was successfully added to your cart.

Cart

All Posts By

Paul Kuepfer

CMMC Compliance IS Essential to All Companies

By | CMMC

By 2021, the Department of Defense will begin implementing a mandatory third party audit for all suppliers.  In summary from the OUSD(A&S) website:

The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance moving forward. The Department is committed to working with the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain.

OUSD(A&S) is working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry to develop the Cybersecurity Maturity Model Certification (CMMC).

  • The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats.
  • The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements.
  • The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels.
  • The intent is for certified independent 3rd party organizations to conduct audits and inform risk.

Cicer One is dedicated to data privacy and data ownership and its turnkey solution, SCUTE, meets Levels 1-3 of CMMC out of the box with the following benefits to SME companies:

  • Network-in-a-box – enables SME companies to easily and securely manage their digital assets with no external IT support required.  Setting up a similar system with off-the-shelf hardware and software components has 5-10X upfront installation and monthly maintenance costs.
  • Replaces Google Drive, Dropbox, Microsoft Sharepoint and similar services.
  • Replaces Text and Chat apps – these apps are subject to third party monitoring and monetizing of the user data.
  • Digital assets that are stored on the cloud or persisting in third party servers (email etc) are subject to compromise by hacking, third party employee theft, and storage in foreign jurisdictions.  Cicer One’s on-premise solution ensure easy compliance with privacy and security standards including HIPAA, GDPR, CCPA, and CMMC.

Cloud computing enables scaling of data storage and exchange but simply isn’t the right answer for the government supply chain as cloud providers do not guarantee the data will remain in the USA and that it is only accessible by personnel with the proper clearance.  CMMC is the first cyber security standard that will require an independent audit to ensure compliance and affects 350,000+ companies.  Industries such as medical, legal, and financial services standards are closely monitoring the CMMC implementation and are planning parallel cyber health monitoring in their respective ecosystems.

Cicer One offers businesses in every industry to reduce the risks of managing their customer and client data exchanges and get ahead of the coming standards based audits.

 

Enough Ransomware Already!

By | Ransomware, Work From Home

Glance at our cyber security newsfeed and you’ll notice similar stories over and over again…

  • Companies and governments are being ransomed every 21 seconds
  • Anyone with malicious intent can easily license ransomware services
  • Ransomware demands are skyrocketing to over $111K
  • Most companies that are attacked go out of business within 6 months

The attacks are real!  The threat to your business is real!  Ask yourself:

  • What would I do if my data was sold to the highest bidder on the dark web?
  • What would I do if my data or intellectual property was held for ransom?
  • What would happen if a malicious link within an email were to be clicked?
  • Can I ensure business continuity with minimal interruption after an attack?
  • Do I have the financial resources to pay a ransom and get my data back?
  • Will my clients stay with my business if I’m attacked?

If you answered “No” to any of these questions, or if you simply don’t know the answers, let’s set up a time to talk.

Covid 19 and the Future of the Work Place

By | Covid19

Coronovirus (Covid19) will have a long reaching effect on business globally.  There never has been an event in modern times that has driven massive shift in workplace behavior from corporate office to work from home.  Although, it is unclear what the long term effects are of not feeling safe in the workplace due to infection of a disease, it is apparent in countries that are slowly lifting the social distancing bans such as China that people are reluctant to change their self-isolation habits quickly. 

It is expected that the changes in behavior will lead to a long-term shift in the thinking of employers regarding the size and scale of their offices. 

The office workplace has pros and cons including:

  • It is unquestionably better for problem solving.  The stories of Google are legendary as they kept their workforce in their building closely collaborating with services including free food and dry cleaning.  However, the traditional corporate workplace is also inefficient with many studies suggesting that the average employee only completes 3-4 hours of real work in a day – especially in today’s open concept environment.  As job requirements become more specialized and the workforce more fragmented, it is much easier to scale a workforce that is scattered than to hire train exclusively within a region.
  • Working from home is more efficient for many people but also has drawbacks
    • Interruptions from family, pets, if the home work space is not separate from living quarters.
    • Loss of team building and cross function collaboration.  Many of the best solutions come from networking across multiple disciplines which is difficult in a disparate work environment.
    • Increased risk of data compromise and IP theft.
      • In a corporate office, it is relatively simple for an IT team to create firewalls and keep the corporate data and IP safe within its geographical restrictions.  When teams are scattered in many locations, the risks of hacking and ransomware increase dramatically.
      • Solutions like VPNs & RDP are inexpensive to for IT teams to install and maintain, but they  are vulnerable to nefarious third party attacks.  
  • Companies are increasingly turning to the cloud. However:
    • It simply isn’t a good solution for many industries.  Cloud companies are interested in monetizing data for their business model and do not guarantee that data is stored in the jurisdiction of the business or accessed only by citizens of the headquarters of the country thus violating many healthcare, financial, and defense privacy regulations.
    • Recent revelations of Zoom privacy issues highlight the problems in the cloud.  The data is not end-to-end encrypted as advertised and was even routed through China thus exposing many USA corporations to huge breaches in data privacy and security.  While Zoom is in the news, many other cloud service providers share their practices.

Cicer One has created a new breed of solution that grants all the access of cloud solutions commonly used by small businesses such as Google Drive, Dropbox or Sharepoint while keeping the data on premise of the company and secure.

Benefits of SCUTE:

  • By architecture, all information transacts from the user endpoints through the SCUTE which is on the company premises and does not persist on third party sites.  No third party can intercept, transact or monetize the data.  
  • It is simple for a non-technical person (HR/CEO/VP) to set up and manage the user access and administrative functions such as backup with no IT or technical knowledge.
  • Secure Chat
    • No data persists on mobile devices or on computer endpoints.
    • Safe to exchange most secure data such as credit cards etc.
  • Enable file sharing internal without data persisting on another companies’ server
    • External users are easy to setup and maintain
  • Complete audit log of all user activities by device
  • Off-site backup – ownership & patented
    • Extend property rights to a local data center
  • Encryption certificates are rolled quarterly and there is an audit trail (required by compliance industries)

For the safety of your most critical data – trust SCUTE.

Working From Home? Read This First!

By | Cloud, Work From Home

2020 has seen the rapid dispersing of employees from centralized offices to work from their homes.  Companies have been utilizing tools including FTP & SFTP for many years to give access to files and data to employees customers and vendors to exchange data outside of the physical office.  However, with the rapid increase in WFH on to the dangers of the cloud for their direct staff – Why neither of them are a good idea for WFH.

FTP is a traditional File Transfer Protocol used by many companies to enable the transfer of data.  However, it is not very secure as the transfers are not encrypted and allows man-in-the middle attacks.   Many industries have created regulatory bodies such as HIPPA, NIST, and CMMC and require data transfers to be encrypted as a minimum standard.

SFTP adds a layer of security to the FTP protocol based on network Secure shell (SSH) and is a replacement for FTP, but also has drawbacks.

  • SFPT needs to be setup at both the server and endpoint and maintained by an IT professional. Many small & medium enterprises do not have this skill set on staff.
  • It is not always possible to setup a VPN to give access to share data with external vendors and clients.
  • Costs of implementing and maintaining 

Like most, as a senior leader in your company, you may not be familiar with the terminology above and you are concerned that your remote staff can properly access the critical data that you cannot risk with cloud providers.   SCUTE solves all these challenges:

  • Extend rights to pools of data to internal and external users (customers & Suppliers)
  • Visually manage the users and log their access.
  • Data is encrypted in transit and at rest meeting & exceeding industry
  • On-premise hardware so you physically own
  • Assurance of business continuity if your IT vendor or data storage partner discontinues their service