DX Stories: Havelaar & Van Stolk had to deal with cryptoware twice in one year, they had had enough.

DX Stories: Havelaar & Van Stolk had to deal with cryptoware twice in one year, they had had enough.

Together with partner SevenWinds, Sophos Intercept X was implemented to stop criminals from paralyzing the organisation.

At-a-Glance - Havelaar & Van Stolk, Oxford, Oxfordshire.

Industry - Financial services

Number of Staff - 250

Sophos Solutions

  • Sophos UTM
  • Sophos Endpoint Security & Control
  • Intercept X
  • Sandstorm Partner - Seven-Winds

Havelaar & Van Stolk is an all-round financial service agency for entrepreneurs and organisations. The insurance realtor relies on 70 years of experience and provides advice on many topics: ranging from salary advice and damage insurance to retirement funds.

Havelaar & Van Stolk takes care of the entrepreneurs’ insurance matters for the company, its employees and the entrepreneurs themselves.

The organisation itself employs 50 people, who are spread across the head office in Rotterdam and a smaller office in Zwolle. The management of the IT environment has been outsourced to partner Seven-Winds from Veenendaal.

There’s one person responsible internally at Havelaar & Van Stolk for application management.

Hit by cryptoware twice in a year

The Netherlands is one of the most targeted European countries when it comes to ransomware. Martin Geuze, Operations Manager at Havelaar & Van Stolk, experienced this first hand. “We had virus protection, but we were still hit by a cryptovirus twice this year.” Luckily, the company has a solid back-up policy, which means hardly any data was lost as a result of the ransomware. “But the systems did go down for nearly two whole days and it cost us a lot of money to restore all the files.” After the first infection, Geuze realised that there was a lot to be done in terms of employee awareness. But the organisation also had to improve its’ security on a technical level.

Detecting Zero-day attacks

After the second infection hit, Geuze asked his partner Seven-Winds to find a product that could effectively tackle cryptoware. “We realised that there’s no such thing as being 100% secure but we wanted to make sure we were optimally protected. It was our job to train our employees and to help identify possibly malicious mails and files.”

Richard Binkhorst, pre-sales consultant at Seven-Winds: “Of course we compared several products and vendors, but we use Sophos products ourselves – to our utmost satisfaction – and have been a Gold Partner for years. We asked Sophos to pitch in with a solution for Havelaar & Van Stolk and they suggested trying their new product: Intercept X. This enables us to even detect zero-day exploits. And that was exactly what we were looking for.”

Aside from Intercept X, the UTM Havelaar & Van Stolk used was upgraded with Sandstorm, making it possible to immediately scan all incoming files and emails. This was all topped off with the full implementation of the Endpoint Security solution.

Privacy is the greatest good

“Being a financial services provider we manage a lot of customer data. That means the prevention of data breaches is our biggest security challenge. It’s our highest priority to keep that highly confidential data within our walls”, says Geuze. The Dutch legislation on data breaches and GDPR has a high impact on the organisation. “We were always occupied with the protection of that data, because we want to prevent it from getting out in the open. That is one of the reasons we chose to use the solutions from Sophos. We wanted a product that’s known to be reliable. But the main reason was the product they could deliver that protects us against cryptoware.” Although the implementation took place just recently, Geuze is already seeing results.

The reports show a very high number of malicious mails are being intercepted and our employees hardly receive any suspicious messages anymore.

Train employees to become more aware

This does not cause Geuze to relax. “On a technical level, we have got our security in order, but we still have to keep working continuously to raise awareness amongst the weakest chain in security: our people. We insist that every employee has a responsibility to not open just about anything. We train our people to be alert.” Havelaar & Van Stolk do this by sending around examples of malicious emails.

As soon as suspicious message comes in that possibly contains a virus, a screenshot is made and sent to everyone explaining how to recognise such a mail. “We can see the attitudes of our people is changing. They act more responsibly now and take a minute to verify if a message is safe or not.

Sleep well at night

It doesn’t just cut down the risk of infection, now the technology intercepts a large part of the malicious mails, it also saves a lot of time from employees having to wonder whether they can trust an email or not. Geuze: “I’m seeing a lot less requests coming in from colleagues asking if they can open a file or can click on a link.”

But most importantly: Geuze sleeps better at night. “I sleep a lot better since the implementation took place. Because I know our protection doesn’t depend on our end users any more. Of course we know that there’s no such thing as being 100 percent safe and we always have to stay alert. But to me it is important to know that I’ve done the best I can to get our security to the highest possible level.”

View more articles here