Back To Case Studies
Case Study
Cyber Risk & Data Protection Assessment of a Cloud-Based Financial Management Platform
Blackwood Enterprises conducted an independent Security Readiness Assessment for a cloud-based financial management platform that stores, processes and enables the sharing of sensitive personal, household and business financial information.
The engagement was designed to evaluate how the platform’s security controls, user-access model, information-sharing features and supporting operational practices contributed to the protection of financial records and the preservation of user trust. The assessment considered not only technical controls, but also the interaction between people, processes and technology across common user workflows.
The review identified identity security as the platform’s primary area of risk concentration. Because a single user account could provide access to several financial profiles and categories of sensitive information, account compromise had the potential to create significant privacy, financial and reputational consequences.
Additional opportunities were identified in access governance, account recovery, audit visibility, shared-access management, financial-record protection and user security awareness.
The platform demonstrated several foundational security practices, including authenticated access, logical separation of financial profiles, user-controlled sharing and centralized information management. No critical control deficiencies were identified within the scope of the engagement.
The platform’s overall security maturity was assessed as Developing. Existing practices provided a functional foundation, but further formalization, automation and oversight would help the organization reduce exposure, improve operational resilience and strengthen customer confidence as the platform continued to grow.
The recommended direction was to prioritize stronger identity protection and recovery controls, followed by improved access governance, monitoring, record integrity and user-facing security practices.

Client Overview and Business Context
The client operates a cloud-based financial management platform used by individuals, families and small businesses to organize, analyze, store and share financial information through a centralized application.
The platform supports activities such as personal financial management, household financial tracking, small-business bookkeeping, receipt and document storage, financial reporting and collaboration with accountants, advisers, family members and other authorized users.
Users may maintain several financial profiles within one account environment. A single account could therefore contain personal financial information, household records, tax-related documentation and business financial data.
This operating model creates meaningful customer value by making information easier to organize and manage. It also creates a concentration-of-value risk. If one account is compromised, several categories of sensitive information may be exposed simultaneously.
Security was therefore important not only as a technical requirement, but also as a business requirement connected to customer trust, platform adoption, operational continuity and long-term growth.
Engagement Objective
The objective of the engagement was to identify realistic security and data-protection risks arising from the platform’s functionality, user behaviour and operational workflows.
The assessment was intended to:
Evaluate how effectively existing controls protected sensitive financial information.
Identify areas where platform features or user practices could contribute to unauthorized access, excessive permissions, information exposure, loss of data integrity or delayed detection of suspicious activity.
Assess the platform’s current level of security maturity.
Connect security findings to operational, financial and customer-trust considerations.
Provide practical and prioritized recommendations that could support continued platform growth.
The engagement was advisory in nature. It was not designed to provide formal certification, regulatory assurance or a guarantee that a security incident could not occur.
Scope and Methodology
Assessment Approach
Blackwood evaluated the platform across three connected dimensions:
People: How users, collaborators and administrators interacted with accounts, financial information, sharing permissions and recovery processes.
Process: How access was granted, reviewed, maintained and removed, and how records, permissions and security-related activities were governed.
Technology: How authentication, profile separation, information sharing, account recovery, logging and record-management capabilities supported the protection of sensitive information.
The assessment included:
Functional review of relevant platform capabilities
User-workflow analysis
Access-control and permission review
Information-sharing assessment
High-level data-flow analysis
Threat-scenario modelling
Qualitative risk analysis
Review of account-recovery dependencies
Evaluation of financial-record protection
Security-control mapping against recognized practices
Development of prioritized recommendations
The assessment was informed by generally accepted principles reflected in the NIST Cybersecurity Framework, CIS Critical Security Controls and ISO/IEC 27001 information-security management practices.
These frameworks were used as reference points rather than as formal audit or certification criteria.
Engagement Limitations
The engagement did not include:
Penetration testing
Vulnerability scanning
Source-code review
Detailed cloud-configuration assessment
Infrastructure-security testing
Formal compliance auditing
Legal or regulatory opinions
Certification against a security standard
Continuous security monitoring
Incident-response services
Findings were based on the platform functionality, information and workflows available during the engagement.
Key Information and Business Areas Reviewed
The platform stored or processed several categories of information with varying levels of sensitivity.
