Skip to main content

Cybersecurity Preparedness

Being prepared for cyber attacks requires more than completing a checklist. Auditors want to know what you have done. Effective cybersecurity programs require ongoing review and testing.  Be confident that your cyber-defense policies and operations will protect the sensitive client data your firm is entrusted with through professional testing and compliance documentation.

SmartRIA has partnered with MTradeCraft, an experienced, leading cybersecurity auditing company that specializes in security audits for RIA’s and Hedge Funds. Our partnership allows us to offer a comprehensive program with actual ethical hacker testing, so you know your data is protected.

All of these are included for 1 domain and 1 physical location

External Vulnerability Scan

We will scan your website, client portal, email server, FTP, etc, and office IP address with external scanners to detect for known vulnerabilities. We use some of the same tools that malicious hackers use, except that we will help you harden any vulnerabilities instead of exploiting them.

From our experience, these are common requests from the SEC, and we will help you be prepared to answer them:

For each of the following practices employed by the Firm for management of information security assets, please provide the month and year in which the noted action was last taken; the frequency with which such practices are conducted; the group with responsibility for conducting the practice; and, if not conducted firmwide, the areas that are included within the practice. Please also provide a copy of any relevant policies and procedures.

  1. Physical devices and systems within the Firm are inventoried and assessed for risks.
  2. Software platforms and applications within the Firm are inventoried and audited.
  3. Maps of network resources, connections, and data flows (including locations where customer data is housed) are created or updated.
  4. Connections to the Firm’s network from external sources are catalogued and assessed.
  5. Resources (hardware, data, 2 factor-authentication, and software) are prioritized for protection based on their sensitivity and business value.
  6. Logging capabilities and practices are assessed for adequacy, appropriate retention, and secure maintenance.

Internal Vulnerability Scan

We will ship you a small laptop for you to connect to your network, and will work with you to connect it to do an internal vulnerability scan. During the scan, we will ask that you have everyone and everything connected to the network. We will then run the scans to test everything on the network for known vulnerabilities. If we find a vulnerability we will report on it, giving you a synopsis, providing outside references, risk rating, solutions, and screenshots. The documentation is extremely thorough and should include all information you need to make repairs and updates.

This helps address number 1 and 2 requests from the SEC list above.

External Map

We will provide a graphical representation of how data is flowing and interconnected. It includes items such as email servers, web servers, SIP, VPN, FTP, etc. This will also map what technologies each of those services are using.

This helps address #3 and #4 from the SEC list above.

Internal Map

We will provide a graphical representation of how everything is interconnected on the network and catalogue what OS systems are in place, what software versions they are running, what ports are open, what services are running, etc. This is an interactive graph that can be updated with the push of button using free software (Zenmap). That is incredibly useful to catalogue the network and look for open ports or services when you add new equipment or employees (or receive a knock-knock notice). It also comes with an easy feature that will allow you to compare past maps with new maps so that you can easily see what has changed.

This helps address #1,2,4 above and provides a solid map to help reflect the reality of your network when you are addressing #5 and #6 above.

External Scan of Employee Home Networks

With many people working from home now, attackers are taking advantage of poorly defended home networks, outdated home WiFi router security settings, and more. We will scan up to ten employee home IP Addresses and provide a report of any known vulnerabilities.

Request a Demo