Author: rory-admin

  • Norton’s Antivirus Software Comes with a Crypto Miner, and They’re Not Alone

    Norton’s Antivirus Software Comes with a Crypto Miner, and They’re Not Alone

    Last week a claim unfolded on Twitter that Norton was installing crypto mining software without authorization on PC’s which then rose to the level of outrage amongst some Norton antivirus software customers.

    The truth on the subject is a mixed bag, while it’s true they are installing a crypto miner on customer machines it’s not active on every machine, customers must authorize the process before the device will begin mining crypto (in this case Ethereum). If you authorize Norton to begin mining cryptocurrency on your device they will setup a wallet for you and after a small cut, and then deposit your earnings there when you meet a certain threshold.

    Norton did make an announcement that they were planning on including a crypto miner within their software before rolling it out to a small number of users last summer, however at the time of writing we’re uncertain any announcement was made when they decided to make it a component for every user.

    Their goal was to provide a “safer alternative” to other sketchy mining programs a user may find on the web. Although we suspect that the cut (15% at the time of writing) they’re receiving from users who opt in is an added bonus.

    Even with the news that you must activate the crypto mining intentionally before Norton will crypto mine on your behalf, many aren’t happy that the application is a default addition to their antivirus services and there Isn’t a clear-cut way to remove it.

    We do have instructions for removing it, you must temporarily turn off Norton’s anti-tamper feature (instructions on how to do so here) and then you’re able to remove the NCrypt.exe from your PC. If you do decide to instead use the crypto miner, it works as others do where it will only begin mining when your computer is idle.

    Norton aren’t the only antivirus software providers including a crypto miner built in either, Avira antivirus (which for transparencies sake has been recently purchased by Norton 360) has also announced Avira Crypto.

    Although the details on Avira Crypto are even more sparse than with Norton Crypto, they don’t currently specify what they’re cut is from the currency you mine for instance.

    It’s also worth noting that the inclusion of crypto mining into these antivirus software has caused other unrelated antivirus software to flag them as potentially malicious. Users currently annoyed by the inclusion believe Norton should be on the same page, that they should be flagging and removing unauthorized crypto miners – not installing their own.

    Also, the fees taken by Norton or Avira stack up with the fees associated with moving the Ethereum out of the wallet they create into one where you can actually use it, which means it can take a while before a user accrues a usable balance (while at the same time increasing wear and tear on their machine and adding to their power bills).

    All and all it’s a pretty mixed bag and for users who are not yet savvy in the crypto mining space, maybe not the best additive to a software meant to protect their machines from destructive intrusions.

    Speaking of destructive inclusions, we have created this chart with some tell-tale signs your computer may have a virus or malware. It’s in a format meant for printing and can even be printed as a poster.

    Small Version of Our Malware Warning Signs Poster
    Click to grab the full (poster) sized format.

    If you’ve ever experienced a malware attack in your office, Valley Techlogic can help. We have assisted businesses in their recovery, or if you’ve been lucky enough to avoid it so far, we can help make sure things stay that way. Cybersecurity coverage is included in all of our plans. Learn more today in a quick consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • CMMC Series: What’s Happening in 2022

    CMMC Series: What’s Happening in 2022

    We’ve touched on the Cybersecurity Maturity Model Certification (CMMC) before in this blog, but over the next five weeks we’ll be doing a deep dive into this particular cybersecurity framework in our new CMMC Series. Starting with today’s post on what’s happening currently and what we can expect in 2022.

    At Valley Techlogic, we believe a good cybersecurity framework can be the backbone for businesses looking to beef up their cybersecurity implementation. The roadmaps found within frameworks such as CMMC, HIPAA, CIS and NIST act as a perfect guide whether you’ve been implementing cybersecurity strategies for a while or are brand new to the process.

    Our focus on CMMC occurs as the program is set to go through changes. CMMC Version 1.0 was released January 31st, 2020, and while it borrowed most of its components from NIST, it did have 30 additional requirements that aren’t found in the National Institute of Standards and Technology (NIST) framework.

    Those additional standards will not exist in version 2.0 however, as the Department of Defense (DoD) moves to simplify the program and roll back any government oversight that may overreaching. Version 2.0 will allow more companies to self-certify as well.

