.webp?width=2169&height=526&name=Compass%20regular%20transparent%20website%20(1).webp "Compass IT Compliance Logo")
-1.webp?width=2169&height=620&name=Compass%20regular%20transparent%20website%20smaller%20(1)-1.webp "Compass IT Compliance")
Security Awareness Training for SOC 2: What Your Auditor Expects
by Janelle Lewis on March 26, 2026 at 4:41 PM
On March 15, 2026, the Chittenden Solid Waste District of Vermont lost $3 million to a single phishing attack. That was not a rounding error in someone’s budget; it was a significant portion of the district’s annual funding, gone in the span of a few fraudulent emails.
How Human Error Causes Cybersecurity Breaches
by Jake Dwares on February 4, 2026 at 4:22 PM
Most organizations invest in firewalls, encryption, and sophisticated security tools. Yet despite these technological defenses, humans remain the weakest link in the cybersecurity chain. A single misplaced click, a reused password, or a moment of distraction can unravel even the most …
What Is the Best Way to Train Employees on Cybersecurity Awareness?
by Patrick Laverty on October 29, 2025 at 1:00 PM
In today’s connected world, cybersecurity is not just the responsibility of the IT department. Every employee plays a role in protecting company data and systems from threats. With human error contributing to the majority of security incidents, organizations that invest in effective c …
Cybersecurity Culture + Technology: Why You Need Both
by Jake Dwares on October 14, 2025 at 3:15 PM
In cybersecurity, it is easy to get caught up in the excitement of new technology. Every year, new tools promise sharper visibility, faster detection, and tighter control over threats. Organizations invest heavily in endpoint protection, firewalls, SIEM platforms, and automation syste …
What Are the Best Ways to Prevent Social Engineering Attacks?
by Patrick Laverty on August 20, 2025 at 1:41 PM
When I give speeches or training sessions on social engineering, I always start with a simple mantra: V & V—Verification and Validation. It's not flashy, but it's foundational. My bet is that if you verify and validate everything, no social engineering (SE) attack can succeed. I'v …
Why Is Social Engineering a Threat to Businesses?
by Peter Fellini on August 7, 2025 at 11:00 AM
When most people think of cybersecurity threats, they picture viruses, ransomware, or brute-force attacks hammering away at firewalls. But some of the most effective attacks don’t need advanced code or malware. They just need a willing person to pick up the phone, click a link, or tru …