Case Study: How Allport Cargo Services went beyond industry cybersecurity standards and made security audits a breeze
The challenge: Protecting passwords in a high-risk industry
Allport Cargo Services (ACS) is part of the Cargo Services Group, the largest, privately held Hong Kong based third-party logistics provider. ACS, was founded eight years ago and has been growing exponentially. As Allport Cargo Services established their organization, they noticed several competitors fall victim to hacking, phishing, and other cyberattacks.
"I read any available details of each breach, and all those organizations seemed to be unsafely sharing credentials or using simple passwords," shares Scott Gray, Vice President of IT at Allport Cargo Services.
As they watched other organizations in the industry suffer the fallout from data breaches, Allport Cargo Services worried that they, too, were at risk of being attacked.
"Some bad actors could consider us a large target because our clientele includes Fortune 500 companies. Bad actors could view our organization as a backdoor to get our clients' information," Scott explains.
With numerous organizations relying on their services, Allport Cargo Services has credentials to access essential accounts to handle their clients' precious cargo.
"We work in a global environment involving an ever-increasing number of applications, platforms, and cloud-based services that we manage and interact with daily," explains Phil Gonzales, Vice President of Customer Integrations at Allport Cargo Services.
For Allport Cargo Services and similar organizations, cybersecurity vulnerabilities can have an impact that reaches beyond their own company, affecting customers and their clients. If Allport Cargo Services were to suffer a security breach, the potential consequences are high: It could disrupt their clients' supply chains and endanger their businesses, ultimately risking both Allport Cargo Services and their parent company’s reputation.
Allport Cargo Services knew their security processes would be audited annually, making compliance another important element in their security strategy. Like all transportation organizations, they comply with the Customs-Trade Partnership Against Terrorism (CTPAT), which helps support the U.S. Customs and Border Protection's (CBP) security strategy. To pass their audit, Allport Cargo Services needed to show that they have a cybersecurity strategy in place that meets CTPAT's standards, including their policies for creating and maintaining credentials.
"As a subsidiary, we need to be able to survive and meet compliance requirements on our own," Scott shares. "But our oversight and control were severely limited. We could only create the requirements for about 10% of the credentials we were responsible for protecting."
Allport Cargo Services was just beginning to establish their organization, but their leaders wanted to create robust security procedures from the start. "We knew that we could train employees to create strong passwords, but whether or not people choose to always follow best practices is often an honor system," says Scott.
The organization needed to find a password management solution with adequate monitoring features to successfully manage and monitor credentials. The IT leadership team at Allport Cargo Services quickly surveyed employees to understand what password management solutions they had used in the past, if any. They learned that employees who had previously used password managers had struggled with the user-friendliness of some solutions and had grown frustrated when they couldn't sync credentials across devices or platforms. Access to sites was critical, and being locked out because of forgotten credentials or password solution management downtime would have an immediate negative impact on clients.
With these insights in hand, Allport Cargo Services made a quick list of what their ideal solution would offer:
- User-friendly interfaces
- Company-wide credential health monitoring
- Password generation
- Seamless interoperability
- Strong customer support
- Audit-friendly reporting
The solution: Strong, secure passwords and user-friendly features
When Allport Cargo Services found Dashlane, they knew they had discovered a password management solution that offered even more benefits than they were originally looking for.
When the Allport Cargo Services team reviewed the solution, numerous features stood out. "We immediately fell in love with the admin dashboard and Password Health score that Dashlane offers—they became non-negotiables. We evaluated offerings from other password management solutions, but ultimately, none could provide us with the capabilities we wanted as Dashlane could," Scott shares.
Scott especially liked that Dashlane provides a Password Health score, a feature he was unable to find with any other solution. Every Dashlane user has a Password Health score to help them assess the state of their cybersecurity.
Now, Allport Cargo Services benefits from a variety of features:
- Password Health score is calculated based on all passwords stored in Dashlane and whether they're compromised, reused, or weak.
- Admin Console offers one centralized password management system, offering simple employee management and auditing when required.
- Dark Web Monitoring alerts users when their old and reused passwords have been compromised and provides recommended next steps to secure those passwords.
- Password Generator creates strong, random passwords automatically and autosaves the password upon creation for safekeeping.
- Dashlane's mobile app syncs users' data and credentials across all devices.
- Single sign-on (SSO) gives each staff member one set of logins to access multiple applications.
- Smart Spaces keep business and personal logins separate.
- Dashlane Support is ready to help with any issue and answer questions with fast, reliable service in English, French, German, and Spanish.