    Rolling out a new version of anything in the government is a time intensive process, since the new changes were announced it’s anticipated it could take anywhere from 9 months to 24 months before a ruling is established. Also, some groups who are currently involved in implementing CMMC are protesting the changes.

    Regardless of what version exists, we’re past the point where businesses who hold contracts with the DoD can choose to ignore the writing on the wall. You will need to start implementing these security measures now if you haven’t already if you want to maintain your compliance with the DoD rules for their contractors. Whether 2.0 passes or not, CMMC is not going away.

    CMMC accreditation audits are expected to kick off soon, and there’s even some talks about incentivizing businesses who receive their CMMC certifications before it’s officially required. CMMC certification also lets your customers know you take securing their data seriously within your organization.

    Whether it’s 5 tiers found in the existing model or 3 tiers found in 2.0, the best place to start is in the first tier. These changes are easy to quickly implement and will lay the foundation for future cybersecurity improvements. At Valley Techlogic, we have experience helping businesses implement the requirements found within CMMC (as well as NIST, HIPAA, CIS and more).

    We can help your business self-certify and prepare for CMMC accreditation. We can quickly bring you to compliance with tier one and set goals for the more advanced levels.

    Over the next weeks we will talk about the goals found within tier one and beyond in this ongoing CMMC series. If you’re hoping to meet the qualifications for CMMC accreditation in 2022, schedule a meeting with us today to learn how we can help with the process.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • New Year, New Bugs – The Y2K22 Bug Crippling Exchange Servers

    New Year, New Bugs – The Y2K22 Bug Crippling Exchange Servers

    We hope everyone had a wonderful New Year but unfortunately for those with 2016/2019 Exchange servers, the turning of the clocks to 01/01/2022 led to an unpleasant bug.

    Computer bugs related to a New Years event aren’t uncommon, we created this infographic about other times this has happened (as well as a notable future one).

    Computers and Time Related Bugs
    Click to open the full size.

    The error this time was caused by the date checking within the anti-malware portion of Exchange. The date check failure caused the anti-malware system to crash which led to messages being stuck in a queue, with many IT professionals noticing it happening right at midnight on New Year’s Eve.

    Exchange administrators online started noticing error messages with their exchange servers as soon as the new year hit, such as “The FIP-FS Scan Process failed initialization. Error: 0x8004005. Error Details: Unspecified Error” or “Error Code: 0x80004005. Error Description: Can’t convert “2201010001” to long.”

    Microsoft rolled out an update to Exchange servers labeled “220101001” on New Year’s Eve that appears to have begun the issues, and update “220101002” also was plagued with the same problems.

    Disabling malware filtering acted as a stop gap fix for some, though Microsoft has now released a script to fix the issue. They’re warning users however that the fix will “take some time”. The script must be run on each 2016/2019 Exchange server and is reportedly taking up to 30 minutes to run.

    There’s also a manual fix for users who choose to go that route, although this may not shorten the execution time. It will also take some time for the messages that were stuck to finally clear the queue. Some users are reporting the script didn’t work to solve the problem initially but running it multiple times finally lead to a solution.

    So, what’s the easy explanation as to why these bugs arise in the first place? The most famous example of a time related bug occurring is of course Y2K, but as in our chart these bugs have been occurring since nearly the time a computer first existed (all the way back to 1975).

    The cause is due to how computers calculate and format time. When computer programs first started being developed, engineers entered time as two-digit number such as “70” for 1970 to save on storage space (which was incredibly expensive at the time). As the year 2000 approached the fear was computers would interpret “00” as “1900” instead of “2000”. This would lead to a host of problems for software that needs an accurate date for its calculations – such as banks or travel institutions.

    Engineers raced to solve the problem and, in the end, not many issues occurred with the Y2K bug. As we see now with the Y2K22 bug however, the problems with computers and their calculation of time are an ongoing process. They’re not always specifically tied to a New Year’s event either, on September 9th, 2001, the number of seconds past the Unix Epoch date of 01/01/1970 passed 1 billion, causing many of those programs to fail.

