MH&A is a consultancy specializing in the education and economic development sectors. Prof. Matt Hamnett founded the company with one full-time employee, several associates, and contractors and quickly scaled.
Today the organization operates with a staff of >35 in the United Kingdom, consulting government, councils, and other public sector bodies. MH&A focuses on strategy, social impact, education, skills, policy, and economic development.
Mainly working with governmental institutions and public sector clients, MH&A requires a high degree of information security and compliance.
There is a growing regulatory requirement in the UK. Emma Cooper, a Managing Consultant who acts as the firm’s Data Protection Officer, tells about solution implementation for ensuring compliance in the business.
The challenge
Qualifying for regulatory requirements
Government projects have strict requirements for data control. It’s imperative to keep sensitive information secure, and this extends on internal and client-issued equipment.
The work includes exchanging internal documents, performing analysis, and delivering big programs on a day-to-day level.
Click to tweetWorking with government and public bodies means we’re sleeves rolled up in the midst of client data. MH&A must assure our clients that we are trusted to handle and process vast amounts of sensitive information.
Depending on the case, MH&A might deal with clients in person, yet remote work still lingers after Covid. Coming along with company laptops and other infrastructure to connect to client servers requires a high level of trust from the organizations.
For the consultancy, it’s essential to be able to access sensitive data securely and safely and not compromise any of their information. This is where a security solution needs to come into play.
Click to tweetOnce we start working with clients, we ask for the ‘keys’ to the relevant data areas. Most of our work is remote, so we need secure access to work with their data to bring in results.
Remote work with clients is not the only challenge, as MH&A work in a hybrid model. Some employees work from London, where the head office is, and some are located in Scotland or the north of England, so colleagues are not centralized under one company network, which has to be replaced with a secure environment.
The solution
Checking cyber essentials requirements
In the UK, we have a certification called Cyber Essentials that you have to acquire to work with government organizations. It helps to assess according to national standards and comply with the requirements.
Click to tweetWe needed to keep up with the nature of cybersecurity, which is becoming more strict. We wanted to ensure that we were ahead of the curve and didn’t end up struggling in 2025 because we had to change everything to comply with the rules.
Submitting formal tenders often requires submitting detailed assurance and information about compliance with regulatory requirements, including using VPNs.
Why choose NordLayer
Having NordLayer helps MH&A provide assurance to clients and meet regulatory requirements.
Click to tweetTalking with a client in depth about technicalities might seem overly operational. Yet they must understand that we did everything to minimize the risks through our policies and tools like NordLayer.
According to Emma Cooper, regulators are becoming more strict. Covid and sudden mass work from home convinced even the small and medium enterprises (10 to 250 employees) that it’s difficult to check whether people at home have adequate security provision.
Secondly, admins cannot be there and set up firewalls as they like. All sorts of policies are required, and focus solutions are mandatory to keep people and companies from various risks.
Complying with the regulations using NordLayer solution
NordLayer’s technological solutions are developed adhering to regulations and industry standards like ISO 27001, GDPR, HIPAA, and PCI-DSS. The communication between parties is secure thanks to our product features that allow admins to monitor VPN activity in the organization, overview devices in the network, manage identities and user and application access, and encrypt data transmissions.
The outcome
Reassured clients, confident manager
The compliance of the organization concerns not only regulators but businesses as well. Awareness of the right things being in place with your service providers, stakeholders, and partners is a high priority.
For a company like MH&A, where data security is critical, onboarding a NordLayer solution ticked many boxes.
Click to tweetThe most secure thing we can do is have a VPN in places allowing remote people to work on trains and cafes if they need to without being concerned about internet access and securing their connection. Getting NordLayer was part of MH&A’s journey of preparing ourselves for growth.
A plug-and-play rollout and smooth run in the background eliminates disruption for the manager securing the organization's network. Emma Cooper recalls that onboarding took a 3-slide presentation prepared for the employees to onboard the entire organization.
Click to tweetEveryone in MH&A uses NordLayer. Our acceptable use policy (AUP) requires it, which outlines exactly how you should use all of the organisation's equipment. This way, we create a work environment of high trust.
The NordLayer Control Panel is useful to add staff during onboarding or see data on which colleagues are using the solution as instructed. As the MH&A team grows, the internal operations team is monitoring tool usage and adoption in the organization, providing insights on the service and day-to-day compliance.
Click to tweetNordLayer gives me confidence, so I don't have to worry about people in the organisation and assurance from the risk perspective. It makes our job so much easier because we know it’s in place and that we don't need to cast around to find a solution.
Pro cybersecurity tips
Navigating the complexities of cybersecurity requires more than just understanding the basics. It requires a clear and informed strategy shaped by the brightest minds in the field. Emma Cooper, Managing Consultant at MH&A, possesses a wealth of experience and a unique perspective on the vital elements of cybersecurity that often get overlooked yet are crucial in maintaining a robust cybersecurity infrastructure.
NordLayer solutions bring a level of comfort to organizations that need to secure their connections for day-to-day operations and deliver their compliance commitment to clients and partners. Virtual Private Gateways provide secure data transactions and protected access to company resources.Â
Always On VPN and Auto-connect ensure that the secure connection is stable and always in place, while Device Posture Monitoring functionality helps overview devices in the organization network.Â
Reach out to our team and learn more about NordLayer’s adoption for your business security today.
