Securing Email: the story of a small company
🕒 4 min read
✏️ Cristina Errico
You could argue that email is an almost ideal format for scammers. Email forces us to make assessments about what we receive and then make decisions about what we open or click through to as a result. Just the right amount of social engineering, exploiting an individual’s good nature, can push them to action.
No wonder email is one of the primary challenges that keeps the world’s Chief Information Security Officers (CISOs) up at night. In Cisco’s most recent CISO Benchmark Study, we found that 56% of CISOs surveyed felt that defending against user behaviours, such as clicking a malicious link in an email, is either very or extremely challenging. This ranks higher than any other security concern surveyed— higher even than data in the public cloud, and higher than mobile device use.
These concerns can be even more magnified for small businesses with limited budgets and IT resources.
If you read our Tech Connection article Email security and what it means for your small business, you might recall that managed email services like those offered by Gmail or Microsoft Office 365 are great for small businesses. They offer nearly all the functionality of self-managed email but without the cost and hassle of running an email server. However, the popularity of such tools means that cybercriminals are increasingly targeting them as platforms in which to launch cyberattacks.
An employee can click on an unsafe link or open an infected email attachment and before you know it, your network has been compromised. This is what happened to Strenge, a German family business that started in 1961, specializing in packaging and cleaning solutions for industrial clients. Strenge were attacked with a crypto locker and forced to pay a ransom by spending all night restoring the 20,000 files that the hackers had encrypted.
Things could have been much worse, but the company learnt its lesson, and so decided to take another look at their cybersecurity setup. This was the wake-up call that got them thinking seriously about better ways to reduce their risk and minimize the damage to their infrastructure, data, and operations.
Strenge is a small company and their 120 employees depend on email, both onsite and off. So they quickly needed a new solution that was easy to use, flexible, and highly customizable. They also wanted the ability to set and change rules and exceptions on the fly in reaction to threats. Most importantly, Strenge needed true visibility that would allow them to see when the system blocked email incoming and outgoing messages.
Cisco Security Email (CES) seemed the perfect solution. It’s a cloud-based solution that offers advanced phishing and domain protection features. It blocks fraudulent senders and prevents bad actors from using the domain to send fraudulent emails.
CES leverages Cisco Talos, our world-class threat intelligence team providing accurate, rapid actionable cyber threat protection that goes beyond point-in-time protection to track and quarantine a file after it has entered the system.
As Frank Bettenworth, CIO at Strenge observed, “Cisco is lightning fast in its reaction time and can update virus and malware definitions within hours of a new threat emerging. This level of protection far surpasses and outclasses anything that Microsoft ever offered us”.
But Strenge had invested a lot of time and money in Microsoft's security offering and wanted to be sure of the new investment, which is why it required a proof of value (PoV) period. Cisco helped Strenge to try the CES software for 60 days with a fully featured trial: no limitations on the number of accounts they could manage, or the ways to customize installation. As recommended, Strenge deployed CES on top of its existing Office 365 mail system.
The transition from Microsoft's email security tools to CES was seamless for Strenge's end users. There were no service interruptions – and Strenge's 120 employees did not have to modify any of their workflows.
You might also think this increased capability, visibility, and customer care comes at a premium—but that's not the case. Cisco Email Services cost 50% less than Strenge were paying before. It also requires less maintenance because it is a managed service hosted on the cloud.
As a small business, securing your IT environment takes teamwork, collaboration and the right tools. With Cisco Small Business Security Solutions in your corner, things can happen quickly but we’ve designed our security to match that.
Interested in more about Strenge’s story? You can read the full interview with Frank Bettenworth. To explore more small business customer stories, where technology has helped to overcome real business challenges, explore our Small Business Success Stories.