What is CMMC 2.0 Certification and How Do I Know If My Business is Ready?

The Department of Defense (DoD) plays a pivotal role in safeguarding the national security of the United States. In today's digital age, this mission extends to the realm of cybersecurity. To ensure that DoD contractors are adequately protecting sensitive information, the DoD has introduced the Cybersecurity Maturity Model Certification (CMMC) 2.0. This groundbreaking framework aims to bolster cybersecurity within the defense industrial base. In this comprehensive guide, we'll explore CMMC 2.0, delve into what an audit checklist might look like, discuss how defense contractors can start the cmmc certification process, and examine how CMMC aligns with the National Institute of Standards and Technology (NIST) Special Publication 800-171.

Understanding the CMMC Framework

Cybersecurity Maturity Model Certification (CMMC) is a comprehensive framework that sets out to strengthen cybersecurity practices across the defense industrial base. It applies to all organizations, ranging from prime contractors to subcontractors, involved in government contracts, specifically those that handle Controlled Unclassified Information (CUI). CMMC 2.0 is the latest iteration of this certification, incorporating improvements based on feedback and lessons learned from CMMC 1.0.

In CMMC 1.0, the DoD's first attempt at cybersecurity maturity model, the DoD outlined a 5 Level process maturity model framework:

  1. Level 1 (Basic Cyber Hygiene): Focuses on safeguarding Federal Contract Information (FCI) and requires organizations to document their cybersecurity policies and procedures.

  2. Level 2 (Intermediate Cyber Hygiene): Introduces the protection of CUI and necessitates the establishment of a plan for cybersecurity improvement.

  3. Level 3 (Good Cyber Hygiene): Continues CUI protection with a focus on the documentation, communication, and enforcement of cybersecurity policies and practices.

  4. Level 4 (Proactive): Elevates the organization's security practices, emphasizing the review, management, and enforcement of security policies and procedures.

  5. Level 5 (Advanced/Progressive): Achieving the highest level of maturity, Level 5 centers on optimizing security practices and implementing advanced security measures.

CMMC 2.0 introduces a more streamlined process, adding flexibility to the certification and compliance journey, emphasizing the maturity of cybersecurity practices. CMMC 2.0 utilizes a specialized cybersecurity maturity level approach that consists of three maturity levels, each with associated practices and processes that organizations must implement to achieve compliance:

  1. Level 1 (Foundational): Level 1 focuses on basic cybersecurity hygiene and is meant to establish foundational cybersecurity practices. CMMC 2.0 Level 1 maps to the previous Level 1 requirements from CMMC 1.0. At this level, organizations are expected to adhere to a set of practices that provide a basic level of security. These practices are often similar to those found in NIST SP 800-171, which is a widely recognized cybersecurity framework. Level 1 includes practices such as ensuring the use of strong passwords, implementing basic access controls, and maintaining an inventory of hardware and software. An annual self assessment is required for Level 1.

  2. Level 2 (Advanced) : Level 2 is an intermediate stage that builds upon the foundational practices of Level 1 and requires organizations to establish a more robust and comprehensive cybersecurity program. This level introduces a broader set of security practices and controls, which are often more advanced than those in Level 1. Organizations at Level 2 need to demonstrate the ability to protect controlled unclassified information (CUI) effectively. Practices at this level may include implementing incident response plans, performing regular security assessments, and enhancing access controls. Triannual third party assessments and an annual self assessment is required for Level 2.

  3. Level 3 (Expert) : Level 3 represents the highest level of maturity in the CMMC framework and is designed for organizations with highly advanced and proactive cybersecurity practices. CMMC 2.0 Level 3 maps to the previous requirements of Level 5 from CMMC 1.0. At this level, organizations are expected to have a well-optimized and highly proactive cybersecurity program that can adapt to evolving threats. Level 3 includes a wide range of security practices, including continuous monitoring, advanced threat hunting, and the ability to adapt quickly to emerging cyber threats. Level 3 organizations are also expected to have a mature incident response capability and a strong focus on overall cybersecurity program management. Triannual government led assessments are required for Level 3.

