Types of Services We Offer

Regulatory Compliance

We provide expertise and guidance to ensure compliance with GLBA, FACTA, FFIEC, GDPR, BSA, SOX, PCI DSS, NIST, ISO 27001 / 2 Standards and the NYDFS Cybersecurity Regulation.

Penetration Testing & Vulnerability Assessments

For 26 years, our ethical hackers have perfected simulated attacks on financial institutions that cover every piece of technical infrastructure including networks, web applications – anything that connects to the Internet. We prioritize your vulnerabilities and provide guidance on remediation steps to prevent real attacks.

Social Engineering

Typically included in penetration testing, we test an organization’s weakest link – its people – to see if they would respond to phishing, vishing, pre-texting, and many other types of attacks. This can be followed up with Security Awareness Training to teach employees how to work safely on-line.

Incident Response Planning & Tabletop Exercises

With years of experience on the front lines, we can help your organization develop a compliant and comprehensive incident response plan. We also test incident response plans using different types of simulated attacks and table-top exercises, to see how well your people carry them out.

Data Breach Response 

Our experienced digital forensic investigators move quickly to identify the threat, contain it, and prevent a re-occurrence. We make proactive security recommendations, informed by our work across 40+ industries globally. We also work alongside legal counsel to identify exposed data to ensure compliance with regulatory requirements.

Digital Forensics for Investigations & Litigation

ERMProtect is a go-to resource for legal counsel to investigate bank fraud, embezzlement, insider threats, and other cybercrimes that afflict financial institutions. For litigation cases, our forensic investigators develop case-winning evidence for disputes and litigation.

Third-Party Risk Management

Vendors can cause a damaging incident, no matter how safe you make your own network. We assess the risks posed by your third-party vendors so that investors, the C-suite, and the IT team can feel confident in the security of other firms entrusted with your data.

Risk Assessment

Our comprehensive approach to risk assessment means that key components such as asset identification and classification, threat identification and analysis, and safeguard identification and implementation, can be performed to collectively address the requirements of multiple regulations.

IT Audits / Comprehensive Security Assessments

Information security encompasses technology, people, and processes. Our IT audits review in great detail each of these elements. At a people and processes level, we ensure that operational, organizational, and procedural controls are in place and working as intended. At a technical level, we review the configurations setup in every single computer, device, or network component in your technical infrastructure. These deep dive assessments of all these elements ensure that information security is robustly built into your organization’s technology, people, and processes.

Cybersecurity Awareness Training

A cyber-aware employee is an invaluable first line of defense from even the most determined hackers. We offer a 70+ module library of animated training that can be deployed on your platform or on ours. We also develop customized training for specialized environments, such as the battlefield, manufacturing plants, research institutions, etc., as well as advanced face-to-face training for IT personnel, Board members, and executives.

Security Plan, Policies, & Procedures Development

As experts in both cybersecurity and data compliance, we help develop, review, test, and update cybersecurity plans, policies, and procedures to ensure security and compliance.

Co-Sourcing

We assist the organization with on-demand security expertise to supplement security skills and experience that can fortify the overall security at the bank.