Victorian Building Authority lays cybersecurity foundations


The Victorian Building Authority (VBA) is a Victorian government agency that regulates building and plumbing practitioners to ensure these industries are efficient and competitive. Its mission is to protect the community and empower building practitioners in Victoria.


Building and plumbing; government

Number of users:

  • Approximately 600 staff, including contractors and full-time employees
  • About 5,000 customers, including the general public, plumbers and builders


  • Protecting sensitive information, including the personal details of staff, contractors, builders and plumbers
  • Employees regularly targeted by phishing and ransomware attacks
  • Limited staff awareness of cybersecurity issues and attacker tactics

Sophos Solutions

  • Sophos Intercept X with EDR
  • Sophos Intercept X for Server
  • Sophos Phish Threat

Sophos Customer

Since August 2019

How do you know when it’s time to upgrade your cybersecurity infrastructure?

As a government agency for the regulation of building and plumbing services in the Australian state of Victoria, VBA is entrusted to protect highly sensitive information, including the personal details of staff, contractors, builders and plumbers. This means the agency must ensure its cybersecurity infrastructure is maintained to a high standard. To ensure these standards are met, VBA performs regular audits of its infrastructure to identify any weak spots or areas for improvement.

“We perform regular risk analysis procedures on all our software to ensure we’re getting what we need, whether it be cybersecurity, storage or otherwise,” said Danny Tran, cloud and network architect at VBA. “After performing a risk analysis on our previous cybersecurity solution, we concluded it was time for an upgrade.”

Fortunately, VBA had never experienced a data breach and Tran wasn’t prepared to wait for one. “Our previous on-premise infrastructure was no longer giving us the peace of mind and assurance we needed from a cybersecurity solution,” said Tran. “It was unable to stop zero-day attacks, it had minimal endpoint detection and response (EDR) capabilities, and spam and phishing emails kept making their way into employees’ inboxes, which was cause for alarm.”

Tran recalls an incident where gaps in VBA’s previous cybersecurity solution almost led to a data breach, “A phishing email had gotten into someone’s inbox and the employee clicked a link in the email and entered their credentials. Thankfully, we were able to identify the issue and take immediate action, stopping a potential data breach. It was a close call and a situation we wanted to avoid moving forward.”

How do you find the right cybersecurity provider?

In addition to end-to-end protection, one of the biggest non-negotiables Tran was looking for in VBA’s new cybersecurity strategy was cloud-hosted solutions. This forms a critical component of VBA’s broader digital transformation program, which involves moving all of its technology solutions from on-premise to the cloud. It was also important that the new solution was simple and easy to use, without creating additional work for Tran’s team or sacrificing protection.

Sophos came highly recommended by Tran’s industry peers, particularly because of its proactive, holistic approach to cybersecurity coupled with its ability to reduce overheads and eliminate many administrative tasks.

After doing his due diligence, Tran was impressed by Sophos’ approach to cybersecurity and its team’s willingness to tailor solutions to suit VBA’s requirements; this was a stark contrast to other vendors’ solutions, which he described as “complex and over the top”.

Tran was prepared for a tedious deployment process based on past experiences; however, this was not the case with Sophos’ solutions.

“Sophos made everything really smooth; its team came in and set things up straight away. Any issues our team faced were dealt with quickly and professionally—it was a lot easier than I imagined.”

What are the benefits of working with Sophos?

  • Peace of mind – Tran is confident that VBA has first-class cybersecurity solutions in place and no longer worries about employees clicking on phishing emails—as they no longer receive them!
  • Reduced admin – Tran can now spend time working on more valuable tasks, as Sophos is simpler to use and cuts out much of the admin he previously had to do.
  • Cybersecurity awareness – VBA has developed a cybersecurity-aware culture, with staff now more attuned to potential attacks and suspicious emails.
  • Bespoke solutions – Sophos’ solutions have been set up to meet the needs of Tran and VBA; he’s able to customise the types of alerts he receives and manage the platform in a way that suits him.

“The Intercept X products tick all of our boxes. It’s hard to find a solution that does what it says on the tin, but that’s exactly what Sophos does,” said Tran.

Where to next?

Tran has been impressed with the Sophos solutions his organisation is using so far and is interested in finding out what other products might benefit the organisation in 2020.