Proof of security for a fund and wealth management firm

A firm that looks after other people's money is a constant target, and its own clients and regulators expect proof that the basics are watertight. The firm could not point to that proof.

Backups existed on paper but had never been tested, which is the same as not having them. Nobody knew how long it would actually take to recover if something went wrong.

We hardened the systems first, the configuration and access controls that stop most attacks, then added endpoint protection and multi-factor authentication across the firm.

We rebuilt the backups properly, into storage that ransomware cannot reach, and we tested the restores so the recovery time is a known number rather than a hope. We then took the firm through Cyber Essentials so it has something concrete to show clients and insurers.