Information or business area | Sensitivity | Potential business impact if exposed or disrupted |
User profile information | Moderate | Privacy concerns, customer support demand and reputational impact |
Financial account information | High | Financial fraud, privacy exposure and loss of customer confidence |
Receipts and invoices | High | Disclosure of financial activity and commercial information |
Tax-related documents | High | Identity theft, fraud and legal or financial consequences |
Business financial records | High | Operational disruption, reputational harm and strategic exposure |
Financial reports and analytics | High | Inaccurate decisions, privacy concerns and financial exposure |
Sharing and collaboration records | Moderate | Unauthorized disclosure and uncertainty regarding current access |
Account-recovery processes | High | Unauthorized access through compromise of an external dependency |
User permissions | High | Excessive or outdated access to sensitive financial information |
Record integrity and recovery | High | Loss, modification or corruption of information relied upon by users |
The presence of several high-sensitivity information categories increased the potential impact of account compromise and made identity security, access governance and record integrity particularly important.
Observed Strengths and Existing Controls
The assessment identified several positive practices that provided a foundation for continued security improvement.
Control area | Observed strength |
Authentication | Users were required to authenticate before accessing account information |
Profile separation | Personal, household and business profiles were logically separated within the platform |
Information sharing | Users maintained direct control over collaboration and sharing relationships |
Centralized information management | Financial records were maintained within a centralized platform environment |
User visibility | Users could review financial activity and reporting information |
Cloud-based architecture | Centralized hosting supported consistent platform management and control implementation |
Customer control | Users retained meaningful control over the information and profiles they chose to share |
Existing security foundation | No critical control deficiencies were identified within the assessment scope |
These controls demonstrated that the platform was not beginning from an unmanaged security position. The principal opportunity was to make existing practices more consistent, visible and resilient as platform usage and data sensitivity increased.
Current-State and Maturity Assessment
Blackwood used the following maturity scale:
Maturity level | Description |
Initial | Practices are informal, reactive or inconsistently applied |
Developing | Foundational controls exist, but implementation and oversight remain partly manual |
Defined | Practices are documented, repeatable and consistently assigned |
Managed | Performance is measured, reviewed and actively governed |
Optimized | Controls are continuously improved through automation, evidence and measured outcomes |
Overall Maturity Rating: Developing
The platform demonstrated foundational controls in authentication, profile separation, user-managed sharing and centralized data management.
However, several important practices depended on individual user decisions or manual administration. Access reviews, permission expiration, recovery assurance, audit visibility and record-integrity protections had not yet reached a consistently defined or managed state.
The Developing rating did not indicate that the platform lacked security controls. It indicated that the next stage of maturity would require stronger governance, clearer ownership, improved monitoring and more systematic control operation.
Domain-Level Assessment
Control domain | Current state | Recommended direction |
Authentication security | Password-based access with opportunities for stronger protection | Broader multi-factor authentication and risk-based login controls |
Access governance | Permissions largely managed by individual users | Periodic reviews, clearer roles and automated governance |
Information sharing | Manual sharing relationships | Time-limited, role-based and more visible access |
Audit visibility | Limited historical access and sharing visibility | Comprehensive activity reporting and meaningful notifications |
Account recovery | Material dependency on the user’s email account | Stronger identity verification and multi-factor recovery controls |
Data integrity | Standard record-management capabilities | Version history, recovery capabilities and monitoring of important changes |
Security communication | Security practices not always visible to users | Clearer communication, education and trust-supporting controls |
Executive Business Risk Summary
Priority | Business risk | Potential operational impact | Rating |
1 | Account compromise affecting several financial profiles | Exposure of personal, household and business information through one authentication boundary | High |
2 | Unauthorized modification or deletion of financial records | Inaccurate reporting, recovery effort and loss of confidence in platform data | Medium-High |
3 | Access remaining active beyond legitimate need | Former collaborators or advisers retaining unnecessary access | Medium |
4 | Limited visibility into account and sharing activity | Delayed identification of unauthorized or inappropriate access | Medium |
5 | Recovery processes dependent on external email security | Platform access obtained through compromise of the user’s email account | Medium |
6 | Security incidents reducing customer confidence | User attrition, increased support demand and slower platform adoption | Medium |
Risk-Rating Methodology
Findings were rated using qualitative analysis based on:
Likelihood of the scenario occurring
Sensitivity of the affected information
Potential financial, operational, privacy and reputational impact
Common user-behaviour patterns
Strength of existing controls
Remaining exposure after existing controls were considered
Likelihood Scale
Rating | Definition |
Low | An uncommon scenario requiring significant effort or unusual conditions |
Medium | A plausible scenario observed in comparable technology environments |
High | A common attack path or operational failure pattern frequently observed in practice |
Impact Scale
Rating | Definition |
Low | Limited operational, financial or privacy consequences |
Medium | Noticeable business, customer, financial or privacy consequences |
High | Significant financial, legal, operational, privacy or reputational consequences |
A risk rating represented the assessment of the remaining exposure within the defined engagement scope. It was not a prediction that the scenario would occur.
