"These intrusion tests are vital"

Etienne van der Vaeren is CEO of the debt recovery company TCM. He is also chairman of the Belgian Debt Recovery Association.

TCM improves its clients’ solvency with its professional, effective and ethical solution for recovering unpaid debts in Belgium and virtually wherever it is possible around the world, thanks to the TCM Group network. The company has some 2,000 clients, ranging from very small companies to multinational corporations. TCM Belgium was founded in 1993. Just like EASI, the debt recovery company owes its success to the commitment of its whole team to the values that it has adopted.

In 2018, EASI’s brand new Cyber Security team had the opportunity to carry out intrusion tests for TCM. “We are professional down to the tiniest detail. The overall security of our system is part of our commitment to professionalism,” confirms the CEO of TCM Belgium.

For Etienne van der Vaeren, this focus on security is easily explained: “no customer should regret working with us. They should be reassured by how we understand every aspect of corporate life.”

Given the sector that TCM is in, the protection of the data processed every day is clearly crucial. Etienne van der Vaeren’s team had to make sure that it called upon the services of a partner it could trust.

GDPR as the driving force

When we asked TCM’s boss about timing, his response was immediate: “Why in 2018? The GDPR of course! Like many companies, we had to check our processes and the systems we had in place to make sure we were in line with the European regulation. Protecting our data and by extension, our clients data, extremely confidential, is a must for a debt recovery company.

TCM’s sector is incredibly sensitive, and no personal data can be disclosed to an unauthorized individual. This would have huge consequences for the company, its reputation, and its clientele.

The majority of the information that we process cannot be sent by classic channels like email. We take a whole host of precautions to make sure that the information processed enjoys the highest level of protection.

A significant first

Before the trials carried out by EASI, TCM had never carried out any intrusion tests. “Like many companies in our field, we started with our own servers. In our case, it was a Small Business Server. We have grown over time, and are now based in the Cloud. We no longer take care of maintaining the server or regular updates that need to be carried out, which is a significant advantage!We naturally turned to EASI to test our security.

We already knew the company well, as it’s with them that we manage the development and maintenance of our entire system. So EASI took control itself, because we used the same partner to make sure our system was watertight, and for maintenance".

However, this did not worry the director unduly: “We know EASI. It’s a serious company. It was first and foremost a choice based on our trust in our IT partner”.

Mission 100% possible

Etienne van der Vaeren tells us all about his experience: “So we launched EASI’s Security business line on TCM’s intrusion project. Without the need for any more briefing. We wanted to be laid bare and were ready for the results, whatever they were. The same went for EASI too". This experience left its mark on the TCM team: “It was really interesting. We had never done it before. We discovered that a site with a flawless design or a strong company with thousands of employees meant nothing. A gaping hole in terms of security can open up in really big companies. These tests are vital."

Ready? Let’s go!

The TCM team weren’t aware of anything during the intrusion test. They didn’t experience any weakness in the system and were able to carry on as usual. “I suppose classic hacking happens like that too, you don’t realize anything is happening while someone is working day and night to try and get into our system”.

The results are in

We were relieved to find out that we are protected professionally. We now know however that it is always possible for a hacker to get into a system fraudulently if they spend enough time and energy on it."

The gravity of the damage done will depend on the layer of protection in place. It’s always possible to hack, but when the company that is the “victim” is well prepared, the information generated by this attack won't be interesting.

A particularly sensitive sector

For Etienne van der Vaeren, the environment in which his company is evolving means that regular tests are essential. “In the financial world, when talking to competitors, I realized that some companies organize intrusion tests every six months! Our sector can’t do without these processes: our reputation and our business depend on them.

In contrast, other competitors of TCM have been surprised, and even stunned, by the procedure. Some lawyers, for example, are still way behind this legislation and are still working with Excel files sent by email between colleagues and/or partners.

“Our system is down” is becoming a thing of the past

Since embracing modernity with the Cloud, we have moved a long way away from having to say “our system is down, we can’t do anything”, which we regularly hear our clients say. This used to happen to us too, but since 2014, we haven’t missed a single day of work due to IT problems. The “work-life” balance is highly dependent on this change too. All employees can work from home now.

What about the future?

The question of data protection will continue to be crucial. It has become very important within the context of the GDPR but is still something we think about day-to-day. This is part of the overall professional approach of our business. Real added value for our clients.

Read more about EASI's intrusion tests for TCM.

 

Client:

Etienne van der Vaeren

Job Title:

CEO

Product Installed:

IT Security