The State of Email Security 2018 Report
The latest threats, confidence killers and bad behaviors—and a cyber resilience strategy to fix them
Based in the West Midlands in the UK, Higgs & Sons solicitors is one of the largest law firms in the Black Country. A modern practice with around 250 employees, it provides a range of legal services, from commercial to family law, to thousands of clients across the region and beyond.
Like many firms of solicitors, Higgs & Sons communicates extensively via email, often sharing sensitive and confidential information with clients.
The firm’s email services are so important to its day to day running, it has long relied on Mimecast Unified Email Management for additional peace of mind. The service takes care of email archiving and continuity, as well as providing additional layers of security – including Mimecast Targeted Threat Protection - in line with Higgs & Sons’ defense in depth strategy.
By early 2014, however, email security risks were a hot topic within the firm, particularly with its family law practice. IT Manager, Adam Cutler explained: “During divorce proceedings some of the documents and forms we send to clients are extremely sensitive, essentially setting out their entire lives. It is vitally important that kind of information does not fall into the wrong hands.”
Issues like device proliferation and the use of shared mailboxes, however, meant that confidentially was open to risk: “If a client’s email is synching between a smartphone, a tablet and a PC, for instance, the risk that emails will be seen by a soon to be ex-spouse are significantly increased. Similarly, clients using work email addresses risk very personal information being seen by colleagues.”
There was, however, no simple solution, aside from a few proprietary systems that Adam quickly rejected. He said: “The pressure to find a solution was increasing. We saw an opportunity to differentiate the firm by offering an elegant, secure solution to our clients.”
Mimecast Secure Messaging offers a secure, private, cloud-based email service to easily share sensitive information, without the need for additional hardware or software. Emails are accessed through a password protected web portal and never leave the secure Mimecast cloud.
For Adam, the solution was perfect, since it could be customized and offered as a Higgs & Sons service, giving the client reassurance the messages come from Higgs & Sons: “Mimecast brought us the functionality we needed without adding complexity or extra work for users, and it was something we could offer as a differentiated, value-added service to our clients.”
Adam and his team worked closely with Mimecast support and his own legal team to develop legally robust terms of service. The firm now has a well-defined set up process. Clients simply complete a set up form and are issued with a secure email address, as well as login credentials, by Adam’s team.
Higgs & Sons Secure Email was a big hit from the word ‘go’, since it offered a compelling and reliable way to confidently share sensitive information. Adam said: “This is the first security project where I have had staff contacting me asking to be part of the initial trial. I actually had to limit participation at first, mainly to spread the demand for client sign-up over a longer period.”
In part, that immediate success was because the service was so simple, but it was also because staff saw its potential as a market differentiator. Adam said: “At first staff couldn’t believe all they had to do was send an email as normal to the secure address. But that’s exactly how it works.
“Mimecast does the rest behind the scenes. Couple that simplicity with the fact that none of our competitors could offer an equivalent and we had a real differentiator on our hands.”
The solution has been a big success from a client point of view too, according to Adam: “It’s just great to take the stress of cyber risks away from clients and be able to say ‘We’re dealing with that for you’.”
Today the service is not only used within Higgs & Sons family law practice, but across the entire firm.
Adam is delighted with the results: “Secure Messaging has been a great example of an IT department adding real, tangible value to the business, acting as an enabler, and that is something to be proud of. We have not stood still either, but have enhanced the service over time, for instance adding expiration options and “just in time” security to every email.”
Many organizations think their current email security systems are up to the task of protecting them. In …
Not all email security systems perform the same. Lots of false negatives get through. That’s what Mimecast …
Using Microsoft Office 365™ or snapshots from backup or storage solutions for protection and recovery? You …