This case study provides an overview of the work PCG did with a financial advisor in Portsmouth, Maine. PCG’s goal was to improve the client’s IT so they could support a remote workforce and provide the best service possible to their own clients.
Due to the private nature of some of these details, the client’s name is not included.
Client Background
This financial advisory firm has 10 employees, and it was not receiving the support it needed from its current managed service provider (MSP). The company’s leadership understands IT, and they wanted to leverage it to make money. They also wanted to improve their security and ensure they were compliant with industry regulations.
This client is very focused on providing high-quality support to its customers, and by extension, they expect the same level of commitment from the MSP they hire. Typically, we work with businesses that have 20 to 50 seats, but that doesn’t mean that we ignore smaller clients.
We provide this client (and our other smaller clients) with the same level of support and guidance that we give to our large clients. Additionally, this client customizes financial advice for their clients, and they wanted the same level of personalized support from us. We are proud that we are able to provide that.
Network Audit
We started with a network audit. This gave us a chance to assess the client’s IT environment, find out what’s working, and identify areas that need to be improved. We also talked with the client about their IT goals.
During the network assessment, our engineer looks at questions such as, is the hardware up to date? Are there network inefficiencies anywhere? Do they have the right internet service provider (ISP)? How’s their wireless? Do they have the right switches in place? Are their PCs up to date? Are they using applications that should be on-premise versus in the cloud or vice versa?
Basically, during this process, we figure out where the client is and where they want to go. To compare our process to renovating a home, we look at the existing foundation and other essentials. Then, we determine the goals for the renovation.
The right path is different for every client. For example, if a client wants to support a remote workforce, we may need to move them to an Azure cloud-based environment. In contrast, if they want to stay where they are, we may need to take a more hybrid approach.
Security Assessment
When working with financial advisory firms or other businesses in the financial industry, a risk assessment is critical. Financial firms have to meet strict compliance requirements. They also need to ensure they keep their clients’ data safe.
These companies have countless personal and financial data on their clients, and allowing that data to be compromised could hurt the clients as well as the business’s reputation.
Network Assessment Results
During the network assessment, we discovered that the financial advisor’s server was aging. We started talking about whether they wanted to replace the server or move to a Microsoft Azure environment that would allow them to be more remote.
We also looked at their M365 and verified that the right security add-ons were in place. We realized they weren’t using multi-factor authentication (MFA). When we brought that to their attention, they decided that they wanted to implement MFA in their email but also their key applications. We used Duo, a product owned by Cisco, to authenticate when they log into the network and their applications.
In addition to identifying those two concerns, we also had a high-level meeting with the client. Called chief information officer (CIO) or virtual chief information officer (vCIO) meetings, these sessions help us set goals and identify how we can make tech work for the client. Typically, we hold these meetings a few times a year with each of our clients.
Risk Assessment Results
People can often be the weakest link when you’re trying to protect a network. During the risk assessment, we identified a significant need for training. We hold training sessions once a year with this client, and during those sessions, we look at the current trends and explain the tactics the bad guys are using.
To put the training into action, we run fake phishing campaigns. For example, we send out emails that offer a free Amazon card or claim to be a friend asking for help. These emails are set up just like the scam emails, and we use them to show our clients what to look for.
If the client clicks on the link or accepts the download from a real phishing email, they may download malware or allow a bad actor to access the network. When they click on the link in one of our phishing campaign emails, we use the mistake to enhance their training. We don’t use these campaigns to embarrass our clients. We simply use them to help the client and identify where some employees or even people on the leadership team may need additional training.
To meet industry guidelines, we also made sure that their emails had a backup in place for email discovery. This allowed them to find old emails if there was an audit. We also implemented a program that looks for email compromises from the dark web.
Finally, we decided to retire their server and move them to the cloud. The update promised to tighten their security and increase their mobility.
Outcomes of Working With PCG
The first project we had to tackle was migrating the client away from their current MSP to us. We always use a blueprint to ensure the transition works smoothly. We guide the client about what they need to do in terms of submitting help desk tickets or reaching out during the transition.
The transition was smooth, and once the onboarding was complete, we cleaned up their Microsoft programs to ensure they were using the right products with the right security. We synced 365 to the cloud and made sure OneDrive was set up correctly. We also retired their server and got them set up in the cloud. This gave them the flexibility to work from anywhere.
We also provided this client with a dedicated engineer. All of our clients have a dedicated engineer who focuses on their network. The engineer works closely with the client. They fix issues as they come up, but they also look at what drives technology for the client and help the client identify long-term goals.
This client loves this element of our service. Their dedicated engineer along with the rest of the PCG team helps them use technology to improve workflows and make more money.
To reduce the risk of downtime, we helped this client find a new internet provider, and we set up two circuits with automatic failover. If they’re trading or handling correspondence, they can’t risk downtime, and the dual setup helps to safeguard against that risk.
We also worked with this client to ensure they were meeting the compliance requirements of their industry, such as the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Our security and compliance assessments are not a one-time effort. We review this client’s security on a regular basis to find weaknesses or areas for improvement.
We also helped this financial advisor to create a written information security policy (WISP) to govern the security of people working from home. For example, this client wanted their remote workforce to be behind a secure VPN. We ensured their assets were secure whether their employees were accessing data or apps from home or in the office.
At this point, we have been working with this client for almost three years. They are happy with the projects we have done. They are also pleased with the ongoing support and guidance that we provide. We look forward to continuing this relationship with them.
Contact PCG for IT Support
PCG, works with clients in financial services as well as many other industries. We can help to ensure you are compliant with industry regulations and that technology is supporting your organization’s mission. To learn more or to set up a free consult, contact us today.
