Professional Services Case Study

A new IT Strategy to support professional services

The client
Richmond House Group (RHG) has been serving private and corporate clients from offices in Stevenage, Hertfordshire since 1964. Their in-house discretionary investment management team has an excellent track record in managing investment portfolios in these challenging times. RHG are also experts in providing advice regarding employee benefit schemes, compulsory workplace pensions, life assurance, private medical insurance and inheritance tax planning.

The issue
The Financial Services Authority’s (now the Financial Conduct Authority) 2008 report on Data Security in Financial Services focused on the issues surrounding client data losses through theft of laptops and memory sticks.

Knowing that any breaches of Personal Identifiable Information (PII) within the company would result in fines by the regulator, the senior management team took seriously their responsibility for the security of sensitive clients data and Octree was asked to review the company’s IT systems, processes and security.

Octree’s approach
Suitable for businesses with multiple servers and a complex IT infrastructure, Octree’s Professional-Complete Managed IT Service provides 24/7 support covering everything, from networks and servers to mobile devices to security appliances.

Like many financial services companies, RHG had become totally reliant on the use of technology, from office-based servers and PCs to laptops, and the use of USB memory sticks to transfer information. All employees had access to the Internet and email was widely used to communicate with clients and suppliers.

We conducted an audit of the company’s IT systems and infrastructure using a detailed questionnaire that Octree has developed to accurately assess the level of compliance with the FCA’s data security guidelines and accepted industry best practice. The methodology ensured that fundamental weaknesses in IT security systems and procedures were quickly identified.

Based on the findings of the audit, we implemented a range of measures to improve data security, including:

  • Development of an internal high level security policy based on a holistic risk assessment program, to be reviewed annually for relevance.
  • Development of individual policies covering password complexity and change management, data sharing, acceptable use, individual technical controls, business continuity and disaster recovery.
  • Development of an appropriate Security Awareness Program for all management, staff and contractors.
  • Full disk encryption of company laptops, providing protection against unauthorised access to data in the event of hardware being lost or stolen.
  • Web filtering to control employee access to inappropriate or non-work related websites and to protect endpoints (PCs and laptops) from web-based malware.
  • Email filtering to protect users against phishing email, spam, email-borne viruses and malware. It also ensures that inappropriate or defamatory material is blocked.
  • Email encryption for secure client communications.
  • Endpoint security on desktops and server with anti-virus, anti-malware and proactive threat protection (IPS).
  • Patch and vulnerability remediation to keep software up to date.
  • A managed firewall and VPN offering secure remote access for mobile users.

Managing Director of RHG, Paul Beasley, says: “We were aware of weaknesses in our systems and the need for highly sophisticated security and back up support. Octree demonstrated an holistic approach far more advanced than anything anyone else had to offer. Octree’s work, and particularly the knowledge and experience of Tony Richardson in data protection, such a key area of any financial services organisation, ensured that not only do we meet and exceed our compliance obligations, we are also more confident that we do handle and process our clients’ information securely. Naturally this has had a positive impact on the entire company and it has also allowed us to actively promote our responsible and ethical approach towards information security. We also have peace of mind knowing that Octree now manages our IT services, 24 x7”.

To find out more call us on 08456 171819 or email sales@octree.co.uk.

 
 
 
Octree Cyber Essentials
Cyber security – don’t know where to start?
Talk to Octree, specialists in helping SMEs achieve Cyber Essentials status.

Is your business at risk of ransomware and cybercrime? Find out now - take our 5 minute health-check

Recent Posts