Tech Guru LLC (“Tech Guru”) is a virtual company that provides technology strategy, support, and security services tailored to small and medium accounting firms.
We offer a wide range of services, including technology planning and strategy, technology support, project management, as well as ongoing system management, monitoring, and patching.
Additionally, we provide infrastructure hosting services for business applications and data and resell a variety of software tools and licenses such as Microsoft 365 and cloud hosting solutions.
Our Commitment to Security and Privacy
At Tech Guru, security and privacy are at the core of our service offering.
We are committed to ensuring that our customers’ systems and operational data always remain secure and confidential.
This dedication is reflected in the policies, processes, and technologies we implement to safeguard our customers’ information.
Tech Guru maintains compliance with applicable standards and best practices for Managed Service Providers rendering ICT services to accounting firms.
Governance
Tech Guru’s management team establishes comprehensive policies and controls to monitor and enforce security practices.
Our goal is to demonstrate security and compliance to third-party auditors and continually improve our security posture. The following foundational principles guide our governance framework:
- Principle of Least Privilege: Access to systems is granted based on the specific job functions of users, ensuring that users only have the minimum necessary permissions required for their roles. Any permissions not expressly granted are automatically prohibited.
- Access Control: Access to systems is restricted to individuals with a legitimate business need, and permissions are based on the principle of the least privilege.
- Defense-in-Depth: Security measures are implemented in layers to reduce the risk of a single point of failure. We employ a range of controls to mitigate potential threats.
- Consistent Security Controls: Security protocols and controls are applied uniformly across all systems and services to ensure consistency and minimize risk.
- Continuous Improvement: The implementation of controls is an ongoing process, focused on improving effectiveness, enhancing auditability, and reducing friction.
Security and Compliance
Tech Guru strives to obtain and maintain SOC 2 Type I and Type II attestation. To view our ongoing compliance and security updates, please visit our Trust Center.
Enterprise Security
- Endpoint Protection: All corporate devices are centrally managed and equipped with anti-malware protection. Endpoint security alerts are monitored with 24/7/365 coverage. We use Mobile Device Management (MDM) software to enforce secure configurations, including disk encryption, screen lock settings, and timely software updates.
- Secure Remote Access: Remote access to internal resources is secured through stringent access policies and controls, ensuring that only authorized users can access critical systems.
Services Security
- Penetration Testing: We limit public-facing access points and conduct regular penetration tests using industry-standard tools to identify potential vulnerabilities.
- Vulnerability Scanning: We perform periodic network vulnerability scans to identify and mitigate risks within our infrastructure.
Data Protection
- Data at Rest: All stored data is encrypted to protect it from unauthorized access.
- Data in Transit: Tech Guru uses Transport Layer Security (TLS) 1.2 or higher for all data transmitted over potentially insecure networks.
Security Education
- Employee Training: All employees undergo security awareness training during onboarding and annually via educational modules hosted within our platform.
- Regular Threat Briefings: Tech Guru’s security team regularly shares threat briefings to keep employees informed of important security updates that require immediate attention or action.
Identity and access management
Tech Guru employs Multi-Factor Authentication (MFA) to enhance security across our systems. We mandate the use of phishing-resistant authentication factors to ensure secure access.
- Role-Based Access Control: Employees are granted access to systems based on their roles, with access automatically revoked upon termination. Any continued access requires explicit approval in accordance with established policies.
Vendor security
We take a risk-based approach to assess the security of our vendors. Factors influencing the inherent risk rating of a vendor include:
- Access to Sensitive Data: We evaluate the level of access a vendor has to customers and corporate data to ensure sensitive information remains protected.
- Brand Reputation Risk: We assess potential risks vendors pose to the Tech Guru IT brand, ensuring that they adhere to robust security practices.
Tech Guru is committed to providing secure and reliable technology services while safeguarding the privacy of our clients’ sensitive data. Our governance framework, combined with industry-leading security measures and compliance efforts, ensures that we are consistently meeting the highest security standards in the industry. For any questions regarding our security practices or to learn more about our compliance efforts, please contact us.
Our practices at a glance
- Mandatory PII Cybersecurity Awareness Training for all employees.
- 2 Factor & Multi Factor authentication is enforced.
- Password Management Software is used to manage and store all User access information.
- Principle of least privilege access is applied.
- The company performs background checks on new employees.
- Active monitoring of all devices connected to the provided infrastructure.
- US based: Cloud Data and Applications hosting.
- Backup services for critical business data with restore testing services.
- Quarterly Disaster recovery and Incident response plan testing.
- All employees, contractors, and consultants must accept the Code of Conduct.
- All employees must read and accept the company Policies including Confidentiality of Information.