For StepStone, an e-recruiting business, cybersecurity and resiliency means so much more than just intercepting malicious messages before they hit an employee’s inbox. They also mean defense, awareness and increased visibility to keep business operations flowing – at all costs. “If email went down, it would be hugely disruptive, if not prompting a total pause on business altogether,” says Serge Groven, Corporate IT Manager at StepStone.
At one point, prior to Mimecast, StepStone was receiving nearly 10 million emails every month with many of them slipping through the cracks. “70 to 75 percent of those emails should not have been allowed through,” says Groven. “Because of those gaps, we dealt with hundreds of monthly phishing attempts.”
Although he can’t go into much detail due to security concerns, one impersonation attempt in particular was a catalyst for change. “This specific attempt was timed with such precision that it looked absolutely real. There’s no telling how much damage would have been done had it been successful. It would have been incalculable.”
This close shave served as a wakeup call, prompting Groven and his team to search for a highly specialized solution to bolster email security and fight the steady stream of impersonation attacks and credentials phishing.
He ultimately decided to partner with Mimecast. “Mimecast offered the exact mix we were looking for, combining traditional methods with advanced technology, as well as on-demand support and a quick implementation and rollout period.”
It didn’t take long to see Mimecast’s impact across the thousands of StepStone Microsoft Office 365 accounts across the globe, “In just a one-month period after implementing Mimecast in 70 percent of our environments, the average number of spear-phishing emails decreased from 10.2 per month to 2.5,” says Groven. “And those results hold up today.”
While the results were immediate – Groven and his team knew there was more work to be done when it came to employee awareness and gaining greater visibility into the IT ecosystem. That’s why he expanded StepStone’s portfolio of Mimecast products to include Web Security, Archiving, Awareness Training and Internal Email Protect (IEP) among others.
“The extra visibility has been a huge benefit. With Office 365, conducting any forensics, spot checks or investigations is a very slow process. With Mimecast, you get nearly instant results,” says Groven. “And that’s making our IT staff more productive.
When something is quick and easy, it makes us better as a team. We’re not fighting against the system.”
With Mimecast, Groven and his StepStone team have been able to build what he calls a “human firewall.” But he recognizes that even the best solution needs to be backed up by educated users, which is why Mimecast Awareness Training has played such a big role in reinforcing that human firewall.
“The system is doing its job and we’re seeing fewer impersonation attacks as a result,” says Groven. “But our users are much more educated now, thanks to Mimecast. The Awareness Training videos are short, quick– and the message actually sticks! It’s like a good TV show with recurring characters and people actually ask when the next ‘episode’ is coming. That makes all the difference in keeping this vital information top of mind.”
“The Awareness Training videos are short, quick –and the message actually sticks! It’s like a good TV show with recurring characters and people actually ask when the next ‘episode’ is coming. That makes all the difference in keeping this vital information top of mind.”
Serge Groven, Corporate IT Manager at StepStone