In 2018, Fix & Fasten was scaling at speed.
Distributing specialist fasteners and associated products to an ever-growing list of customers in such industries as manufacturing, engineering and construction, the Victorian-based company’s future looked bright.
Fix & Fasten was so focused on enabling this growth that it overlooked other concerns – including cybersecurity. That was until malicious actors staged a phishing attack on the company in 2018.
During the attack, the cybercriminals seized the company’s data and held it for ransom. Luckily, Fix & Fasten had a contingency plan that meant it still had access to its system, and the attempt was foiled.
Just two months later, Fix & Fasten suffered another cyberattack. Employees were denied access to its systems and the company lost two weeks’ worth of data.
Then in 2020, Fix & Fasten fell victim to yet another phishing attack. While the company didn’t have to pay the criminals to release the stolen data, it did have to pay to reclaim its IT environment. This and associated losses amounted to around AU$100,000.
These alarming incidents prompted Fix & Fasten to begin migrating its data from on-premises storage to the Microsoft Azure cloud. But according to IT Manager Ricardo Posada, the company’s hybrid environment had not been properly secured.
“I could access our database server from my personal computer, and our IP address was public,” he explains.
As Fix & Fasten continued to migrate its data to Azure, Posada and his team knew they urgently needed to ramp up risk management processes and double down on cybersecurity investments. In searching for a solution, Posada was introduced to Microsoft’s partner MODEX.
“We did our research, and MODEX was the company that really asked questions. We had a long conversation and thorough assessment,” he says.
“One of the suggestions was to move to Microsoft 365, which would provide further security. This gave us control over devices, environments and users, and everything became more connected and secure. Essentially, MODEX fixed our IT architecture.”
Part of the solution Fix & Fasten has deployed is the Microsoft 365 Defender security stack. This includes protection of email and collaboration applications from zero-day malware, phishing and business email compromise.
Phishing emails are now blocked and if they do penetrate, they are flagged as coming from an external address, even if they appear to be coming from someone internally. These mechanisms have made security threats instantly identifiable. As a result, Fix & Fasten can mitigate risks before they mature.
The path to a secure future
With Fix & Fasten now in a more resilient position, Posada shares his advice for other IT leaders looking to embark on the same journey.
“The first thing to do is to identify where you want to go technology-wise. Establish your mission and a vision that aligns with that of your directors,” he suggests.
Posada emphasises the importance of finding the right partner. With technology changing so rapidly and risks becoming more sophisticated and targeted every day, he says it’s essential to deploy a solution that will provide the most appropriate protection for the specific line of business.
“Finally, listen to your users,” he concludes. “A big factor is how flexible the solution is. The more agility it has, the more control you have, which in the end will save on cost.”
Since deploying the new security architecture, Posada estimates that Fix & Fasten has seen a 50 per cent decrease in technology costs. He attributes this to employees feeling confident navigating the company’s system, which in turn reduces the time IT personnel need to spend troubleshooting.
“I was once taking 20 or 30 calls per day from employees complaining the system didn’t work,” he says.