The CMMC Compliance Checklist

As organizations work towards CMMC 2.0 certification, they need a clear roadmap to ensure they can achieve the desired cmmc level of compliance. While the specifics of the audit process are managed by certified third-party assessors, organizations can prepare for self assessment themselves by using an audit checklist. Below is a simplified audit checklist that maps to the CMMC 2.0 maturity levels:

Level 1 (Foundational)

  • Document cybersecurity policies and procedures.

  • Conduct security awareness training for employees.

  • Use antivirus and anti-malware software.

  • Implement access control measures.

  • Create backups of critical data.

Level 2 (Advanced)

  • Develop a system security plan.

  • Establish an incident response plan.

  • Monitor system security alerts.

  • Conduct regular vulnerability assessments.

  • Implement secure configurations for hardware and software.

  • Enhance documentation and communication of policies.

  • Utilize encryption for data at rest and data in transit.

  • Enforce role-based access controls.

  • Establish secure network architecture.

  • Maintain and monitor audit logs.

  • Review, update, and communicate cybersecurity policies regularly.

  • Conduct penetration testing and annual self assessments.

  • Implement a security operations center (SOC).

  • Utilize advanced threat intelligence.

  • Continuously monitor and analyze audit logs.

Level 3 (Expert)

  • Optimize security practices and processes.

  • Implement a threat hunting program.

  • Utilize artificial intelligence and machine learning for threat detection.

  • Conduct continuous risk management.

  • Establish a culture of cybersecurity throughout the organization.

This checklist provides a simplified overview of the cybersecurity requirements for each maturity level. Achieving CMMC compliance demands a deep commitment to cybersecurity practices and a clear understanding of the specific controls and practices required.

How Do I Achieve CMMC Certification?

As a defense contractor or subcontractor, you are tasked to protect sensitive information and ensure personnel security as part of cmmc compliance. Achieving CMMC certification requires a systematic and dedicated approach. Most organizations will require the assistance of a third party, such as managed service providers (MSP) or managed security services providers (MSSP) who specialize in cybersecurity, to ensure the organization's security posture is implemented correctly.

Here are the key steps you should follow:

1. Self-Assessment:

  • Begin by conducting a thorough self-assessment of your organization's current security practices. Determine your starting point with respect to CMMC maturity levels.

2. Plan and Gap Analysis:

  • Develop a detailed plan for achieving the desired CMMC maturity level. Identify gaps between your current practices and the requirements of the selected level.

3. Security Controls Implementation:

  • Implement the necessary security controls and practices to bridge the identified gaps. This may involve updates to policies, procedures, and technological solutions.

4. Documentation:

  • Document all cybersecurity policies, procedures, and actions. Comprehensive documentation is critical to demonstrate compliance during the assessment.

5. Employee Training:

  • Conduct security awareness training for all employees to ensure they are informed and capable of adhering to the security measures.

6. Third-Party Assessment:

  • Engage a certified third-party assessment organization (C3PAO) to perform an independent assessment of your organization's security practices. They will evaluate your compliance with CMMC requirements.

7. Corrective Actions:

  • Address any deficiencies or non-compliance issues identified by the third-party assessment organization. Make necessary improvements to achieve compliance.

8. CMMC Certification:

  • Once your organization has meet the CMMC compliance requirements, you will receive your CMMC certification, demonstrating your commitment to cybersecurity maturity.

9. Ongoing Monitoring:

  • Maintain continuous cybersecurity monitoring and periodic third party assessments to ensure that your organization remains CMMC compliant.

Achieving CMMC certification is a significant endeavor that requires dedication and a commitment to continuous improvement. However, it is essential for defense contractors and organizations involved in DoD contracts to safeguard sensitive information and contribute to national security.

Mapping CMMC to NIST SP 800-171

CMMC and NIST SP 800-171 are intricately linked, as the former builds upon the latter. CMMC, in essence, extends and enhances the various security requirements and controls established in NIST SP 800-171. NIST Special Publication 800-171 outlines security requirements used for protecting Controlled Unclassified Information (CUI) and serves as the foundation for CMMC.

NIST SP 800-171 is comprised of 14 control families, each with its own set of security controls. These control families cover areas such as access control, incident response, physical protection, system and communications protection, configuration management and security assessment and authorization.

