Security within the ‘Bring your own device’ principle.
Finext is a family of consultancy companies, each with its specialism in areas such as marketing, back office, sales and finance. Finext works according to the principle that ‘simplicity works’. Simplicity accelerates and makes the organization more agile.
When it comes to security within a company, ICT plays a significant role. Especially if you have little or no time to arrange this yourself, it is helpful to engage a party you can trust to take care of all the work for you. For this client case, we spoke with Leon den Braber from Finext. Because every branch within Finext has its team, it is sometimes difficult to organize things. Our specialist Marco Janse has immersed himself in their situation and realized the best possible solution.
Leon den Braber: ‘’As a company, we like to focus on our core business. Our team consists solely of consultants. Furthermore, we outsource as much as possible, from our ICT to the administration..’’
Leon den Braber: ”As a company (Finext) we like to focus on our core business, our team consists only of consultants. Furthermore, we outsource as much as possible, from our ICT to the administration”.
Marco Janse: ”I took the initiative myself to approach Finext to raise potential security threats and problems with them. They were already working with a version of Intune, but the new version would be more suitable for Finext. Which works better with Windows 10. It has many more options than the old version also in view of the GDPR legislation that is coming”.
With Intune you will have a good overview of which devices are all connected, like all laptops and mobile devices in circulation. If you don’t have a good overview of how these are secured, you don’t know if your data is being distributed outside the organization or not. Also, you can’t control how your data is managed.
Marco Janse: ”The old Intune version was only on a number of laptops so you did not get accurate status reports of all laptops (such as laptops that were inactive for a longer period of time). New laptops are now immediately added to Intune, so you always have an up-to-date overview. This used to be done manually, not every user logged in, so it quickly became confusing and didn’t give a real picture of all users”.
Marco Janse: ”In the event of theft or loss of a device, you didn’t know whether it was adequately secured. With Intune, you can implement conditions such as automatically encrypting all documents. The encryption is done via Bitlocker. Employees receive a notification when they have not yet configured it and therefore do not comply with the policy.
At the time of writing, a small percentage still needs to be linked. Many employees are often seconded to customers so it took some time before everyone was completely up to date. For example; some employees were still working with Windows 7 or hadn’t used their laptop for a while and therefore missed updates. First all (mobile) workstations had to be brought up to date before a link with the organization and Intune could be realized”.
Leon den Braber: ”With the new AVG coming up, we as a company also need to be well prepared, that was a big part of our decision to take it seriously. Within our company, a great diversity of devices was created because every employee purchases his own device. So it can happen that our employees use a laptop or phone for both business and private purposes. There is also no obligation for the type of device. The type of operating systems that are used is also very different.
We work a lot with financial companies so there really shouldn’t be any data on the street. With Intune, we hoped to create a safe and organized environment while maintaining the identity of our company”.
Leon den Braber: ”With the new AVG coming up, we as a company must also be well prepared.”
Marco Janse: ”We are currently working on the policy within the organization and the right level of access needs to be determined for users. This is in case there also be confidential documents and folders that not everyone can access. Mobile devices such as business phones still need to be added to Intune, in addition to all laptops that are already logged in.
We also set up Multifactor Authentication for all users last month. This always requires a second factor to be able to authenticate, such as an SMS or an app on a smartphone. With this, they have to confirm their identity with an extra step when logging in”.
Marco Janse : ”First we made an inventory of who still worked with the outdated Intune version and who did not.
Then we communicated to all employees that a transition would take place soon and described all the steps.
In preparation for the rollout, we set up the new Intune environment and incorporated certain policy checks in it. As a result, every device that is linked must meet certain requirements.
After that, we supervised the employees around the new system and fixed any problems.
All niches within Finext have their own ICT manager. They have had a pilot of the new Intune and then an email was sent out with actions that must be carried out properly before, during and after the transition. Every once in a while, all ICT managers receive an update with information about the users and what still needs to be done. By now, almost all employees are already well connected”.
Leon den Braber: ”Referit has been our supplier for a long time and manages our IT environment. When there was a new version of Intune, we had agreed together that it was necessary for our company. We started rolling it out at the beginning of this year and now we are working on the final arrangements. In total there are 150 of us, so this is all arranged pretty quickly”.
Marco Janse: ”Intune is a program for workplace management, which includes laptops, phones, and all other devices within the organization. These can be managed, remotely managed and provided with the current policies of the organization. This way you can, among other things, encrypt the device and its documents or implement updates. For example, you can also implement a major feature update in phases so that it runs more smoothly, which can be useful for a larger company.
Security updates are immediately forwarded to all users. Antivirus policy and monitoring is also possible. With Windows 10, Android and iOS you can get the most out of it in terms of options. All kinds of actions that are important to the company can be arranged thanks to Intune.
By the way, private data cannot be viewed and all users are notified of what Intune can and cannot see and manage.
If a user lags behind with updates, it can happen that there is limited access to business applications and data so that your organization is not at risk.
In case of theft or loss of your device, you can remotely erase it. As soon as you connect to the internet, all data is remotely erased. Also, all data is already encrypted so that even an advanced hacker can’t do anything with the files on the laptop or phone.
Before the 25th of May we are still looking at further policy steps. There are many possibilities, but this depends on Finext’s interests and policies. In this respect Referit mainly has an advisory role. In the end, of course, the customer always determines the policy.
Intune and Multifactor are already a standard part of Office 365 and Enterprise Mobility & Security”.
Leon den Braber: ”The system works well, we haven’t encountered any problems so far, so then you can conclude that it works. The feeling of security and that you don’t risk any fines is a nice feeling. This allows us, as a company, to be well prepared to go into the new regulations. Our ”Bring your own device” principle can be risky, so it’s good that this is now regulated.
Marco Janse: ”Everything has been reviewed and secured again. The personal contact with the employees was also very nice to explain to them the importance of the security measures. And why this change was necessary.
Leon den Braber: ”For the most part, the transition went quite smoothly, occasionally there were technical issues or the instructions were not yet completely clear to our colleagues. All ICT managers of the various departments helped the rest of our colleagues with the transition. If they did not quite get out of it, the person in question was put in contact with Marco to solve it”.
Marco Janse: ”The policy will be reviewed regularly and both Intune and new Windows versions often get new features. This allows you to proactively manage to add these features again or make changes.
At this moment I will keep on advising them about all new developments in security and the benefits of this for the company. I also create the reports, so that Leon and the ICT managers at Finext have an overview of all users and what still needs to be done each week.
Also, procedures still need to be adapted, such as for employees who go in and out of service. In order for these procedures to run smoothly, we can, for example, work on a standard information package that the new employees receive on how to get started with Intune. Because of this, the processes within the company also have to keep up with these changes”.
Leon den Braber:”Short lines and they have a clear understanding of things! The direct approach and accessibility is very nice, you immediately have the right person on the line and you know what you get out of them.
Within a reasonably short period of time everything is well arranged by Referit. We as a company are fairly unstructured and chaotic. We got all the instructions through Referit in normal human language so everything was clear to us. And thus being able to create order in our ”chaos”. It’s nice that we always come out of it together. We can go to Referit for any problem and I’ve never experienced anything we haven’t been able to solve”.
Leon den Braber: ”It is nice that we always resolve any issues together. We can come to Referit for every problem and I’ve never experienced something they haven’t been able to solve”.
Marco Janse: ”There is now more awareness within the company about the risks of data loss and the consequences of this for the organization and any parties involved. That in itself is a huge step in the right direction. It also provides a lot of understanding around the transition. And steps have actually been taken in the area of business information (and that of Finext’s customers)”.