Cybersecurity & SecureLink

Validated by the experts

We take security seriously. That’s why SecureLink has partnered with LMG Security, a leader in cybersecurity testing and auditing, to perform independent security assessments. For more information about our latest security assessment by LMG Security, you can download the Letter of Attestation.

 

 

“SecureLink is run by smart and caring professionals that truly understand the importance of cybersecurity, and are willing to go the extra mile for their customers. You can see this in the way that they invest in their cybersecurity program.  We are pleased to announce that LMG Security has now partnered with SecureLink, and will be conducting regular monthly and annual assessments of the SecureLink product.  It is a privilege to work with the SecureLink team.”

—Sherri Davidoff, Founder & CEO, LMG Security

Our security validation process

Our comprehensive internal security processes include static code analysis, industry-standard vulnerability scanning, automated unit/regression testing, and code reviews of all merge requests.

Additionally, LMG Security conducts the following assessments:

• Monthly vulnerability scan: Multi-layer vulnerability scan of the latest versions of SecureLink for Enterprises and SecureLink for Vendors servers to identify any potential vulnerabilities.
• Annual custom application test: A custom security test for SecureLink for Vendors and SecureLink for Enterprises software that:

• • Demonstrates how security weaknesses can be leveraged to gain unauthorized access to information resources;
  • Determines the effectiveness of novel attacks or combined techniques;
  • Reviews client-, endpoint- and server-side applications for configuration or logic issues;
  • Identifies vulnerabilities in applications or services;
  • Identifies key vulnerabilities that can realistically be exploited by hackers;
  • Conducts penetration testing against the gateway, client and server applications and the underlying operating system;
  • Reviews the packaged Gateway and client software.

 

SecureLink is SOC 2 certified!

We are happy to announce that SecureLink has passed its Service Organization Controls (SOC) audit with flying colors that further verifies our security posture and how seriously we take this. 

 

What is the SOC audit?

The SOC audit is a third-party examination of security controls based on the Trusted Services Criteria (TSC), a set of best practices and standards that were put in place by the American Association of Certified Public Accountants (AICPA). This is a widely recognized certification and the gold standard for third party security audits.

Within SOC, there are several versions of SOC reports a firm can get:  

• SOC 1: Audit of internal accounting controls.
• SOC 2: Audit of Trusted Service Criteria (TSC) for all IT systems.
• SOC 3: A summary of SOC 2 findings that are suitable for public access (limited detail). 

There are also two types of reports: 

• Type 1: A snapshot of security controls at a single point in time. 
• Type 2: A study of controls over a time period, usually a year. 

SecureLink has its SOC 2, Type 1 report and will be obtaining a SOC 2, Type 2 in 2021, once the one year study period has elapsed. Upon request, this information can be shared. 

 

Discovered a potential vulnerability?

Visit our Security Disclosure page for our policy on communicating application vulnerabilities.