Detailed Findings
Priority 1: Strengthen Identity Security
Business Context
The platform allowed users to consolidate several categories of sensitive financial information within one account environment.
This simplified financial management for users, but it also increased the value of each account to a potential attacker.
Observation
A successful account compromise could provide access to personal, household and business financial profiles through one authentication boundary.
Existing Controls
The platform required account authentication and maintained logical separation between financial profiles.
These controls reduced casual or unauthorized access but did not eliminate the risks associated with password reuse, phishing, credential theft or compromise of recovery channels.
Illustrative Scenario
A user reuses a password that was previously exposed through an unrelated third-party data breach. An attacker attempts the same credentials against the platform and successfully authenticates.
The attacker may then access or export sensitive records across several financial profiles associated with the account.
Business Impact
Potential consequences could include:
Exposure of personal and business financial information
Disclosure of tax-related documents
Increased fraud or identity-theft risk
Customer support and investigation costs
Reduced confidence in the platform
Reputational and commercial consequences
Remaining Gap
Password-based authentication may not provide sufficient protection where credentials have been stolen, reused or obtained through phishing.
The concentration of several financial profiles under one account increases the impact of a successful compromise.
Risk Statement
Unauthorized account access could expose several categories of sensitive financial information simultaneously.
Rating
Likelihood: High
Impact: High
Overall rating: High
Recommendations
Increase the adoption of multi-factor authentication across the user base.
Consider requiring stronger authentication for high-risk actions, such as changing recovery information, exporting sensitive records or modifying important sharing relationships.
Introduce monitoring for suspicious login patterns, unusual devices, abnormal locations or repeated authentication failures.
Review authentication controls regularly as the platform’s user base and information sensitivity grow.
Strengthen account-recovery verification so that recovery processes do not weaken the protection provided by normal authentication.
Expected Business Benefit
Stronger identity controls would reduce the likelihood of unauthorized access while supporting user confidence in the platform’s ability to protect consolidated financial information.
Priority 2: Improve Financial-Record Protection and Recoverability
Business Context
Users rely on the platform’s financial records for budgeting, bookkeeping, tax preparation, reporting and business decisions.
The value of the platform therefore depends not only on confidentiality, but also on the integrity and availability of those records.
Observation
An attacker or unauthorized user who gained account access could potentially modify or delete information that users rely upon.
Existing Controls
The platform provided centralized document and record management, together with user-controlled permissions.
These practices created a useful foundation for consistent record handling.
Illustrative Scenario
An unauthorized individual gains access to an account and modifies or deletes financial information.
The account owner does not immediately identify the changes and later relies on incomplete or inaccurate records for reporting, tax preparation or operational decisions.
Business Impact
Potential consequences could include:
Inaccurate financial reporting
Lost or corrupted records
Business disruption
Increased recovery and support effort
Reduced confidence in platform information
Customer dissatisfaction or attrition
Remaining Gap
Existing controls may not provide sufficient visibility into material changes or an efficient method of restoring records after unauthorized modification or deletion.
Risk Statement
Unauthorized access, modification or deletion could affect the reliability of financial records used for important personal and business activities.
Rating
Likelihood: Medium
Impact: High
Overall rating: Medium-High
Recommendations
Introduce or expand version history for important financial records and documents.
Develop recovery capabilities that allow authorized users or administrators to restore information after accidental or unauthorized changes.
Increase visibility into material record modifications.
Consider notifications or review controls for high-impact changes.
Review access permissions regularly for users with the ability to modify or delete important information.