The result: Exceptional cybersecurity hygiene and easy audits
Today, Allport Cargo Services has scalable password management protocols and goes above and beyond industry regulations to ensure robust cybersecurity hygiene. But that wouldn’t be possible without strong employee adoption.
"While we knew we needed stronger security and that Dashlane would play a key role in our cybersecurity strategy, we had to get our employees on board with the solution. We're only as secure as our weakest link," explains Scott.
At Allport Cargo Services, the weak link was simple passwords that were reused for multiple accounts. "Some employees had to overcome decades of poor password management habits," Scott says. "But employees wanted to change and understood how important Dashlane is when we showed them that if their weak credentials are compromised, the entire company and our clients could be compromised."
Before Dashlane, employees had to use their best judgment to evaluate their security hygiene. That's where Dashlane's Password Health score came in handy. Scott showed employees how they could see their password hygiene and its direct impact on the company's overall score.
When Allport Cargo Services’ employees entered their passwords into Dashlane, the company's score started low, around 50, and some employees' individual scores were even as low as 10.
"Some people became discouraged after receiving their Password Health score, but I told them not to be. The first step is knowing where you stand, and Dashlane makes it easy to improve," says Scott.
The ability to see a score and improve on it created a fun, competitive atmosphere at Allport Cargo Services where employees were trying to get the highest score. "Our employees went from feeling frustrated and overwhelmed by passwords to being excited about improving their password hygiene because of Dashlane," Scott shares. "From a management perspective, I love having a comprehensive overview of employees' and the organization's Password Health scores."
Eventually, Allport Cargo Services required every employee to have a Password Health score of at least 90. "Password health is something that our company takes very seriously. Dashlane provides quick access to passwords that are weak or compromised, giving us the ability to identify and address potential security risks before they become a reality," Phil explains.
If an employee's score falls below 90, management is notified, and corrective action is taken—but that hasn't been a problem for Allport Cargo Services. Instead, most employees have chosen to pursue an even higher score, with almost half the company achieving the coveted 100. While Dashlane’s official Password Health score recommendation is a 90 or above, Allport Cargo Services’ score is 98. Scott reviews the organization's score every week, and it’s been that high for almost a year.
Want to learn more about Dashlane’s Password Health score? Understand how it works and how you can generate yours today.
Cybersecurity compliance is not easy or simple, and, for many organizations, complying with cybersecurity standards is just checking a box. For example, during an audit, organizations provide their cybersecurity strategy, and it's assumed that they're adhering to the plan. Allport Cargo Services holds themselves to a higher standard and can use Dashlane to prove their entire security strategy is solid, making audits much easier. Their clients appreciate the extra level of attention being given to protect their accounts and their supply chain.
At Allport Cargo Services, the adoption of Dashlane has been so simple that employees have also started using Dashlane for personal use.
"Our employees love Dashlane so much that they use it outside work and can keep personal and professional credentials separate," Scott says. "And with Dashlane's zero-knowledge policy, we feel even more secure and protected."
Part of why employees are so happy with Dashlane is its ease of use and how it makes people’s lives easier. For example, working across devices or browsers is simple.
According to Phil, Dashlane’s benefits extend beyond password protection, which is part of the reason the solution has come to play a critical role at Allport Cargo Services. "Dashlane has been a key component in not just ensuring that all of our logins are safe and secure, but also storing sensitive information," he shares.
With Secure Notes, Dashlane provides a simple and secure way to share information with employees worldwide and support business continuity. Secure Notes are also used to provide information to clients.
From the start, support was important to Allport Cargo Services, and Dashlane Support has exceeded expectations. With 70 employees in the U.S. and additional staff in six different countries, Allport Cargo Services was happy to discover that Dashlane offers support in English, French, German, and Spanish.
Every strong cybersecurity strategy is a journey, and Allport Cargo Services is an ever-evolving success story that shows progress can be made one small step at a time. The organization is continuing to make headway. Three months ago, they deployed SSO, and their satisfaction with Dashlane only continues to grow. "Every feature of Dashlane that we've used has been a big hit," Scott says. "Our parent company is very pleased with what we've accomplished."
Next, Allport Cargo Services wants to keep improving their Password Health score. Their goal is to reach 100. While Scott doesn't know if they'll make it, he's ok with that.
"We have over 1,345 passwords in Dashlane," Scott explains. "Our score isn't perfect, and it may never be because we don't have the access and control to change every password. At the end of the day, I would rather know where our weak points are and understand why they're there than have an incomplete picture of our hygiene."
For Scott, the improved cybersecurity practices at Allport Cargo Services already make him feel more secure. According to Scott, "Every day feels safer with Dashlane."
Thanks! You're subscribed. Be on the lookout for updates straight to your inbox.