Case Study – IT Security in times of GDPR
Posted on 12th February 2018 by Abi Fenton
A well-established local manufacturing company contacted Fentons in September 2017 with GDPR concerns and wanted advice on how it will affect them. During the initial free consultation, Fentons provided an overview of GDPR implications and an IT security assessment was agreed to audit the client’s IT infrastructure.
An experienced engineer visited site with our wide-ranging 100-point IT security checklist and
- Audited data, services and systems
- Scanned systems for vulnerabilities
- Checked software patching and updates
- Inspected access controls and best practices
After checking systems, the engineer met with key staff to understand the client’s
- Internal policies and procedures
- Data, its storage and access rights
- Cyber security
Using all information gathered, our engineer produced an easy to read, comprehensive report, highlighting threats with practical recommendations for improvement.
The findings of the report were then discussed in a post-assessment consultation at the Fentons office. We explained the vulnerabilities in a non-jargon way and agreed an IT project plan to help GDPR compliancy.
A fixed fee project plan with roadmap was approved, and work began within 2 weeks;
- Moved email to Office 365 to ensure secure messaging with Advanced Threat Protection
- Configured encryption on servers, devices and backups to protect data
- Centralised management of computers to provide 24/7 monitoring and maintenance
- Software upgrades and the removal of unsupported systems from the network
- Implemented ransomware defence strategies
- Server housekeeping with Active Directory reorganisation
- Group policy management and reconfiguration to enhance the security of passwords, remove admin rights and lock staff screens when idle.
- Enforced Multi-factor authentication and isolated the guest wireless network
On successful completion of the project, the client decided to complete the government backed Cyber Essentials Certification. With Fentons’ guidance the self-assessment was submitted and passed first time.
The client is now speaking with industry experts to ensure all internal polices and procedures comply with the new GDPR framework.
As a result, the client now feels confident that they can demonstrate compliance with the new standards. Technical and organisational measures were put in place to ensure an appropriate level of security to meet the risks.
If you are a new client looking for IT consultancy services you may be interested to read about our current offer.