Blog

Case Study Financial Advisor in Portland, Maine (Podcast)

Dave Hodgdon, founder of PCG, talks with John Maher about the work PCG did for a financial advisor in Maine. He explains the initial projects PCG did to improve the client’s IT, security, and compliance, and he talks about PCG’s plans to support this company’s growth and efficiency in the future.

Portsmouth Computer Group · PCG Case Study – Financial Advisor in Portland Maine

John Maher: Hi, I’m John Maher. I’m here today with Dave Hodgdon, CEO and Founder of PCG, a managed services and security provider with headquarters in Portsmouth, New Hampshire. Today we’re doing a case study on a financial advisor in Portland, Maine. Welcome, Dave.

Dave Hodgdon: Good morning, John.

Background of the Client

John: So Dave, could you give me a little bit of background on this financial advisor and how many employees they have?

Dave: Hey John, they’re based in the Portland area. They have 12 employees. They are being currently managed by a larger MSP that was acquired and they felt the attention went downhill. They weren’t seeing the day to day touch they used to have, the response times.

Part of their goal over the next year was to really take a good look at their security and compliance and how they could meet that based upon what’s been happening in the industry with ransom. They were looking for some better guidance on where their roadmap would be. And the big thing for them from the leadership team was getting the help desk requests in a reasonable time.

The one thing that caught my attention when I first met them is they’re an all-Mac shop, and that’s typically not the scenario for us in a financial firm to meet those requirements. And they knew that, so that was the one change they were willing to make. It’s kind hard if people are on the PC side or the Mac side, it’s pretty hard to move Mac users to the PC side, but they understood in their industry for how they were running their business that they did have to make that move. And that, first of all, had to be clear to us that they’re ready to buy into that.

Switching From Macs to PCs

John: Right. So they had some line of business application or something like that that they needed to use, and it was PC only.

Dave: Yeah, that was a big part of it, but also from the compliance checklist and how they do things and how we support them, there’s not that many managed service providers that just focus on Macs. We have no problem supporting some Macs sprinkled throughout the network, but having a 100% Mac environment and to meet the compliance is just not the focus or the right direction for what they needed.

Network Audit and Security Assessment

John: What was the strategy going into this in terms of what you needed to do to really get them back up to speed?

Dave: Great question. We first scheduled a network audit and we had one of our engineers go up there to take a look at the infrastructure. Whether you have a Mac or a PC, the first question is what’s the infrastructure, the wiring, the wireless, the switching? What’s in place for the firewall? What’s the layout of the office? Where are their applications being stored? Is there some form of server in place? So, granted, there were Macs in there. There were PCs there before and there was a Window server there, and these Macs were having issues getting to it. We were able to uncover quite a bit there.

The second part, which was a big push for them, was getting the compliance set up. We scheduled a call for a risk assessment, and we went through that process of what was needed, and they improved that particular project. And we thought it was important, John, to do that project first because the risk assessment will probably help drive the technology roadmap.

Results of the Network Assessment

John: Right, absolutely. Tell me a little bit more about the network audit or what you sometimes call the network assessment, and what that uncovered when you did that.

Dave: Well, it’s like doing your home inspection before you buy a house. You want to know what you’re getting into, if there’s any issues. So our job is understanding what they have and what’s necessary to meet standards, as well as to flush out any particular problems.

We were able to see quickly that they had an aging firewall. We knew the Mac environment was an issue. They were on a proprietary email going through a third party service that couldn’t be managed or touched. That was a big issue for them, that it was very difficult to deal with. There was a server in place that they used to have PCs, then they went to Macs. So there’s still stuff on the server.

They weren’t sure what was on there, especially if there was a compliance check or a list or an email discovery, what was on there. They didn’t even know if they had a backup. We could clearly see there was no security plan in place and we’re able to see some security gaps.

Projects to Improve the Client’s IT

John: Okay. What tactics did you employ, after you were able to do this network assessment and you figured out what was wrong, what were the tactics that you employed to really fix those issues?

Dave: We tied that together, John. So we’re in combination doing the network assessment and the risk assessment. After both teams, we had our security team do the risk assessment, and the network engineer did the network, and we tied the results of those two to come up with a roadmap.

So we met internally as a group and we agreed what was necessary to get done. It was clear to us that the Macs had to be replaced. They wanted mobility since they’re not in the office with the COVID. They want the ability for the employees to work anywhere. So it was clear to them. We wanted to get Notebooks with docking stations. We did the assessment of the email of how to get the email from the current proprietary up to 365, not only for consistency internally developing on the same platform, the ability to get my email anywhere, the ability to use Teams and collaborate with their clients and vendors, but also hit the big one on the compliance checklist.

