Cyber Solutions

Cyber Solutions

We support firms with key cybersecurity testing and documentation.

Get ahead of the SEC’s proposed cybersecurity ruling—and safeguard your firm’s protection of sensitive client and firm information.

Our Cyber Solutions directly align with the SEC’s proposed Cybersecurity Risk Management Rules and Outsourced Provider Rule, which would require advisers to adopt and implement written cybersecurity policies and procedures and produce an annual cyber report.

Our team of cybersecurity and regulatory experts assist firms in building SEC cyber policies and data security programs with documented testing reports to assess the firm’s protection of sensitive client and firm information. We work to thoroughly review and revise existing policies and procedures and create a custom testing program, with the goal of generating sustainable, well-documented cybersecurity programs reflective of industry best practices and regulatory expectations.

Our Services

Policies and Procedures

  • Analyze current practices and advise on any updates necessary to comply with regulatory requirements
  • Draft policies and procedures to align with regulatory requirements

Comprehensive Testing

Annual production of:

  • Documentation of annual risk assessment
  • Recommendations on enhancements to cyber policies and procedures
  • Log of cyber and data security training provided to staff
  • Detailed outline of testing parameters and documentation of findings
  • Assistance with testing material requirements established by cyber policies and procedures
  • Reports of mock phishing simulations
  • Documentation of external / internal network scans and resolved vulnerabilities
  • Facilitation and documentation of incident response and disaster recovery / business continuity tabletop exercises
  • Assistance in maintaining a well-documented vendor management program
    • Maintain an approved vendor list
    • Conduct and document annual vendor due diligence reviews:
      • Summarize vendor due diligence findings
      • Coordinate meeting to review a summary of the completed due diligence reviews
      • Take meeting minutes to evidence oversight

Phishing Training

  • Develop and deploy a custom training program based on phishing results
  • Coordination of ongoing employee phishing training

External and Internal Scans

  • Conduct or coordinate external and internal network scans
  • Provide detailed findings with instructions on how to address any vulnerabilities identified

Threat Monitoring

With our threat monitoring capabilities, we can detect if your company is at risk due to exposed credentials on the dark web, or through a subdomain takeover, so that issues can be corrected before the data is used maliciously. Our services include:

Dark Web Scanning:

  • Scan the dark web using private datasets
  • Produce a report with findings on whether email accounts are identified as being involved in a breach, as well as details of the breach
  • Provide insight on email accounts involved in a data breach and password details so login credentials can be updated

DNS Record Scanning:

  • Scan domain name system (DNS) records to identify current and potential subdomain takeovers
  • Produce a report including vulnerable entries that could be taken over, resulting in your domain being hijacked by a cyber criminal
  • Recommended course of action to address vulnerabilities