.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Top Ways to Improve IT Security for Small Businesses
by William DePalma on September 12, 2025 at 12:19 PM
Cybersecurity is no longer just a concern for big corporations. Today’s cybercriminals know that small businesses often have fewer defenses, making them prime targets. In fact, reports continue to show that a significant percentage of cyberattacks target small and medium-sized busines …
Red Team Testing: When Your Organization Is Ready (& Why It Matters)
by Patrick Laverty on September 8, 2025 at 2:15 PM
Cybersecurity testing isn’t a one-size-fits-all process. Different organizations are at different maturity levels, and the type of testing you should be investing in depends on how far along you are in building your defenses. One of the most common questions security leaders face is: …
Security Questionnaires: How to Streamline Responses & Save Time
by Alexander Magid on September 2, 2025 at 1:46 PM
As vCISOs serving organizations across the country, we spend a significant amount of time on both sides of the security questionnaire process. We respond to them on behalf of our clients, and we also issue them as part of vendor risk management programs. The reality is the same in eit …
Steps to Prepare Your SOC 2 Compliance Documentation
by Jerry Hughes on August 26, 2025 at 1:42 PM
When it comes to vetting critical third-party service providers to work with, organizations need assurance that these companies have appropriate controls in place to securely execute the services they were contracted to perform. This is where the SOC 2 audit comes in. Few certificatio …
What Are the Best Ways to Prevent Social Engineering Attacks?
by Patrick Laverty on August 20, 2025 at 1:41 PM
When I give speeches or training sessions on social engineering, I always start with a simple mantra: V & V—Verification and Validation. It's not flashy, but it's foundational. My bet is that if you verify and validate everything, no social engineering (SE) attack can succeed. I'v …
What Is the Best Approach for Incident Response Planning?
by Adam Lyford on August 8, 2025 at 1:24 PM
Security incidents are no longer a matter of "if" but "when." Organizations must be prepared to respond to cybersecurity events with speed, clarity, and coordination. An effective Incident Response Plan (IRP) provides the structure and processes needed to handle incidents in a way tha …