CMMC 2.0 takes these NIST SP 800-171 controls and aligns them with the five maturity levels described earlier. The intention is to ensure that organizations not only implement the necessary controls but also mature their cybersecurity processes over time. The alignment of CMMC with NIST SP 800-171 provides a clear path for organizations to follow, emphasizing a gradual progression towards a more robust cybersecurity posture.

Wrapping up Your Compliance Journey

The Department of Defense's CMMC 2.0 certification represents a pivotal step in strengthening cybersecurity across the defense industrial base. By mapping the requirements to maturity levels, organizations can clearly see what is expected of them as they work towards achieving compliance and beyond. The integration of CMMC with NIST 800-171 controls ensures a well-defined path to improving cybersecurity practices.

In an era where cyber threats continue to evolve and pose significant risks to national security, CMMC 2.0 plays a vital role in fortifying the cybersecurity and cyber resilience of organizations that engage with the DoD. By diligently following the roadmap to CMMC compliance, organizations can contribute to a safer and more secure national defense.

How slashBlue Can Help

Who We Serve

slashBlue is a managed services provider (MSP) specializing in cybersecurity for architecture firms, engineering firms, and defense contractors.

Our Process

Our 6 step cybersecurity advisory and oversight program is designed to address the most critical steps required to gain cmmc compliance.

How Long it Takes

Using our 6 step cybersecurity advisory and oversight program we help most businesses reach their target maturity in 3-4 months. For firms seeking to achieve Level 2 cmmc compliance we are able to achieve maturity for most organizations in less than half a year.

How We Work

Our program works with your current IT team or MSP. We will work along side your team to guide them in the implementation of security protocols and in remediation of vulnerabilities that could pose a threat to your information integrity. Or if you don't have an IT team or MSP, as a managed services provider ourselves we can also take full responsibility for your cybersecurity and technology environment, delivering you a more mature technology environment designed for cmmc compliance.

What You Get

As part of our Cybersecurity Advisory and Oversight Program we provide you with a cyberSecurity slashBlueprint which contains your cmmc assessment report and roadmap for achieving cmmc compliance. Once your target maturity has been reached we will perform a cmmc self assessment and connect you with one of our trusted certified cmmc assessors.

Contact slashBlue to help you achieve CMMC 2.0 Requirements

Spending Too Much on Licenses? Simplify License Management in Your A&E Firm to Save 15%

The Problem: Rising License Costs and Confusion 

As an executive of an A&E firm(perhaps a CFO or COO), you are likely aware of the significant investment required to maintain licenses for essential software tools. These software packages play a crucial role to accelerate design processes, collaborate with partners, and manage documents within your company. However, the cost of maintaining multiple versions of these software packages adds up quickly, affecting your overall budget.

The main architecture & engineering (AE) packages (including Revit, Civil 3-D, and Bluebeam Revu) can have a price tag of up to $12K+ per person per year! Juggling which version of software to use can confuse staff and software updates can disrupt work. 

But with a C-level consolidation strategy, AE firms can save a minimum of 15% on license costs. At slashBlue, we’ve seen that a consolidating strategy works for firms from 20-2000 employees. 

The Solution: Embrace Simplification 

To overcome the challenges of rising license costs and the pace of change, it's time to simplify. By reducing the number of software versions your firm uses, and when you update them, you can achieve substantial savings in cost and increases in staff productivity. Here's how: 

  1. Sequence the Workflow: Assess the steps your A&E firm takes to create work product. Identify the key activities your team performs to accomplish results. Eliminate those that do not provide value. 

  2. Streamline Software: Identify the key software functions your team leans on to create designs and diagrams. Consider the software versions being used and determine if there are any redundancies or overlapping features across different packages. 

  3. Standardize Versions: Once you have identified the overlapping features, consider consolidating licenses. Choose the fewest versions of software needed to meet the majority of your firm's requirements. This will eliminate the need to purchase and maintain licenses for multiple versions, resulting in cost savings. Explore bundled subscription-based models offered by software partners. When you have a partner who can aggregate all your software, you can ensure your A&E firm stays up to date while controlling license costs. 

