There are some cookies even the Girl Scouts want nothing to do with. As an organization that supports and nurtures girls in central and eastern North Carolina, Girl Scouts North Carolina Coastal Pines is laser-focused on the data security and privacy of its thousands of members and adult leaders.
Even though the organization doesn’t have to comply with HIPAA, for example, it strives to meet those high standards because it stores personal and medical information for minor girls who attend its camps. It does, however, have to comply with PCI standards because of its retail sales operation. And then there is the trust parents place in the Girl Scouts—something its leaders don’t take lightly.
For several years, Girl Scouts North Carolina Coastal Pines got by with traditional firewalls, antivirus clients on servers and users’ laptops, and a secure DNS server to check for and block suspicious transmissions.
Data Security and Privacy Found Lacking
Within the past few years, however, it became obvious that this degree of protection wasn’t nearly enough. Two trends collided: The organization adopted more cloud-based applications and services, and the COVID-19 pandemic hit, forcing users to access resources from their homes. While the move to hosted cloud-based services saved money and streamlined management, it also exposes more of the organization’s resources to outsiders.
Then there was the pandemic, making it easier than ever for employees and volunteers working from home to click on something malicious. When that happened at the office, users were protected by enterprise-grade firewalls, but that’s not the case at home. When a user clicks on a malicious link today, it’s more likely that the malicious content will infiltrate Girl Scout systems. While standard antivirus protection does help capture content on a user’s device, it doesn’t really cover the transmission itself—where the content is going and who is perpetrating it. It also doesn’t stop every cookie and bit of data that is transmitted when a user clicks on a link.
The first line of defense in managing these new realities was investing in more security awareness training and random testing. While the staff has been more careful as a result of those efforts, the IT staff could see that phishing attempts and other malware was still a problem.
“We clearly needed more visibility at the client level,” said Ryan Davis, the organization’s IT director. “We were still seeing too many threats, and we knew there were many more we weren’t seeing.”
BlackFog Prevents Threats, Preserves Privacy
While the ideal solution would probably be a Security Operations Center (SOC), Davis knew that creating one would be too complicated and expensive, and that even if they went that route, it probably wouldn’t cover all endpoints. The next best thing, he decided, was technology that could prevent hacker profiling and tracking as well as suspicious applications, ransomware attempts and unauthorized data exfiltration. Also important was a comprehensive approach to privacy.
The organization’s cyber-insurance provider suggested checking out BlackFog’s anti data-exfiltration technology to prevent known threats. It uses behavioral analysis to block unauthorized data copying, transfer or retrieval from networks and devices.
For Davis, the deciding factor was the way BlackFog technology handled privacy. With the software, his team is notified through a dashboard every time a user clicks on a malicious link, and the software blocks that link. The dashboard also enables the IT team to see all users and devices, along with threats that the antivirus software doesn’t catch.
That type of visibility is critical, and something the IT team never had to this extent, Davis said. Now that the system is in place, Davis sees several real threats monthly. “It’s helpful for our IT department to have any sort of accountability for what’s happening on the network,” he added.
Other features that caught Davis’ eye were geofencing (technology that blocks data transmission to specific countries), protection against cryptocurrency mining and CPU hijacking (cryptojacking), and prevention of PowerShell attacks.
Its profiling and tracking capabilities also were important. “Every organization leaks bits of data through internet browsing like IP addresses, locations that can be triangulated and any additional cookies they can gain from sites users have visited, and hackers definitely want to capitalize on it,” he explained. “We wanted a way to ensure that we were divulging the least amount of information possible so we could fly under the radar and be a smaller and less interesting target for them.”
Since the technology was implemented earlier this year, it has been finding and blocking several hundred threats per month. While that doesn’t mean that the organization is completely safe, it does mean that it’s safer, Davis said.
Next, Girl Scouts North Carolina Coastal Pines’ IT team plans to capitalize on the Okta multifactor authentication system deployed by its parent organization, Girl Scouts of the USA, on enterprise applications. Girl Scouts North Carolina Coastal Pines’ users already use the system to access Office 365, provided by the parent organization, but Davis plans to roll it out to other cloud-based applications as well. “We want to get all of those hosted services under that security umbrella,” he said.