RipRap Security's 2022 Impact Report

Our team wanted to share a bit about our efforts throughout 2022 to improve the security of our partners and expand our dedication to environmental causes, as well as a bit of what's planned for 2023. Let us know if you've got questions or ideas by emailing us at info@riprapsecurity.com. We'd love to hear from you!

Leveling up New Partners

The RipRap Security team has worked hard over the last year to onboard new partners, take comprehensive steps to improve their security posture, and serve as trusted security partners on an ongoing basis. We’ve tackled a series of one-time security projects across our partners to level up their security defenses and provide a strong foundation for further security improvements. In addition, we’ve delivered ongoing security support to keep our partners cyber secure.

One of the key ways in which we have protected our clients this year is through the implementation of comprehensive security measures, often known as a “defense-in-depth” strategy. This includes the use of conditional access and zero-trust best practices, Endpoint Detection and Response (EDR) software, and other tools to prevent unauthorized access to our client's systems. We continue to provide regular security assessments and vulnerability assessments to identify and address any potential weaknesses in our clients' networks.

We also began measuring customer satisfaction in 2022. We're happy to report that we have a net promoter score of 100.

Our Proven Suite of Cyber Security Support

A crucial tool in our suite of security support is designed to reduce the risk of cyber attacks directed at our partner’s most valuable resource: their staff. To do this, we run a series of phishing simulations: we take the role of a would-be attacker who is attempting to get a staff member to click on a link in an email and reveal sensitive information. In 2022, we sent 100 simulated phishing attacks which resulted in 12 "compromises".

For the partner staff members who fell victim to these fake phishing attacks, we provided follow-up training to help those staff better identify phishing attempts next time. Our automated security infrastructure automatically protected our clients from 63 phishing attempts. Additionally, as a result of the security training provided, the few phishing emails that were sophisticated enough to land in a user’s inbox were successfully identified and reported by client staff.

We also protect our partners through regular cyber security training. We provide bite-sized, fun, and engaging training classes once every 3-4 weeks. Our partners completed 307 courses throughout 2022, which focused on topics such as phishing, mobile device security, secure passwords, cyber security while remote working, data loss prevention, and others. Through training programs and resources, we help our clients understand how to protect themselves from the various threats they may face. This includes best practices for creating strong passwords, identifying phishing attempts, and avoiding malware.

2022 Critical Vulnerabilities

2022 was unfortunately a busy year for critical vulnerabilities. Fortunately, in large part, the security groundwork we’ve done has meant that our partners are automatically protected against these emerging critical vulnerabilities. Our partners are now alerted to vulnerabilities that affect their organizations through as-needed notifications that give partners confidence they are protected against the latest threats. This means our partners can manage their risk in a largely hands-off fashion through routinely-delivered, automatic security updates across their enterprise. For particularly urgent or critical vulnerabilities, we’ve provided immediate notification and how-to steps to proactively protect themselves.

In total, through our penetration testing and vulnerability management efforts, we enabled our customers to identify and remediate a further 24 vulnerabilities that weren’t automatically remediated across over 400 devices.

Environmental Impact

We are proud to be a business member of 1% for the Planet for the second year and happy to report that we’ve been able to expand our donations to environmental nonprofits by 188% compared to 2021. For our 2022 donations, we’ve selected a series of environmental nonprofit organizations in the areas that we live and have deep connections with, including:

• Santa Cruz Mountains Trail Stewardship

• East Coast Greenway Alliance

• Triangle Land Conservancy

• Save the Redwoods League

• Raleigh City Farm

• Save the San Francisco Bay

• ClearWater Conservancy

• 1% for the Planet

• Planet Impact Fund

Social Impact

RipRap Security started providing a 5% charitable match for employee donations to nonprofits. So far, our employees and company have contributed to organizations including:

• National Public Radio

• United States Fund for UNICEF (United Nations International Children's Emergency Fund)

• American Civil Liberties Union

• Bail Project

Looking Forward To 2023

As we look to the future, we are committed to continuing to improve our security measures and evolve with the needs of our clients and the ever-changing security landscape. We are planning to test new security tools in early 2023 and plan to deploy them to current and future partners later in the year.

Our goals for next year also include giving back to our communities, contributing to environmental causes, and continuing to become an overall increasingly better business for the planet, our partners, and staff. In addition to providing the highest level of security support in 2023, we plan to:

• Submit our application package to become a B Corp. By doing so, we seek the B Corp certification which confirms that we meet high social, environmental, and governance best practices.

• Measure our carbon, water, and waste footprint and start offsetting that footprint in pursuit of being a carbon-neutral organization.

• Continue our commitment to donate at least 1% of our sales to environmental nonprofits through 1% for the Planet.

• Continue providing a company match for employee charitable donations.