How MH&A assured compliance and confidence in working with public sector institutions

Case Study MH&A cover web 1400x800

MH&A is a consultancy specializing in the education and economic development sectors. Prof. Matt Hamnett founded the company with one full-time employee, several associates, and contractors and quickly scaled.

Today the organization operates with a staff of >35 in the United Kingdom, consulting government, councils, and other public sector bodies. MH&A focuses on strategy, social impact, education, skills, policy, and economic development.

Profile of MH&A web 1400x696

Mainly working with governmental institutions and public sector clients, MH&A requires a high degree of information security and compliance.

There is a growing regulatory requirement in the UK. Emma Cooper, a Managing Consultant who acts as the firm’s Data Protection Officer, tells about solution implementation for ensuring compliance in the business.

The challenge

Qualifying for regulatory requirements

Government projects have strict requirements for data control. It’s imperative to keep sensitive information secure, and this extends on internal and client-issued equipment.

The work includes exchanging internal documents, performing analysis, and delivering big programs on a day-to-day level.

Working with government and public bodies means we’re sleeves rolled up in the midst of client data. MH&A must assure our clients that we are trusted to handle and process vast amounts of sensitive information.

Click to tweet

Depending on the case, MH&A might deal with clients in person, yet remote work still lingers after Covid. Coming along with company laptops and other infrastructure to connect to client servers requires a high level of trust from the organizations.

For the consultancy, it’s essential to be able to access sensitive data securely and safely and not compromise any of their information. This is where a security solution needs to come into play.

Once we start working with clients, we ask for the ‘keys’ to the relevant data areas. Most of our work is remote, so we need secure access to work with their data to bring in results.

Click to tweet

Remote work with clients is not the only challenge, as MH&A work in a hybrid model. Some employees work from London, where the head office is, and some are located in Scotland or the north of England, so colleagues are not centralized under one company network, which has to be replaced with a secure environment.

The solution

Checking cyber essentials requirements

In the UK, we have a certification called Cyber Essentials that you have to acquire to work with government organizations. It helps to assess according to national standards and comply with the requirements.

We needed to keep up with the nature of cybersecurity, which is becoming more strict. We wanted to ensure that we were ahead of the curve and didn’t end up struggling in 2025 because we had to change everything to comply with the rules.

Click to tweet

Submitting formal tenders often requires submitting detailed assurance and information about compliance with regulatory requirements, including using VPNs.

Why choose NordLayer

Having NordLayer helps MH&A provide assurance to clients and meet regulatory requirements.

Talking with a client in depth about technicalities might seem overly operational. Yet they must understand that we did everything to minimize the risks through our policies and tools like NordLayer.

Click to tweet

According to Emma Cooper, regulators are becoming more strict. Covid and sudden mass work from home convinced even the small and medium enterprises (10 to 250 employees) that it’s difficult to check whether people at home have adequate security provision.

Secondly, admins cannot be there and set up firewalls as they like. All sorts of policies are required, and focus solutions are mandatory to keep people and companies from various risks.

Complying with the regulations using NordLayer solution

Secure data governance and compliance with regulatory requirements 1400x786

NordLayer’s technological solutions are developed adhering to regulations and industry standards like ISO 27001, GDPR, HIPAA, and PCI-DSS. The communication between parties is secure thanks to our product features that allow admins to monitor VPN activity in the organization, overview devices in the network, manage identities and user and application access, and encrypt data transmissions.

The outcome

Reassured clients, confident manager

The compliance of the organization concerns not only regulators but businesses as well. Awareness of the right things being in place with your service providers, stakeholders, and partners is a high priority.

For a company like MH&A, where data security is critical, onboarding a NordLayer solution ticked many boxes.

The most secure thing we can do is have a VPN in places allowing remote people to work on trains and cafes if they need to without being concerned about internet access and securing their connection. Getting NordLayer was part of MH&A’s journey of preparing ourselves for growth.

Click to tweet

A plug-and-play rollout and smooth run in the background eliminates disruption for the manager securing the organization's network. Emma Cooper recalls that onboarding took a 3-slide presentation prepared for the employees to onboard the entire organization.

Everyone in MH&A uses NordLayer. Our acceptable use policy (AUP) requires it, which outlines exactly how you should use all of the organisation's equipment. This way, we create a work environment of high trust.

Click to tweet

The NordLayer Control Panel is useful to add staff during onboarding or see data on which colleagues are using the solution as instructed. As the MH&A team grows, the internal operations team is monitoring tool usage and adoption in the organization, providing insights on the service and day-to-day compliance.

NordLayer gives me confidence, so I don't have to worry about people in the organisation and assurance from the risk perspective. It makes our job so much easier because we know it’s in place and that we don't need to cast around to find a solution.

Click to tweet

Pro cybersecurity tips

Navigating the complexities of cybersecurity requires more than just understanding the basics. It requires a clear and informed strategy shaped by the brightest minds in the field. Emma Cooper, Managing Consultant at MH&A, possesses a wealth of experience and a unique perspective on the vital elements of cybersecurity that often get overlooked yet are crucial in maintaining a robust cybersecurity infrastructure.

Quotes of MH&A web 1400x790

NordLayer solutions bring a level of comfort to organizations that need to secure their connections for day-to-day operations and deliver their compliance commitment to clients and partners. Virtual Private Gateways provide secure data transactions and protected access to company resources. 

Always On VPN and Auto-connect ensure that the secure connection is stable and always in place, while Device Posture Monitoring functionality helps overview devices in the organization network. 

Reach out to our team and learn more about NordLayer’s adoption for your business security today.

Share article


Copy failed

Protect your business with cybersecurity news that matters

Join our expert community and get tips, news, and special offers delivered to you monthly.

Free advice. No spam. No commitment.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.