and developmentspecialists GUD Holdings is one of Australia’sforemost enterprises in its field, with amultitude of successful brands underits umbrella.
Given the size and scale of the enterprise,the company, which focuses primarily onthe development of water-related andautomotive industrial products, recentlyturned its attention to bolstering the level ofemployee IT security awareness aroundits communications.
As each of the businesses within GUDHoldings operates autonomously withits own IT department, introducing astandardised cyber security awarenessprogram across the enterprise was a littlemore complex to undertake. It was alsoparticularly important to ensure there wereno security weak spots allowed to developwithin the organisation that could potentiallycompromise the entire network of brands.
“We were reactingto a lot of securityissues ratherthan proactivelypreventing them.”
Paul Jreige, General Manager, IT GUD Holdings
“Our catch-up modules, and the ability to pushthem out to new users and new staff, was a hugetick for Paul.”
Cass Drum, Commercial Business Manager, Mimecast
Paul Jreige, General Manager – IT at GUDHoldings, said the organisation wanted tobe on the front foot when it came to dealingwith cyber security threats – particularlyfollowing an influx of impersonation andphishing emails.
“We were reacting to a lot of security issuesrather than proactively preventing them,”said Paul. “We also had some honestconversations and realised we can throw asmuch technology into the mix as we want,but all it takes is one click from an employeeon a rogue link to potentially compromiseour system. So we agreed that education andawareness needed to be our primary focus.”
Paul and his team decided to enlist thehelp of email and cloud security providerMimecast to drive an uplift in securityawareness across the entire organisation.
Cass Drum, Commercial Business Managerat Mimecast, explains how the contract cameabout. “Paul identified that his users andthe varied employee base across multipledifferent companies had an ad-hoc andreactive approach to IT security. He wantedto introduce a consolidated approach thatbrought everyone on to the same page, butthis needed to be balanced with the differentstyles of several IT managers.
“Paul wanted to make sure this was a strategicdiscussion, rather than just a compliancebox-ticking exercise. He was very pragmaticabout what he wanted to achieve.
”There was some disparity across the group interms of how advanced a stage their securityawareness and technology adoption hadreached, so it was imperative thiswas recognised.
“It was important we provided them with asolution that could cater for their individualneeds – by way of individualised reportingand statistics, for example – while adoptinga standard solution across the group,” saidPaul. “While we wanted to bring consistency,we also wanted to preserve the autonomy ofour businesses, and we managed to do both.”
Mimecast provided GUD with a risk scoreand metrics around individual users. Becausedifferent types of email security solutionswere in use across the organisation, someareas of the business were more exposed torisk than others.
With Mimecast’s help, Paul and his teamstarted implementing awareness trainingamong employees through micro learning.Once a month, a particular area of GUD’schoosing was focused upon – meaningthat security was always front of mind foremployees, without hindering or bombardingthem with too much information at once.GUD Holdings has a number of contractorsand people external to the business thatutilise its system, and Paul wanted to makesure they were upskilled at the same time.
The awareness training delivered a securityecosystem for GUD where anyone thatscored very poorly or was considered a riskyuser had tighter security controls imposedupon them.
“Our philosophy is that all the businessesunder our umbrella need to remainsovereign. They need to be agile and havetheir own brand presence, but at the sametime we also had to find commonality aroundIT security standards. It’s a fine balance butone which I think we met successfully withMimecast’s training initiative,” says Paul.
“Getting everyone on the same page with theone solution was always going to be Paul’sbiggest challenge. He could see the benefitof it, but different companies within theorganisation had different weighting for theimportance of cyber security. Mimecast’sawareness training piece paved the way forthis consistent approach to security to beaccomplished,” says Cass.