CTS Case study: Memery Crystal
For specialist London-based firm Memery Crystal, being thoughtful is more than just providing a good service to clients – it’s also about thoughtful use of IT. This includes having a cloud-first strategy and solid security practices.
“Like many firms, we woke up to the fact that information security – incident reporting and responses in particular – is a real and significant threat to the business,” says IT director Tim Bond.
“Considering the profile of some of our clients, there would be huge reputational damage and professional embarrassment that would come if we were breached”.
As an SME law firm with a small IT team, being able to pass something on to an expert to manage enables Memery Crystal to focus on the work directly linked to the business and really add value, he says. And CTS does just that.
“I like the way the service is run. CTS is a trusted adviser and natural extension of the IT department. The team is very good at reporting to us and really feels like part of our team.”
Pick up security
Many companies don’t find out they’ve had a breach until six months down the line when a load of data appears on the dark web, says Bond. “With CTS, we would be able to shut it down within half an hour of there being an incident. And that’s a much easier conversation to have than if we found out after six months and didn’t really know what happened, where it originated or what data was taken.”
CTS proactively flags up any unusual or weird behaviours at the firm. Bond explains: “One thing we were concerned about was, if we do have a significant breach or incident, one of the hardest things is working out the ingress points. But now that we’re actively monitoring our estate, were the worst to happen, we should not only be able to close it fairly quickly, but also present a very accurate picture of what happened. CTS adds another layer of credibility to our information security position.”
Yet, Bond says, the firm still has to be careful – the risk is that by having a 24/7 solution, staff might become complacent. “There is always work to be done around security and awareness to prevent something bad from happening.”
He says the overall project with CTS has been a success, as the firm is seeing more staff bringing up security questions and checking things. “And even though we would have had a level of security in place before, it’s easy for people blindly to go off and do things that they shouldn’t – things that they probably didn’t know were a problem to begin with.
“It’s usually the humans that are the problem, not necessarily the tech, so anything that helps to raise awareness is a good thing.”
This is especially true at the higher end. Obviously, he says, it’s the ‘bigger fish’ that are more likely to be phished. “We don’t necessarily treat them any differently; as using CTS they are more onboard with the idea of proceeding with caution as they recognise that they’re a risk themselves.”
Part of the team
When Bond joined Memery Crystal two years ago as its IT director, the firm had been close to partnering with CTS. “I was really impressed with their commercial and strategic approach to the problems they were trying to solve for us.
“And although (as the new IT director) I had a slightly different vision of what I wanted to do, CTS left me with a good impression – they really put an effort into building a relationship. I’ve experienced some suppliers going behind the IT director’s back and emailing the CEO, or other such. But there was none of that with CTS. They were professional and trustworthy. And as a firm, it’s important to do business with someone you trust.”
He adds that the thing that really cemented CTS as a genuine and capable partner was when, during an incident in the tendering process, CTS showed its true colours and was “proactive, helpful and responsive”.
CTS fits into the firm’s overall IT department offering and, off the back of the partnership, Memery Crystal ran a security awareness campaign and updated its security policy. The firm also now regularly sends out test phishing emails, so people know what to look out for. Bond also ran a series of security sessions towards the end of 2019, which every member of the firm was required to attend.
Incidents get reported whenever they happen, and the firm has monthly reports for everything that’s happened over the month, including any trends, as well as fairly standard MI reports, he says. This is all complemented with regular meetups with the CTS account manager every six weeks.
“I’m not necessarily someone who needs to see an account manager every three weeks. What’s more important to me is the knowledge that I can send CTS a message if I need help and get an immediate response.”
Having that extra level of protection, alerting and awareness that CTS brings means Memery Crystal is in a strong position, he says – and can get a clear idea of what has gone wrong in the event that something bad happens.