iVenture : 20 Years of Business Friendly IT

Is Cybersecurity Encoded In Your Business DNA?

To pass CMMC, your business’ cybersecurity needs to be in top shape. It’s all about having security in your DNA. Follow these guidelines to get cybersecure.

Is Cybersecurity encoded in your business DNA?

For many government contractors, the CMMC or Cybersecurity Maturity Model Certification is top of mind. From what we’re hearing, businesses aren’t 100% clear on how achieve it.

From an IT perspective, the 4 Pillars For CMMC Compliance offer helpful guidance. This article digs into Pillar 3: Security in DNA. This pillar is critical because CMMC approval hinges on IT hygiene and proper cybersecurity.

Need a refresh on the other pillars? Find them here:
How IT Standards Can Make Or Break CMMC Compliance
Why A Mature Service Operation Matters for CMMC

Why Does The CMMC Emphasize IT Hygiene?

There has been an alarming number of government contractor security breaches, hacks and theft. Here are a few majors ones in the last year or so:

  1. Access to Virginia government contractor sold by Russian cyber criminals  
  2. “Team Snatch” demands ransom; leaks contractor information on the dark web  
  3. DISA data breach exposes personal information of 200,000 people  

NIST compliance was meant to alleviate those issues, but it’s falling short. So the Department of Justice added the CMMC to its regulatory body.

With clean IT hygiene and proper cybersecurity, the risk of breaches, hacks and theft decreases significantly.

What Does Proper Cybersecurity Look Like?

When we discuss cybersecurity with businesses, we emphasize security in the DNA. This means a top-down, bottom-up, all-around security-minded strategy. From controlling and recording who can enter the office, to thoughtful admin controls on computers to regular security training with employees, and more.

When building a solid security strategy, businesses include the following protocols:

  • Strict tracking & reporting
  • Secure data encryption
  • Admin access monitoring & management
  • Thorough background checks on all personnel
  • Two-factor authentication user management

How Can My Business Improve Cybersecurity?

Improving cybersecurity requires a comprehensive look at business operations. It involves employees, processes and technology. Let’s be clear, it’s not easy to see holes in your own business. Here are some starting points suggested by our experts:

Do:

  • Use different passwords for different sites
  • Setup two-factor authentication on all accounts
  • Double check everything. Be suspicious of emails, links and phone calls
  • Commit to hourly data backups. Daily isn’t enough.

Don’t:

  • Store your passwords in a folder, or anywhere easily accessible
  • Insert USB thumb drives into a computer. Instead have the person email the document/photo/etc. to you.
  • Reply to suspicious emails, even if it comes from someone you trust (boss, accounting, etc.). Call the person who sent it to confirm.

Need Another Perspective? How To Vet IT Providers

These are great starting points, but sometimes another perspective is needed. For businesses looking for outside IT support, use these questions to vet IT companies

  • What’s your current password complexity/expiration policy
  • What’s your user termination policy? (It should be documented on paper)
  • What compliance certs do you hold (HIPAA, SOC, PCI DSS, SSAE)?
  • How often are data backups performed and how often does a test restore occur? (Important with the rise of malware)
  • How are issues/resolutions documented? (Knowledge should be shared between team members; no kingdom keeper)
  • What security updates get installed, when and what type of pre-installation vetting?

What if My Company is Working Remotely?

No problem. Effective cybersecurity can work from home. Here’s what to do:

  • If you’re working with a managed service provider, ask them for tips and resources
  • Create a training session/series for your staff
  • Consider penetration, or pen, testing
  • Break down training by department. For example, talk about mobile banking malware with accounting.
  • Set rules such as:
    • Admin controls (who can access what)
    • Usage controls (Who can use work equipment i.e. no kid’s games)
    • Password managers
    • Prohibited websites

Cybersecurity & CMMC Compliance

With proper IT hygiene and effective cybersecurity, businesses can stop cyberattacks and prevent data loss/theft. They’ll also be one step closer to passing the CMMC audit. It all starts with a well-executed IT strategy.

If you’re unsure about your current IT strategy around CMMC, we may be able to help get you on the right track. Let’s talk about it.

How Can We Help You?


Back to Blog

Recommended For You


Latest Article

Anatomy of a Cybersecurity Attack: A real-life account of what happens before, during and after

Anatomy of a Cybersecurity Attack

The real cost of a cybersecurity attack isn’t downtime. It’s what happens after recovery. Read this real-life account of a business’ cybersecurity attack.

How IT Standards Can Make Or Break CMMC Compliance

IT standards can make or break CMMC compliance. Follow these steps to get build those standards.

What Business Owners Need to know aboutCMMC, IT & Getting It Right The First Time

What Businesses Owners Need to Know About CMMC, IT & Getting It Right The First Time

If CMMC is on your mind, here’s what to know before it becomes the bane of your business. Learn about the the 4 pillars for CMMC compliance.

Is Your business mature enough for cmmc

Why A Mature Service Operation Matters for CMMC

Operational maturity is foundational to passing CMMC compliance. Here’s what mature service operation looks like and how your business can have one too.