Case Study of a Professional Services Company in NH (Podcast)
Dave Hodgdon, CEO and founder of PCG, talks with John Maher about the work PCG did for a professional services company in New Hampshire. He explains why this company reached out to PCG, and he outlines the benefits they experienced when PCG improved their network and cyber security.
John Maher: Hi. I’m John Maher and here today with Dave Hodgdon, CEO and founder of PCG, a managed services and security provider with headquarters in Portsmouth, New Hampshire. Today, we’re doing a case study on a professional services company in New Hampshire. Welcome, Dave.
Dave Hodgdon: Good afternoon, John. How are we doing today?
Background of the Client
John: Good, thanks. Dave, tell me a little bit about this professional services company and where they’re located, what they do, how many employees they have.
Dave: Sure. I’ve kind of known the owners for a while. Actually I went to school with them, and over time we’ve had a friendship. We did some break-fix work for them back in the 90s, but as the business evolved, they hired a new controller and determined that they wanted to up their game in IT.
A lot of their equipment was aging. They are in the recycling business and deal with recycling of precious metals, cars, paints, thinners. They want to do anything to help the earth be better. They do an excellent job there. Most of their work is done throughout New England, and we’ve had a great turnaround in how they really want to address IT moving forward.
Before, their view of IT was an expense, not as an ability, John. They didn’t see how the right IT could lead to more productivity, more efficiency, and a better level of customer service.
Why the Client Reached Out to PCG
John: Right. What is it that initiated them getting in touch with you and starting to work with you?
Dave: I think the consistent issues of using old email through Gmail, having inefficiencies, especially with trying to work remotely through COVID, having poor internet connections to work remotely, not having a wireless system in place because there are multiple buildings, having aging machines that were extremely slow.
They had a database that runs their backend system but it’s an SQL backend and it requires a little bit of horsepower to run that. There were just an array of items and especially on the security side. Their situation was just like most businesses… they’re there to operate, to make their money, but they really don’t look at IT in a holistic way, and assess how it can help move their organization into the future.
Network and Security Assessment
John: Tell me a little bit about the strategy. After you met with them, what are some of the things that you started with?
Dave: First of all, we wanted to get the baseline of where their IT was at, and to do that, we like to break it down to two areas: the network assessment and the security assessment.
With the network assessment, we look at what they actually have in place. Similar to your house, if you were doing a remodel, you would want to take a look at everything from the foundation, the plumbing, the electrical, the windows, the kitchen, the bathroom. We look at similar elements when we’re dealing with a network. To me, the network assessment always starts with the infrastructure which is the wiring, the switching, the firewall, and also taking a look at the PCs and getting a full assessment of what they have and the applications they use.
Then, we actually speak to the users, John, about what they do in their daily life. We ask them, “Where are they struggling? Where are some of the delays? Where can there be more efficiencies”? And I always ask them, “What’s right? What’s wrong? What’s missing? What’s confusing?”
And when you speak to the users, you flush out what’s really happening and when you get a common answer from a lot of the same people, that’s a good thing to bring back to the leadership team. Hey, all these people are complaining about X. Then, we can come up with a plan. Because when the employees know that the leadership team is listening and trying to address the problems with technology, they appreciate that and it makes their workplace a lot better.
The network assessment is number one, and the second big one is the security or risk assessment. Again because they hired the controller and based on his experiences with his previous job, they took security seriously. During this part of the process, we asked questions like, “Where do we stand from a compliance standpoint? Where do we stand for our vulnerabilities”? Because the goal for any hacker, John, is to get data, and we want to protect data.
We also want to simplify IT. They have a simple business, they’re not in the medical industry that people are specifically targeting them, but they do have data, and if someone were to sabotage their database, that can wreak havoc to them. Once we had those baselines, we’re able to have a meeting with them and they were happy with the results of the network assessment and the security assessment.
Issues Discovered in the Network Assessment
John: Tell me a little bit more about the network assessment and some of the issues that you discovered when you did that.
Dave: Well, the first thing we discovered is that they had several machines running Windows 7, which surprised us because you’re not supposed to be running Windows 7 in today’s world. Windows 7 is vulnerable to cyber attackers so we wanted to get all those machines updated, but a lot of the machines were seven or eight years old.
