10 Tips for Better Security and Easier Compliance

During the past couple of weeks, we’ve have been publishing daily tips to help you improve your cybersecurity and ease your path to compliance with frameworks such as SOC 2 and ISO 27001. We thought we’d kick off 2023 by providing all 10 tips in a consolidated list.

Tip #1: Security Awareness Training for All

Both SOC 2 and ISO 27001 require you to deliver security awareness training to your employees. A learning management system (LMS) such as Curricula or Infosec IQ can help you deliver the training and document having done so.

Tip #2: Scan Your Cloud-Based Services for Vulnerabilities

The cloud-based services your company uses can include vulnerabilities that can disrupt or damage your operations, so you need to be able to scan for, identify and resolve any such risks. The leading hyperscalers, or large-scale cloud service providers, offer tools for this important task.

Tip #3: Manage Your Onboarding (and Offboarding)

You want to ensure your onboarding and offboarding processes are consistent, efficient and timely. Such features can improve recruitment and retention. They can also improve framework compliance and security by ensuring everyone knows the rules and the penalties for not following them. A human resource information system (HRIS) such as TriNet can help. 

Tip #4: Cover Your Assets

You need to maintain an accurate and complete asset inventory because you can’t manage or secure what you don’t know you have. You also need to manage and secure all mobile devices for framework compliance and better security. Jamf is an example of a popular mobile device management (MDM) solution for Apple devices. And if your users’ devices include Mac laptops, FileVault is built-in disk drive encryption, another layer of protection. Investigate similar solutions and features for all your assets, mobile or not.

Tip #5: Background Checks for All New Hires

SOC 2 and ISO 27001 both require them. Tools such as Checkr make them easier to execute and document.

Tip #6: Check Your Vendors’ Compliance

AWS, Google, and Microsoft are all SOC 2 compliant and ISO 27001 certified. You need to ensure all your other vendors are too, for better security and to meet framework requirements….