  4. Strategize Change: Identify the releases and updates for your firm that will have the biggest positive impact on productivity. Eliminate lesser releases unless they have necessary security updates. By reducing the amount of change, you will help your staff maintain productivity. Further, having everyone on the same version of software will reduce the likelihood of incompatibility and disruption.  

The Benefits: Cost Savings and Streamlined Operations 

We've helped numerous firms accelerate savings and consolidation while working with internal committees to manage the change. By reducing the number of software versions in your A&E firm, you can unlock several benefits: 

  1. Save Cost: Eliminating redundant software versions allows you to allocate resources where they will have the greatest return, resulting in money saved on license costs. Saving an average of 15% on software expenses has a direct, positive, impact on your firm's bottom line. 

  2. Streamline Change: Consolidating licenses and standardizing software versions across teams streamlines the way teams communicate, collaborate, and manage projects. When updated software is installed for all staff at the same time, everyone is working on the same platform, reducing errors with design documents, and improving overall efficiency. 

In Conclusion 

As an executive of an A&E firm, you want to make the most of your budget without compromising productive output. By reducing the number of software versions used in your organization, you can reduce costs while streamlining staff work. Evaluate your firm's software requirements, consolidate licenses, negotiate with vendors, and consider subscription models to crack the code and save an average of 15% on license costs.

For 100 software users, that saves ~$180,000!  

Embrace simplification and empower your firm to thrive in today's competitive market. 

Take advantage of our offer for a free consolidation and change management strategy, which includes a license conversation.

What is a Security Awareness Training Program for your Employees?

You probably have heard of security awareness training, had it recommended to you by a partner or IT professional, or maybe you're considering a cybersecurity strategy that includes it as part of a larger offering. What you might not know is why security awareness training is so important in your organization's fight against cyber attacks. The importance of security awareness training for your employees cannot be overstated. It is a critical element of a holistic cybersecurity strategy that, when implemented effectively, significantly reduces an organization's vulnerability to cyberattacks. 

The Human Element in Cybersecurity 

In the realm of cybersecurity, it's often said that:

"You're only as strong as your weakest link."

Unfortunately, the weakest link is often a well-intentioned employee who may inadvertently compromise an organization's security. Cybercriminals continually evolve their tactics, becoming increasingly sophisticated in their efforts to exploit human vulnerabilities. Phishing campaigns, social engineering attacks, and password-related breaches are just a few of the many tactics hackers use to target employees. 

Given this reality, it's imperative that organizations acknowledge the human element in cybersecurity. This is where security awareness training becomes crucial. 

What is Employee Security Awareness Training? 

Security awareness training is an educational program designed to equip employees with the knowledge and skills needed to recognize and respond to cybersecurity threats. When done properly a security awareness training program will provide employees with an understanding of the role they play in protecting an organization against security threats. Security awareness training helps to raise awareness of potential threats as well as emerging threats all with the goal of changing user behavior. 

A robust security awareness program should cover a range of topics, including: 

  1. Phishing awareness: Teaching employees how to identify, avoid, and respond to suspicious emails or messages, including spear phishing. 

  2. Password management: Educating employees on the importance of strong, unique passwords and the risks of password sharing. 

  3. Social engineering: Raising awareness about the tactics used by cybercriminals to manipulate individuals into disclosing sensitive information. 

  4. Safe web browsing: Instructing employees on how to navigate the internet securely and avoid potentially harmful websites. 

  5. Physical Security: Educating employees on the security risks physical access can have on an organizations efforts to avoid a data breach or loss of intellectual property. 

The Importance of Security Awareness Training 

  1. Mitigating Human Errors: The most significant benefit of security awareness training is its ability to reduce human error. Employees who are well-informed are less likely to fall for phishing attempts or engage in risky online behavior. This results in a lower likelihood of security breaches due to unintentional actions. 

  2. Enhancing Security Culture: Security awareness training fosters a culture of cybersecurity within an organization. When employees understand the importance of security and their role in it, they become active participants in protecting the organization's digital assets. 

  3. Cost Savings: Preventing a cybersecurity incident is far more cost-effective than dealing with the aftermath of a breach. By investing in training, organizations can save themselves from the financial damages and loss of brand reputation from a cyberattack. 

