Enter your email to get simple, practical cybersecurity self defense news, events, info & tools to protect yourself & your business. Free of jargon & full of value.

CHECK OUT OUR MOST RECENT NEWSLETTER:

*|MC:SUBJECT|*
NEWSLETTER
COMPANY UPDATE
New Focus: CMMC (Cybersecurity Maturity Model Certification)
Bottom Line Up Front: We will be transitioning our content to focus on a soon-to-be mandatory cybersecurity requirement for all Defense contractors called CMMC.
What does this mean?
We will still provide useful tips, tool, and cyber self-defense info that individuals, families and any small business can use to protect what they care about.
We will shift our focus to educating Department of Defense (DoD) contractors on CMMC requirements and how they can comply so that they can certify in order to continue to do business.
Our info will make CMMC principles relevant to all. Although CMMC is mandatory for DoD contractors, it is straightforward, comprehensive, and simple enough for any small business to use to shape their cybersecurity strategy.
CYBERMARKETDC.com is the “Angie’s List” of cybersecurity providers. We connect you with qualified cybersecurity pros to assess your current cybersecurity and fix any problems you may have. We do the research & shopping for you.
TABLE OF CONTENTS
 
CMMC Executive summary: What is it? Why is this happening? Who does it apply to? When is it required? 
NEWS: Remote work during quarantine
Staying safe while working remotely.
EVENTS: CMMC webinar 
Register today.
CMMC Executive Summary
What is CMMC?: CMMC or the Cybersecurity Maturity Model Certification is a framework to implement cybersecurity standards and reduce risk. A maturity model is used because not every organization requires the same amount of security.

Why? The threat an organization faces depends on the value of the targeted organization: an organization that manages food supply for US military bases may face cyberattackers looking to disrupt operations for profit where as a contractor developing sensitive systems for the DoD will likely face sophisticated attackers looking to penetrate networks and steal sensitive data. Since these two organizations face different risks and don’t have the same resources, a maturity model accounts for such differences and thus requires a proportional cybersecurity posture for each.

This proportionality in CMMC takes the form of Levels, with Level 1 requiring the most basic cybersecurity certification and Level 5 requiring the most advanced cybersecurity protections and processes. The Level corresponds with the amount of risk the potential contractor poses to the DoD and will be articulated in the proposal request process.

Why CMMCIn 2011 it was discovered that Lockheed Martin, while developing technical specifications for the Air Force’s new fighter jet (F-35), was breached by sophisticated Chinese state-sponsored hackers that leveraged security software provided by RSA to steal huge amounts of classified information.
Similar breaches of DoD contractors and even of 3rd parties to large corporations have forced the firings of Chief Information Officers and Chief Information Security Officers. These impacts have caused these organizations to carefully scrutinize the risks posed by partners and contractors. CMMC is a standard by which to minimize that risk and require minimum cybersecurity controls to reduce the probability of significant breach damage.

Who must obtain CMMC certification? Every DoD contractor, no matter what type of service or product provided to the DoD or previous compliance requirements met, must obtain a Level of CMMC that will be stated in the Requests for Proposals (RFPs). Previous compliance requirements (like NIST, FedRamp, etc.) are referenced in the CMMC practices and processes in order to allow Organizations Seeking Certification (OSCs) to crosswalk previous accomplishments and leverage efforts economically.

When will DoD contractors be required to comply with CMMC? Officially, this is yet to be determined; however, many on the CMMC Accreditation Board have said their goal is to finalize CMMC processes so that DoD entities (Army, Navy, etc.) can begin incorporating CMMC Levels into RFPs by June/July 2020. It’s anticipated that DoD contractors will begin seeing this mandated for current and future contracts by September/October 2020. These details and rollout timelines are subject to change, especially considering COVID factors.
COVID-19 Scams
 
It’s a tale as old as time, or at least email. Scammers are seizing on the COVID pandemic to get people to click links or download attachments in emails.

WHAT HAPPENS?
When you click on the link, a number of things can happen:
• the link sends you to a website that tries to initiate the download of malware onto your device by taking advantage of an unpatched vulnerability 
• the link directs you to a website “spoof” of something that looks like a normal login page (bank, payroll, etc) so that you’ll enter your username/password – the bad guys are watching and use it to access your accounts.