Expected Business Benefit
Improved record integrity and recoverability would help protect the reliability of the platform’s information, reduce recovery effort and support continued customer trust.
Priority 3: Formalize Shared-Access Governance
Business Context
The platform allowed users to share financial information with accountants, advisers, contractors, family members and other collaborators.
This functionality supported valuable business and household workflows, but created an ongoing need to manage who retained access and for how long.
Observation
Sharing permissions were managed manually, and no automated expiration or periodic review process was observed.
Existing Controls
Users had direct control over sharing relationships and could determine which individuals received access.
Illustrative Scenario
A contractor, accountant or adviser receives access for a temporary purpose. The relationship or engagement later ends, but the user does not remove the permission.
The external party continues to have access to financial information beyond the period of legitimate need.
Business Impact
Potential consequences could include:
Unauthorized access by former collaborators
Excessive permission accumulation
Privacy concerns
Uncertainty regarding who can access sensitive information
Increased support and incident-management requirements
Remaining Gap
Manual permission management creates a risk that access will remain active because users forget to remove it or cannot easily review all current sharing relationships.
Risk Statement
Access may remain active beyond legitimate business or personal need, increasing the likelihood of inappropriate information exposure.
Rating
Likelihood: Medium
Impact: Medium
Overall rating: Medium
Recommendations
Introduce optional or mandatory expiration dates for temporary sharing relationships.
Provide periodic reminders encouraging users to review active access.
Support clearer role-based permissions so that collaborators receive only the access required for their purpose.
Offer read-only access where editing capability is unnecessary.
Make active sharing relationships easy to review from a central location.
Consider distinguishing permanent relationships from temporary or engagement-based access.
Expected Business Benefit
Stronger sharing governance would reduce permission creep, improve customer control and make collaboration safer without removing the convenience that users value.
Priority 4: Expand Audit Visibility and Security Monitoring
Business Context
Users need sufficient visibility to understand who can access their financial information and whether important account activity has occurred.
Visibility also affects how quickly suspicious or inappropriate access can be identified and addressed.
Observation
Historical access activity, sharing changes and other significant account events were not fully visible to users.
Existing Controls
The platform provided standard account-management and reporting capabilities.
Illustrative Scenario
An external collaborator retains access for several months longer than intended. The access is not actively reviewed, and the account owner receives no meaningful reminder or indication that the relationship remains active.
The continued exposure is not identified until a later review or unrelated event.
Business Impact
Potential consequences could include:
Longer exposure periods
Delayed investigation of suspicious activity
Reduced ability to answer customer questions
Increased support burden
Lower confidence in the platform’s oversight capabilities
Remaining Gap
Limited historical visibility may prevent users and administrators from identifying unusual access, outdated sharing relationships or important account changes promptly.
Risk Statement
Insufficient monitoring and audit visibility could delay the identification of unauthorized, inappropriate or unexpected activity.
Rating
Likelihood: Medium
Impact: Medium
Overall rating: Medium
Recommendations
Expand audit logging for significant account, access, sharing and record-management events.
Provide users with accessible account-activity and access-history information.
Notify users when important changes occur, including new sharing relationships, recovery changes or logins from unusual environments.
Highlight active external access and relationships that have not been reviewed recently.
Develop a practical review process for security-relevant activity.
Expected Business Benefit
Improved visibility would support earlier detection, more efficient customer support and stronger confidence that users remain informed about access to their financial information.
Priority 5: Strengthen Account-Recovery Assurance
Business Context
Account recovery is necessary when a user loses access to credentials or authentication factors.
However, a recovery process can become an alternative route into an account if it depends too heavily on another system that has already been compromised.
Observation
Account recovery appeared to depend materially on access to the user’s email account.
Existing Controls
Recovery messages and verification were delivered through the user’s registered email address.
Illustrative Scenario
An attacker compromises a user’s email account through phishing or password reuse.
The attacker initiates a platform password reset, intercepts the recovery message and gains access without directly defeating the platform’s normal authentication controls.
Business Impact
Potential consequences could include:
Unauthorized access to several financial profiles
Exposure of sensitive documents
Fraud or identity-theft risk
Customer support and investigation costs
Reduced trust in the platform’s account-protection practices
Remaining Gap
Email-based recovery creates a security dependency on an external account that the platform does not control.