  4. Compliance Requirements: Many industries have regulatory requirements to implement security awareness training as part of their compliance efforts. Failure to do so can result in fines and legal repercussions. 

  5. Anti-phishing Techniques: Understanding the impact phishing attacks have on an organization’s security posture. This includes running phishing simulations and deploying phishing tests.  

Security Awareness Training as Part of a Holistic Strategy 

While security awareness training is critical to empowering employees to take ownership of an organization's information security, it's important to note that security awareness training alone is just one piece of the puzzle. A holistic cybersecurity strategy encompasses various components, including: 

  1. Assess and Oversee Policy: Creating a WISP (written information security policy), adopting those security practices across the organization, and making recommendations based on an organization's unique requirements.  

  2. Plug and Watch for Weaknesses: Continuously monitoring activity across the organization's entire network looking for attacks in real time. These scans are focused on password security, movement of sensitive data, and access to personal information often stored in human resources databases.  

  3. Educating Staff: Implementing a successful security awareness program focused on an employee's role in protecting the organization.  

  4. Detect New Weaknesses: Scanning an organization's assets to determine attack vectors cybercriminals could use to gain access and remediating known vulnerabilities to limit the likelihood of data breaches. 

  5. Manage Vendor Weaknesses: Reduces the frequency and severity of data breaches, data leaks and cyber attacks involving other organizations in protecting sensitive data. This approach involves assessing an organization's unique vendor list and performing due diligence on the delivery of goods or services.  

  6. Test for Weaknesses: Once all other measures have been put in place a penetration test is required to help discover new vulnerabilities. During penetration testing security professionals will simulate an attack by trying to break into the organization's network and report back on the pathways used to access the network.  

    For more information, see the 7 Strategies that help protect revenue.

By integrating security awareness training into this broader cybersecurity framework, organizations create a multi-layered defense against cyber threats. When employees become the first line of defense, working in tandem with technical safeguards and policies, the chances of a successful attack are significantly reduced.  

In conclusion, a security awareness training program is an essential component of a holistic cybersecurity strategy. It empowers employees to recognize and respond to threats, thereby reducing the human error factor in security breaches. By integrating cybersecurity awareness training into an overall cybersecurity framework, organizations can effectively safeguard their digital assets, protect their reputation, and ensure regulatory compliance. In an age where the cyber threat landscape continues to evolve, investing in the education and awareness of employees is a prudent and strategic move that no organization can afford to overlook. 

 See how slashBlue can help

CMMC 2.0 Strategy Briefing: Rulemaking Ready

The Cybersecurity Maturity Model Certification(CMMC) final rule-making process has been kicked off for architectural and engineering firms that do business with the Department of Defense. The CMMC rules are submitted and will be published by the Office of Information and Regulatory Affairs within 90 days. We can expect CMMC 2.0 to be published by October 2023.

The biggest delays in the published date are now behind us. The CMMC model version 2. 0 has been released, and it incorporates feedback from industry stakeholders and enhances the requirements and practices for each CMMC level. The important point is that the submission of the final rule to the office of management and budget OMB is done. It's still a bureaucratic process like we've seen in the past, but now it's less fraught with delay than previous phases.

Next, OIRA will decide how to publish it, and will likely make CMMC 2.0 a proposed rule making it effective in 2025. However, OIRA may make this an interim final rule, making it effective in 2024. They rarely do this, but according to the rule book, when an agency publishes a final rule, the rule is usually effective no less than 30 days after the date of publication in the Federal Register.

If the agency wants to make the rule effective sooner, it must cite good cause in the public interest. This has happened a few times in the last several years, so be aware of this possibility. In addition, be prepared for a comment period, specified by the agency, that lasts from 30 to 60 days.

Most importantly, implement CMMC now while acquiring contracts for 2024 and 2025.

Here is what you can do:

1. Have a true chief information security officer(CISO) review the version of the CMMC rules submitted for OMB review. Do this with yourself and your CMMC assessor.

2. Assess your business case for acquiring and retaining government contracts using CMMC 2. 0. Know what your business has to gain, what you have to lose, and the timing of opportunities.

3. Assess your timeline and whether your implementer and auditor can accomplish the work in time and within the costs of your business case.

