Case Study by Steven West – Systems Administration Manager, Colin Biggers & Paisley
The Background
Colin Biggers & Paisley is a national law firm with over 470 employees and clients across Australia and China. We were established in 1900 and have a long history of genuine expertise in transactions, projects, governance and dispute resolution. We’re particularly known for our insurance, property and construction experience and have an established reputation in a range of other sectors.
To support our operations, we have more than twenty people in our knowledge and information technology team.
The Goal
The legal industry, in general, was slow to adopt cyber security strategies, and we were no different. However, a few years ago, it became apparent that we needed to start focusing on this aspect of the business. Our clients were increasingly asking us to demonstrate our approach to data security and for examples of our efforts to reach security maturity.
We were fortunate to have a managing partner who recognised the need for security and led the change from the top.
The Selection Process
The process started in 2019 when we began looking for a new network partner. Having assessed our options, we chose Optus, who had an existing relationship with The Missing Link and referred us.
I have to say that if we’d gone with any other provider, we would never have come across The Missing Link, but I’m glad we did. We developed a strong working relationship, and we realised that they had many more services to offer. They were able to help us review our security posture and develop a roadmap towards best practice standards.
Having worked alongside us to improve our security posture, advise on and supply infrastructure, provide penetration testing and staff security training for three years, The Missing Link knows our company back to front. With this depth of knowledge, they recently proposed that we trial a new product they were planning to on-sell.
The product they recommended was a cloud-based vulnerability assessment scanning tool. Essentially, it sits in the background running all the time, and every five weeks, it performs a vulnerability scan of our network.
The Relationship
While I understand the idea (and associated risks) of testing a new security product would be challenging for some organisations, we weren’t worried because we’d been working with The Missing Link on various projects over three years. We felt confident in their work and the vendors they partner with, and we knew they wouldn’t recommend anything they didn’t believe would be of value. I was happy to take the time to help them fine-tune their product offering, and the benefits have far outweighed my effort.
The process was relatively straightforward. We gave The Missing Link access to our network, and they configured the scanning software. The vendor then liaised directly with The Missing Link to perform the scans. They don’t need to have engineers on-site; it’s a regular scan that can quickly and non-invasively reach areas of our network that a traditional engineer would never be able to get to. It’s not something that will ever replace our annual penetration testing, but it certainly complements the process. By running every five weeks or so, we can now be sure that any changes we have made to our network haven’t inadvertently created vulnerabilities.
The Difference
The Missing Link is a trusted independent security advisor and a tool in my security kit that I can rely on. They have a great management structure and a team of highly capable people. Importantly, I know that their team is there for me whenever I have any issues or need a really good independent discussion. Without them, our network would never have reached the level of security maturity it’s at today - we wouldn’t be able to sleep as well as we do at night, knowing that we have great security architecture and support.
Being able to tell our clients that we are working towards ISO accreditation or other industry standards for security is also great for our business. Even though we’re not quite there yet, being able to tick the boxes on a security assessment form and demonstrate that we’re working on a 24-month plan gives them confidence that we take security incredibly seriously.
Of course, as with every relationship, there are challenges - everyone’s busy, which sometimes means things don’t go as quickly as we’d ideally like. But overall, The Missing Link is a fantastic company to work with - I couldn’t recommend them more highly.
