Real Problems.
Real Solutions.

The Problem

The school had no documented IT security policies, no content filtering audit trail, and staff were sharing student records via personal Gmail accounts. A parent complaint triggered an inquiry, and the school had 30 days to demonstrate FERPA and CIPA compliance — with no IT department.

What We Did

We migrated all staff to managed email accounts with encryption and data loss prevention policies. Deployed content filtering with full audit logging across the school network. Created a written data security plan, acceptable use policy, and incident response procedure. Trained all staff on FERPA data handling requirements. Delivered the complete compliance package to the school’s legal counsel within three weeks.

Results

The Problem

The firm had no email authentication (no DMARC, DKIM, or SPF), no encrypted document portal, and closers were emailing settlement statements with SSNs and bank account numbers in plain text. They also had no written Safeguards Rule documentation — a direct GLBA violation. They came to us after a colleague’s firm lost $220K to a BEC wire fraud attack.

What We Did

We deployed full email authentication across both domains, implemented an encrypted client portal for all document exchange, set up automatic encryption triggers for emails containing sensitive data, and created callback verification procedures for all wire transfers. We also built their complete Safeguards Rule compliance package — written security plan, risk assessment, incident response plan, and vendor management documentation.

Results

The Problem

The company managed 8 properties across 3 counties with no centralized IT. Each site had its own consumer-grade router, no consistent security, and no remote access. Their tenant portal crashed on the 1st of every other month. Staff turnover was high, and former employees still had access to tenant records weeks after leaving. Lease applications with SSNs were stored in a shared Dropbox with no access controls.

What We Did

We built a unified network across all 8 sites with business-grade equipment, centralized management, and secure connectivity between locations. Implemented proactive monitoring on their tenant portal and property management platform. Set up automated onboarding and offboarding workflows so access is provisioned on day one and revoked on the last day. Migrated all sensitive documents to an encrypted, access-controlled platform with role-based permissions.

Results

The Problem

Bid documents with proprietary pricing were being emailed between the main office and project managers on personal devices with no security. Field superintendents used personal phones to access project management software with no MDM or remote wipe capability. OSHA safety records were scattered across paper forms, email attachments, and a shared drive with no structure. The company had no IT support — everything was break-fix through a local consultant.

What We Did

We deployed managed devices for all project managers and supes with device management, encryption, and remote wipe. Set up a secure document vault for bid documents with access controls limited to authorized staff. Connected all active job sites to the main office with secure remote access. Digitized OSHA recordkeeping into a searchable, organized system. Transitioned the company from break-fix to proactive managed IT with monitoring, patching, and help desk support.

Results

The Problem

Clients were emailing W-2s, 1099s, and bank statements to the firm in plain text. Staff accountants working from home had unencrypted laptops with years of client tax returns. The firm had no written information security plan as required by IRS Publication 4557 and no GLBA Safeguards Rule documentation. During the prior tax season, two staff members fell for phishing emails — one of which nearly resulted in a fraudulent refund filing using client SSNs.

What We Did

We deployed a secure client portal for all document exchange — no more SSNs in email. Encrypted every laptop and desktop that touches client data with full-disk encryption and remote wipe. Built the firm’s complete WISP (Written Information Security Plan) per IRS 4557, plus Safeguards Rule documentation. Deployed email security with anti-phishing protections and ran targeted phishing simulations for all staff. Set up automated security awareness training on a monthly cadence.

Results