All electric and self-driving car technology fascinates me. [...]
A 10 attorney law firm discovered the cost [...]
If you must comply with NIST 800-171 under DFARS you may [...]
There has been a lot of discussion about the method [...]
Here are a couple of snippets from Perth Now Sunday [...]
Dear Valued Client,
Before we begin, if at any point while reading the message below, you need assistance or are just not sure, call 877-662-6624 or contact us by email and let us know so we may assist you. If you are one of our Patchworx clients or that rare organization that is covered through other effective measures, we sincerely congratulate you for your efforts to protect your company.
Whether you request our assistance or do the work of protecting yourself, not acting could be a very costly choice.
As you have likely heard in the national news, networks all over the world (in more than 150 countries) have been infected by WannaCryp Ransomware also known as WannaCry since Friday 5/12/2017…in fact it is estimated that 100s of thousands of computers are already infected and potentially million more will soon be. So, before we move into the details of why this matters, please DO NOT OPEN any attachments, click on links in emails from unknown senders, bring in un-scanned USB drives or otherwise invite an infection into your network.
What does ransomware do?
There are different types of ransomware but, all of them will prevent you from using your PC or server normally. They will then ask you to do something such as pay money before you can access your systems and data. Not all but most make getting data back impossible without
Educate your users - Don’t let them be tricked into downloading ransomware/malware
Everyone should follow this advice:
- Be very cautious when opening an attachment or clicking a link in an email, instant message, or post on social networks (like Facebook)—even if you know the sender. If you are suspicious, call to ask the sender if they sent it. If not, delete it.
- The attack can look like it is from an official sources like banks, UPS, FedEx, USPS, eFax, etc. This has been the most common attack method to date.
- If an e-mail gets blocked and quarantined by your spam filter, be very certain about the message and any attachments before you release it from quarantine. One user recently got burned this way.
- Avoid clicking Agree, OK, or I accept in banner ads in unexpected pop-up windows with warnings or offers to remove spyware or viruses, or on websites that may not seem legitimate. These are usually bogus. Call your IT specialist if you are concerned.
If you must comply with NIST 800-171 under DFARS you [...]
December 31, 2017 is an important date for many in the DoD world. For those with contracts subject to DFARS 252.204-7012 it might feel like an overwhelming and impending date. I am sure this is another heavy responsibility thrown onto your plate with the expectation you get it done. There might even be an “or else” implied with the responsibility. For your company it is overwhelming too as your employer might have an “or else” threat to top-line and bottom-line financials. If you are feeling the stress, come join your peers and get on your way to compliance today by clicking here to register for the Lunch and Learn.
So, you have been told that you must be compliant with Defense Federal Acquisition Regulations Supplement (DFARS) 252.204-7012. In order to meet these obligations you must follow the NIST Special Publication 800-171r1 guidelines. You have until December 31st, 2017 to get with the program and become compliant. The first quarter of 2017 is already behind us. For many, there is much to do in the coming months and the sooner the process begins the sooner compliance can be realized. If you are just starting out on the journey to compliance, take a look here at our recent article on your DFARS obligations and the basics of what you must do to become compliant. If you are already aware and looking for improved understanding or just simply know you need help, join us at our lunch-n-learn:
Our highly-qualified team of compliance professionals, with decades of cyber security and compliance experience, are ready to meet your readiness needs. They will be speaking to both legal and technical issues involved in gaining compliance. We have mature and comprehensive processes that ensure your strengths and gaps are identified and remediated.
Here is a blog by our friend Joe Stangarone of mrc's Cup of Joe Blog. He writes about the dangers of shadow aka stealth IT and how to spot it. Shadow IT is basically software and services that enter your company network without your knowledge or permission. Here is his blog....
Summary: A growing trend, “Shadow IT” is a term used to describe IT systems and solutions built and/or used inside organizations without the approval of the IT department. This could include anything from employees emailing spreadsheets back and forth to entire departments licensing third-party, cloud solutions behind IT’s back. The problem: Since Shadow IT usually happens on the sneak, IT departments don’t know where (or how much) it’s happening. Is Shadow IT lurking in your business? Read this article to learn the warning signs.
Like it or not, Shadow IT is probably alive and well in your organization. Recent surveys find that it’s not only growing, it’s far more rampant than business leaders realize.
What can you do about it? In past articles, we’ve explored a few ways to address and reduce risks of Shadow IT. We’ve looked at:
- Ways to prevent Shadow IT.
- How to reduce security risks of Shadow IT.
- The benefits of embracing Shadow IT.
That being said, there’s still a problem: You can’t address Shadow IT if you can’t see it. How do you know whether or not Shadow IT lurks in your company?