Conner Whitlock
Heavy Manufacturing

Securing 47 mobile devices of management staff

We implemented a protection system without interfering with owners' privacy. We eliminated 12 active security vulnerabilities in CEOs' phones in one weekend.

0 incidents in a year
ClientStal-Met Metallurgical Products
IndustryHeavy Manufacturing
TimelineQ1 2024

The Stal-Met board was sending strategic production plans and margins through regular messengers on private phones. Lack of control over management equipment exposed the company to multi-million dollar losses in case of device loss or hacker attack.

Mobile SecurityData ContainerizationAES-256 EncryptionDevice AuditCEO Protection

The challenge

Stal-Met from Pruszków barely avoided a 'man-in-the-middle' attack in 2023. Board members were using 47 different devices — from old iPhones to budget Android models that didn't have current security patches. During an initial scan in January 2024, our Conner Whitlock team detected 12 active vulnerabilities.

The biggest problem was director resistance to installing company software on private equipment. They feared IT would read their private texts or look at vacation photos. As a result, key data about metallurgical contracts circulated in public networks without any encryption.

Our approach

We applied a method of isolating business data from private data instead of taking over the entire device. A team of 3 Conner Whitlock experts prepared an architecture that creates a secure 'container' for company apps. We planned the entire implementation for one weekend so as not to interrupt office work.

We started with a system purge and forcing two-factor authentication at the hardware level. We focused on facts, not theory — each director received a specific 2-page A4 instruction. We showed them hard evidence of how easy it is to take over their mail on a public Wi-Fi network. This broke the resistance to new rules.

The solution

We implemented a system that automatically encrypts every voice call and text coming from business apps. We installed a remote data wiping module that works only inside the business container — if the phone is lost, we delete company data in 47 seconds without touching the owner's private files.

Additionally, we launched an anti-phishing filter at the DNS level that blocks fake payment gateways and suspicious links from texts. All 47 devices were connected to a central threat monitoring dashboard that alerts us to any unauthorized access attempt in real time.

Results

The system has been working since March 2024 without a single failure. The Stal-Met board can safely discuss contracts, certain that data will not end up in competitors' hands.

114
Blocked data phishing attempts in 6 months
38h
Full implementation time for the board
0
Commercial information leaks since March 2024
99.1%
Effectiveness of filtering suspicious SMS messages

Timeline

  1. January 2024
    Technical audit of 47 phones and security gap scanning
  2. February 2024
    Server configuration and preparation of secure containers
  3. March 2024
    Weekend implementation and face-to-face training for directors

"Initially, I didn't want to agree to any locks on my phone. However, Conner Whitlock showed me that my data is safe and work doesn't interfere with privacy. Now I'm not afraid to open mail while away."

Marek Wiśniewski Operations Director, Stal-Met Metallurgical Products June 2024
← Back to case studies