According to Kleiman, the recent boom in cryptocurrencies gave bad actors an incentive to infiltrate and hijack servers to do crypto mining. Ransomware attacks have also become much easier for attackers to execute, which means having cybersecurity measures in place to protect clients’ data is now, more than ever, a top priority for technology companies.
Kleiman says the SOC 2 certification is a gold standard for security and data confidentiality, particularly for firms that provide or use technological tools in their business and deal with confidential and personal identifiable information. While other certifications exist (ISO 27001, HIPAA, and others), they all have the same general approach to requiring a multi-layered internal control framework to prevent security incidents.
“Our processes didn’t really change much from the time we decided to get a SOC 2 audit until now,” he says. “It really is about reassurance for our existing clients, especially if they have downstream partners and customers themselves.”
For a firm to pass a SOC 2 audit, Kleiman says there are over 300 operational controls that the SOC 2 requires to be compliant. In terms of cybersecurity, that includes having a business continuity plan and a disaster recovery plan. There’s also a raft of other requirements around the capability to report and recover in the wake of a cybersecurity incident, with notifications sent out to all customers when the firm discovers something isn’t working properly.
A major piece of Mako’s cybersecurity strategy, Kleiman says, is its audited change management process for when it makes changes to any of its systems. It allows the firm to be flexible in developing or enhancing the platform, while still having multiple fail safes.