Company: GoCardless
Industry: Financial Services
Seats: 450
Solutions: Guardian, Enforcer, Defender
About GoCardless
GoCardless is a global leader in recurring payments. The GoCardless global payments network and technology platform takes the pain out of getting paid for more than 55,000 businesses worldwide, from multinational corporations to small businesses.
Each year GoCardless processes $18 billion of payments across more than 30 countries. GoCardless is headquartered in the UK, with additional offices in Australia, France, Germany, and the United States.
To help prevent accidental data loss, malicious data exfiltration, and inbound threats like spear phishing and Business Email Compromise, GoCardless has deployed Tessian Guardian, Enforcer, and Defender as their complete inbound and outbound email security solution.
We talked to Punit Rajpara, Head of IT, and Benjamin Ayers, IT Engineer, to find out why GoCardless chose Tessian and how their security posture has improved since deployment.
1. Mistakes are inevitable, and self-reporting isn’t enough.
43% of people admit to making a mistake at work that compromised cybersecurity. For Punit and Ben, this isn’t a surprise.
“Whether you like it or not, people make mistakes. It’s inevitable. It could be an accident – like sending a spreadsheet or proposal to the wrong person. Or it could be something more intentional and malicious, like a bad leaver. Whatever it is, we – and all other businesses, really – need to accept that and be prepared for it. At GoCardless, we’d like to be proactive rather than wait for something bad to happen,” Punit explained.
That’s why he and his team had a process in place for employees to follow if and when mistakes did happen: reporting. But, after a Proof of Value with Tessian, they realized self-reporting wasn’t enough.
“Tessian shone a light on the email behavior that wasn’t being reported. Tessian’s historical report surfaced a considerably higher number of incidents involving misdirected emails and data exfiltration compared to what employees had self-reported. That was enough to justify the need for better outbound protection.”
Ben Ayers
IT Engineer at GoCardless
2. Their existing security stack offered limited protection, visibility, and control.
GoCardless had several email security solutions in place, many of which were native tools like Google’s rule-based DLP. But these tools alone just weren’t effective enough.
“Rule-based DLP can only take you so far. That’s why we were especially interested in Human Layer Security Intelligence (HLS-I). The platform surfaces rich data insights and easily integrates with Splunk, which our security team was already using for their internal investigations. We’re now using this data to update existing policies, predict trends, and build out our overall security program.”
Ben Ayers
IT Engineer at GoCardless
But HLS-I was just one of the features that met their criteria. Their ideal solution needed to be low-maintenance, too. They found that in Tessian.
“Tessian was clearly designed with end-users in mind. It’s really allowed us to empower our users to protect themselves without much – if any – admin overhead. That was essential for us,” Ben said.
This is especially important for GoCardless since empowerment is an integral part of their ethos.
What about inbound? GoCardless – who have security training and awareness programs in place to help employees spot phishing emails – wasn’t looking for spear phishing protection. But, they immediately saw the value of Tessian Defender.
Punit explained, saying “We didn’t come to Tessian for inbound protection. Just outbound. But when we saw how effective Tessian Defender was – especially at reinforcing training – we quickly realized how valuable it would be to have one single platform that covered both inbound and outbound. If we can solve two problems together, why do just one? That was a deciding factor for us”.
3. A breach would have devastating consequences.
Since deploying Tessian Guardian to prevent misdirected emails, Tessian Enforcer to prevent data exfiltration, and Tessian Defender to prevent spear phishing, Punit and Ben have seen how their security posture can improve.
But, in order to get buy-in, it was important they outlined the consequences of a breach.
For GoCardless, just a few include:
- Exposed client data
- GDPR fines and penalties
- Customer churn
- Customer litigation
- Loss of VC funding
- Loss of license
- Reputational damage
That’s not to say, though, that they had to weigh the cost of the solution against the potential cost of a breach.
“We’re in the finance space. We’d really rather not know what the cost of a breach is. One breach could cost us millions. That dwarfs the cost of a solution like Tessian. There’s no comparison.”
Punit Rajpara
Head of IT at GoCardless
Learn more about how Tessian prevents human error on email
Powered by machine learning, Tessian’s Human Layer Security technology understands human behavior and relationships.
Importantly, Tessian’s technology automatically updates its understanding of human behavior and evolving relationships through continuous analysis and learning of an organization’s email network. That means it gets smarter over time to keep you protected, wherever and however your work.
Interested in learning more about how Tessian can help prevent email mistakes in your organization? You can read some of our customer stories here or book a demo.
GoCardless Case Study