CareSuper is a leading industry super fund for people in professional, managerial, administrative and service occupations in all business sectors. The fund’s objective is to help members achieve the best possible lifestyle in the future by using an actively managed and long-term strategy that’s driven by a proven investment philosophy.
We spoke with Nigel Doodt, IT Manager at CareSuper, to find out more about the company’s cybersecurity strategy and their experience working with MailGuard.
Can you tell us a little about yourself and your journey with CareSuper?
I started with CareSuper about 3.5 years ago as the fund’s first full-time IT employee. Before I arrived, there were approximately 80 employees in total. Today, that number has grown to 150. I came onboard during a time of rapid growth within the business. Over time, we built up our internal IT function and have come from relying completely on managed services, providing a service desk managing IT projects and server and network infrastructure administration, to an all in-house and fully operational IT team which consists of seven of us.
What does your role entail? Any highlights so far that you’re particularly proud of?
I’m proud of the fact that we’re the first ones to deliver a fully on-site IT department. It’s been great to see the fund entrusting the IT department and availing the benefits that go with the service desk being embedded within the business.
As IT Manager, I head up the department and the service desk sits under me, with the broader team supporting areas like data governance, cybersecurity, and systems admin & projects. Cybersecurity is a big part of my role. We are a regulated industry under APRA (Australian Prudential Regulation Authority). Therefore, we have a whole lot of regulations that we need to comply with, along with executing our own cybersecurity strategy.
Speaking of the business’ cybersecurity strategy, CareSuper is, by the nature of what it does, custodian of valuable and confidential member data. As a seasoned professional, are there any strategies or processes you typically recommend for protecting data?
First and foremost, for us, it’s about making sure you understand your environment, understand what your most important assets are, and how critical they are to the business. From there, we need to understand the different levels of control that need to be implemented in order to secure the different assets. So, for instance, if we’re dealing with highly sensitive data, like member data that we hold, we need to ensure we have all the right controls in place to protect that data so we can mitigate the risks of a data breach.
Let’s talk about your MailGuard journey and its performance. How has it impacted the business’ cybersecurity posture?
We were witnessing a high number of spam, as well as malicious emails, coming through every month in our reports. There’s no doubt that MailGuard has been able to provide a key protection mechanism for our email channel. We’ve seen that the number of malicious emails and spam that it’s been able to block is significant.
“MailGuard gives us the peace of mind and comfort that threat-based emails are being blocked before they enter our organisation.”
Nigel Doodt - IT Manager at CareSuper
What’s the greatest value that MailGuard provides to you and the business?
It provides a lot of value. Firstly, besides being a key protection mechanism as mentioned earlier, the ‘fastbreak’ service that MailGuard provides has also been really important for us. We value their ability to not only block what they do know but also their ability to be on the front foot and contact us to remediate some of the ‘new’ zero-day emails that may have slipped through that weren’t detected. This is a very important aspect of their services for us. It gives us comfort that the team at MailGuard is actually monitoring the emails that are coming through.
Secondly, it’s not just email security that we rely on MailGuard for, but also email resilience for our overarching email architecture. We subscribe to the MailGuard Live service, which is a really critical part of our business resilience in general for email. Because email is such a critical service these days, we rely on MailGuard Live’s services as a power backup mechanism for receiving emails if our primary email system goes down. It gives us the comfort that we can continue to send and receive emails if we have major issues in the cloud with our primary email service.
Then there’s the high value we get of MailGuard’s reporting function. We have to make sure we’re providing regular assurances and updates to our risk committees around how our controls are performing and operating. MailGuard’s reporting functionality provides that assurance effectively. It provides details of what’s been blocked, the levels of threats we’re receiving, and how well protected we are. We can see all that in MailGuard’s reporting, which is fantastic. It provides value up the chain to the executive level, who like to see the high numbers.
And would you recommend MailGuard to others?
I would, yes, absolutely. Being a regulated entity means managing third-party risks is really important to us. We need to ensure that our third parties have the right security controls. So, it’s really important for us, to have a good relationship with our vendors. MailGuard has certainly been able to work closely with CareSuper and the team has responded to any feedback or concerns we might have.
Essentially, the need for us to understand our vendors and drive up the level of security and maturity together is really important. The relationship we’ve built with MailGuard in that regard has been fantastic, so I certainly would recommend MailGuard and its team for their technical security as well as being able to engage and work with their client base when needed.
And with regard to your views on cybersecurity in general, how do you think the COVID-19 pandemic has changed the way we look at cybersecurity?
I think it’s reiterated the fact that cyber threats will continue to be opportunistic. So, whether it’s a pandemic or an earthquake, or a flood, cybercriminals will always find ways to create opportunities through subject lines and things like that in emails – that hasn’t changed. I think what’s really changed though is the need to ensure that organisations are aligning with vendors that have a cloud or SaaS-based presence. It’s about ensuring that your security can follow your user base wherever they are. It’s no good having your security controls locked away in a head office when your workforce is working remotely, from home, or anywhere else. The landscape has changed for everyone, potentially forever, and it’s critical to look at the bigger picture. Most organisations will have more people work from home than in the office, so their security technology needs to align with that. That’s where cloud-based providers come in – they’re able to provide that ability to be nimble wherever you are, so you’re protected all the time.
Any advice you’d like to give other businesses looking to stay protected against sophisticated and opportunistic cyber threats?
Just pick vendors that are best-in-breed and that have a really good understanding of what they’re doing, like MailGuard. Its skillset and core competency is in email security. It has shown that with its association with experts like Microsoft as well, so it’s reputable. And ultimately, because MailGuard sees the threats coming through before anyone else, we get the visibility and clarity that we need.
So, I would say go with reputable and best-in-breed vendors that provide the intelligence and protection that you need in real-time.
And finally, how do you think cybersecurity will evolve in the future?
It’s an interesting one. Ransomware is currently the number one trend; we see that every day. I think in the future, email will continue to be an easy channel for cybercriminals, so I think the need to secure the email channel as well as the web channel will become increasingly important for organisations.
Also, the black market for cybercrime is becoming increasingly prevalent, so the ability for non-technical crime organisations to operationalise will become easier. There will continue to be a fight against criminal operations that are enabled by a vibrant black market in cybercrime-related technologies.
For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.