About Our Pension and Plan Sponsors Practice

Our Cybersecurity Pension and Plan Sponsors practice is comprised of multi-lingual world-class legal, cyber, and privacy engineers with a wealth of experience and expertise in the cybersecurity field. Our practice can assist with addressing aspects of implementing and maintaining cybersecurity best practices by, performing assessments of your personnel and systems, training and testing Employees and Executives, drafting policies and procedures, and more.

Recently, the U.S. Department of Labor published new cybersecurity guidance for Employee Retirement Income Security Act (ERISA)-covered retirement plans, which outlines best practices for plan sponsors, fiduciaries, record-keepers and plan participants. Our Cybersecurity Pension and Plan Sponsors practice can assist you with implementing these best practices.

Our Services

100s of years of collective experience doing cybersecurity work. And of course working out of the box and solving problems…

Cybersecurity Program Implementation

  • Work with organizations to develop, review, and implement a cybersecurity program that complies with regulatory requirements.
  • Create security frameworks that comply with the requirements of numerous state and federal cybersecurity regulations using the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF).
  • Craft written policies and procedures, developing a compliant cybersecurity training program, and review an organization’s IT cybersecurity posture (e.g., Multi-factor authentication, monitoring and testing, and etc.).
  • Perform risk assessments to assess the level of compliance and create, review, or update a companies existing incident response plan.
Pension and Plan Sponsors

Risk Assessments

  • Perform risk assessments to assess the level of compliance and create, review, or update a company’s existing incident response plan.

Policies and Procedures

  • Work with Executive Leadership and organizational policy creators such as Audit, Legal and corporate IT departments to validate and verify that internal controls and SOPs align with corporate goals, strategies, and policies.
  • Review and establish policies, SOPs, and work instructions to mitigate gaps in internal compliance and ensure effective execution and enforcement of corporate policies.
  • Independently assess an organization’s alignment with the cybersecurity requirements defined by various regulators including those set-out in the FFIEC Information Technology (IT) Examination Handbook.
  • Craft written policies and procedures, developing a compliant cybersecurity training program, and review an organization’s IT cybersecurity posture (e.g., Multi-factor authentication, monitoring and testing, and etc.).

Training and Testing

  • Create tailored cybersecurity tabletops specific to an organization’s existing cybersecurity program and systems, IT hardware and systems, culture and corporate structure, and regulatory and compliance obligations.
  • Identify areas the organization can improve to speed up the response time to an incident.
  • Offer an organization the ability to evaluate its overall incident preparedness by creating benchmarks to work against every year.
  • Deliver an objective review of the cybersecurity program and identify gaps and deficiencies in an organizations’ Incident Response plan.
Pension and Plan Sponsors
Pension and Plan Sponsors

Implement Business Resiliency Program

  • Work with organizations on a Business Resiliency Program, by reviewing incident response plans (IRPs), business continuity plans (BCPs) and other internal protocols and procedures to verify that they will allow the organization to perform effectively.
Cyber Security Assessment

Third Party Vendor Assesments

  • Work with IT, Audit and Legal departments to vet third-party vendor’s data security.
  • Assess the technical aspects of the service to review policies and measures taken by the vendor to ensure that your data is kept safe and sound.
  • Create cybersecurity third-party vendor risk programs for large and small companies using proprietary controls and processes and off-the-shelf software in-line with our customer’s budget.
1.23k Cases

solved to date

10.4k Computers

forensically analyzed

3.9k Mobile Devices

collected, scanned, and analyzed

54.1k Mailboxes

collected, analyzed, and searched by L&F

3.9k Social Media Accounts

collected, analyzed, and searched

597 Expert and Rebuttal Reports

written