CMMC | Compliance | DIB | DoD | IT Infrastructure | Legal | Privacy | Security News Update | User tips
Security News Update for January 19, 2025
This week’s news includes:
Lessons to Learn from the MGM-Caesars Breach
The breaches of both MGM and Caesars were not high tech; they were pure social engineering attacks. That means that you can harden your company and your information likely for very little money. While this is early in the game, there are some easy lessons to learn here. Here are some key takeaways from the…
CMMC | Compliance | DIB | DoD | IT Infrastructure
NIST SP 800-171 Rev 3 Update for August 2023
NIST has released a draft version of the next update to the core standard behind CMMC. If you do work for the US, Canadian or Australian defense departments or are a vendor to one of these organizations or if you are a vendor to a large US corporation, this standard and these changes are important…
CMMC | Compliance | DIB | DoD | IT Infrastructure | User tips
NIST SP 800-171 Update for July 2023
800-171 is the government’s chosen cybersecurity standard for protecting controlled unclassified information (CUI) and is the standard is required by a number of government departments and by private industry as a matter of contract for protecting sensitive unclassified information. Learn more about this new version of the standard here.
The Risk of BYOD – Non-Managed Devices
Many companies allow, encourage and/or require employees to use personally owned devices. While it seems that, at least in the short term, this is a money saving and morale boosting move, in the long term, it may be an existential threat to the company. In this post we are going to use one company who…
Technical Debt
Are you managing your technical debt? Do you even understand what technical debt is? Does your management and Board (if there is one) understand that unaddressed technical debt is like a bottle of nitroglycerin just waiting to be jarred in the wrong way. And we just saw a massive example (as in their technical debt…
MFA Fatigue – What is it and How to Protect Yourself
MFA Fatigue is a relatively new attack method and is a way to try and get around MFA security. Learn what it is and how to protect yourself and your company against it, here. Audio Video
Will You be the Last to Know?
External attack surface management tools (EASM) allow anyone to get a sense of your security prep without your permission or even your knowledge. Who uses EASM tools? Your competitors against you, your customers to decide if they want to do business with you, members of the public, your insurance carrier to decide if they want…
CMMC | DIB | DoD | IT Infrastructure | User tips
Add 20-30 Points to Your SPRS Score
For those of you who are DoD contractors (and even if you are not), here is one thing that you can do that will improve your security program and, if you are a DoD contractor, will add 20 or more points to your NIST SP 800-171 SPRS Score. Audio Video
Disaster Recovery for Password Managers and MFA apps
Many of us use password managers and some of us use multi-factor authentication apps and, in many cases, that app lives on your phone. But what happens if your phone breaks, gets dropped in the toilet or run over by your car? What do you do then? I learned some things today and have some…