Case Studies
We do not use client names or identifying details in our marketing. That is a deliberate choice — the same privacy-first approach we apply to everything we do. But the work speaks for itself. Here are three real outcomes from real engagements, anonymized to protect our clients.
Law Firm: Ransomware Averted
The situation: A mid-size law firm with 25 employees engaged us after their previous IT provider left. During our onboarding assessment, we discovered an exposed Remote Desktop Protocol (RDP) port on their firewall — wide open to the internet, unpatched, with a local admin account using a weak password. RDP brute-force attacks are the number one ransomware entry point for small businesses.
What we found: Log analysis showed that attackers had already been probing the port. Failed login attempts were occurring thousands of times per day. It was a matter of time — days, not months — before they got in.
What we did: We closed the RDP port immediately, deployed our full security stack — MFA, endpoint protection, DNS filtering, email security — replaced the firewall with a properly configured unit, and implemented secure remote access through a VPN with conditional access policies. We also enrolled every user in security awareness training.
The outcome: The firm has been a client for four years. Zero security incidents. Full Bar Rule 1.6 compliance. Their previous provider never flagged the exposed RDP port because they never looked.
Manufacturing Company: Downtime Eliminated
The situation: A manufacturing company with 45 employees was experiencing an average of six hours per month of unplanned downtime. Their ERP system would lock up, their network would drop connections on the production floor, and their aging server would crash under load. Every hour of downtime stopped production and delayed shipments.
What we found: The server was seven years old and running on a single drive with no redundancy. The network switches on the production floor were consumer-grade. The ERP database had never been optimized. And backups were running to a USB drive that was sitting on top of the server.
What we did: We migrated the ERP to a properly spec’d server with redundant storage, deployed managed switches with monitoring, optimized the database, configured automated offsite backups with tested restores, and replaced the consumer-grade network equipment with enterprise hardware designed for manufacturing environments.
The outcome: Zero hours of unplanned downtime in the 30 months since the project completed. The client estimates they were losing $3,000 per hour during those six monthly downtime hours. The entire project paid for itself in under three months.
Dental Practice: HIPAA Audit Remediation
The situation: A dental practice with three locations and 35 employees failed a HIPAA compliance audit. The findings were extensive: no documented risk assessment, no encryption on workstations, no MFA, no employee training records, shared login accounts on operatory computers, and backups that had not been verified in over a year.
What we did: We treated it as a remediation project with a 30-day timeline. Week one: formal risk assessment and documentation of all findings. Week two: deployed encryption, MFA, individual user accounts, and endpoint protection across all three locations. Week three: configured automated backups with tested restores and offsite replication. Week four: conducted security awareness training for all staff and produced the documentation package for the auditor.
The outcome: The practice passed their follow-up audit 30 days after we started. They have maintained continuous HIPAA compliance as a managed client ever since. Every audit since has been clean.
Your Story
Every one of these situations started the same way — a conversation about what was not working. If something about your current IT environment is keeping you up at night, let us talk about it.