4. Stay tuned for news on the review process. It's becoming public, and we'll know more in the coming days.

If you'd like more insights like this, Please join my free private group for architecture and engineering firm executives:

https://www.linkedin.com/groups/8272471/

See how you can protect millions in revenue for your firm

7 Strategies to Protect Millions in Revenue and Maintain Client Trust

The Problem:

  1. Annualized revenue of $20 million, but $3 million was dependent upon cybersecurity requirements.

  2. Starting cybersecurity maturity score: 35.

A firm’s Managing Director made a personal promise to clients that their firm would implement cybersecurity practices according to the client’s requirements to gain the business. The reputation of the firm, as well as millions of dollars in contract value each year, were at stake. 

He understood that they needed cybersecurity measures that not only met their own requirements but also fulfilled the complete set of requirements of all their customers. This meant it was more complex than just avoiding ransomware and downtime. It required oversight to ensure compliance with customer requirements. 

How They Increased Cybersecurity Maturity:

The firm implemented an oversight strategy including many of these items.

  1. Assess & Oversee Policy:

    • Assess business-specific risks rather than following the generic practices of a managed service provider. 

    • Use a publicly defensible framework to build trust with customers while implementing a Written Information Security Policy (WISP). 

    • Protect revenue, reputation, and data with transparency for client trust. 

  2. Watch for Weaknesses:

    • Implement redundancy and long-term logging to detect breaches by deploying SIEM/SOC and MDR in the cloud and on-premises. 

    • Raise awareness of the most important business risks through AI assisted risk alerting and incident response. 

  3. Educate Staff:

    • Lower the risk of phishing attacks with engaging training videos. 

    • Audit and follow up on training to address current staff risks.

  4. Detect New Weaknesses:

    • Identify insecure data pathways and storage mechanisms. 

    • Use AI powered event management to find new risks. 

    • Harden new risks to the network and map data flow. 

  5. Manage Vendor Weaknesses:

    • Audit vendors' access to data and evaluate their maturity and ability to protect information up and down the supply chain. 

    • Lower the likelihood of a breach through vendor risk management.

  6. Test Weaknesses:

    • Test what's been done for quality oversight.

    • Conduct penetration tests.

  7. Use Qualified Oversight:

    • Select a battle-tested cyber information security officer (CISO) who has protected thousands of people for many years. 

    • Have the CISO report to the CEO ideally, else the CFO or general counsel. 

The Result:

Annualized revenue protected: $3 million per year and growth requiring cybersecurity maturity total revenues of $20 million per year protected from disruption.  

Ongoing Cybersecurity maturity score moved from 35 to 73, surpassing the customer requirement of 70. 

Within three months of implementing slashBlue cyberSecurity Oversight, our client demonstrated the ability to meet the target cybersecurity maturity requirements for both their firm and key clients. 

  • The firm has ongoing reporting that gives confidence in meeting customer cybersecurity requirements. 

  • In the event of a cybersecurity incident or breach, the firm is fully prepared to protect customer data. 

  • By prioritizing customer protection, the firm safeguards revenue generation. 

  • The firm leaders can now sleep better at night with greater peace of mind. 

Reach out if you would like help.

Top 5 Risks of Business Disruption in 2023 (And 5 Strategies to Mitigate)

Alliance published its risk barometer for 2023.  According to the report, cyber and business interruption top the list of threats, economic and energy risks rise.

Cyber incidents and Business interruption ranked as the foremost company concerns for the second year in a row. Macroeconomic developments such as inflation, financial market volatility and the threat of recession, shortage of skilled workforce, and natural catastrophes round out the top five for the United States.  View the full global and country risk rankings.

Here are five strategies you can use:

1.     Business interruption - Plan for disruption and establish alternate channels in your supply chain. Tune up your disaster recovery and business continuity policy.

2.     Cyber incidents - Review your product and services to establish cybersecurity as part of your strategy for acquiring and retaining clients.  Cybersecurity capability is now a possible competitive advantage to build trust in the marketplace. Of course, you also want to make sure that your cybersecurity policy is clear and tested.

3.     Macroeconomic developments - Tune your value proposition to accommodate inflationary pressures on your pricing while making sure you're delivering the value that your customers need in changing market conditions.

