What are some specific actions SMB owners can take to improve cybersecurity and ease compliance?

Michael Dortch
2 min readJan 5, 2023
A navigational compass points toward the word “compliance.”
Source: Adobe Stock

To wrap up 2022, Team Trustero has been sharing daily tips to help small and mid-sized businesses (SMBs) gain better cybersecurity and easier compliance with frameworks such as SOC 2 and ISO 27001. Here are five of the 10 tips we’ve shared.

Tip #1: Security Awareness Training for All

Both SOC 2 and ISO 27001 require you to deliver security awareness training to your employees. A learning management system (LMS) such as Curricula or Infosec IQ can help you deliver the training and document having done so.

Tip #2: Scan Your Cloud-Based Services for Vulnerabilities

The cloud-based services your company uses can include vulnerabilities that can disrupt or damage your operations, so you need to be able to scan for, identify and resolve any such risks. The leading hyperscalers, or large-scale cloud service providers, offer tools for this important task.

Tip #3: Manage Your Onboarding (and Offboarding)

You want to ensure your onboarding and offboarding processes are consistent, efficient and timely. Such features can improve recruitment and retention. They can also improve framework compliance and security by ensuring everyone knows the rules and the penalties for not following them. A human resource information system (HRIS) such as TriNet can help.

Tip #4: Cover Your Assets

You need to maintain an accurate and complete asset inventory because you can’t manage or secure what you don’t know you have. You also need to manage and secure all mobile devices for framework compliance and better security. Jamf is an example of a popular mobile device management (MDM) solution for Apple devices. And if your users’ devices include Mac laptops, FileVault is built-in disk drive encryption, another layer of protection. Investigate similar solutions and features for all your assets, mobile or not.

Tip #5: Background Checks for All New Hires

SOC 2 and ISO 27001 both require them. Tools such as Checkr make them easier to execute and document.

To see the complete list of 10 tips and learn more about how the Trustero Compliance as a Service (CaaS) platform can deliver automated, simplified and complete compliance, please read “10 Tips for Better Security and Easier Compliance.” And if you have tips to share, please do so by adding a comment below — and thanks!

--

--

Michael Dortch

Translator of Bits & Bytes into Dollars & Sense. Ex-Trustero, Ex-Huawei USA, Ex-Ivanti, Ex-ServiceNow,… www.DortchOnIT.com / @DortchOnIT