Addressing Cybersecurity Vulnerabilities Without An In-House IT Staff

Initially, Seasons Living, which provides safe and vibrant senior living communities across Queensland, engaged Mangano IT to address the organisation’s legacy applications and end-of-life infrastructure, including various PBX telephony systems and on-site servers.

However, early conversations revealed that Seasons Living did not have someone internally who was managing IT from a strategic perspective. Not only did this result in operational inefficiencies and disruptions for Seasons Living, it also left the company vulnerable to cyber-attacks — as well as the costs associated with resolving a breach and the potential for significant reputational damage.

Making Security a Priority at Seasons Living

Mangano IT’s security specialists worked closely with Seasons Living’s CEO to undertake a detailed review of the company’s systems, including identifying critical services and infrastructure in order to manage risk associated with those assets. As a part of this work, Mangano IT leveraged its deep bench of talent to evaluate each of Seasons Living’s infrastructure, comparing their configurations against best practice standards.

Further, Mangano IT mapped Seasons Living’s risks against National Institute of Standards of Technology (NIST) guidance to gain improved visibility into security risks, as well as a methodology for managing prioritised risk moving forward. By mapping Seasons Living’s baseline status against specific NIST CSF subcategories, Mangano IT was able to generate an overall snapshot as to which NIST CSF categories the company has addressed and its remaining gaps, in addition to providing a standard against which the company can measure its progress over time.

The NIST Cybersecurity Framework (CSF) provides a customisable, digestible methodology to identify and manage cyber risk within an organisation and prioritise the most effective use of resources.

Paul Mangano, Managing Director, Mangano IT

Going Beyond Standard Security Assessments

The result of Mangano IT’s work was a 150-page Security Assessment, which set out 40 recommendations based on the risks. Compared with market-standard automated security scans, the hands-on nature of Mangano IT’s in-depth technical risk assessment process helped to identify risks that would have otherwise gone undetected by Seasons Living.

Both short-term and long-term recommendations were included in Mangano IT’s reporting, as was a separate document detailing the prioritised risks identified and a corresponding three-year implementation plan. Importantly, these findings were presented not as technical documentation, but as a PowerPoint business case. This ensured that both the risks identified and Mangano IT’s recommendations would be accessible to all members of Seasons Living’s team, regardless of their technical fluency.

Mangano IT’s robust risk assessment gave us important line of sight on the extent of our potential risks and ensured we could rate, prioritise and address these as part of an ongoing program of security improvements.

Tracey Silvester, CEO, Seasons Living

Some of the key risks identified by Mangano IT include a lack of visibility and prioritisation of cybersecurity risks on Seasons Living’s part, identity and access management (IAM) issues — including the use of shared accounts and multifactor authentication (MFA) not being enforced on all accounts — lax network restrictions, and a lack of data loss prevention (DLP) efforts, such as email security measures and insider threat protection.

Improving ‘bring your own device’ (BYOD) device policies, deploying insider threat protection measures, disabling legacy authentication, enhancing internal network protection, and developing business continuity and incident response plans were all examples of opportunities identified for Seasons Living to improve its security posture as well.

Taking Action to Build a Secure Future

Throughout this initial phase of its work with Mangano IT, Seasons Living has improved security by implementing Microsoft InTune to manage application provisioning on user devices, creating safeguards that allow users to access applications without compromising security, establishing stronger BYOD protocols, and implementing an additional Office 365 backup.

Implementing other ‘quick wins’ recommended by Mangano IT work — such as restricting guest usage of the company’s corporate WiFi network — ensure that Seasons Living is already seeing measurable improvements from its investment in security.

In addition, the company will have a clear plan to follow in the event of a cybersecurity incident. Combining Mangano IT’s templated incident response protocols with a tabletop exercise that allowed their guidance to be tested and customised for Seasons Livings’ needs means that — should a breach occur — both the business impact and cost of responding to a breach will be minimised.

Most Recent Projects
  • How Wildbreads Fresh Modernised Their Legacy Citrix Infrastructure with Microsoft Azure Cloud

    How Wildbreads Fresh Modernised Their Legacy Citrix Infrastructure with Microsoft Azure Cloud In 2021, Wildbreads Fresh Pty Limited split from Wild Breads Pty Limited (now Nomad Breads Pty Limited) with a new focus on supplying fresh baked goods to cafes and small stores. Following this reorganisation, Wildbreads Fresh—which currently boasts roughly 60 users across Queensland,...

    Read more
  • Supporting Future Growth with Scalable Cloud Infrastructure: Why Sherrin Rentals Migrated to Microsoft Cloud

    Supporting Future Growth with Scalable Cloud Infrastructure: Why Sherrin Rentals Migrated to Microsoft Cloud Sherrin Rentals are an Australia-wide industry leader in the supply of heavy earthmoving equipment rental, with their extensive national fleet including compaction rollers, excavators, water trucks, track loaders, wheel loaders, skid-steers, and truck mounted elevating work platforms (EWPs). Tracing their heritage...

    Read more
  • Protecting 20+ Years of Legacy Data Through a Modern Platform Migration

    Mangano IT Helped Butler Partners Protect 20+ Years of Legacy Data And Move to a New Era of Efficiency Butler Partners, a geotechnical, geo-environmental, and groundwater consultancy, specialise in investigation, design, materials testing, and construction control for diverse projects in various locations and environments. But although the firm is highly recognised for their practical approach...

    Read more
  • Security Assessment Creates Framework for Improving Seasons Living’s Security Posture

    Addressing Cybersecurity Vulnerabilities Without An In-House IT Staff Initially, Seasons Living, which provides safe and vibrant senior living communities across Queensland, engaged Mangano IT to address the organisation’s legacy applications and end-of-life infrastructure, including various PBX telephony systems and on-site servers. However, early conversations revealed that Seasons Living did not have someone internally who was...

    Read more