Industry Sector: Construction
Location: Ascot, Berkshire
Construction
Aug 08 in Case study
Challenges:
- Hacking and ransomware (encrypted files)
- Weak site-to-site VPN tunnels
- Improved data retention required
Solutions:
1. Resolve server wide ransomware infection
Protec received a new enquiry from a business who had experienced a security breach via their main Terminal server (accounting and ordering platform). The hackers encrypted all files on the server along with all files on the clients secondary server. It was decided that the quickest approach was to restore from backups. Both servers rebuilt with the latest backup then being restored to bring the client to the latest point in time. Protec worked with the accounting platform partner to restore the accounting platform and perform a separate restore of the accounting data. Additional endpoint security software was then deployed to the servers to ensure protection against future breaches. All user password to the terminal server were reset along with 2FA/MFA protection being implemented to further increase security.
2. Implement secure encrypted site-to-site VPN tunnels between offices
Protec implemented a highly improved up to date encrypted tunnel which connected all of the businesses branch offices. This provided the much-needed improvement to ensure the sites were sufficiently protected and data kept private and encrypted between sites.
3. Review backups and data retention
To ensure the business data was protected and that the business was meeting it’s cyber insurance obligations Protec implemented a number of backup platforms. These were a combination of on-premise and cloud based. The backup routines ran multiple times per day, daily, weekly and monthly. To provide an additional point in time restore Protec also implemented an end-of-year backup which is to be kept indefinitely.