Company: haysmacintyre
Industry: Accountancy
Module: Web and Cloud Application Security (CASB)
Download case study
It’s been a gamechanger. Now, I can definitively demonstrate what’s happening with people’s web behaviour. We’ve got control, and a chain of evidence... It means we can be more supportive. By showing that IT is part of the team, we can demonstrate how we all work together to ensure a strong security culture.
“It’s about education and enhancing a strong security culture – not a barrier to getting the job done.”
haysmacintyre is an award-winning top 20 London firm of chartered accountants and tax advisors, with over 500 partners and staff. It provides advice to entrepreneurs, fast-growing and owner-managed businesses, and listed and not for profit organisations across the UK and internationally.
Data security is absolutely critical to its success in delivering on this – to safeguard client confidentiality, comply with regulations, maintain data integrity, preserve trust, and gain a competitive edge in the market.
With a large group of new starters and trainees joining the company each year as it expanded, haysmacintyre needed a way to make data security and cybersecurity as easy as possible.
“When I joined, we were well set up in the private cloud, with good boundaries and practices”, explains Megan Baldwin, Information Security Manager at haysmacintyre.
However, the company was concerned about its lack of insight into how staff were using IT. “We didn’t have a two-way communication channel with people”, Megan recalls. “As a result, our web filtering was clunky, and it was making people frustrated – feeling like they were being blocked from getting their job done.”
With the company growing, it realised it needed a revised approach to governance. “Instead of people gravitating to free but unapproved online tools for file sharing or pdfs, we wanted them to understand why those sites were off-limits, and know the company-approved standards instead. This is central to our approach to ensure we have a strong security culture where everyone plays their part.
“Looking for a solution, I had two top priorities: mitigating the risk of anybody’s actions having a negative effect on the company. And making cybersecurity as easy as possible for all staff. It needed to work with their lives – both personal and professional. I’d seen before in other organisations how people, when tired or stressed, could make a simple error that had a huge toll on finance, their career, or even personal respect. I didn’t want that to be overlooked and my focus was on ensuring that safe and secure behaviour was embedded across the company.”
“Implementation was smooth sailing, and super quick.”
After researching the market, Megan and the haysmacintyre team chose to move forward with Censornet’s Web and Cloud Application Security (CASB) modules.
She explains: “What first grabbed me about Censornet’s solution is that it would give us the intelligence to talk to people about their online behaviour. At the same time, we wanted people to be able to work securely and effectively. Our client list is really broad – from corporate and not for profit organisations to private clients. So, our staff need to be able to access different websites. Censornet’s service has meant that, if we want to allow access to a domain at short notice, it’s no problem. They’re really supportive, they respond super quickly, and no question is too silly!”
Implementation was quick too. “It was effortless and speedy from our side”, Megan says. “Implementing CASB was a slightly longer journey than Web, as we have 20-30 core business applications that we needed to work through. Breaking down those threats to individual actions required some thinking at our end.”
“The difference compared to previous suppliers is day and night.”
haysmacintyre has been using Censornet’s Web and CASB solutions since early 2023.
“It’s been a game-changer”, Megan says. “Now, I can definitively demonstrate what’s happening with people’s web behaviour. We’ve got control, and a chain of evidence. We can explain why someone’s actions aren’t in their – or the company’s – best interests. But it’s not a finger-pointing thing. It means we can be more supportive. By showing that IT is part of the team, we can demonstrate how we all work together to ensure a strong security culture.
“Our culture has become one where people actively report potential risks and threats. They take that five-second pause before they act and flag anything suspicious. It feels entrepreneurial, not draconian, and that only comes from having greater trust.
“The difference compared to previous suppliers is day and night. They didn’t understand what we’re trying to achieve, whereas Censornet got it straight away.”