This case study looks at the work PCG did with an engineering firm in New Hampshire. Due to the sensitive nature of some of these details, this report does not include the company’s name. Instead, it simply describes the firm’s tech challenges and looks at the strategies and tactics PCG used to improve the IT environment.
The Client
This client is an engineering firm with 35 employees in the Seacoast area of New Hampshire. They work with customers up and down the East Coast and into the Midwest, and they need reliable connectivity for when their employees are on job sites.
Background Issues
The engineering firm had been working with another managed service provider (MSP) for several years, but after being acquired two or three years earlier, the MSP was losing its local feel and its attention to detail was slipping. The MSP was providing terrible response times, its techs didn’t know what each other were doing, and the PC setup process for new hires was inconsistent and missing applications.
Around the holidays, they realized that the permissions on several admin folders with very sensitive information were set to allow anyone to see them, and this security issue prompted them to reach out to PCG. Typically, when PCG takes over for another MSP, the process takes more time as the company evaluates its needs, and cutover requirements, but in this case, the engineering firm switched providers very quickly.
The company wanted the response times and guidance they had with the MSP prior to acquisition, and after checking a few references, they felt confident PCG could meet all of their needs.
Strategy
To determine this company’s IT position and to identify its needs, we started with a network audit, a risk assessment, and establishing a custom PC setup template.
Network Assessment
During the network audit, we looked at the current IT set up, reviewed the documentation process, and tried to get a sense of how the previous MSP was handling things. Normally, we work closely with the existing MSP to create a seamless transition — Unfortunately, this provider was reluctant to provide much information, but luckily, we were able to get most of what we needed from a knowledgeable employee at the engineering firm.
One of our senior engineers did an onsite audit of the firm’s network and user requirements. They verified the infrastructure to get an understanding of what was in place in the equipment rack for the systems’ servers. They also analyzed what was virtualized and if the switches were good, and they looked for the warranties on the technical equipment, so they knew where to turn if something was broken.
Risk Assessment
The risk assessment gave us an overview of the engineering firm’s potential security gaps and its ability to meet compliance requirements for key clients. As we were taking over in the midst of the COVID pandemic, we also assessed the company’s ability to support remote workers without compromising security.
The remote workers were essentially connecting to high-end machines running CAD software from their notebooks at home, and they needed a good pipeline, a strong firewall, and proper setup of their remote systems. We also closely reviewed the security settings on file permissions and access.
Custom PC Setup
Finally, we developed a custom PC setup blueprint for new employees. The firm has three specific departments of CAD users who each use different software, and to streamline the setup process, we created a template that shows which software and permissions new hires need based on their CAD department.
We also created a checklist to ensure nothing was missed during the setup process — it allows new hires to specify how many monitors they need, if they’re working remotely, what printers they need, their Microsoft 365 plan, and other logistical and security essentials.
Tactics
Based on what we learned during the network and security assessments and while setting up the PC user blueprint, we decided to implement the following tactics with this client:
- Developing a managed server plan to replace their current MSP.
- Creating an offboarding process with the MSP to ensure that there were no security gaps during the transition.
- Addressing security vulnerabilities identified during the security assessment.
- Becoming the firm’s partner of record on Microsoft 365 so we could improve security and guide users on these applications.
- Setting up a 24/7 premium help desk for the firm’s employees.
- Holding IT strategy reviews (ITSR).
We did the first ITSR after 90 days — this gave us a chance to develop a solid understanding of this firm’s tech needs and challenges. Then, we used the ITSR to identify short and long-term tech plans and budgets.
Results/Outcomes
After three months, our efforts had improved this company’s IT environment dramatically. We addressed the issues uncovered in the security audit and added Security Awareness Training (SAT), Dark Web (email compromises), Domain Name System (DNS), Protection Profile (PP), and Endpoint Detection and Response (EDR) server and key staff. The EDR is essentially an antivirus program on steroids, and it monitors network activity to look for suspicious behavior such as someone trying to access files from a different IP, change the backup files or alter administrative passwords.
We also became the firm’s partner of record on MS 365 and took steps to improve the security around that application. We were able to save money as they had several subscriptions that were not needed. We turned on multi-factor authentication (MFA) and added additional spam filtering tools to minimize the risk of nefarious websites or links getting into employees’ inboxes. We also held lunch-and-learn sessions and ran security awareness phishing campaigns to train staff on security protocols.
To support the firm, we gave staff access to a 24/7 premium help desk, and we assigned a dedicated network engineer to do bi-monthly visits to the firm’s office. Our client success manager has quarterly calls with the point of contact from this engineering firm to collect feedback, assess how help tickets are being addressed, and find areas for improvement.
We also hold ISTR strategy meetings to talk about the company’s goals and create a roadmap for the future. In these meetings, we don’t just focus on IT. Instead, we talk about the company’s business goals for the next one to five years, and we identify the tech they need in place to reach those goals.
We then are able to create a Technology roadmap together which gave them a timeline and budget for each action item to address
Ultimately, our services aren’t just about providing clients with IT and cyber security support. Our services are designed to help our clients become more profitable and successful across the board.
Contact PCG Today
How can improving your IT environment reduce costs and drive revenue in your business? Let us show you how. Contact us at PCG today to talk about how our managed IT services can help your business. We can start with a complimentary network audit and help you identify what your business needs to be safer and more productive.
