Depth Security Legal
Penetration Testing
Industries
Case Studies
Company
Resources
Contact Us
Penetration Testing
After the SolarWinds breach, many businesses and governmental entities started taking their third-party risk management program seriously. They are now asking suppliers of professional services not only for ISO 27001 or SOC 2 annual audits reports, but for summaries of penetration testing reports and remediation steps taken.
The costs or value of legal liability of data breach could include: legal costs if a potential breach includes PII, ePHI, or PCI; potential civil fines; legal obligations to clients, employees, partners, and regulators; applicable notifications under federal or state law; and, time and notification constraints.
The number of attacks arising from client-side features, such as online forms and web portals, is increasing. If your firm uses any of these tools to interact with clients, you need to start thinking about ways to protect against hackers who want to use them to gain access to your systems.
Performing regular penetration testing makes your firm more secure, which could give customers more confidence in your services. You will be able to state with confidence that their data is safe from known types of attacks.
The SEC’s OCIE (Office of Compliance Inspections and Examinations) released a risk alert notice in November 2020, elaborating most frequent deficiencies and violations of the Compliance Rule under the Investment Advisers Act of 1940. The OCIE emphasized that safeguards for clients’ privacy, imposed by the Act upon the covered financial advisers, should include, among other things, a properly established and documented penetration testing program.
Protect your legal firm today with our suite of tailored penetration testing solutions.