They also had issues with wireless coverage. They were always complaining about their cell phones or their notebooks to get access. There really was no true wireless plan in place. Their email was on POP accounts. They didn’t realize that each one of those emails, John, was individually saved on the local PC and it wasn’t being backed up.
They didn’t have any collaboration tools to share through OneDrive or using Teams. They didn’t have the ability to have their email go to their phone. We helped them just by letting them know what you could do with a new email service.
There were also several people that knew that they wanted better email services, and the controller was 100% embracing that this is where the company needed to go to.
Over time, with multiple buildings, the wiring was an absolute mess. There was no idea. It was just a huge octopus of cables everywhere and you’d have no idea what to do.
The phone system was aging. It didn’t have any reliability or any warranty. It had no sophisticated features like what you have in a new system today such as ring groups so that every time the phone rang, someone would have to answer. There wasn’t direct dialing. There was no “find me, follow me” feature. There was no auto attendant feature. Its flaws were wasting people’s time.
Their security cameras were also aging. They wanted more security cameras but they also wanted to access them over the internet through their phones. They didn’t really have knowledge of the application system so we developed some training to help with that.
Another big issue we saw was that the line of business application was running on SQL Express, which is not the paid version of SQL so it doesn’t run as fast. We’re able to ask the vendor, if we moved up to SQL, would we have increased performance? Then, we created a roadmap for that.
Tactics Used to Improve This Client’s Network
John: Okay, great. Tell me a little bit about the tactics that you employed and the services that you provided in order to really get them back up to speed.
Dave: Well, as you can see, the list was pretty significant. We broke down into projects and then we prioritized which one had to be done first. It always starts at the infrastructure. We had to clean up the wiring, get it labeled, get it mapped out, and get the switching in place so that multiple buildings had fiber coming into one another.
It’s very difficult to get an agreement for tech support in place when you’re dealing with so many obstacles. The goal is to get them into alignment and up to standards. The key was to come up with a statement of work and a budget for each one of the big items on the list such as replacing the PCs, changing out the phones, and dealing with the security cameras and the wireless.
The one that probably made the biggest impact right away was the project of migrating them from their email accounts to MS 365. And then the light bulb went off when they were able to start using Teams. Multiple buildings are able to communicate with each other now. They’re able to communicate while they’re on the road. They were able to start sharing information on OneDrive instead of putting it on the local PC. I think this project was probably the one that made the users feel the biggest difference.
We care that the wiring is cleaned up and is performing better, but they didn’t visually see that, John. It’s like when someone’s using their computer, they see the screen they’re working on. They don’t see the PC under the desktop and they don’t really care about that as long as it works.
As we worked out with the company’s teams, they started realizing it would be great to have TV stations in their various departments or buildings so they could share, collaborate, and have group meetings. We were able to activate some TV stations and Logitech makes a great video conferencing solution that allows you to have a group in a room, and the camera and sound move based on what’s happening in the room — they really enjoyed that one.
Prioritizing and Budgeting for Projects
John: You said there were all of these different projects, six different projects that you outlined, did you try to tackle those all at once? Or did you prioritize those and budget for those so that you did one at a time over a certain period of time, like a year?
Dave: We did prioritize. As I mentioned, the infrastructure was most important that we chipped away at. It made no sense to try to put an email system on old machines, so we took care of the infrastructure. We took care of the PCs and at that point, we were able to get the right backup system in place. From there, we started looking at how we could get more efficient with the email.
Wireless was an issue, but that didn’t have to be done right away. After we did the wireless assessment throughout the buildings, we were able to come back to them for a plan because they wanted to be able to have real-time inventory on tablets. They wanted to be able to go through the facility in multiple buildings to collect inventory data, and they wanted wireless everywhere. We were able to put in pretty significant wireless access points like you’d see in a football stadium.
With this client, you’re talking about six or seven acres to cover the whole property, John. The wireless there is pretty cool. And the same thing with doing the assessment for the security cameras. They figured there were about 40 or 50 cameras throughout the facility. That was a big part.
