Fortifying Identity Hygiene:      A Game-Changer for NVA

Introduction

National Veterinary Associates (NVA) is a leading provider of veterinary services with a lean corporate center supporting thousands of animal care professionals across 1,200 locations.

NVA sought an innovative solution to address the increasing risk of a serious data breach due to identity-related attacks. The team chose to focus on improving credential hygiene and guiding user behavior toward safer practices. Traditional cybersecurity training programs had proven ineffective, with low participation rates due to time constraints and user disengagement. Savvy emerged as the ideal partner to revolutionize their approach to identity hygiene and security awareness, thanks to Savvy’s unique approach to user guidance in real time.

Challenge

NVA faced several critical challenges in its quest to improve cybersecurity. One of the primary obstacles was low employee engagement with traditional information technology training programs. With thousands of employees in various roles, many of whom work in fast-paced environments, finding time for mandatory training sessions proved nearly impossible. Employees consistently failed phishing tests, and disengagement in awareness programs was rampant.

Another pressing issue was credential hygiene. Weak, reused, and compromised passwords were common across the organization, leading to significant weaknesses in their authentication protections. NVA lacked an effective mechanism to address these issues in real time, exposing them to the risk of serious data breaches.

The Challenges

1. Credential Hygiene Issues: Weak, reused, and compromised passwords were prevalent, with no effective mechanism to address these in real time.
2. Shadow IT: The discovery of unknown and unsanctioned apps presented significant risks to the organization’s security posture.
3. Low Engagement in Cybersecurity Awareness Training: With 44,000 employees in demanding roles, traditional cybersecurity training sessions were impractical. Employees lacked the time to complete training or phishing tests, resulting in high failure rates and disengagement.

The Savvy Solution

Savvy provided NVA with a comprehensive identity security solution tailored to their unique needs. By integrating real-time guidance into users’ daily workflows, Savvy eliminated the reliance on traditional mandatory training sessions. Employees now receive pop-up notifications that deliver just-in-time actionable guidance. For instance, users were immediately alerted when logging in with weak or compromised passwords and encouraged to take immediate corrective action.

The solution further enhanced NVA’s monitoring capabilities. Savvy provided detailed insights into credential hygiene and app usage, empowering the organization to identify and mitigate security risks promptly. Additionally, Savvy’s logs and data proved invaluable during incident investigations, enabling NVA to trace phishing attacks back to their source and take swift action.

Savvy also helped NVA affect behavioral change. Employees became more thoughtful due to the real-time reminders. This proactive approach ensured that security awareness became an integral part of their daily routines.

Savvy provided NVA with a proactive, real-time identity security solution that addressed their unique challenges:

• Real-Time Guidance: Savvy’s pop-up notifications deliver just-in-time training and guidance, eliminating the need for traditional mandatory training sessions. For example, employees receive immediate prompts when entering weak or compromised passwords.
• Behavioral Change: By engaging employees in their daily workflows, Savvy changed user behavior and increased awareness. Even during personal activities on corporate devices, employees became more cautious due to real-time reminders.
• Enhanced Monitoring: Savvy enabled detailed monitoring of credential hygiene and app usage, helping identify and mitigate security risks promptly.
• Incident Investigation: Savvy’s logs and insights streamlined phishing and malware incident investigations, offering actionable data for faster resolution.

The Results

The implementation of Savvy’s solution led to significant improvements across multiple areas. Identity hygiene improved dramatically. Password-related violations were identified and addressed, including dozens of compromised passwords. Employees were prompted in real time to update weak or reused passwords, resulting in immediate corrective actions. Shadow IT visibility also improved, with Savvy uncovering numerous unsanctioned applications and providing the tools needed to address these risks.

User satisfaction saw notable gains as well. Employees who had previously complained about excessive training sessions and emails expressed appreciation for Savvy’s targeted, real-time guidance. This shift not only increased engagement but also fostered a culture of accountability and awareness within the organization.

Incident response times were significantly reduced. For example, when a phishing attack originating from a personal email occurred, Savvy’s logs enabled NVA to quickly trace the source and remediate the issue. This actionable data streamlined their investigation process and strengthened their overall security posture.

Security awareness engagement rates during Cybersecurity Awareness Month doubled from 30% to 60%, thanks to Savvy’s non-invasive, interactive pop-ups. These real-time notifications replaced traditional training, which had been a source of frustration for employees, with an approach that felt more relevant and less disruptive.

Savvy provided NVA with a proactive, real-time identity security solution that addressed their unique challenges:

• Behavioral Change: By engaging employees in their daily workflows, Savvy changed user behavior and increased awareness. Even during personal activities on corporate devices, employees became more cautious due to real-time reminders.
• Enhanced Monitoring: Savvy enabled detailed monitoring of credential hygiene and app usage, helping identify and mitigate security risks promptly.
• Incident Investigation: Savvy’s logs and insights streamlined phishing and malware incident investigations, offering actionable information for faster resolution.
• Real-Time Guidance: Savvy’s pop-up notifications deliver just-in-time training and guidance, eliminating the need for traditional mandatory training sessions. For example, employees receive immediate prompts when entering weak or compromised passwords.

Key Use Cases

Savvy’s implementation at NVA highlighted several critical use cases. Real-time phishing prevention became a cornerstone of their security strategy, with employees receiving immediate warnings and guidance when encountering suspicious links or emails. This proactive approach reduced the need for traditional phishing simulations and campaigns.

Password hygiene enforcement was another key area of focus. Weak and compromised passwords were flagged in real time, prompting users to take action before vulnerabilities could be exploited. Additionally, NVA implemented a policy enforcement mechanism for personal email usage. When employees attempted to use non-corporate emails on work devices, they received notifications outlining the organization’s policy, resulting in better compliance.

Looking to the Future

NVA’s partnership with Savvy continues to evolve. Their ambitious goals include eliminating all phishing campaigns by 2027 through the use of real-time training and playbooks. The organization plans to expand its use of Savvy by adding four new playbooks annually, addressing emerging threats and reinforcing user behavior changes.

Savvy has proven to be more than just a security tool for NVA. It has transformed the way employees engage with cybersecurity, fostering a culture of awareness and proactive behavior.

Savvy’s identity-first security solution has redefined NVA’s approach to identity hygiene and security awareness, setting a new standard for proactive, user-friendly cybersecurity.