After we completed that process, we knew that the firewall had to be done, and the wiring, there were some issues with wiring that wasn’t properly labeled. So we came up with certain things. We created a roadmap for them and we put a budget for each one of those projects in place. And like anything, you just can’t knock the house down all at once. It had to be planned that there’s certain things that have to happen in order. For example, it’s pretty difficult to do an email project on the old Macs. This was a very difficult process, because you kind of had it all happen together. It’s very difficult to run something on an old house and try to build the new house and use various parts of it. So we had to clearly define what we were going to do.

Within one week, we completely changed out the firewall, put the server in place, put the new PCs in place and migrated their email.

Handling Multiple Projects at the Same Time

John: So that was maybe a little faster than you normally would’ve done all that. But like you said, it kind of all had to happen at the same time.

Dave: It did, but we put in enough resources. It was difficult. Usually you like to do projects one at a time, but based upon how this particular setup was, all Macs in a totally different email environment, the firewall could have waited. But that is actually one thing that we did first that didn’t disrupt anything.

But there was no reason to touch a Mac and then go touch a PC. The labor charge would just go up. So it made more sense to combine it all together. We planned it properly with them, and we put more resources on that. Normally when you do a network project, you have two or three people. We had six people engaged and we were able to work it out for them.

IT and Security Training for Employees

John: Did you have to do training with them on the new PCs, where the employees maybe were used to working on the Macs, and then you had to show them how to use a PC?

Dave: That’s probably the number one thing most companies don’t commit to, John, and it’s something we’ve always embraced here at PCG is to invest in training. You have this great service or tool… whether it’s 365 or how to use Windows or how to use Word, we feel companies should be putting a budget in place for training. Yeah, that was a big part of what we did, not only on using the system, but also we coordinate that with the security training, what to be looking for. In today’s world, you have to be vigilant on how these bad guys are trying to get to you. So we feel it’s important that we do quarterly training sessions, as well as doing the fake phishing campaigns to keep the users up to date.

Tech Compliance for the Insurance Industry

John: So for this particular financial advisor, after you did that initial push to transfer them over to the PCs, get the firewall installed, get the server up and running, all of that, what were some of the tactics that came after that?

Dave: Well, the ultimate goal was for them just to have a good outcome of a reliable network. We know our systems are being backed up. We know our emails are where they need to be for compliance, for email discarded within their particular industry.

The financial firms have to follow various compliances from Sarbanes-Oxley to the Gramm-Leach. There’s certain things they weren’t doing. They weren’t doing email encryption. They didn’t have a WISP, a written information security policy, in place of how remote workers access. You need to think about financial advisors. They are accessing personal information, financial information, and making trades for you. It’s imperative that they’re following best practices to protect those assets. We took the time to educate them on how this works and show them how the blueprints work, and they understood it.

They understood that making a move was going to be difficult. There were a lot of moving pieces, John, in one week. We prepared, we got ready for it. We were on call for it. In the first few weeks, it’s not perfect that, yeah, you’re right, questions are coming up. They’re used to doing things one way. And we knew that we were on call. We were the help desk and they knew it. They were happy that we’re there. They’re happy that we didn’t hide it under the sheets, like it’s going to be easy, it’s a piece of cake. This was a major change for them. You get used to one way and you totally change how they run their business. Now it’s six, seven months later, the noise is low. They love what we do. The response times are great. They’re in compliance. They’re happy where they can be. And they’ve got a safe, reliable system.

Ongoing Support for the Client

John: All right. Any final thoughts on this project for the financial advisor in Maine?

Dave: Well, I think the best thing is once you do something, you just don’t leave it alone. So part of our process is to do the quarterly or yearly meetings on more of the higher level. And that is understanding what they want to do as an organization.

What are their goals for… It’s just not IT, John. Where can they become more efficient? Where can they make more money? So granted, we did the original investment to fix what was there. There are other projects in place now that they want to expand. They want to improve their wireless. They want to start using Teams more. They want to better utilize OneDrive. So now we’re trying to find some things that are better for workflow, for efficiencies on how they could be more efficient and how they can make more money. So they appreciate that we’re here for the long run, just not replacing that quick project.

Contact PCG to Talk About IT Today

John: All right. Well, that’s really great information, Dave. Thanks again for speaking with me today.

Dave: My pleasure.

John: For more information, you can visit the PCG website at pcgit.com or call (603) 431-4121.