Torrance, CA, April 03, 2024 –– Strategic Technology Solutions (STS), a firm specializing in delivering Managed IT, Cloud and Cybersecurity services to the legal sector, proudly announced today, for the fourth year in a row, its successful attainment of the SOC 2 Type II Cybersecurity Compliance. This achievement distinguishes STS as one of the few managed service providers (MSPs) supporting law firms that possess this advanced security credential.
The SOC 2 Type II Compliance is a globally acknowledged auditing standard developed to evaluate and report on the effectiveness of a service organization’s internal controls over a specified period. It focuses primarily on aspects such as security, availability, processing integrity, confidentiality, and privacy.
STS has consistently strived to adopt an ethical and responsible approach to its operations, ensuring its clients that their valuable and confidential content is safeguarded at the highest possible levels. James Waryck, the CEO and co-founder of STS, posed the question, “If we are not operating at a high level, why should our clients?” This statement underscores STS’ commitment to excellence and its dedication to protecting its clients.
STS, with being SOC 2 Type II Compliant, eliminates the “assumption-based” aspect of risk comprehension and provides a clear and complete understanding of the existing level of risk and exposure a firm has when using STS services. It also outlines the likelihood of a breach happening and how impactful the breach would be. STS applies this proactive approach to risk management to benefit Law Firms, underscoring STS’s commitment to its clients and their security.
Security Risk
The American Bar Association (ABA) reports that approximately 29% of law firms encountered a security breach in 2023, a slight increase from the 27% reported in 2022. Furthermore, some law firms experienced significant breaches in 2023, as per LegalTech News (LTN), resulting in the exposure of sensitive client and firm data. These incidents led to substantial ransom demands and class action lawsuits.
Third-party vendor risk is a genuine concern, and understanding the vendors you do business with is a critical aspect of a robust cybersecurity strategy. Law firms that invest in securing their IT environment and mitigating risk should also scrutinize the security practices of their third-party vendors to ensure alignment.
When an IT vendor lacks robust security controls, the law firm that relies on their services becomes vulnerable to supply-chain attacks. These attacks occur when a breach affecting a vendor or supplier cascades down to impact their clients.
Sam Sheth, CIO and co-founder of STS, raises a crucial question: “How will a Managed Service Provider (MSP) safeguard your law firm’s data, and do they have evidence demonstrating effective risk prevention?” Many IT providers and vendors claim compliance, but upon closer examination, they may not be directly compliant. Some base their security claims on using AWS or Azure-based environments, assuming that these cloud platforms’ security extends to their own operating systems and tools. However, this assumption is incorrect—the secure environment provided by AWS or Azure pertains to their infrastructure, not the specific tools used by MSPs or vendors for their business operations. Would you hire an attorney that didn’t pass the bar or visit an unlicensed doctor? The same concept applies when it comes to IT Security.
While the MSP industry is not currently mandated to be cybersecurity compliant, STS believes that pursuing such compliances is the right course of action. By voluntarily adhering to high standards, STS demonstrates its commitment to clients and their security.
STS, as an early innovator in the managed IT services industry, has taken a proactive approach by incorporating the Security Maturity Level Assessment (SMLA) process, methodology, and approach into its sales and onboarding procedures. Remarkably, few MSP’s —particularly those with a legal focus – have followed suit. By embracing the SMLA process, STS demonstrates its commitment to robust security practices and its dedication to safeguarding its clients’ valuable data.
Stringent Compliance Process
The SOC 2 Type II compliance indeed demands significant investment in terms of time, resources, and financial commitment. However, for the team at STS, this rigorous process holds immense importance. It serves as a powerful testament to their unwavering dedication in safeguarding both their own sensitive information and that of their clients.
STS Commitment to Security
At STS, cybersecurity isn’t an afterthought—it’s the bedrock. As an early innovator in the managed IT services industry leveraging the SMLA process, sets STS apart, especially within the legal vertical.
Here’s why it matters:
Experience and Expertise: Over several years, STS has achieved SOC 2 Type II compliance and honed its specialization in both cybersecurity and the legal industry. This dual expertise enables STS to focus sharply on safeguarding its clients’ interests.
Client Confidence:
Guiding law firms through their cybersecurity journey, STS provides assurance. Clients know that STS has walked the path, continues to invest, and understands the nuances of protecting “their house.”
Evidence-Driven Approach:
STS’s cybersecurity strategy isn’t based on assumptions. It assesses clients’ current cybersecurity maturity, identifies risks, establishes baselines, and charts a path forward. This approach draws from tangible evidence, guided by the Center for Internet Security (CIS) 18 and the National Institute of Standards & Technology (NIST) frameworks.
James Waryck, CEO and co-founder of STS, sums it up: “Vision backed by evidence – providing the right information to make educated and informed decisions.” STS’ commitment to security isn’t just a promise; it’s a proven reality.
Key Components of STS’s Cybersecurity Approach:
· Identifies gaps in cybersecurity programs across people, processes, and technology.
· Determines your current security maturity level base and desired level for your firm.
· Compares and contrasts your security maturity level with other firms facing similar challenges and risks.
· Recommends and prioritizes opportunities to improve your cybersecurity maturity level while reducing overall risk.