Risk Statement
Compromise of a user’s email account could enable unauthorized platform access through the recovery process.
Rating
Likelihood: Medium
Impact: Medium
Overall rating: Medium
Recommendations
Introduce additional identity-verification steps for sensitive recovery events.
Require multi-factor verification where possible during account recovery.
Provide clear notifications when recovery information is changed or a recovery process is initiated.
Apply additional review to recovery attempts exhibiting unusual characteristics.
Educate users about the importance of protecting the email accounts associated with the platform.
Review recovery workflows periodically to ensure that they do not provide a weaker path than standard authentication.
Expected Business Benefit
More resilient recovery controls would reduce the likelihood that attackers could bypass normal authentication while still allowing legitimate users to regain access.
Priority 6: Make Security Practices More Visible to Users
Business Context
The platform’s value depended partly on customers trusting it with increasingly sensitive financial information over time.
Users may not be able to evaluate the platform’s underlying technical controls directly. Their confidence is therefore influenced by the security features, communications and operating practices they can see.
Observation
The platform had foundational security capabilities, but opportunities existed to communicate security practices and user responsibilities more clearly.
Existing Controls
The platform centralized financial information, allowed users to manage sharing relationships and maintained logical separation between financial profiles.
Illustrative Scenario
A security incident affects a limited number of accounts. Public discussion or incomplete information creates broader concern among existing and prospective users.
Even where the direct technical impact is contained, uncertainty about the platform’s practices contributes to increased support requests, lower adoption or customer attrition.
Business Impact
Potential consequences could include:
Reduced user confidence
Slower customer acquisition
Increased support demand
Reputational harm
User attrition
Greater scrutiny from partners or stakeholders
Remaining Gap
Security improvements that are not visible or understandable to users may provide less trust value than controls supported by clear communication and user education.
Risk Statement
A security event or perceived weakness could reduce customer confidence even where the direct operational impact is limited.
Rating
Likelihood: Medium
Impact: Medium
Overall rating: Medium
Recommendations
Communicate relevant security practices in plain language.
Make important protective features visible and understandable to users.
Provide practical guidance on strong authentication, phishing awareness and secure sharing.
Explain user responsibilities without shifting accountability away from the platform.
Develop a clear process for communicating material security events and improvements.
Continue investing in controls that strengthen both actual protection and customer confidence.
Expected Business Benefit
Clearer security communication would help users make better decisions, increase adoption of protective features and reinforce the platform’s reputation as a trusted financial-information environment.
Prioritized Improvement Roadmap
Immediate Priorities: 0–3 Months
1. Increase Multi-Factor Authentication Adoption
Improve user awareness of multi-factor authentication and reduce friction in the enrolment process.
Evaluate whether stronger authentication should be required for sensitive actions or higher-risk account conditions.
Business value: Reduces the likelihood that stolen or reused passwords will result in account compromise.
2. Strengthen Account-Recovery Verification
Review the recovery process for excessive dependency on email-based verification.
Introduce additional checks for high-risk recovery events and notify users when recovery information or credentials are changed.
Business value: Reduces the likelihood that compromise of an external email account will lead to platform access.
3. Review Protection of Financial Records
Determine which records and actions are most important to preserve.
Evaluate version history, restoration capability and monitoring for significant modifications or deletions.
Business value: Protects the reliability of information used for reporting, bookkeeping and financial decisions.
4. Improve User Security Guidance
Provide practical guidance concerning password reuse, phishing, email-account protection and safe information sharing.
Business value: Helps reduce avoidable security incidents caused by common user behaviours.
5. Evaluate Suspicious-Login Monitoring
Define meaningful indicators of unusual account access and determine which events should trigger review, additional verification or user notification.
Business value: Supports earlier identification of account-compromise attempts.
Medium-Term Priorities: 3–6 Months
1. Establish Access-Review Workflows
Provide users with a clear and centralized way to review current sharing relationships and permissions.
Introduce periodic review reminders.
Business value: Reduces outdated access and strengthens customer control.
2. Introduce Permission-Expiration Options
Allow temporary access to expire automatically after a defined period.
Business value: Reduces the likelihood that collaborators will retain access after the original purpose has ended.
3. Expand Role-Based Permissions
Differentiate between viewing, editing, exporting and administrative access where practical.
Business value: Ensures collaborators receive only the capabilities required for their role.
