Flourish Australia

In response to the increasing threat landscape both in Australia and globally, Flourish Australia acknowledged the need for greater cybersecurity awareness across the organisation

 This case study was originally conducted by Huon IT, which is now integrated with Kyocera to deliver end-to-end technology services for organisations. 

Kyocera’s Cybersecurity Program is a 12-month program customised for C-level executives, as well as IT & Compliance teams. The purpose of the program is to advise leadership teams through assessment, planning and continued guidance of an organisation’s cybersecurity strategy.

At the outset of the program, a Cybersecurity Audit was carried out across Flourish’s technology, processes and people, to establish an initial baseline of cyber risk. This was based on the National Institute of Standards and Technology (NIST) framework and included a business-friendly report (including review items, comments, risks and recommendations, which are ranked by severity), as well as a vulnerability scan and the relevant results.

Improved the awareness of cybersecurity within the organisation. It was great that the program was run by an experienced independent source, which gave it credibility and helped it run smoothly due to Kyocera’s experience in running the program.

- Marcelo Pena, Manager, Information Technology, Flourish Australia

Their Story

With about 1,000 staff members, numerous offices and clients, Flourish Australia knew the importance of protecting their data, IP network, staff and client confidentiality. “Kyocera was initially brought in as independent consultants to conduct a penetration test” stated Marcelo. “That was the first time we engaged with Kyocera. The next project was the Cybersecurity Maturity Program that was initiated last year.”

Challenges and Solutions

The Challenges

As a not-for-profit (NFP) organisation, Flourish’s challenge was to ensure that their organisation was mature enough to deal with today’s increasingly risky cybersecurity landscape. The general consensus amongst key stakeholders was that there was a need to increase focus on cyber awareness for employees, as well as addressing concerns over their current email filtering system.

Flourish Australia also acknowledged that they needed regular compliance checks and audit processes across the organisation to improve governance. Having external consultants work on the program was a good way “to have our knowledge and effort independently validated” says Marcelo. “It also helped us to prioritise and get business-critical items achieved and other projects over the line” that previously hadn’t been possible.

A key element of the program’s success was Flourish’s organisational culture being receptive to increased training in the area of cybersecurity, a credit to the top-down support by their CEO, Mark Orr.

The Solution

The 12-month Cybersecurity Program included the following steps:

• Discovery: Interviews of Flourish’s key stakeholders and a technical audit across the system.

• Workshop: Security experts from Kyocera facilitated a collaborative workshop to explain the discovery findings, discuss recommendations, and agree on prioritisation with Flourish’s team.

• Improvements: Quarterly meetings were then held to review progress and drive Cybersecurity Maturity improvement initiatives throughout the year.

Across the risks identified, over half have already been either mitigated or moved to a higher maturity status during the 12-month program. The balance is under continual review. Some of the key cybersecurity risks that were addressed included.

• Implementing Cybersecurity Awareness training for staff members

• Implementing a Password Management System

• Multi-factor Authentication (MFA)

• Establishing proper processes for Change Management

• Improved email filtering

• Stronger data encryption

The program was such a success that Flourish Australia engaged in further penetration tests as well as commencing the ongoing Cybersecurity Awareness Training.

Flourish is pleased that the program improved their network and computer security, increased awareness amongst general staff and the company’s data is more secure as a result of the program. They are also more confident that their security posture fulfils government regulations and complies with Australia’s Privacy Laws.

Marcelo added, “We have been extremely happy with Kyocera and will continue to work with them. Flourish Australia has benefited from their experience in Cybersecurity, Office 365, and other applications that are required to run an organisation and how they fit together.”

The Results

• Improved external network security

• Increased internal cybersecurity awareness among staff

• Enabled better Government compliance

• Continuous improvement plan to combat evolving cyber threats

The way the project was led was impressive and I would highly recommend the work that Kyocera did for us, particularly in regard to cybersecurity and penetration testing.

- Marcelo Pena, Manager, Information Technology, Flourish Australia