Cybersecurity Awareness Training

Educates employees and contractors on protecting NPI, recognizing phishing and social engineering attacks, and implementing secure practices like strong passwords and multi-factor authentication (MFA). This component enhances visibility into cybersecurity controls and ownership, reducing exposure to threats.

Regulatory Compliance Education

Covers federal and state regulations, including SEC Regulation S-P, GLBA, and state laws (e.g., CCPA, SHIELD Act). Training includes privacy notice requirements, client opt-out rights, and compliance processes to minimize regulatory risk and ensure audit readiness.

Trains staff to detect, report, and respond to data breaches, including tabletop exercises simulating real-world scenarios. Emphasizes 30-day client notification requirements and documentation per Regulation S-P and state laws, ensuring effective incident management.

Provides strategies for vetting third-party providers (e.g., cloud services, custodians) and ensuring compliance with cybersecurity standards. Includes contract requirements for breach notifications and annual vendor reviews to align with GLBA and Regulation S-P.

Assists firms in creating or updating Information Security Policies tailored to their risks and regulatory requirements. Covers access controls, encryption, and annual reviews, ensuring alignment of technical controls with business risks and compliance with federal and state laws.