Case Study – Strengthening Cybersecurity and Compliance

This case study examines the work PCG did for a financial advisory firm in Portland, Maine. It explains how PCG helped the firm improve its regulatory compliance, tighten its cybersecurity, and use technology to reach its goals. The firm’s name has been omitted due to the potentially sensitive nature of some of these details.

Client Background

This client is a financial advisory firm in Portland, ME with 12 employees. The firm was working with a managed services provider (MSP), but when that company was acquired by a larger MSP, it lost its attention to detail and its response times slowed.

Employees weren’t getting responses to help desk requests in a reasonable time frame, slowing down their productivity. Additionally, the leadership team was concerned about compliance issues and ransomware risk. They also wanted more guidance about their technology environment. So, they reached out to PCG for help.

Network Audit

To learn more about this client, we started with a network audit. We sent in an engineer to look at the company’s network infrastructure. They looked at the wiring, wireless, switches, firewall, the office layout, the applications being stored, and the server in place.

When explaining the importance of this process, we often compare it to doing a home inspection or appraisal. To get a sense of the property, the inspector or appraiser looks at its bones. They examine the foundation, the roof, and other essentials so they can identify any significant challenges.

This client had an aging firewall that wasn’t providing them with ample security. They were also in an all-Mac environment which wasn’t going to support their long-term needs. Additionally, their server was put in place when they were using Windows computers, and the Macs were struggling to connect to the server.

Security Assessment

With a lot of clients, we do the security assessment after the network assessment, but we always adjust our approach based on the client’s needs. Because IT security was such a strong concern to the leadership team and in the financial services industry in general, our security experts performed the security assessment at the same time as the network audit.

We quickly discovered that this client didn’t have ample security in place, and they were lacking from a compliance standpoint. We did a thorough risk assessment of their IT environment. Then, we identified their security needs and used that information to help us create their IT budget and roadmap.

IT Tactics for the Financial Advisory Firm

Based on the results of the network and security assessments as well as talking to the company’s leadership team, we outlined several goals:

  • Replace the Macs and switch to a Windows environment
  • Become mobile so they could work from anywhere
  • Invest in notebooks with docking stations
  • Switch to M365 email to improve security and mobility
  • Utilize MS Teams to facilitate collaboration with clients and vendors
  • Ensure compliance with industry standards
  • Replace the firewall
  • Fix the labeling issues in the wiring

After identifying the projects our clients need to meet their goals, we determine the budget for each one, and we set up an order. For example, in this case, the client wanted to change their email provider, but they also wanted to migrate away from Macs. It doesn’t make sense to implement the new email on Macs, make the employees learn a new setup, and then, switch to Windows where they would have to learn how to use the email on that operating system.

Additionally, if we had to send in our techs to deal with Macs and then send them in again a couple of weeks later to deal with PCs, that would have driven up the labor charge. To keep costs as low as possible, we had to do a lot of projects at the same time.

In our very first week, we changed the firewall, put the new server in place, rolled out the new PCs, and migrated their email server. Usually, we send in two or three people to help clients with projects, but to ensure we could cover everything this client needed right away, we sent in six techs.

We use an onboarding blueprint with each of our clients to ensure we don’t overlook anything, but again, we always adjust our processes as needed to meet the unique needs of each client.

Employee Training

Another area that sets us apart from the competition is our commitment to training. A lot of MSPs don’t deal with training. They aren’t interested in it, and they don’t have the resources to offer it.

We want our clients to be able to use technology as effectively as possible. Technology is a tool. To optimize its benefits to your organization, you need to use it correctly, and training can make a big difference.

To support this client, we did some training to help them make the switch from Macs to notebooks and to use the new email system. We also tied in some security training.

Security training is particularly important because the threats are always changing. To protect yourself, you need to be vigilant about how the bad guys are trying to get into your system.

With this client, we did fake phishing campaigns. Phishing scams are when fraudsters use emails to trick people into giving them information or access to the network. Essentially, we emulate the tactics of phishing emails and look for areas of weakness. We also scheduled quarterly security training to keep defenses as high as possible.

Positive Outcomes

This financial advisor’s ultimate goal was a reliable network and compliance with industry rules. We helped them achieve that goal. Now, they know their system is backed up. They know the emails meet compliance standards for their industry. They also have the ability to work remotely in a safe and flexible way.

We also helped this client improve their compliance standpoint. Financial advisory firms have to be compliant with a wide range of laws and regulations including the Sarbanes-Oxley Act, the Gramm-Leach-Bliley Act, and others.

When we met this client, they weren’t encrypting their emails. They didn’t have a written information security policy (WISP) to outline how remote workers access the network. They were accessing a lot of personal and financial information on their clients, and unfortunately, these assets weren’t adequately protected.

We took the time to explain the importance of compliance and the tech changes we were going to make in general. We also explained that doing all these projects at once wasn’t going to be easy. There were a lot of moving pieces, and their employees were going to have to change a lot of their processes in a short span of time.

At first, we were handling a lot of questions, and we anticipated that. They knew we were on call, and they were happy we were there.

Six or seven months later, their network and compliance are strong. They understand how to use their new computers and programs. They don’t have as many help desk requests, and when they do, our response times are fast.

However, our work is not done. Client’s tech needs are constantly changing, and to ensure we meet their needs, we do quarterly or annual meetings. We sit down with the client, and we talk about their tech concerns. We also talk about their business goals, and we help to ensure that the tech is in place to reach those goals.

For example, this client wants to improve their wireless. They want to use Teams more. They want to utilize OneDrive more effectively. We’re developing plans for these projects and helping them identify where they can be more efficient and make more money.

This client appreciates that we were able to help them with some big projects quickly, but they also know we’re here for the long haul. We will work hard to ensure that their IT works seamlessly and that it supports their needs now and into the future.

Contact PCG to Talk About Your Company’s IT

Is your IT supporting your financial services firm? Or, is it slowing you down or putting you at risk? If you’re not sure, we can find out together — contact us at PCG today, and we can start with a network assessment to ensure your tech is working for you.