UK Law Firm Extends Technological Leadership with Anti-Phishing Initiative


The Business


Travers Smith is one of the oldest U.K. law firms, founded in 1810. Headquartered in the City of London, it has an additional office in Paris. The award-winning firm prides itself on its client-focused approach and aims to deliver an exceptional experience wherever its clients need it to be.

Communication by email is a critical component of that experience. Email is also the biggest attack vector for malicious actors in general. Fake email that appears to come from traverssmith.com but is really from an imposter would not align with the firm’s devotion to exceptional client experience. The company knew it could address this through existing standards, and therefore prioritized email authentication with SPF, DKIM, and DMARC.

“Implementing DMARC and getting to enforcement was a piece in the email security jigsaw puzzle that was missing and one we needed to find.”

The Challenge


The National Cyber Security Centre has provided recommendations to U.K. businesses on email security and anti-spoofing best practices, including an update in 2018 that recommended all domains should use DMARC. In the legal services sector, allocation of resources to cybersecurity has been increasing in recent years, but teams still typically have to make the most of their constrained budgets.

Darragh Macken is responsible for information security at Travers Smith and has held positions in information technology and security for more than a decade. Email security was top of mind for Darragh as he set out his priorities for the team. With phishing attacks and spoofing increasing, he knew they needed to prioritize email authentication to protect the firm’s brand and protect its clients, employees, and business partners from malicious actors using the traverssmith.com domain for nefarious purposes.

Darragh was looking for a solution that would:

  • provide full visibility to uncover any “shadow IT”
  • not require a lot of resources
  • be cost-effective and align with his budget
  • be compliant with relevant regulations, particularly GDPR

With the support of management, Darragh set out to research
the solutions available to help him. Having a long-standing
partnership with local managed services partner, Gradian, Darragh
sought its recommendation, as well as those of peers in the
industry. With a shortlist of solutions in hand, the evaluation began.

Solution


Travers Smith chose Valimail for its compliance with GDPR, complete visibility, automation, intuitive dashboard, and guarantee of getting to enforcement. The fully automated solution from Valimail outperformed competitors technically. Along with the managed services from Gradian, it was clear this solution would optimize Travers Smith’s resources. The company began the onboarding process with Gradian and achieved enforcement (p=reject) within about 90 days.

“It’s important when evaluating solutions to look at value add along with the cost. There is a clear price for the solution, and you must also consider the resource cost for a team member to manage the solution,” advises Darragh. “For us, it was clear that Valimail and Gradian would get the job done and give us the confidence to move to reject within 90 days — both providing a solution and enabling us to focus on the rest of our security program.”

“I would recommend the Valimail solution to my peers — no hesitation.”

The Result


Along with protecting its brand and domain from impersonation, Travers Smith is now a leader among the top 100 U.K. law firms in implementing DMARC at enforcement. Travers Smith clients, employees, and business partners can now trust that any email messages they receive from the domain traverssmith.com are legitimate, not fake. With the Valimail platform and the services provided by Gradian, Darragh is confident that the solution is doing what it is supposed to do. Meanwhile, he can continue to innovate in other ways to keep the business secure.