In a world that runs rampant with identity theft, company security breaches and ransomware, investing in cybersecurity has become a must for commercial organizations. At Dewaele, a large SME in real estate that operates in just about the entire Flemish region, they realized the time had come to confer with a specialist and get a thorough assessment done in order to step up their cybersecurity and safeguard their operational reliability.
A renowned expert in cybersecurity
Dewaele has over 200 employees which operate all over Flanders and they continue to expand with plans to open 70 offices by 2025. Being active in real estate, their agents often deal with sensitive customer data like pay slips and identification numbers. Additionally, their employees heavily depend on IT to complete sales. As such, they realized that they could not afford to sit back and wait until one day hackers try to infiltrate their systems.
Dewaele had never had their security system scrutinized before, so they decided to contract a third-party security specialist to perform a thorough audit. According to Jan Tanghe, Head of IT at Dewaele, a collaboration with Toreon was the obvious choice as Toreon are known to be a reputable cybersecurity company with vast technical knowledge.
A holistic approach
CS -improvement trajectories by VLAIO is an initiative subsidized by the Flemish government to encourage SMEs to invest in cybersecurity. From January 2023 onwards, CS -improvement trajectories by VLAIO is offered at a fixed value of about €34784.5, of which 50% is subsidized. This initiative comprises three stages:
- Analysis phase: We start with a solid analysis of your current security. We do this through a combination of penetration testing and holistic risk analysis.
- Report & Roadmap: You will receive a clear report describing both business and technical risks, as well as a roadmap to eliminate key risks.
- The Journey: We work together to eliminate the risks. During this phase, you can call on our wide range of expertise, from policy experts to deeply technical experts.
The first stage consisted of testing Dewaele’s infrastructure to lay out which technical and organizational security measures, processes and roles are already present within the organization. This allowed Toreon to establish Dewaele’s maturity level in all security domains and to expose areas where there’s room for improvement.
Based on the outcome of the technical analysis, a plan is drawn up. Toreon offers a lot of flexibility regarding the implementation phase. Depending on the client’s needs, they help work out new policies and processes, optimize the cloud configuration, provide coaching, conduct extra penetration tests or, in Dewaele’s case, focus on raising awareness within the organization.
“Toreon was the obvious choice because they’re a renowned cybersecurity company with deep technical knowledge. Thanks to our collaboration with Toreon, my assumptions were validated. We gained some valuable insights and a roadmap to get us started.”
Jan Tanghe, IT team lead at Dewaele
Prioritizing measures with the most impact
Nowadays, cybersecurity is becoming more important as there are increasingly more cyber attacks by criminal organizations or even cyber warfare. As a result, governmental institutions are cracking down on illegal cyber activities and creating ever more complex legislation to protect organizations and individuals.
Companies are obliged to meet certain data security standards. It can be quite tricky for them to navigate these new legislative frameworks and figure out where to start to level up their cybersecurity. To this end, the CS -improvement trajectories by VLAIO initiative offers a significant advantage. It handed Dewaele a broad overview of how their security system was performing and in which areas they needed to take action to protect their company systems.
This approach hands companies like Dewaele an economic way to deal with the most important security issues first. After all, securing a company is much like securing a house. You can decide to fit the second floor windows with bullet-proof glass, but if you leave the front door wide open, you’re still putting your valuables at risk.
A focus on the weakest link
Optimizing Dewaele’s technical infrastructure to ward off infiltration attempts by hackers was only one element of the strategy to up their company security. Together with Toreon, Dewaele composed a fake phishing e-mail to test their theory that the person behind the screen is actually the weakest link. This e-mail, which was riddled with errors and looked highly suspicious, astonishingly allowed them to extract personal data from their employees in mere seconds.
This goes to show that the staff make up a significant portion of any company’s firewall. To raise awareness and educate their employees on solid security practices, Dewaele asked Toreon to organize a webinar during the implementation days. Afterwards, they used the lessons learned to instruct new employees during their induction days on the importance of cybersecurity and treating company and customer data with respect.
“Securing a company is much like securing a house. You can decide to fit the second floor windows with bullet-proof glass, but if you leave the front door wide open, you’re still putting your valuables at risk.“
Siebe De Roovere, Principal Consultant at Toreon
Prompt analytics reports & feedback
From the start, the collaboration with Toreon was very smooth and transparent. Jan mentioned that they very much appreciated not having to wait for weeks or months to get an analytics report. Feedback was always promptly given so that there was no delay in taking the next steps.
These analytics are not just important when it comes to allocating the budget and carrying out the right actions. It also provided Dewaele with a tangible way of demonstrating that they had achieved a higher security level with fewer incidents like phishing e-mails.
Valuable insights & a roadmap for the future
Thanks to the holistic assessments conducted by Toreon, Dewaele obtained a very clear understanding of which of their security features were performing well and where they needed to improve. Based on the outcome, they implemented various measures to improve their security system and generate more awareness among their employees, a crucial element of any successful security strategy. While protecting company data requires more than a one-off action, the project offered them valuable insights and a roadmap to keep monitoring and enhancing their security levels in the future.