The AJS experience: learning the right lessons from past mistakes

AJS, a growing French SME

AJS is a company specialising in the production of garden clogs, boots, and other gardening accessories, based in the Loire region of France. It exports throughout Europe. Unlike many companies impacted by the crisis, AJS experienced significant growth in 2020 following the two lockdowns. Millions of French citizens found themselves confined to their homes and turned to gardening, one of the nation’s preferred pastimes during lockdown. 

In 2017, AJS experienced a cyberattack. Fortunately, the company was able to receive compensation thanks to a cyber insurance policy that its leadership had proactively secured. This incident underscores the fact that even small and medium-sized companies (SMEs) operating in non-strategic sectors can still be attractive targets for cybercriminals. 

Following its analysis of the incident, the insurance provider recommended that AJS’s management team enhance their IT system security to mitigate the risk of future cryptolocker attacks. Given the organization’s fleet of PCs and tablets, it was essential to reinforce the security of its Active Directory environment. In response, AJS implemented Specops Password Policy to address these vulnerabilities. The solution was deployed promptly and efficiently. 

Getting to grips with Specops software

Guillaume, who joined AJS to take over technical support, also quickly took charge of Specops solutions.

He says, “I’m very satisfied with the tool overall. It’s easy to use and offers more features than the default Active Directory settings.”

Specops Password Policy now delivers ongoing protection for the company’s Active Directory while also ensuring AJS remains compliant with the strict security standards established as a result of the insurance provider’s assessment.

To keep a close watch, Specops Password Auditor offers full visibility across the entire Active Directory environment. For Guillaume, “Specops Password Auditor is a truly innovative tool, unique in its approach.” 

Scans are performed to ensure that inactive accounts don’t slip through the cracks. The tool verifies that passwords are mandatory, not empty, and thus provides a comprehensive overview. This prevents AJS from having administrator accounts for service applications without passwords, a preferred attack vector for hackers. The goal is to run these scans regularly, every 3 to 6 months, to maintain good hygiene across the company’s network infrastructure. 

Specops solutions have become an integral part of the company’s IT environment. As Guillaume affirms, “I’m not aware of any other solution that offers the same capabilities as Specops and delivers them as effectively.” 

He can now focus on projects that drive the company’s growth, such as infrastructure enhancements and office relocation. This shift provides a of peace of mind.

What lessons can be learned from this?

Security also relies on employee education. For every new hire, the technical team dedicates two to three hours to raising awareness about cybersecurity risks and clearly explaining the organization’s password policies. This process includes ongoing reminders and periodic checks to ensure that sensitive information such as passwords are not written down on Post-it notes! Regular training is essential to reinforce a key message: using “123456,” repeated characters, or predictable patterns are ineffective against modern cyber threats. 

AJS has relied on Specops solutions for the past four years. In the face of an ever-growing landscape of cyber threats, the technical team considers Specops Password Policy to be a critical component of their security strategy. An informed user base is a powerful line of defense.  While taking out ransomware insurance can offer some relief, implementing robust protection for Active Directory remains essential for risk mitigation. As highlighted in our recent blog post, the average cost of a ransomware incident is estimated at $2 million. 

What if you also protected your AD environment from password attacks?