Security Services

An evaluation of your organization’s compliance with current supervisory requirements, as well as capabilities to adhere to requirements anticipated going forward. Our suite of regulatory examinations and audits are risk-based and customized based on the size, scope and complexity of your organization. A report will be provided to you that includes detailed finding and recommendations for improving your security risk framework, including assistance in helping to identify the most cost-effective way to address any issues that are revealed.

Wespay Advisors’ E-Banking Risk Review Service is designed to evaluate the financial organization’s compliance with the Federal Financial Institutions Examination Council (FFIEC) guidance to “adapt and expand the institution’s risk management practices as necessary to address the risk posed by E-Banking activities.” Our team of highly credentialed payments professionals lead the evaluation of your organization’s risk practices, including policies, procedures, controls, and the like.

Frameworks Reviews: 

• FFIEC IT Exam
• FFIEC BSA/AML Exams
• NIST Controls Audits
• SOC 2 Testing
• HITRUST/HIPAA Testing
• PCI DSS Audits

Our Security Services are built upon the principles utilized by the U.S. military’s elite, top secret cyber warfare operators. We use the same methodologies and tactics that malicious actors use to identify your weaknesses. Once identified, we help your organization implement changes to mitigate potential attacks.

Services Offered:

• Network Vulnerability Assessments: The act of simply “taking a look.” This is the first and one of the most important steps to take when assessing your security. Vulnerability scans will give organizations a great first start to assessing their security posture.
• Web Application Vulnerability Assessment: Web application scans are scans to find vulnerabilities and issues within your web application or website. Our security professionals run automated in-depth scans against your web applications to determine security flaws. These scans are crucial as your website or web application is a vital piece of company integrity and performance.
• External Network Penetration Testing: External testing consists of looking at an organization’s external-facing devices to see what methods of attacks will be successful in penetrating the network. This includes the technical aspect of scanning for vulnerabilities, but it also includes gathering OSINT, or Open Source Intelligence, which could include looking for information on you website, social media pages, or any other sites we can find. In the report, we’ll explain how hackers can use this information to gain access to your networks.
• Internal Network Penetration Testing: Studies show that average breach-to-discovery time to be more than 6 months. What happens once a hacker gets in? Can they move around your networks? Will your internal controls keep them from extracting your secrets? This is exactly what we do during an internal penetration test. This type of test simulates what happens if a hacker breaches your network.
• Web Application Penetration Testing: This consists of taking the web application vulnerability assessment one step further and exploiting the vulnerabilities identified during the assessment. The security consultant will validate the vulnerabilities as well as attempt to exploit them.
• Social Engineering: We will use the most recent social engineering trends to both train and test your employees. We’ll utilize all types of social engineering to attempt to gain access to your sensitive information; phishing, vishing and even onsite, in-person social engineering. We’ll ensure your employees are ready to stop social engineering before it becomes a problem.

Our security assessors are former law enforcement officers. They’ve worked numerous robberies and burglaries. We’ll review every aspect of your physical security system and provide you with a recommendation plan to strengthen your security posture, ultimately making your institution a safer place.

It has been said that experience is the thing you learn right after you needed to know it. Let our certified trainers use their experience to train your organization. Our trainers make learning enjoyable, no matter how difficult the topic.

Training Topics Include:

• Robbery/Active Shooter: Our law enforcement-certified trainer will provide your employees with the skills they hopefully never need.
• Fraud/Card Skimming: Because we work with financial institutions across the country, we’re able to train your employees on how to spot and stop fraud and card skimming in it’s tracks.
• Cybersecurity/Social Engineering: We’ll train your employees in current trends in cybersecurity and show them how to spot the leading cause of cyber attacks and data breaches.