Managed IT Services Brisbane, IT Managed Services Brisbane

The Company

Mediorite is a London-based social enterprise founded in 2010. The company is an award-winning creative agency that produces video and photography content.

Core Services:

• Corporate films, videos, and photography

• Animations and scriptwriting

• Training programmes

The company as a whole is instrumental in training young people from diverse backgrounds and offering them paid work. Its mission is to address youth unemployment. In 2019, Mediorite reached 260 young people via free accredited training, work experience, and paid work; the majority of these people were NEETs (young people aged 16-24 years who are not in employment, education, or training).

The Challenge

Mediorite’s largest client is a global consulting firm. The firm loved their work and wanted to commission more. In order to move ahead with additional work, the firm advised Mediorite that they would need to satisfy the firm’s extremely stringent compliance requirements.

Mediorite was permitted to produce media content that was publicly accessible for the client. However, for them to be approved to produce media content that was commercially sensitive, Mediorite was first required to pass a compliance audit. The audit consisted of approximately one thousand (1000) questions, which address every aspect of the company’s operations. In order for Meteorite to successfully address the firm’s requirements in full, enormous structural changes were needed at all levels.

The Details

The team at Exxa were engaged by Mediorite to assist with the successful completion of the extensive audit-questionnaire for assessment by the firm’s compliance team. Based on an analysis of the Mediorite ecosystem, Exxa’s recommended new security initiatives, policies, software, and various other technologies need to be implemented to satisfy their stringent requirements.

Desired Outcomes

• Successful completion of the compliance audit

• Overhaul of the ecosystem

• Provide automation to improve business workflow by streamlining operational efficiency

Objectives

• A rigorous set of IT policies that all employees were to be made aware of, acknowledge, and sign off on. This is an essential part of the process so that all employees know their responsibilities.

• Regular cyber security awareness training for all staff.

• Data classification policies and software to enforce security and limit accessibility for sensitive data. Machine learning technology to automatically classify data types by sensitivity and restrict accordingly to prevent data leakage and the possibility of data loss.

• An offsite point-in-time backup for all of Mediorite’s data, both onsite and in the cloud that adhered to the client’s requirements (i.e., completely encrypted in transit, at rest and SOC/GDPR compliant).

• An assessment of the company’s security posture through penetration and vulnerability testing. Remediation of any vulnerabilities and hardening of any devices, public facing or not.

• An enhancement of security throughout the business with the implementation of a strict password policy, Multi Factor Authentication (MFA) and Mobile Device Management (MDM).

• Full patch management system at the operating and application levels.

• Comprehensive and regular reports detailing all facets of the business, including but not limited to patching of devices, uptime, anti-virus vulnerabilities, comprehensive audits of data including user access of the data, infrastructure vulnerabilities, cyber security training, user completion, and application security.

“We had the onerous challenge for a SME because our global corporate client wanted to treat us like one of their larger partners but Exxa made the whole process painless and smooth. Their expertise was recognised by our client building trust throughout.”

Leanne Rogers: Head of Creative Department

The Process

Via working with Mediorite’s key personnel, the following IT Policies & Documents were created:

• IT Data Disposal Policy

• Access Control Policy

• IT Password Policy

• Patch Management/System Logs Policy

• Vulnerability and Remediation Policy

• A comprehensive Information Security Policy

• Incident Response Document

• Change Management Document

• Business Continuity Document

To be of value to the business, policies and documents must be implemented effectively. In order to minimise the prohibitive amount of work required to enforce these policies, it is essential to leverage software, machine learning, and automation.

Software:

Exxa installed Ninja RMM onto all Mediorite computers. The key features are:

• Enforces Patch Management at the operating system and application level.

• Automated and scheduled tasks to proactively remediate against many common operating system issues.
• Complete audit of all devices and configurable notifications for critical software security and hardware issues.

• Enhanced reporting functionality for asset management, device health, installed programs, antivirus status, and patch management status.

• Remote management using TeamViewer allows Exxa to remotely manage and deal with any issues.
• Remote registry, and command prompt access to fix customer issues without desktop interaction.
• Bitlocker/Filevault recovery key information

• Integrated Webroot Anti-virus

For the purposes of AI based ransomware protection, point-in-time backup, data classification, and auditing of data usage and apps for Google Apps Suite, Exxa installed SpinOne.

• Classify data based on the Information Security Policy and automatically enforce and restrict document access based on sensitivity.

• Auditing functionality allows full visibility and reporting of data access and sharing for users.

• Ransomware Protection locates attack patterns via Artificial Intelligence, stops the attack, and then automatically recovers any encrypted files.

• Help identify security risk, business risk, and compliance risk. The ability to blacklist risky apps and extensions and prevent data breaches.

• Point-in-time backup and restore.

Mobile Device Management and Hardening of Google Apps

Google Apps have a lot of built-in security features that can be leveraged, including an easy to configure MDM service and hardened email anti-spam configuration. Multi Factor Authentication (MFA) was implemented across all available devices.

• Cyber Security Awareness Training: With staff up to date on their responsibilities, EXXA implemented Cyber Security Awareness Training and simulated phishing attacks to educate users in protective measures. The time sensitive training course was rolled out and enforced by management. Training is ongoing. Reports are produced to ensure compliance by all staff.

• Vulnerability/Penetration Testing: Software was used to automate scanning and penetration testing. The results were then used for the Exxa team to remediate and ensure compliance. Reports were presented to the client. Monthly scans were then scheduled to ensure continued compliance.

• Encryption: The Exxa team meticulously encrypted all assets up to and including all hard drives, devices, in transit, and at rest.

Outcomes

• Mediorite passed the client’s audit very successfully.

• Feedback offered to Mediorite regarding their extensive changes was extremely positive; Mediorite continue to work for the firm.

• Any and all weaknesses and vulnerabilities identified in the analysis of Meteorite’s ecosystem were corrected.
• All key Mediorite personnel have the latest training programmes.

• All software, data migration, policies and relevant documentation have been updated, created, and completed.

Why EXXA?

EXXA—a full cycle management and IT support agency that is driven by the strategic objective of protecting and enhancing business value. As an agency, our advice, management, and ongoing support provide all stakeholders in your business with both immediate and tangible short and long-term results, plus potential competitive advantage that is emphasised by defined IT roadmaps.

MEDIORITE