July 24, 2018

Benefits of Mock Cybersecurity and Phishing Exams

by: Align


Photo Credit: © turbomotion046 - stock.adobe.com

In tandem with the steady rise of both the frequency and sophistication of cyber attacks come their increasingly devastating effects. The threat of these attacks, coupled with evolving regulations and investor expectations, is impelling companies to solidify their approaches to cybersecurity risk management. A proactive approach to cybersecurity should not only include an initial assessment of the present cybersecurity posture and vulnerability testing, but it should also strive to immerse employees in a culture of security.

Enforcing this requires effective cybersecurity education and periodic re-training. Many companies are making an effort to implement numerous types of cyber risk monitoring and reporting, including internal audits and simulations of cyber attacks to assess company-wide readiness. Participating in mock cybersecurity exams and comprehensive phishing training and exams can provide stakeholders with the visibility to determine the effectiveness of cybersecurity controls and how to remedy areas that may be lacking.

Mock SEC Examinations

Cybersecurity threats and regulatory actions for lack of cyber readiness show no signs of lessening up, so it's imperative to ensure your alternative investment firm is well-versed and prepared. The Securities and Exchange Commission's Office of Compliance Inspections and Examinations (OCIE) publishes its exam priorities annually. Historically, key focus areas for these cybersecurity sweeps include, but are not limited to, written policies and procedures regarding cybersecurity, testing and validating such policies and procedures, vendor management, data loss prevention and overall cybersecurity preparedness.

Mock examinations allow hedge funds and private equity firms to evaluate their current cybersecurity practices and to determine if they will be able to meet regulatory requirements sufficiently. During typical mock examinations, compliance professionals ask firms to complete compliance documents to gain a thorough sense of business practices.

Following the submission of compliance documents, onsite exams are then conducted through interviews with senior staff. Interview questions are based on questions from actual SEC examinations. Topics that may be covered include current policies surrounding risk management, data loss prevention and vendor/third-party due diligence practices.

Following the completion of an examination, compliance professionals then provide a summary of their findings and recommendations for remediation of any weak areas in security. The results may also include recommended follow-up training for specific individuals or the entire firm. With the detailed results of mock exams, companies can evaluate if they are doing their best to mitigate risk and how to improve their defenses. 

Phishing Exams

Phishing is an incredibly popular social engineering method, during which cybercriminals send email scams in an attempt to lure victims into providing internal credentials and sensitive business information. Attackers may use the information gained from victims to impersonate staff or obtain and exfiltrate additional confidential data.

Part of the reason that phishing is so successful is that in our day-to-day, rigorous work environments, we have been conditioned to immediately open emails, click links and download attachments.

Scrutinizing domain names of email senders or searching for spelling errors and inconsistencies to weed out phishing tactics, are likely not the first things on our minds when we’re trying to get work done. The mindset of busy, multi-tasking employees makes phishing training that much more critical. While phishing emails used to be quite obviously scams, they have become increasingly genuine looking. Formally educating and testing employees on how to identify phishing scams can significantly reduce risks, as well as, threats and inform employees on exactly how to properly handle a real-life scenario.

Security Awareness

With the help of a security awareness training platform, phishing training attacks can be fully automated. Numerous types of templates can be sent to different employees that cater to various levels of phishing recognition. Phishing attack vectors can be customized with landing pages, links, mouse-overs and emails can also be scheduled to go out regularly.

Determine how phish-prone your employees are by tracking whether users reply to phishing emails, what information is contained in their reply, if Microsoft Office attachments are opened and if macros are enabled. Regular testing and reporting can determine retention and provide insight into employee responses. The more that employees are tested, the more their phishing susceptibility will decline.

Download the Infographic:  Social Engineering Attacks



The Cornerstone of Cyber Defense 

Employees who are well educated in best cybersecurity practices are the cornerstone of a company’s robust defense strategy. Not only will testing reinforce best security practices, but demonstrating readiness in mock exams can help companies make more informed decisions surrounding cyber defense strategies.

Prepare your company and empower your employees by making them an integral defender of your business environment with effective cybersecurity awareness training.

To learn more about Align Cybersecurity's services visit here, or contact us here.

Contact Us ➜


Continue Reading

Related Articles


“Align is our trusted provider for all our Managed Services and cybersecurity needs. They provide us best-in-class IT services that not only help drive productivity and growth, but ensure we meet both current and evolving compliance and security requirements with ease. As consultants to financial advisors, trust and reliability are indispensable to our operations, which is why we never hesitate to refer Align to our very own client base. Align isn’t just our partner, they are an extension of our team. We look forward to entrusting them with our IT infrastructure for years to come.”

Ed Fasano - Experienced Advisory Consultants LLC