Cybersecurity threats are evolving daily. From social engineering to detailed spear phishing emails, hackers are becoming more sophisticated. As those threats have increased, so too have governmental requirements for business owners. Whittlesey’s technology team works with small- to medium-sized businesses and nonprofits to conduct network security reviews, testing and risk assessments, create security policies, train employees, assure compliance, and protect assets.
Our dedicated cybersecurity team is staffed by Certified Information Systems Auditors, Cyber Forensic Analysts and Information Systems Risk Consultants who specialize in helping businesses identify, prevent, detect, remediate, and recover from cybersecurity incidents.
Our clients think of us as an extension of their leadership team, providing trusted technology advice when it’s most needed.
Accelerate your business innovation & security and manage risk
If you are experiencing a cybersecurity incident, contact the Whittlesey team to help.
In the case of an incident, we’re here to investigate and remediate systems, comply with the proper authorities, and facilitate the road to recovery.
Education and Awareness
Only one user has to fall for a phishing or malicious email to cause a security incident or data breach. We work with partners, such as KnowBe4, to conduct employee security awareness training, which includes social engineering testing and monitoring.
Executive Advisory Services
We offer outsourced Chief Information Officer and Chief Information Security Officer governance services, strategic technology planning, and assistance with creating and monitoring the IT environment.
Security and Risk Consulting
We assess, reduce and manage your security risk. Our experts conduct policy reviews, secure your assets, and develop business continuity and disaster recovery plans.
IT Audit and Assurance
We work with businesses and organizations to ensure their infrastructure provides the protection they need to comply with governance requirements and industry best practices. We provide:
- Cybersecurity Assessments (CSA)
- SOC 1,2,3 Audits
- Written Information Security Programs
- Penetration Testing
- Cybersecurity Awareness Training Programs
- PII/PHI Scanning and Remediation
- IT Governance and Vciso Services
- Cyber Forensic Services
- Vulnerability Assessments
- IT Risk Assessments
Compliance Services
Whether you want to take advantage of incentives provided by new cybersecurity laws, reduce your organization’s actual risk profile, prevent a costly breach, or simply comply with your state’s or regulator’s cybersecurity mandates, we are here to help. We help businesses and nonprofit organizations across various industries develop or improve their Cybersecurity Programs (sometimes called a WISP – Written Information Security Program) to comply with the following regulatory bodies/standards:
|
|
|
Latest Resources
How Auditors Assess Cyber Risks
Data security is a critical part of the audit risk assessment. If your financial statements are audited, your audit team will tailor their procedures to answer critical questions about cyber risks and the effectiveness of your internal controls...Continue Reading
Providing Optimal IT Support for Remote Employees
If you were to ask your IT staff about how tech support for remote employees is going, they might say something along the lines of, “Fantastic! Never better!” However, if you asked remote workers the same question, their response could be far less enthusiastic...Continue Reading
Get In Touch
Mark Torello
Partner-in-Charge, Technology
Hartford | Hamden | Holyoke
Main Contact
Mark Torello has more than 25 years of experience in consulting, with an emphasis on security and accounting systems technology. Active in his industry, Mark is a member of the Information Systems Audit & Control Association (ISACA), the National Association of Certified Fraud Examiners, the Connecticut Society of Certified Public Accountants (CTCPA) and the American Institute of Certified Public Accountants (AICPA).