4.     Shortage of skilled workforce - Establish repeatable and scalable processes, teaching your employees how your company delivers value. Make sure they have the right technology tools and software solutions to do their job. Even more importantly, make sure that they know when to use software and when not to. All of us get too many emails and thoughtless communications. Let's simplify the technology we use.

5.     Natural Catastrophes - Get insurance against catastrophe. Prepare for disruption to business with a full sales pipeline so that if you have supply chain or natural disaster disruption, you can redirect resources to other areas of revenue generation.

Whether you are the CEO, CFO, COO, President, or Managing Director, make sure to take the time to assess and plan for risks as part of your strategy for 2023 and beyond. Reach out if you would like help.

Equifax Security Breach: The Top 3 Ways to Protect Yourself

In another cybersecurity breach, 143 million U.S. consumers may have had their identity information stolen from Equifax.

The identity thieves make money selling your information to people who could potentially take out credit cards or loans in your name.

Take action to protect yourself and those you love.

Security+Breach.jpeg

Here is what we recommend for every consumer to protect themselves from this theft:

1)    Check to see if your information was known to be stolen. Check your name at Equifax on the web or call 866-447-7559.

2)    Take action to protect your identity.  To be the most secure, many recommend placing a “credit freeze” on your credit report with Equifax, Innovis, Experian and Trans Union.

a.     See the Federal Trade Commission's Credit Freeze FAQ

b.     Check out some free services Equifax is offering to help. 

3)    Stay alert. Keep an eye on bank accounts for suspicious activity. The hackers got information because Equifax was insecure.  It was not something you did. While, it was not because of a phishing attack, phishing remains one of the top ways to have identity information stolen.

If you want to know what should be on your Cybersecurity Roadmap, schedule a free consultation now.

 

Password Manager Breach – How do you know you are secure and What to do about it? (OneLogin)

Security Breach

The recent OneLogin breach is very serious. When a password manager gets hacked, it's not as though you only have your user login and password to worry about. Password managers store more than just basic password information. They include login information, identity, credit card, health information and more.  Cloud service providers use these password managers. So, with the OneLogin breach, it's not just their passwords that are on the line, it is all of their clients information. (Including yours if you have a service provider that uses them)

It seems like there is no one immune to a hack. It's just a matter of time. 

How much trust should we place in password managers to store this information?

What companies can we trust out there?

Here's what you can do to protect yourself:

  1. Use a password manager, but only one that offers two-factor authentication AND encrypts data locally (e.g. Lastpass)
  2. Select Cloud Service Providers and Managed IT Support with a Cybersecurity plan that uses two-factor authentication AND encrypts data locally 
  3. Ensure that your IT partners have Cybersecurity and Data breach insurance

Password managers are a great tool to protect yourself and your company. It is technology that protects your purpose. Remember, there is no way to be 100% secure online.  If you store information online, it may become public someday.

If you need help with a Cybersecurity Technology Roadmap, find out more.
If you want to get a free month of Premium Lastpass, click here.

3 Tips for the Uber-busy to Keep Improving

image.jpg

For the uber-busy, keeping up with personal development is difficult.

Even though we may have the best intentions togrow,  personal development can often get sidelined.

Here are a 3 ways you can keep improving even when you're maddeningly busy:

(and my favorite mental improvement app)

 

1) Leverage your time - When you need a break, be intentional. Read a book that will help you develop. Listen to an audiobook when you're in the car or working out.

2) Focus on your bookends - Work to improve your greatest strength and minimize damage from your greatest weakness. This can be incredibly motivating. When you stop the bad behavior, you make greater progress. When you strengthen what you're good at, you can enjoy your work more.

3) Learn as you go - Keep in mind your greatest strength and greatest weakness as you work. Look for opportunities to learn in the flow of what you are doing. Purpose is the mother of invention after all. If you have a will, you can find a way.

There's plenty of technology that can help you as well. One of my favorite apps is Elevate. Ithelped me to to dramatically accelerate my reading speed to 520 words per minute.  Because of Elevate, I am faster at every day math. I write greater clarity and simplicity.

Take advantage of these tips every day and you will find yourself gaining momentum toward what is most important to you.