While we’re doing all of this, we’re also onboarding them, and once we get the infrastructure to the right point, we can attack the security side of things for them. There were so many components that needed to be addressed and you can’t do everything at once, but we had the plan, we had the footprint, the blueprint in place and we were able to chip away at the projects. I would say after about six months, we probably got about 80% of this done.
Making Security updates
John: Right. And then what was involved in the security updates and why is that so important?
Dave: Well, like anything, you need to minimize your risk. The ultimate goal for the bad guy is to get to the data. They’re not specifically targeting any particular company; they’re just randomly choosing victims.
Our goal is to put a password policy in place, which they didn’t have. We activated the multifactor authentication, which was not in place. We dealt with the POP, and as explained above, we set them up with a new email service. They had an aging firewall. We updated their firewall with new enhancements to minimize their risk there.
One of the biggest ones that I think most companies are adopting now is called EDR which stands for endpoint detection response, and it looks for odd behavior. Who’s on my machine that shouldn’t be? Who is trying to move files? Who is trying to change an IP? We wanted to add that to the servers and for the key people.
We also did some security training with them for the whole group, which they really appreciated. Just like with educating our kids, you can’t tell them just once to clean their room, it’s a consistent message. It’s similar when dealing with employees and security training. We covered phishing campaigns and other security essentials.
They made dramatic changes in six months, and this is one of the few companies, John, that has totally embraced IT. They were in such a poor position that it’s really impressive where they are now. They’ve leapfrogged past many of our clients to get where they want to be. And they’ve embraced the technology and plan. They’ve embraced having the VCIO visits. They want technology to help them. They want to grow. They’re looking at, how can we grow as a business, how can we invest in our business, and how can IT help? And they’re up for it. If they understand how certain types of technology can make them more efficient and help them make more money, they’re 100% committed to improving their IT.
Outcomes of Working With PCG
John: Right. They’ve jumped all in for sure. How long have you been working with them now? And what have been the results and outcomes of the project?
Dave: We’ve been with them for approximately seven months now.
John: Okay. You just finished the six month project then.
Dave: We’ve just come the long way. Again, they used to be a client for break-fix issues, but we changed things. The results now are that the network is stable, and the servers are where they need to be. The infrastructure and the PCs are up to date. They’re getting the updates as they need them. The users are having a good experience with the help desk. They’re getting the response that they need. They love having their dedicated network administrator that shows up for scheduled visits. I think it’s once a month. I couldn’t tell you how much they embraced having that high level technology, VCIO meeting about planning, budgeting, addressing their goals, their issues.
The wireless is also making progress, but we’re still waiting to complete the wireless. In today’s world of availability and constraints, not all the access points are here but we’re making things. The phone system just cut over, and it worked out great. They had a legacy phone system and we had a talk last week with our point of contact, and just having the ability of DID or the ring groups is improving operations. Before, anyone might scramble to answer the phone, but now, it’s more organized. They can also use the “find me follow me” which helps when people are working from home.
Switching to 365 was a game changer for them as well as using Teams and OneDrive. And I think they’re happy that they’ve minimized their security risks.
The Future of This Client
John: Right, absolutely. Any final thoughts on this company? Where are they going to go from here?
Dave: Well, I think the next thing we’re looking at is whether or not to replace the server. The server that was in place, John, had been there three or four years. It still has a little life left, but in about two years, we’re going to decide if we want to keep it on premise or move it to Azure in the cloud.
It’s a unique industry, and there are not many providers, but they seem content with the provider right there. I know they want to expand more, and that could mean more facilities or an acquisition. In either case, they have the infrastructure in place that allows them to grow.
They also have a budget in place. As I mentioned before, they’ve truly embraced having a technology plan that ties in together their goals.
The biggest thing PCG tries to establish with our clients is a technology plan that aligns with their business goals. We look at their strategy, assess the IT they need, and develop a plan to help them get there.
The ultimate goal for every business is not to spend money but to make money. We look at how IT can help our clients make money. This company has embraced that process, and we are happy to have them as a client.
Contact PCG for Managed IT Services
John: All right. Well, that’s really great information. Thanks again for speaking with me today, Dave.
Dave: My pleasure.
John: And for more information, you can visit the PCG website at pcgit.com or call (603) 431-4121.