How much does SOC 2 cost for a startup?

Typically $20-40K all-in for Type I, including penetration test and audit. The enterprise deal it unblocks is usually $100K or more.

How long does SOC 2 take?

Type I takes 6-12 weeks. Type II requires a 6-12 month observation period. Most initial enterprise buyer requirements are satisfied by Type I.

What's the difference between SOC 2 Type I and Type II?

Type I is a point-in-time snapshot that proves your controls exist. Type II covers a period (usually 6-12 months) and proves your controls work over time. More sophisticated enterprise buyers require Type II.

Can I pass enterprise security review without SOC 2?

Sometimes, depending on the buyer. Some enterprise customers accept detailed security questionnaire responses and penetration test reports. Others require SOC 2 as a hard prerequisite.

Do I need a full-time security hire?

Probably not until $50M+ ARR or 200+ employees. Until then, fractional security leadership (virtual CISO) plus project-based work like penetration testing and compliance support covers most needs.

How do I respond to a security questionnaire?

Security questionnaires like SIG, CAIQ, and VSAQ follow common patterns. Building a reusable answer library and having someone experienced review responses significantly reduces turnaround time and improves pass rates.

Field Notes

Is Your Wildix Phone System as Secure as it Could Be?

Don't give hackers access to your internal Wildix chats and voicemails

May 29, 2024

Wildix, a browser-based communication platform, is a popular choice for many businesses, with hundreds of thousands of customers worldwide.

However, the security of your Wildix account might not be as robust as you think. Do you know if outside people access your chats?

Wildix takes real precautions to protect your accounts and data. However, as they mention in a blog post on common phone system attacks, they explain that passwords can be guessed quite easily with brute force attacks.

Since your business Wildix domain can be easily discovered through your website name, it is vital to take extra steps to secure your accounts. Simply look at the website name you log in with: businessname.wildixin.com, for example.

Adversis has seen far too many businesses and users make the mistake of choosing simple passwords like their extension number (e.g., 1234) or company name on their Wildix account. These passwords are easy for even novice hackers to guess.

To upgrade your security while using Wildix, do these three things.‍

1. Use "Login with Google/Microsoft"

black skeleton keys — Photo by Silas Köhler on Unsplash

‍

Instead of using a Wildix username and password, log in with your business Google or Microsoft accounts.
It’s one less account to manage, and Google and Microsoft offer excellent security measures that are more difficult to compromise than a Wildix login page.
You can enable this “single sign-on” option by setting user’s profile emails to their work emails. More here.

2. Use Unique and Long Passwords

blue and white happy new year neon signage — Photo by Miguel Luis on Unsplash

‍

Create unique and long passwords, making them harder to guess or crack. Users should know to create passwords that are not used anywhere else.
If your service provider created the account, ask them to change it to a longer passphrase that is difficult to guess - think “random action dash number dash random thing.”

3. Enable Two-Step Verification

a screenshot of a phone — Photo by Ed Hardie on Unsplash

‍

Add an extra layer of security by enabling two-step verification when a new device is used to access the account.
You won’t have to two-step on every login, only if a new device is used (as would be the case if a hacker got the password). More here.

‍

Check with your IT or Phone provider to ensure these security measures are configured and active.

With a few simple steps, you can significantly improve the security of your Wildix accounts and make sure no one outside your company can access your chats, files, and communications.

Stay safe out there!

‍

Want more resources like this? Let us know!

We'll never share your email.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.