Overview

A New York-based nonprofit organization came to IT Custom Solution LLC after a phishing incident exposed staff credentials and raised serious concerns about their overall security posture. We conducted a full cybersecurity risk assessment, identified critical vulnerabilities, and implemented a remediation plan that brought the organization into compliance with data security best practices — all within a tight budget.

Industry:

Nonprofit / Social Services

Services:

Cybersecurity Risk Assessment, Vulnerability Scanning, Endpoint Detection & Response (EDR), Staff Security Awareness Training, Multi-Factor Authentication (MFA), Compliance Readiness (NIST CSF)

The Challenge

The organization handles sensitive client data — including personally identifiable information (PII) — for the communities it serves. After a staff member fell for a phishing email that compromised login credentials, leadership realized they had no formal security program, no visibility into threats, and no plan for response.

  • No MFA on any systems — a single compromised password could grant full access
  • Endpoints running outdated antivirus with no centralized visibility
  • No security awareness training for staff
  • No incident response plan

Our Approach

Phase 1 — Assess (Weeks 1-2): Vulnerability scan of all assets. Review of access control policies. Phishing simulation to baseline staff awareness.

Phase 2 — Remediate (Weeks 3-6): Deployed EDR across all endpoints. Enforced MFA on email, remote access, and admin accounts. Patched all critical vulnerabilities. Implemented email filtering and anti-phishing controls.

Phase 3 — Train & Document (Weeks 7-8): Security awareness training for all staff. Documented incident response procedures. Written risk report delivered to leadership.

Results

  • MFA coverage: 0% → 100% of all accounts
  • All critical and high-severity vulnerabilities patched
  • EDR deployed on every device with centralized monitoring
  • Documented incident response plan tested and approved
  • Phishing click rate reduced significantly after training

“We didn’t even know how exposed we were until IT Custom Solution walked us through the assessment. They didn’t just find the problems — they fixed them, and they explained everything in plain language.”
Executive Director, New York Nonprofit

Latest Projects

IT Infrastructure Overhaul for a New York Small Business

Managed IT Support for a New York City Government Agency