U.K. law firm Travers Smith was eager to implement DMARC for email authentication. It was looking for a solution it could trust to get its domain to enforcement and keep it there, without additional burden on the information security team.
Working with its local partner, Gradian, Travers Smith selected Valimail Enforce for its data privacy, automation, and cost-efficiency.
Travers Smith reached DMARC enforcement within 90 days and is now protecting its clients, employees, and partners from fake email — while gaining greater visibility into the firm’s email ecosystem.
Travers Smith is one of the oldest U.K. law firms, founded in 1810. Headquartered in the City of London, it has an additional office in Paris. The award-winning firm prides itself on its client-focused approach and aims to deliver an exceptional experience wherever its clients need it to be.
Communication by email is a critical component of that experience. Email is also the biggest attack vector for malicious actors in general. Fake email that appears to come from traverssmith.com but is really from an imposter would not align with the firm’s devotion to exceptional client experience. The company knew it could address this through existing standards, and therefore prioritized email authentication with SPF, DKIM, and DMARC.
The National Cyber Security Centre has provided recommendations to U.K. businesses on email security and anti-spoofing best practices, including an update in 2018 that recommended all domains should use DMARC. In the legal services sector, allocation of resources to cybersecurity has been increasing in recent years, but teams still typically have to make the most of their constrained budgets.
Darragh Macken is responsible for information security at Travers Smith and has held positions in information technology and security for more than a decade. Email security was top of mind for Darragh as he set out his priorities for the team. With phishing attacks and spoofing increasing, he knew they needed to prioritize email authentication to protect the firm’s brand and protect its clients, employees, and business partners from malicious actors using the traverssmith.com domain for nefarious purposes.
Darragh was looking for a solution that would:
- provide full visibility to uncover any “shadow IT”
- not require a lot of resources
- be cost-effective and align with his budget
- be compliant with relevant regulations, particularly GDPR
With the support of management, Darragh set out to research the solutions available to help him. Having a long-standing partnership with local managed services partner, Gradian, Darragh sought its recommendation, as well as those of peers in the industry. With a shortlist of solutions in hand, the evaluation began.
Travers Smith chose Valimail for its compliance with GDPR, complete visibility, automation, intuitive dashboard, and guarantee of getting to enforcement.
The fully automated solution from Valimail outperformed competitors technically. Along with the managed services from Gradian, it was clear this solution would optimize Travers Smith’s resources. The company began the onboarding process with Gradian and achieved enforcement (p=reject) within about 90 days.
“It’s important when evaluating solutions to look at value add along with the cost. There is a clear price for the solution, and you must also consider the resource cost for a team member to manage the solution,” advises Darragh. “For us, it was clear that Valimail and Gradian would get the job done and give us the confidence to move to reject within 90 days — both providing a solution and enabling us to focus on the rest of our security program.”
Along with protecting its brand and domain from impersonation, Travers Smith is now a leader among the top 100 U.K. law firms in implementing DMARC at enforcement. Travers Smith clients, employees, and business partners can now trust that any email messages they receive from the domain traverssmith.com are legitimate, not fake.
With the Valimail platform and the services provided by Gradian, Darragh is confident that the solution is doing what it is supposed to do. Meanwhile, he can continue to innovate in other ways to keep the business secure.