How Mimecast helped GUD Holdings expand its employee cybersecurity awareness
How Mimecast Helped GUD Holdings Expand Its Employee Cybersecurity Awareness
Industrial product design and development specialists GUD Holdings is one of Australia’s foremost enterprises in its field, with a multitude of successful brands under its umbrella.
Given the size and scale of the enterprise, the company, which focuses primarily on the development of water-related and automotive industrial products, recently turned its attention to bolstering the level of employee IT security awareness around its communications.
As each of the businesses within GUD Holdings operates autonomously with its own IT department, introducing a standardised cyber security awareness program across the enterprise was a little more complex to undertake. It was also particularly important to ensure there were no security weak spots allowed to develop within the organisation that could potentially compromise the entire network of brands.
“We were reacting to a lot of security issues rather than proactively preventing them.”
Paul Jreige, General Manager, IT GUD Holdings
“Our catch-up modules, and the ability to push them out to new users and new staff, was a huge tick for Paul.”
Cass Drum, Commercial Business Manager, Mimecast
Paul Jreige, General Manager – IT at GUD Holdings, said the organisation wanted to be on the front foot when it came to dealing with cyber security threats – particularly following an influx of impersonation and phishing emails.
“We were reacting to a lot of security issues rather than proactively preventing them,” said Paul. “We also had some honest conversations and realised we can throw as much technology into the mix as we want, but all it takes is one click from an employee on a rogue link to potentially compromise our system. So we agreed that education and awareness needed to be our primary focus.”
Paul and his team decided to enlist the help of email and cloud security provider Mimecast to drive an uplift in security awareness across the entire organisation.
Cass Drum, Commercial Business Manager at Mimecast, explains how the contract came about. “Paul identified that his users and the varied employee base across multiple different companies had an ad-hoc and reactive approach to IT security. He wanted to introduce a consolidated approach that brought everyone on to the same page, but this needed to be balanced with the different styles of several IT managers.
“Paul wanted to make sure this was a strategic discussion, rather than just a compliance box-ticking exercise. He was very pragmatic about what he wanted to achieve.
”There was some disparity across the group interms of how advanced a stage their security awareness and technology adoption had reached, so it was imperative this was recognised.
“It was important we provided them with a solution that could cater for their individual needs – by way of individualised reporting and statistics, for example – while adopting a standard solution across the group,” said Paul. “While we wanted to bring consistency, we also wanted to preserve the autonomy of our businesses, and we managed to do both.”
Mimecast provided GUD with a risk score and metrics around individual users. Because different types of email security solutions were in use across the organisation, some areas of the business were more exposed to risk than others.
With Mimecast’s help, Paul and his team started implementing awareness training among employees through micro learning. Once a month, a particular area of GUD’s choosing was focused upon – meaning that security was always front of mind for employees, without hindering or bombarding them with too much information at once. GUD Holdings has a number of contractors and people external to the business that utilise its system, and Paul wanted to make sure they were upskilled at the same time.
The awareness training delivered a security ecosystem for GUD where anyone that scored very poorly or was considered a risky user had tighter security controls imposed upon them.
“Our philosophy is that all the businesses under our umbrella need to remain sovereign. They need to be agile and have their own brand presence, but at the same time we also had to find commonality around IT security standards. It’s a fine balance but one which I think we met successfully with Mimecast’s training initiative,” says Paul.
“Getting everyone on the same page with the one solution was always going to be Paul’s biggest challenge. He could see the benefit of it, but different companies within the organisation had different weighting for the importance of cyber security. Mimecast’s awareness training piece paved the way for this consistent approach to security to be accomplished,” says Cass.