If you download an attachment from a phishing email, the malware is in the attachment and now can run on your device by using an unpatched vulnerability.

WHY?
The ruse changes: sometimes it’s tax season, holiday shopping season, etc. But the method listed above rarely changes – get you to click on a link or an attachment.

Their goals vary:
• sometimes they want to use the malware to gain access to your email so they can watch when your company tries to make a payment or do a wire transfer, pretend to be you/your boss, and direct the funds to their (bad guy) account
• other times they want access to bank accounts
• and other times they want to steal your/your company’s data.

HOW TO PROTECT YOURSELF & YOUR ORGANIZATION
1. DON’T CLICK LINKS IN EMAILS OR DOWNLOAD ATTACHMENTS – verify the sender first by checking the email address or even contacting them directly (phone, video chat, text)
2. Keep your devices, browsers, and all other software (Adobe) updated. This patches vulnerabilities the click or download-activated malware uses to do what it wants to do.
3. Use
two-factor authentication – if the attacker is trying to use the malware to gain access to your email, two-factor authentication can prevent that attempt.
4. Have your IT provider use techniques (
DMARC) on your email platform to filter out dangerous emails.

Sources:
The Verge 
EVENTS
Webinar Lunch & Learn: What is CMMC anyways?
Join me (Matt Lembright – CEO of cybermarketdc.com) as I talk with John Harrison & Giancarlo Osorio (two other Army veterans and cybersecurity experts) from Hyper Vigilance about what CMMC is, what it means for government contractors, and how you can prepare for certification. Plus, we’ll do some Q&A so come with your “Qs,” even if they’re general cybersecurity questions and don’t have anything to do with CMMC.

Click here to send us your questions.

We just want to help and give you the tools to defend yourself against cyberattackers.

SIGN UP: https://hypervigilance.webinarninja.com/live-webinars/285102/register?in_tok=226a8a19-b082-47a8-95fa-3dd7892db139 

Schedule a workshop by clicking the “BOOK EVENT” button below.
BOOK EVENT
It’s a tale as old as time, or at least email. Scammers are seizing on the COVID pandemic to get people to click links or download attachments in emails.

WHAT HAPPENS?
When you click on the link, a number of things can happen:
• the link sends you to a website that tries to initiate the download of malware onto your device by taking advantage of an unpatched vulnerability 
• the link directs you to a website “spoof” of something that looks like a normal login page (bank, payroll, etc) so that you’ll enter your username/password – the bad guys are watching and use it to access your accounts.

If you download an attachment from a phishing email, the malware is in the attachment and now can run on your device by using an unpatched vulnerability.

WHY?
The ruse changes: sometimes it’s tax season, holiday shopping season, etc. But the method listed above rarely changes – get you to click on a link or an attachment.

Their goals vary:
• sometimes they want to use the malware to gain access to your email so they can watch when your company tries to make a payment or do a wire transfer, pretend to be you/your boss, and direct the funds to their (bad guy) account
• other times they want access to bank accounts
• and other times they want to steal your/your company’s data.

HOW TO PROTECT YOURSELF & YOUR ORGANIZATION
1. DON’T CLICK LINKS IN EMAILS OR DOWNLOAD ATTACHMENTS – verify the sender first by checking the email address or even contacting them directly (phone, video chat, text)
2. Keep your devices, browsers, and all other software (Adobe) updated. This patches vulnerabilities the click or download-activated malware uses to do what it wants to do.
3. Use
two-factor authentication – if the attacker is trying to use the malware to gain access to your email, two-factor authentication can prevent that attempt.
4. Have your IT provider use techniques (
DMARC) on your email platform to filter out dangerous emails.

Sources:
The Verge 
CONTACT US
LinkedIn
Facebook
Twitter
Instagram
Website
Copyright © *|CURRENT_YEAR|* *|LIST:COMPANY|*, All rights reserved.
*|IFNOT:ARCHIVE_PAGE|* *|LIST:DESCRIPTION|*

Our mailing address is:
*|HTML:LIST_ADDRESS_HTML|* *|END:IF|*

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list.

*|IF:REWARDS|* *|HTML:REWARDS|* *|END:IF|*