4. Improve Sharing Visibility
Make active sharing relationships prominent and understandable.
Highlight relationships that are old, inactive or have not been reviewed recently.
Business value: Helps users make informed access decisions and reduces hidden exposure.
5. Develop Read-Only Collaboration Models
Provide safer collaboration options for accountants, advisers and other users who do not require modification rights.
Business value: Preserves collaboration while reducing the potential impact of unnecessary access.
Long-Term Priorities: 6–12 Months
1. Expand Audit Logging
Capture security-relevant events involving authentication, recovery, sharing, permissions and important record changes.
Business value: Improves investigation capability, accountability and operational oversight.
2. Provide Account-Activity Reporting
Allow users to review meaningful historical access and account activity without presenting excessive technical detail.
Business value: Increases transparency and helps users identify unexpected activity.
3. Mature Security Governance
Assign clear ownership for identity security, access governance, recovery controls, monitoring and user communication.
Document review frequencies, decision rights and escalation processes.
Business value: Converts individual security features into a coordinated operating system.
4. Enhance Data-Integrity Controls
Develop stronger versioning, restoration and high-impact-change monitoring capabilities.
Business value: Supports the continued reliability of information used for important financial activities.
5. Formalize Trust-Supporting Practices
Develop a consistent approach to security communications, customer education, incident transparency and the presentation of protective controls.
Business value: Strengthens user confidence and supports long-term platform adoption.
Recommended 90-Day Operating Focus
Although the complete roadmap extended over 12 months, the first 90 days should focus on the controls most likely to reduce material exposure quickly.
The recommended sequence was:
Strengthen authentication and recovery controls.
Improve protection and recoverability of important financial records.
Introduce greater visibility into account access and sharing.
Establish ownership and measures for the priority improvements.
Reassess remaining risk after the initial controls are implemented.
This sequence would address the most significant risk concentration first while creating a practical foundation for broader governance and monitoring improvements.
Client Perspective
The following section is a paraphrased summary of the client’s reported experience and should be approved before external publication.
The client identified Blackwood’s focus on everyday platform usage as one of the engagement’s most valuable elements. The assessment considered how security risks could emerge through normal user behaviour, access-sharing practices and account-management workflows rather than treating security as a purely technical issue.
The engagement provided improved visibility into shared-access governance, user permissions, account-recovery dependencies and oversight of sensitive financial information.
The client also valued the independent review of existing controls and the practical nature of the recommendations. The assessment helped connect security considerations to broader priorities, including customer confidence, operational resilience and responsible platform growth.
Conclusion
The assessment identified identity security as the platform’s most significant area of risk concentration because one account could provide access to several categories of sensitive financial information.
Financial-record protection, shared-access governance, audit visibility, account recovery and visible security practices were also identified as important areas for improvement.
The platform demonstrated meaningful foundational controls, and no critical deficiencies were identified within the scope of the engagement. Its overall maturity was assessed as Developing, reflecting the presence of functional security practices that would benefit from greater consistency, automation, visibility and governance.
The recommended improvements were intended to strengthen the platform without introducing unnecessary operational complexity. Priority was placed on identity and recovery controls, followed by access governance, monitoring, record integrity and customer-facing security practices.
Implementing these recommendations would help reduce exposure to unauthorized access, excessive permissions, undetected activity and loss of record integrity. It would also support broader business objectives by strengthening operational resilience, customer trust and the platform’s ability to grow responsibly.
Engagement Summary
Category | Summary |
Engagement type | Security Readiness Assessment |
Client environment | Cloud-based financial management platform |
Primary objective | Evaluate security, governance and operational controls affecting sensitive financial information |
Business focus | Customer trust, operational resilience and responsible growth |
Primary areas reviewed | Identity security, access governance, data protection, account recovery, information sharing, audit visibility and record integrity |
Assessment approach | People, process and technology review |
Referenced practices | NIST Cybersecurity Framework, CIS Critical Security Controls and ISO/IEC 27001 principles |
Overall maturity | Developing |
Highest-priority finding | Identity security and account-compromise concentration |
Recommended direction | Strengthen authentication and recovery first, followed by governance, visibility and record-integrity controls |
Important exclusions | No penetration testing, vulnerability scanning, source-code review, infrastructure assessment, formal audit or certification |
