Securing High-Value Customer Data and Financial Information
IT Link advises thousands of high-profile clients, empowering each of their respective businesses. The organization supports a wide range of innovative clients across industries and sectors, including:
- The safety of goods and people
- Healthcare technology
- Earth sciences and environmental protection
- Future-focused technologies
- Organizational effectiveness
For Nicolas Roux, CIO and CISO of IT Link, data privacy and security are vital to ensuring strong relationships with customers. “We must protect all sensitive customer information and data. It even happens that some of our customers impose protection solutions on us during our exchanges to meet internal or regulatory obligations specific to particular industries such as automotive or defense,” Roux said. “We share many documents with these customers as email attachments because our Google Drive is not accessible by external users. We cannot share anything from our Cloud. We encrypt and share contracts, quotes, calls for tenders, personal data or financial data that cannot be disclosed, because we are listed on the stock exchange. These are basically our Directors and CxOs who handle sensitive data on a daily basis.”
For Roux, quickly deploying security tools from Virtru was a priority to ensure these communications remained secure.
ISO 27001 Compliance: Encryption for Inbound and Outbound Communications
“IT Link has a commitment to the ISO 27001 standard, for which we are certified and must demonstrate that we have deployed the right data protection devices,” Roux said. “Encrypting data is emphasized by ISO 27001 as a critical control to ensure the principles of confidentiality, integrity, and availability of information.”
Because IT Link has such a high velocity of information flowing in and out of the organization, it needs tools that allow for easy sharing without sacrificing security.
“We have just discovered the Virtru Secure Share file-sharing solution, which perfectly meets the needs of several of our teams,” Roux added. Those teams include:
- Development and R&D Teams, who need to share code and documents with customers. The customers can, in turn, take advantage of Virtru's technology to send us protected documents.
- Recruitment Team, which must respect GDPR in the exchange and storage of candidate data. “We destroy this information located in our HR CRM,” Roux said, “but it remains complicated to proceed with data deletion when this data is located in emails or attachments, especially when it is the candidates who send us documents. We can secure the full chain now, thanks to Secure Share and Virtru for Google Drive.”
Virtru’s Immediate Impact for Executives
In terms of the impact of Virtru products, Nicolas Roux indicates that it was immediate, especially for Directors and CXOs, who need to share sensitive data daily.
“It was essential to respect the confidentiality and data of our customers, to respond to regulatory requirements such as GDPR and the ISO 27001 standard, and protect against all potential external attacks,” said Roux. “It is the latter that made our company aware that it was necessary to deploy data protection for our emails and our files.”
Leading by Example: Creating a Security-Aware Culture
In terms of change management, Nicolas Roux has clearly communicated the need for cybersecurity internally. One method was a set of internal phishing email tests for employees — the results of which he published, making the exercise even more impactful.
Employees now understand why data security is so necessary. After the exercise, Roux included Virtru in the company’s data protection process and policy documentation. There is also a cybersecurity module on the company’s e-learning platform that covers Virtru for email and file encryption. Finally, Roux regularly posts communications on cybersecurity on the company intranet.
“In terms of adoption, the feedback from the field is rather very good,” says Roux. “Virtru is easy to use, there is no need for support, and the autonomy is fast. The administration of the products is simple and efficient, especially for a small IT department like ours. Feedback from external users who receive encrypted emails and who read them with the Secure Reader is pretty good, too.”
Roux knows that cybersecurity is an ongoing journey, and there is still more to do. Roux wants to implement Virtru's DLP rules for email to better target and automate data protection.
Advice for Fellow Security Leaders
We asked Roux what advice he would give to fellow technology and security leaders who are choosing a data protection platform. Here’s what he told us:
- Choose a partner who respects local regulations specific to its market.
- Keep control of the encryption keys and store them locally.
- Plan for change management and product adoption that takes into account upstream communication by explaining that data protection is not a constraint, but is a strength for the business, its brand image, and credibility.
- Do not lose sight that these solutions can be a business accelerator if they are well implemented and used. More and more, our customers, through their calls for tenders, require data protection solutions.
- Finally, “leading by example” and working with the C-Level team gives more impact to change management by linking security strategy to the daily workflows of the company.
“IT Link is on its way to Zero Trust, and Virtru has become an important part of our system,” concluded Roux.