The company
Northcott was established in 1929 by the Rotary Club of Sydney in response to the polio epidemic. At that time, it provided services to children with tuberculosis, polio and other diseases who had been excluded from mainstream society.
Fast forward to today and Northcott is a not-for-profit disability service provider with the purpose of building an inclusive society where people can live the life they choose. Northcott supports people with disability to reach their full potential by providing personalised, diverse and dynamic services, delivered by a committed team.
As one of Australia’s largest not-for-profit disability service organisations, they provide services from metropolitan and regional locations throughout NSW and the ACT. Northcott employs around 2500 staff and provides services to more than 13,500 people with disability, their families and carers each year.
The situation
Recently, Northcott’s senior management and Board members were becoming increasingly targeted with phishing and whaling attacks. At the same time Northcott had decided to move from infrastructure-as-a-service to hybrid cloud last year and found the current spam solution could not be migrated. Northcott needed to find a product that could meet its new hybrid cloud requirements, fill any security gaps and provide an agile approach to the evolving threat environment.
Northcott CIO Paul Herbert explained: “We were being hit by more and more attacks. The legacy system simply wasn’t protecting us against the sophistication of the targeted attacks we were under. But it was the whaling attacks in particular that caused us headaches.” Compounding this situation was the requirement that a new solution should meet legislative requirements and minimise corporate risk, all while empowering Northcott’s large, mobile workforce to deliver exceptional service.
“We needed a solution that offered protection and archiving,” Paul noted. “Australia is currently undergoing a Royal Commission into disability services and that requires us to be able to archive all emails and quickly and easily retrieve them. Our legacy system meant emails could be deleted and eDiscovery was very time consuming. Without proper archiving and eDiscovery tools, it was difficult to respond to formal requests for information and internal business matters.”
The solution
Northcott’s IT partner, Bright Tech, started the digital transformation process by firstly shifting Northcott to a more modern Exchange environment. From there, they called in SMX to address the email requirements.
SMX Channel Manager - New Zealand, Shayna Bryers, explained: “It was very clear from the outset that Northcott needed to be on SMX Accelerate. With their increasing number of phishing and whaling attacks, mobile workforce, ever changing volunteer base, legislated level of data protection and auditability requirements, it was a perfect fit.”
As a not-for-profit organisation, Northcott’s budget cycle had to be taken into particular consideration. The project was therefore split across two financial years. “Once Northcott transitioned to Exchange 2013 we first provisioned SMX Secure Email Gateway to provide a base level of email security. By using a layered filtering system and focusing on regional threat landscapes, Northcott’s users are now protected from almost every email threat. This addresses their need for top level security,” Shayna said.
“Once the new financial year ticked over, we commissioned SMX Accelerate. This provides them with auditability and easy access to every email and every attachment from every single email user they ever had, and ever will have.”
Additionally, to ensure compliance with local Australian email regulations, Northcott’s email archive is hosted in Sydney through the Microsoft Azure platform.
From Northcott’s perspective the implementation went smoothly. “It was pretty much out of the box, with minimal configuration,” Paul added.
The results
The results speak for themselves. Northcott’s emails are now well protected. It’s business as usual for staff while the organisation’s archive is building daily, providing insurance should they need it in the future.
Northcott Service Delivery Manager, Patrick Ramos, added: “The SMX suite is incredibly powerful and simple to use. We put in the details of the specific staff we want protected from whaling and it’s done. It’s very easy to block domains and individuals and it's also very easy for reporting.
“It’s also been a great learning tool for staff. SMX has encouraged us to look at how we use email. It’s really put a spotlight on it and had a flow-on effect to updating policies and regularly educating the workforce.”
Across Northcott’s 2600+ mail boxes, the organisation is now blocking approximately 800 spam messages per day, around 6,000 per week and so far have avoided 34 additional threats, trojans and malware.
Paul continued: “Before SMX, the process of archive retrieval was very challenging. But SMX is a great archiving filter; it’s been really brilliant. We can now say with confidence that we can find any email – and quickly!”
And the final technical bonus for Northcott? “It also works in conjunction with Microsoft Exchange, which is awesome.”
Patrick added: “SMX has taken away the pressure and worry from the day-to-day process of email management.”