Richey May Technology Solutions

Cybersecurity Advisory
& Compliance Services

At its core, cybersecurity is the combination of People, Process and Technology working together to protect the Confidentiality, Integrity and Availability information assets that make your business function.

In 2016, nearly 25% of all cyberattacks* with confirmed data and financial loss impacted small and medium financial services companies. In each incident, the average cost of remediation was $154 for every compromised customer record.

Richey May’s cybersecurity advisory and compliance services help financial services organizations address their People, Process and Technology to achieve compliance and reduce risk.

 

*2017 Verizon Data Breach Report

Resources

Richey May is committed to staying on top of current trends and hot topics within your industry. As part of that commitment, we offer a number of resources to help our clients stay ahead of the competition.

 

 

  • Cloud Security Trends: Are You Prepared for a Rainy Day?

    One of the more pronounced trends in technology is a rapid move to the cloud. However, even though companies shift their infrastructure to the cloud, they remain responsible for developing adequate cybersecurity policies and procedures. Are your cloud environments properly configured and secured?

     

    Read More

  • STATES STEP UP TO FILL THE PRIVACY VOID

    In the wake of frequent and significant data breaches, protecting consumer data has been at the forefront of cybersecurity legislation. The states of Arizona, Colorado and California have recently passed updated laws to fill in gaps in current data privacy legislation. Our latest blog post helps you understand your obligations regarding consumer data in these states, and how a holistic cybersecurity strategy can protect your business from both significant fines and reputational risk.

     

    Read more

  • Richey May Articles

    Three Emerging Cybersecurity Trends to Focus on in 2018

    While organizations should be well into executing their technology and cybersecurity plans for the year, many are still looking for guidance on what products they should be considering, how to align their needs with their limited budgets, or even more simply, how to meet the latest compliance requirements. To learn more about the three emerging trends that companies should be focused on according to Richey May’s cybersecurity expert, JT Gaietto follow the link below:

     

    Read more

     

     

  • KNOWLEDGE-BASED AUTHENTICATION

    The vast majority of secure transactions that take place online or elsewhere require a password or some other known secret, such as a high school mascot, favorite color, or pet. These security tokens are “known secrets” that both the user and the authenticator must know in order for a transaction to be completed. However, answers to frequently-used, knowledge-based questions are often easily discovered via social media or other means, and once compromised, these secrets are no longer secure and can be used by attackers to harm consumers. Public incidents, such as the Equifax breach, highlight the challenges related to knowledge-based transactions and how important the protection of non-public information is in conducting business.

     

    Learn more

     

  • PHYSICAL SECURITY STILL MATTERS: WATCH OUT FOR ROGUE USB DEVICES

    The news is full of stories of large-scale, technically-advanced cyberattacks that highlight the risks involved in our quickly evolving world of technology. But lost in the shadows of those dramatic stories are the low-tech attacks that continue to threaten vulnerable organizations, including the use of USB storage devices. In fact, a recently released report listed 29 different attack methods via USB used by cybercriminals to compromise computers.

     

    Read the blog post by the cybersecurity experts at Richey May to learn how to protect your company’s sensitive data.

     

  • WEBINAR: 2018 TRENDS IN CYBERSECURITY AND TECHNOLOGY

    In March 2018, we hosted a webinar to discuss the cybersecurity and technology trends for 2018, including what mortgage banking companies need to know to keep their financial and consumer data safe. Topics included: The current cybersecurity landscape, new compliance requirements impacting mortgage bankers licensed in the state of New York, combating e-mail phishing and wire fraud, security in the cloud (yours or theirs), and efficiency and enhancement trends in cybersecurity.

     

    Watch the recording

  • Richey May Articles

    CYBERSECURITY AND THE EVOLVING DEMAND FOR CISOs

    Richey May’s cybersecurity advisory and compliance team developed a white paper to help mortgage lenders better understand the cybersecurity landscape, the regulatory and legal requirements impacting your business, and the critical role a qualified CISO plays in your comprehensive cybersecurity strategy.

     

    Download the pdf

  • CRYPTOCURRENCY, CYBERCRIME AND CLOUD SERVICES: SIMPLE MISTAKES CAN HAVE CONSIDERABLE IMPACT ON ORGANIZATIONS

    The rise of cryptocurrency has certainly not evaded the notice of cybercriminals. And while ransomware with the demand of payment in cryptocurrency had been the method of choice to benefit from the increase in these currencies’ values, tactics have evolved to include cybercriminals hijacking entire computer platforms to silently mine Bitcoin on victims’ cloud environments.

    Read our blog post to learn about this “cryptojacking” and the story of Tesla’s unfortunate attack.

  • FIRST DEADLINE APPROACHING FOR NYDFS CYBERSECURITY RULE

    For those lenders licensed to do business in the state of New York, the first deadline for the NYDFS Cybersecurity Rule is February 15th. Read our blog post to help you understand the standards set forth by the NYDFS and what you need to do to be in compliance.

  • MELTDOWN AND SPECTRE: ARE YOU AT RISK?

    On January 3, 2018, Google security researchers announced that they had discovered a number of cybersecurity vulnerabilities that impact machines using Intel and other hardware vendor devices, such as mobile devices running iOS and Android.

    Is your organization at risk? Read our blog post to learn more.

Services

Cybersecurity Assessment Services

  • Review of current policies and procedures
  • Review of current technical controls
  • Review of current staff
  • Review of alignment with regulations such as GLBA, NYDFS, GDPR, PCI-DSS
  • Third party vendor risk management, in alignment with FTC and CFPB guidelines
  • Cybersecurity maturity & posture review

 

Cybersecurity Security Awareness Training

Tailored remote and onsite training focused on:

  • Phishing
  • Mobile device security
  • Passwords
  • Malware
  • Regulations such as PCI-DSS, NYDFS, GLBA
  • Physical security
  • Trends and how to identify threats

Cybersecurity Policy Advisory and Audit Readiness

  • Development of policies and procedures to meet regulatory requirements
  • Development of cybersecurity strategy that aligns with business expectations and goals
  • Vulnerability assessments
  • Enterprise risk assessments
  • Alignment with regulations such as CFPB, GLBA, PCI-DSS, NYDFS, GDPR

 

Virtualized CISO Services

Great option for a company that is required to define a Chief Information Security Officer, but does not have enough full time work or desire to maintain that level of cost and overhead. Services include:

  • Creation of a baseline evaluation of cybersecurity posture
  • Development of strategic plan to reach and maintain maturity, while working with existing staff and vendors
  • Managed security subscriptions custom tailored based on the customer’s needs, focusing on alignment on NIST 800-30, PCI-DSS, GDPR, and New York State Department of Financial Services NYCRR

Request More Info

 

To speak to one of our cybersecurity professionals, please fill out the form and we will be in contact with you shortly.