Szczecinek Water and Sewerage Company: Rublon Case Study

PWiK Szczecinek Secured Access to Critical Systems With Rublon MFA

The Szczecinek Water and Sewerage Company urgently needed to increase its security against growing cyber threats and meet regulatory requirements (NIS2 Directive, GDPR). Deploying the Rublon MFA platform with Active Directory integration and TOTP authentication, secured key resources (VPN, RDP, SCADA systems) and simplified security management.

“The deployment process was smooth. Technical support was excellent. Deployment involved configuring connectors and security policies. Now systems are more secure, and logins are faster and more convenient. Rublon runs in the background, requiring no additional hardware. The Rublon MFA solution has become a key element of the IT systems protection strategy, compliant with current security standards.”

Marcin Szybisty

Chief Economist

A water and sewage plant dealing with water treatment and wastewater treatment, providing clean water to residents and supporting the local natural environment.

Objectives

An urgent need to strengthen the security of systems responsible for water supply and sewerage network operations.

Integrating the MFA solution with Active Directory.

Meeting regulatory requirements: KSC Act, NIS2 Directive, ISO 27001, and GDPR.

Minimizing disruption to employee daily work: simple login and minimal operational interference.

Keeping costs under control without the need to purchase additional hardware.

Results

Comprehensive MFA deployment covering critical access points (VPN, RDP, SCADA).

Increased cybersecurity awareness among employees.

Reduced risk of account takeover attacks (no successful account takeover attempts since).

Compliance with KSC, NIS2, and personal data protection requirements (GDPR).

End users benefit from simple and secure login methods (push, TOTP).

The subscription model ensures predictable maintenance costs, eliminating the need for hardware investments.

Client

Name:
Przedsiebiorstwo Wodociagow i Kanalizacji w Szczecinku (Water and Sewerage Company in Szczecinek)

Industry:
Water and sewerage services

Number of employees:
150

Location:
Szczecinek, Poland

Website:
https://pwik.szczecinek.pl/

Description:
The Szczecinek Water and Sewerage Company (Przedsiebiorstwo Wodociagow i Kanalizacji sp. z o.o.) is a municipal company serving approximately 80,000 residents in Szczecinek and surrounding municipalities. It is responsible for the public water supply and sewage disposal, ensuring high-quality services and environmental protection. The company also operates a modern Water and Sewerage Research Laboratory and offers its clients the Online Customer Portal (iBOK) platform.

The Challenge

Account Takeover Protection

Before deploying Rublon MFA, the organization was grappling with the growing threat of cyberattacks, including phishing and password-cracking attempts. The lack of strong multi-factor authentication created a high risk of unauthorized access to key systems, such as ERP, SCADA, and email. Numerous attacks on critical infrastructure in Poland and around the world were the ultimate motivation to secure systems that had previously been protected only by passwords.

Regulatory Compliance Requirements

As an essential entity providing a key service in the field of water supply, PWiK Szczecinek had to comply with the provisions of the Polish KSC Act and the NIS2 Directive. Furthermore, it was also necessary to ensure GDPR compliance.

Integration with the User Directory

PWiK Szczecinek used Active Directory. PwiK saw a need for an MFA solution to be compatible with this directory, allowing for an additional layer of authentication for AD users.

Convenience and Cost Reduction

PWiK Szczecinek sought a new solution that was easy to understand, even for those without technical expertise. It was also important that it operate in Polish and require no additional hardware. The entire solution had to be simple, hassle-free for everyday use, and avoid the need for expensive hardware dongles or significant changes to the login process. Automatic user lockout after login errors, device and user management, and easy configuration were also essential.

The Solution

PWiK Szczecinek deployed the Rublon MFA multi-factor authentication solution.

The company ultimately chose Rublon MFA because they were attracted by the option of easy integration with the existing infrastructure and support for multiple authentication methods. Compliance with all municipal sector regulations was an additional major advantage of Rublon’s solution.

Infrastructure Protection

PWiK Szczecinek determined that the existing policies of complex and regularly changed passwords were insufficient and that it was necessary to deploy Rublon MFA. The solution protected VPN access and mobile devices used for work outside the company’s headquarters. This significantly improved login security, especially for users working remotely. Reducing the risk of phishing and unauthorized access improved user convenience.

Flexible Authentication Methods

Thanks to the flexible method selection available in the Rublon MFA platform, employees at PWiK Szczecinek can choose between Mobile Push, Passcode, and QR Code methods when logging in, all available in the Rublon Authenticator mobile app. Employees who do not have the app can use the SMS Passcode method to receive a one-time code directly on their phone.

Ensuring Regulatory Compliance

Deploying Rublon MFA not only reduced the risk of incidents such as ransomware attacks and data breaches but also helped avoid potential fines for GDPR violations. Furthermore, the company achieved compliance with security regulations (NIS2, KSC) regarding multi-factor authentication and continuous authentication requirements.

Active Directory Integration

Rublon MFA is integrated with Active Directory. User accounts in the directory system are automatically mapped to Rublon MFA, eliminating the need for manual addition.

“The deployment at PWiK Szczecinek demonstrated that even in the municipal sector, Rublon MFA can be seamlessly deployed without operational disruptions. This demonstrates that it is a simple yet secure solution for everyone, regardless of how tech-savvy you are.”

Patryk Suchorowski

Head of IT Operations at Rublon

The Benefits of Implementing Rublon MFA

Full regulatory compliance	Rublon MFA abides by the multi-factor authentication requirements of the KSC Act, the NIS2 Directive, the ISO 27001 standard, and the GDPR.
Safeguards against account takeovers	Multi-factor protected access makes account takeover attacks more difficult; Microsoft statistics show MFA stops 99.9% of such attacks.
User convenience	Verification methods do not require complicated procedures, ensuring logins are intuitive.
Fixed operating cost	No hardware purchase required; subscription model with a predictable budget.

The Outcome

Aiming to improve security and ensure regulatory compliance, PWiK Szczecinek achieved significant operational and technological benefits through the deployment of Rublon MFA. The solution was integrated with the directory infrastructure, secured key resources, and operates transparently for end users.

The deployment of Rublon MFA led to enhanced resilience against cyber attacks, improved compliance with security regulations, streamlined administrative operations, and stabilized costs. The deployment was completed efficiently, and the platform provides a solid security foundation for years to come.