Hicksons is a commercial law firm that assists governments, organizations, and individuals throughout Australia and Asia to create sustainable value by delivering legal and commercial advice, services, and solutions. Its breadth of expertise is reflected in its diverse practice groups and complemented by its industry and sector focus. The firm works across geographies with smart technology to keep connected to its clients.
The challenge
With the firm experiencing a period of high growth, Hicksons’ Head of Technology & Innovation, Michael Barrett, was seeking out ways to help improve the firm’s technology and security posture. “I’m always looking for new opportunities, new technologies, new solutions, and new platforms to help my lawyers be more productive and ensure they’re able to give our clients a great customer experience,” he explained.
When Barrett and his team saw an increase in the number of cyber incidents impacting Australian businesses, they knew it was time to take a closer look at email security. “We could see cyber incidents were becoming more prevalent. In June 2020, Australia’s then Prime Minister, Scott Morrison, announced that the country was under attack from state-based actors and the Australian Government would inject a lot more funding into cyber prevention and cybersecurity in general. I saw that as an opportunity to reflect on where Hicksons was most vulnerable.”
“I realized Hicksons had some enterprise-grade security tools — but that they were ‘after-the-fact reactive’ instead of proactive. I wanted something to help augment my existing set of technologies, and emails made the most sense — lawyers spend all their time in emails; they do everything via email. I knew that email was probably one of our highest-risk avenues and ingress points into the business. So I set about looking for something that could help protect both our lawyers and our clients.”
Hicksons’ existing Data Loss Prevention (DLP) solutions offered some protection, but the firm wanted more. “We have existing DLP solutions that we’ve tailored, honed, and refined. Egress Prevent was a great way to augment our existing DLP, solely focusing on email. Whereas our classic DLP solutions were more focused on minimizing the risk associated with uploading documents where they shouldn’t be or sharing them outside the firm, we needed something that would protect email and ensure data wasn’t being exfiltrated to unauthorised individuals, whether malicious or by accident,“ Barrett said.
Protecting the firm’s client data was its top priority, but Barrett realized any solution they selected also needed to be easy to use. “It was important to enable our users to have a frictionless experience where we take care of all the heavy lifting and the logic behind the scenes. We need to ensure data isn’t being sent where it shouldn’t and make it very easy for our end users.”
He continued, “We can never eliminate human error. We all make mistakes; we’re all doing things at increasing velocity, and we’ve got plenty of people in our address books that we’re communicating with. It’s so easy to send an email to the wrong Sarah, the wrong Bob, or the wrong Jane. There’s no magic bullet for these things, but we wanted a tool that would help reduce the chances of introducing human error and solve that problem.”
We did a 30-day proof of concept, which sealed the deal. Everything the Egress team talked about and everything we saw during the demo was delivered during the pilot.
Michael Barrett, Head of Technology & Innovation, Hicksons
The solution
Hicksons’ IT team considered email security solutions based on the company’s goals. “Anytime I’m evaluating a product, I always have key metrics, milestones, and goals that I’m looking to achieve — and Egress was no different. I had three specific requirements. The first was user experience: the solution needed to be zero-touch for my team from an implementation point of view. We needed the least friction possible to roll out the tool to the firm,” Barrett explained.
“Second, there needed to be negligible or no impact on my end users. Lawyers’ work is very time sensitive, and they’re under incredible pressure to meet their deadlines. Email is one of the core tools they have open 24/7, so any solution we chose needed to have NO impact on their ability to send and receive emails in Outlook,” he said.
“And finally, it needed to be reversible. Not all proof-of-concepts work out. I needed to be able to unwind our data, roll things back, and ensure our data was securely deleted. After working with Egress’ technical team, they gave me the confidence that we would be able to meet all those goals and milestones, so we moved forward with the proof of concept,” Barrett shared.
In just two months, the Hickson team realized they had found the solution that would help it fill its email protection gaps. “We did a 30-day proof of concept, which sealed the deal. Everything the Egress team talked about and everything we saw during the demo was delivered during the pilot. But one of the deciding factors that cemented my decision to endorse Egress Prevent and present it to our leadership team was when Egress kept me from making a mistake.”
“While using Prevent as part of our proof of concept. I was sending an email to numerous people in HR. Prevent popped up and said, ‘Are you sure you wish to send it to this person?’ Initially, I wondered what I had done that triggered Prevent’s message — and then I realized it had literally saved me from sending a private & confidential email to another Sarah in our company who isn’t part of the HR team. That was enough for me to realize that Prevent is exactly what we need in the business. After that, I was happy to move it forward and roll it out to the organization in a phased approach, starting with our internal Operations team before deploying it to all our end users across all the different business units,” Barrett explained.
Hicksons appreciated Egress’ ease of implementation. “It was plug and play — we could very quickly spin up and connect our email environments with Egress. And we also really liked Egress Prevent’s end-user experience; the gentle prompts it gives to ask the user, ‘Did you mean to send this to Sarah Smith instead?’ Egress calls out potential issues in plain English that our end users can easily understand,” he said.
Implementing Egress Prevent across the firm was “a seamless rollout experience”. It was seamless because the prompts that appeared on the screen told the user everything they needed to know. And then they’ve got the option to proceed or back out. The IT Security team also gets the analytics to understand who’s doing what — who’s just pushing ahead and who isn’t. That’s exactly what we wanted,” Barrett said.
I know for a fact that Egress has prevented potential data breaches. Since Egress Prevent has been in place, it has significantly reduced the number of potential data breaches.
Michael Barrett, Head of Technology & Innovation, Hicksons
The results
Egress Prevent has helped protect Hicksons against intentional and unintentional data breaches without introducing friction for end users. “I know for a fact that Egress has prevented potential data breaches. Since Egress Prevent has been in place, it has significantly reduced the number of potential data breaches. That’s been a great story we’ve presented to the leadership team — this tool is definitely helping the business,” Barrett said.
He continued, “We send and receive around a quarter million emails monthly. And the average number of times Egress Prevent prompts a user is once every 60 days. That’s very low friction and low touch for end users, which is great. And we’ve had fewer requests from people coming up to us, slightly panicked and stressed that they’ve just sent an email to the wrong person. We’ve seen a dramatic reduction in those requests coming through our helpdesk because Egress Prevent is now front and center, giving the user that final sanity check when abnormal behavior is detected — are you sure this is the person you want to send this to? That’s been enough of a prompt for them to do a quick sanity check themselves and not come to IT in a panic that they’ve just sent this email out.”
From an administrative point of view, Egress Prevent gives Hicksons’ IT team valuable insights into where additional attention is needed. “The analytics and insights from the Egress Security Center help show us where we need to do deeper dives or further investigations,” he said.
Hicksons’ IT team appreciates that Egress has helped improve the firm’s overall security culture. “Egress has helped boost our user education and awareness of all things cyber and security. The tool is doing exactly what we’ve told it to, and we continue to enhance and refine it,” said Barrett.
The firm also looks forward to new features on the Egress Prevent product roadmap. “I’m looking forward to some of Egress’ additional roadmap items that will give IT Security Administrators more granular control, allowing us to further fine-tune our DLP policies. That will supercharge us and give us even more value out of the software,” Barrett concluded.