Compass IT Compliance Blog

Receiving a Scam Text… From My Own Phone Number

Verizon Building

Throughout my years working in the IT security and compliance field I have had the opportunity to learn about dozens of different social engineering attack strategies that malicious actors will utilize to achieve their goals. This past weekend, I had the unique opportunity to witness …

Read Story

It (Should) Be an MFA World, We Are Just Living in It

It (Should) Be an MFA World, We Are Just Living in It

Last week I was working in front of my laptop (happily, for any Compass staff reading) when I got an incoming text message. It was from Verizon. They had received my service request and were working on it. It was quickly followed by another text saying I could check the status of my r …

Read Story

Risk Management – Everyone Needs a Seat at the Table

Effective risk management strategies

In the security world there’s a common saying that compliance isn’t security and security isn’t compliance. I believe what gets missed in this saying is the role proper risk assessments and risk management play in marrying up security and compliance.

Read Story

Recommendations from CISA's Recent “Shields Up” Warning

Recommendations from CISA's Recent “Shields Up” Warning

On February 26th, 2022, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) issued immediate Shields Up actions for organizations to take in response to the ongoing conflict with Russia. The basic guidelines are as follows:

Read Story

Revisiting the Apache Log4j Vulnerability

Apache Log4j Vulnerability

By now, most are aware of the Apache Log4j vulnerability that was announced in December of 2021. The exposure is widespread in Java applications, and I have been discovering that many companies are affected by it. Remediation is imperative to ensure that attackers do not exploit affec …

Read Story

Password Complexity – Going Beyond the Minimum Requirements

Password Complexity – Going Beyond the Minimum Requirements

As the frequency and scale of cyberattacks has risen sharply over the past decade, we as end users have been repeatedly asked (and often required) to increase the complexity of our passwords. Back when the internet was in its infancy, the idea of creating a complex and tough-to-guess …

Read Story

Subscribe by email