Helping Advisers Take Advantage of Technology—Without All the Risk

• Annual risk assessment

• Vendor due diligence (including detailed report with findings and recommendations)

• Evaluate material requirements included in cyber and data security policies.
• Cyber and data security employee training
• Incident response and disaster recovery exercises

• Custom phishing training
• Employee training on AI, including approved and prohibited uses

• Penetration tests
• Vulnerability assessments
• Internal & external scans

• Dark web scanning
• Domain name system (DNS) records scanning

• Assessment of current policies

• Development of new policies and procedures to address regulatory requirements and industry best practices (including those related to AI)

• Request list based on SEC Cyber Exams
• Mock interviews with employees

• Review of documentation in response to request list
• Summary of findings, including recommendations to enhance program

• Complete security audit, including comprehensive review of Conditional Access, Identify, SharePoint, Exchange, and Data Loss Prevention

• Tailored recommendations based on unique business needs

• Comprehensive forensic analysis to identify breach details, access points, and compromised data and client information

• Summary of findings and recommendations for enhancements

Vendor Management Program

• Vendor due diligence on all required service providers.
• Assist with confirming service providers will provide notice of an incident within 72 hours, based off the items provided and reviewed.
• Detailed analysis and documentation of all findings, including potential security gaps.
• Light passive external scan of all vendors’ public domains.
• Assistance with reviewing current Vendor Management Policy and/or drafting a Vendor Management Policy to align with Amended Regulation S-P.

Incident Response Program

• Review and/or draft an Incident Response Plan that addresses identification, containment, eradication, and notification of breaches.

Customer Notification Requirement

• Provide a “Notice Determination Checklist” and “Notice Template” that can be used in the event customer notification is needed.

Recordkeeping and Expansion of Safeguards and Disposal (including written records)

• In coordination with our compliance team, draft policies and procedures to meet both of these requirements.