Clark Nuber can prepare any of the three SOC reports. These reports are appropriate for organizations that perform a financial reporting function or handle sensitive information. This includes financial institutions, retirement plan record keepers, payroll service providers, data centers, Internet service providers (ISPs), Software as a Service (SaaS) providers, and more.

Our services include:

• Gap analysis – Clark Nuber can help you assess the range and quality of controls in your organization prior to a SOC reporting examination. By addressing gaps, you can increase your compliance with the reporting standards and get a better result from the examination.
• SOC 1 (SSAE 16): Tests of internal controls over a financial reporting function.
• SOC 2: Tests the operation of your controls against the five areas of the Trust Service Principles: security, availability, processing integrity, confidentiality, and privacy.
  • Learn more about our SOC 2 services.
  • Or click here for a quote.
• SOC 3: An engagement which produces a report in the form of an executive summary that outlines information related to a service organization’s internal controls across their chosen trust service principles.

A phishing attack is a fraudulent attempt by hackers to obtain sensitive information by disguising themselves as someone you may know. It often takes the form of an email cleverly manipulated to appear as though a manager or colleague sent it. The email will usually contain a link to malicious programming, or instructions for the employee to wire money or mail gift cards to someone.

Awareness and training are the best defense against these phishing attacks. To begin establishing defenses in your organization, Clark Nuber performs a benign phishing attack to draw attention to weak points in your security. We operate just as potential hackers would when setting up our phishing attack. This real world experience creates awareness and offers immersive training to your employees on how to spot suspicious requests.

Simulating a real-world cyber attack is the best way to discover your company’s vulnerability. Known in the industry as a Penetration Test, this benign hack of your organization is the only way to see beforehand where your defenses are effective and where lapses could occur that endanger your organization. Penetration testing will give you the answers to improve your security.

Our trusted experts will perform:

• Reconnaissance: Gather evidence and data on the target using leading techniques.
• Vulnerability Scanning and Penetration: Look for vulnerabilities and attempt to exploit them.
• Provide a Final Report: This will be designed for both executive management and technical IT departments.

Click here for a quote.

A cybersecurity program governs the management of your information systems. It is a business process, not just a technology one. A strong cybersecurity program will keep your assets secure from threats and is a cost vs. benefit decision on how to optimize – not maximize – security spend. To ensure that your cybersecurity spend and effectiveness is optimized, we recommend adopting a security framework and customizing it to your organization, based on risk.

As part of our Cybersecurity Program Assessment, our professionals will perform an organization-wide review of your security processes and practices. We leverage various control frameworks, such as the NIST for Cybersecurity Framework or the CIS-20 framework. We’ll also ask questions, such as:

• Have you identified your meaningful assets and threats?
• Have you applied the adequate security tools (i.e., anti-malware)?
• If you got breached, would you know about it?
• If you got breached, do you know how to respond (i.e., execute incident response)?
• If you got breached, do you know how to recover your data and processes?

Click here for a quote.

Certain Microsoft suppliers that collect, use, distribute, access, or store Microsoft Personal Information or Confidential Information will need independent, third-party confirmation of compliance with the Microsoft Supplier Data Protection Requirements.

If you qualify for this third-party confirmation requirement, Clark Nuber can help. We are on the Microsoft Preferred Assessor List and have conducted more than 200 assessments. Our team performs the examinations in accordance with attestation standards established by the American Institute of Certified Public Accountants. At the end of the engagement, you will be provided a Letter of Attestation as proof of compliance.

As a critical business supplier and partner, you may collect, use, distribute, access, or store your client’s information. Your client may send you a security questionnaire to validate how you’re managing this information. Our team is available to assess your environment and collect the necessary information to respond to these questionnaires.

Cybersecurity is on everyone’s mind, and for good reason. According to Keeper Security and the Ponemon Institute, roughly two-thirds of SMBs suffered some form of cyber attack in 2018. This number, and the attacks’ frequency and complexity, are only expected to increase.

Clark Nuber’s professionals stay on top of the latest trends and topics and know how to keep your organization secure. We are available to provide live trainings and demonstrations to your staff about the importance of cybersecurity. Our topics include, but are not limited to, securing passwords, social engineering, data security, and protection from malware.

Knowing the right course to take for your small-to-medium business can be difficult. To help ease the decision-making process, we have crafted three simple service options for you that address different levels of cybersecurity concern.

Learn more about our service packages for small-to-medium businesses.