CASE STUDY: Private Equity Firm

The Case – Private Equity Firm

Background

The VP of Finance and Administration of a Chicago-based private equity firm came across SensCy through a personal connection between the founders of both companies. She says, “SensCy came in and did a lunch and learn for the team, and then we just had some conversations and we thought it was a very good partnership to help us leverage going to the next level of best practices and getting our cybersecurity locked down.”

In her opinion, cybersecurity is a must-have not a nice to have. She says that in her business, the implications of a successful cyberattack would be devastating on a variety of levels. She says that she is equally concerned about confidential information on the investors in the firm and the investments they make.

The Decision

The decision to proceed with SensCy was a joint decision between her and the founder of the private equity firm. She says: “It was an easy decision because there were best practices gaps in what we currently were doing and SensCy was offering the services that we needed.”

The Implementation

The private equity firm started by understanding their SensCy Score™ and worked towards improving that. The VP of Finance and Administration says that their score has increased by almost 200 points to over 900. Their current score improved her confidence in their cybersecurity approach. She says that SensCy also helped them write an incident response plan, which they didn’t have a formally written plan previously, and stay on top of software updates.

She goes on to add: “They’re helping us stay on top of cybersecurity awareness training. SensCy gives us monthly trackers for our cybersecurity awareness training to help us nudge those who have not yet completed it. They’ve also helped us think about one thing in particular: vulnerability scans. We had done them annually in the past, but I would say that was light in comparison. We now have monthly check-ins to see where we are and there have been updates to software that may have been missed before. They just nudged us and said, there’s a potential vulnerability. You guys need to do the upgrade and we have since done exactly that.”

She adds that writing the incident response plan was easy with SensCy’s help. It consisted of an interview process of what the steps would be if they had an incident. There was a template where they could fill out specific details, contact names, email addresses, and the flow of the system. She adds that understanding the SensCy Score™ was helpful to learn what steps could be taken to increase their score, and therefore reduce their risk.

The VP of Finance and Administration says that the whole implementation process was simple, effective and took very little time. She says: “SensCy has been very good and very attentive. When I’ve brought up issues or potential issues, their senior people have jumped in right away and helped us. For instance, I was getting multiple alerts from Microsoft Office that our employees had clicked on a malicious URL link. I walked around and I asked people “Have you clicked on any URL links that are unusual?” And people said, “No. No.” And I reported that to our managed service provider (MSP) because our IT is outsourced. They looked into it, but I also alerted SensCy and they found it out to be a system-wide Microsoft issue. It wasn’t us. It was a false positive. SensCy did a follow up and it wasn’t our issue, but it was a nice process and something that our third-party IT folks were not aware of right away. Bringing the two parties together really was helpful.”

She has been impressed by the fact that SensCy focuses on small to medium-sized businesses. She says that the cost of the service is extremely reasonable for the comprehensive program that they provide. The Vice President says: “I’ve reviewed different cybersecurity services and consulting, and they can be quite outlandish. It’s all cost-benefit based on our size and our budget. The larger private equity firms can afford more elaborate cybersecurity consulting and software services.” We can’t.”