The State of Email Security 2018 Report
The latest threats, confidence killers and bad behaviors—and a cyber resilience strategy to fix them
Hanson Professional Services Inc. is a national, employee-owned consulting firm providing engineering, architecture, planning and allied services. Based in Springfield, Ill., the firm originally specialized in civil engineering services, primarily for bridge designs. With its Springfield roots and successful operations, the company began to grow throughout the Midwest and quickly broadened across the United States through acquisitions, mergers and expansion.
Today, the company’s gross revenue is $65 million, and it is organized in seven areas of emphasis: aviation, department of defense, energy and industry, government, infrastructure, railways, and telecommunications. Hanson now has 19 regional offices, and it has provided consulting services in more than 40 countries worldwide.
The company’s growth caused a steep incline in email volume, both inbound and outbound. by 2008, Robert Stidham, IT Manager for Hanson, noticed that email services started to suffer. In particular, there was a marked increase in false positives for spam. “For every 10 emails that were quarantined as spam, we were releasing six,” he recalls.
Stidham was already unhappy with his anti-spam/anti-virus vendor for other reasons. First and foremost was poor support: it often took two to three days to get a response to a support request. The increase in false positives prompted him to consider making a change, and he compiled a list of overall email management shortcomings at Hanson that he felt it was important to address.
One was an absence of logging. Occasionally, the IT team needed to know the dispensation of a particular email message – whether or when it was received. but if the message went into spam, his current vendor automatically deleted it after a certain period of time without keeping any record, and once an email was deleted, it was gone forever. “Keeping a record of all incoming and outgoing email is pretty standard on today’s email systems, and we didn’t have it,” says Stidham.
Another was archiving. Traditionally, Hanson had archived one year’s worth of email internally on its mail servers. Older messages were deleted to make space for newer records. Users also had PST files. But with the growth in email volume and no clear retention policies in place, PST files were now taking up a lot of space. “Some employees were saving every email they’d ever sent or received in personal folders. We had people with 14 gigabyte PST files, plus 2 gig mailboxes,” he recalls. “It was taking up a lot of server space.”
With this list in hand, Stidham began researching alternatives. The same week, he received a call from Mimecast.
Mimecast provides the only end-to-end solution for unified email management in the cloud – a fully SaaS-based solution that covers archiving, discovery, business continuity, security and policy management. Approximately 2500 companies around the world have replaced multiple, on-premise point solutions with Mimecast subscriptions in order to significantly reduce the risk, complexity and overall cost of email management.
“The timing of that call was just right. We got a demo that same day, and were really impressed,” said Stidham. “What really sold us was the forensic information – the ability to go back and see emails that were rejected, and see why they were rejected. Mimecast could also provide that kind of detail for outgoing email – such as when the receiving server got the message.”
Stidham and his team also liked the cloud concept. “About half of our 400 email users are in remote offices,” he says, “and our entire IT team is here in Springfield. We liked the idea of having everything in the cloud, so we wouldn’t have to manage hardware at other offices remotely. It’s a very straightforward model.”
Just six weeks after Hanson switched to Mimecast, Stidham had an opportunity to prove its worth to Hanson. “Frequently, client proposals are submitted by email, and they are always due by a certain deadline,” explains Stidham. “On a Friday, a Hanson employee emailed a proposal for a $1.5 million project. By the following Wednesday, he hadn’t received any response, so he called the prospect to check in. The prospect claimed he never received the proposal, and would not allow us to re-send it because the deadline had passed.
Using Mimecast records, we were able to prove that the original email was sent and received. Mimecast had captured every detail – when it was sent, when it left our server, when it left Mimecast, when it was received by their server. As a result, the prospect agreed to review our proposal.”
According to Stidham, the four greatest benefits of having Mimecast are: • The ability to find specific email messages when he needs to • Being able to reduce the size of users’ email boxes because mail is now archived • Saving significant time, money, and wear and tear on equipment • Peace of mind – knowing that if the exchange server goes down, Hanson still has email service.
“In the past, if our exchange server went down, we were dead in the water,” says Stidham. “We would have a flood of angry calls to the help desk. A lot of our users would resort to using personal email during outages just to keep business moving.”
That type of situation is a thing of the past now, according to Stidham. “About three weeks ago, our Exchange server shut down due to a backup issue. Email immediately failed over to Mimecast,” he recalls. “The outage was completely invisible to anyone outside the company, and our users just went right into their Mimecast folders in Outlook. We did not get a single call to the helpdesk during the whole episode. There was no business impact from the outage.”
“With Mimecast, I have many different search options – such as key words, time frames, sender – and I can find what I need in seconds,” Stidham reports. “That feature alone saves Hanson about 30 hours a week of IT staff time. We can now use that time for other, more productive things.” Mimecast has also significantly reduced the time IT staff spends on releasing false positives from quarantined email by 5-10 hours a
week. “We rarely have to do that at all now,” says Stidham. “We maybe spend two hours a month total administering email issues. All in all, we’ve recovered so much staff time with Mimecast it’s like we added another full-time person to our IT team, at no cost.”
Many organizations think their current email security systems are up to the task of protecting them. In …
Using Microsoft Office 365™ or snapshots from backup or storage solutions for protection and recovery? You …
Email is the number-one application that organizations depend on for communications. Unfortunately, it is also …