Tessian’s mission is to secure the human layer by empowering people to do their best work, without security getting in their way.
Company: Penningtons Manches Cooper
Company Size: 1,000 employees
Solutions: Enforcer, Guardian, Defender
Customer since: 2016
Penningtons Manches Cooper is a leading UK and international law firm which provides high quality legal advice to both businesses and individuals. The firm has UK offices in the City of London, Basingstoke, Birmingham, Cambridge, Guildford, Oxford and Reading with an overseas network stretching from Asia to South America through their presence in Singapore, Piraeus, Paris, Madrid and São Paulo.
With 130 partners and over 880 people in total, Penningtons Manches Cooper is acknowledged as a dynamic and forward-thinking practice which combines legal services with a responsive and flexible approach. They have established a strong reputation in a variety of sectors, particularly private wealth, shipping, technology and property.
Penningtons Manches Cooper lawyers are also recognised for their expertise in life sciences, education, retail, sports and entertainment and international trade.
Before deploying Tessian in 2016, Marcus Shepherd, Best Practice Operations, and Richard Mullins, IT Security Engineer, both suspected Penningtons Manches Cooper had a more significant problem with email data breaches than was being reported.
Marcus explained, saying “It was pretty clear that, together with the rest of the industry back then, we had a problem with email data breaches but had no visibility as to the extent of it. We had reporting processes in place, but had a hunch that the actual number of incidents was higher than those being reported by employees. Part of the problem was education. Complete understanding of what constituted a data breach and the possible consequences of data breaches – even with very basic personal details – was not fully understood then. A lot of employees were not clear that if something had taken place, it needed to be reported.”
While they were leveraging some standard rules in Outlook for inbound threats, they were relying on employee training, rule-based systems, and self-reporting to prevent outbound threats like misdirected emails and data exfiltration (both accidental and malicious).
According to Marcus and Richard, they lacked visibility and control over threats, employees were struggling with alert fatigue, and their security team was inundated with more false positives than they could investigate.
In evaluating solutions, the firm was originally looking for three key features.
Effectiveness: Because data loss incidents were a concern, their top priority was to find a solution that would accurately predict data loss incidents on email. But unsurprisingly, they were wary of any solution that might trigger false positives. This would distract partners and cause alert fatigue.
Ease-of-use: They wanted a tool that would be easy to deploy and not require a large security team to manage it day-to-day.
Education: It can be difficult to encourage fee-earners to prioritize security considerations when dealing with busy and demanding clients. The pop-ups triggered by rule-based tools weren’t offering employees the information they needed to understand how to handle data safely or why it was so important to do so. Marcus and Richard wanted a tool that offered context and complemented training and awareness programs.
As an innovative firm with a proactive security team, Penningtons Manches Cooper was an early adopter of Tessian and deployed Tessian Guardian and Tessian Enforcer in 2016 to prevent misdirected emails and data exfiltration on email. In 2019 – as soon as it was released to market – they deployed Tessian Defender.
Since deploying Tessian, Richard and Marcus have seen Tessian Enforcer reduce loss of IP from people leaving the firm, have seen over 3,000 interventions where Tessian Guardian has prevented a potential data breach by flagging a misdirected email, and have seen Tessian Defender prevent advanced impersonation attacks including CEO Fraud and Business Email Compromise.
“Tessian is a vital part of our security stack when it comes to cyber awareness, risk and compliance, and information protection. It’s an essential perimeter defense – and sometimes the last line of defense,” Richard said.
With Human Layer Risk Hub, Penningtons Manches Coopers’ security team has clear visibility of threats.
“Tessian is doing the heavy lifting for us now. We’re no longer looking through spreadsheets with hundreds or thousands of events. With Human Layer Risk Hub, we get incredible visibility within the portal into high-risk users and high-risk events. We can now identify users whose behavior could put us at risk, whether it’s via misdirected emails, unauthorized emails, or spear phishing attacks. This all helps massively with incident response since our security and compliance teams do not have limitless resources,” Richard said.
Tessian’s in-the-moment warnings offer context about why an email is being flagged as malicious or suspicious. They’re written in clear, easy-to-understand language and help nudge employees towards safer behavior over time.
Tessian deploys within minutes, learns within hours, and starts protecting in a day. Richard and Marcus experienced this during their initial deployment and again during their merger with Thomas Coopers LLP in 2019.
Marcus explained, saying that “Deploying Tessian across new users after the merger was seamless. We got everyone connected immediately which helped us extend our security culture right away”.
It was important for Marcus and Richard to find a tool that worked, without distracting, frustrating, or confusing especially busy lawyers.
With Tessian, they no longer struggle with high rates of false positives.
From the outset, Richard and Marcus have been proactive in helping shape Tessian’s product roadmap to serve them, other law firms, and customers across industries.
“In terms of a relationship with a supplier, Tessian is the benchmark for continuous improvement and adapting to the threat landscape. We have a huge amount of engagement and feedback with Tessian which has helped to improve our email security posture. They actively want to go on our journey with us and are always willing to listen to our concerns or requirements,” Richard said.