    Time is a complex topic as we all know, and even more so for computers and other devices that need extremely accurate time calculation to run properly. If the complexity of this bug or any other device related issues is making your head spin, why not leave it to the experts? Schedule a call with Valley Techlogic today to learn how we can save you time and frustration when dealing with your businesses IT this year and beyond.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • LastPass say they didn’t leak your password, however some users still received alarming alerts

    LastPass say they didn’t leak your password, however some users still received alarming alerts

    Yesterday, a number of LastPass users received alarming alerts in their email inbox that their passwords – including their master password – had been compromised. The news quickly spread across the internet, starting with forums, and then making its way to Twitter where it was picked up by larger news outlets.

    LastPass immediately denied that a breach had occurred within their organization and at first indicated that the alerts were happening to users who were the victims of “credential shuffling”. That means these users had reused their passwords on other websites who may have had a breach in the past, and now bots trolling the internet for compromised accounts have stumbled upon their password vault credentials.

    This didn’t end up being the case either, but it is a good reminder NOT to password shuffle, especially with the master password for your password vault (if any password should be unique – it should be that one).

    As of this morning LastPass determined that the alerts were sent in error by systems that were set up to be too stringent. They’ve indicated they now adjusted the alerts systems so inaccurate alerts will not be sent again. They also clarified that they don’t store user passwords on their own servers, and that they work on a “zero knowledge” security model which means they are not able to see your master password at all.

    The fact that this news took off in a flash may be indicative of the heightened awareness users have around the security of their data, especially those who currently use a password manager as part of their security repertoire. Even if the alerts occurred in error that may be cold comfort to the scare those users experienced.

    To us, it’s a reminder that the best cybersecurity efforts are multi-layered. We believe it’s equal parts implementation of security measures, monitoring of those measures, and behavioral changes on the part of the users.

    Even if the alerts that occurred yesterday were the result of a system issue not a security issue, we think the users that responded had the right idea when they chose to investigate. It’s also a good idea to change your password if you get a security alert, even if it turns out to be a false alarm. It won’t hurt anything to take that extra step to protect yourself, the old adage “Better Safe Than Sorry” rings especially true when it comes to cybersecurity threats.

    We created this resource on the topic of good password hygiene that you can keep to review, or even pass along to your co-workers/employees.

    Small Version of the Strong Password IG
    Click to view the full size.

    Finally, even if the unthinkable occurs and your passwords are leaked, again a multi-layered approach will protect you. You should enable 2-factor/multi-factor authentication when and where you can. So if someone does get your password somehow, they still will be blocked from logging in.

    If the security measures in your workplace aren’t up to snuff or you’re interested in cybersecurity training for your employees, Valley Techlogic can help. Boosting the security measures for your business and providing a digestible cybersecurity training program for your employees is included as part of our technology service plans. Schedule a free consultation with us today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • High Tech Holidays – Five Ways Technology Can Make Your Holiday Season Easier

    High Tech Holidays – Five Ways Technology Can Make Your Holiday Season Easier

    We’re right in the middle of the holiday season right now, and we thought the best gift we could give to you (our readers) is some advice straight from the tech experts on how to use technology to make your holiday season easier.

    We have five tips to utilize technology for an efficient and fun holiday season.

    1. Long Distance Calls Don’t Have to Be Expensive: If your phone is stuck in the past make it your New Years resolution to change that. VoIP for home and businesses will save you money on traditional telecom costs, even when Aunt Brenda talks your ear off.
    2. Utilize The Cloud for All Those Photos and Christmas Cards: Skip hauling boxes of cards and photos up to the attic after the holiday season, scan and store those precious memories digitally in the cloud. Bonus, you never have to worry about a roof leak or other disaster ruining them.
    3. Designate a Network for Your Guests: For modern routers, giving out your Wi-Fi password to all your guests is no longer needed. You can activate a “Guest Network” in your router settings with its own password and name, and then turn it off when everyone goes home. You can even give your temporary network holiday themed names like “Winter WonderLAN” or “FalalaLAN”.
    4. Flying? Use a Fare Tracker: If your flight plans can be somewhat flexible, utilizing online fare trackers will be your best bet in saving you a lot of money this holiday season. They will help you figure out when the best time to purchase those tickets is. In the same vein, you can utilize price trackers for gifts you purchase online too.
    5. Get a Head Start on New Year’s Resolutions – Tech Edition: Another thing to consider is making some good tech hygiene a part of your New Year’s resolution. While you make changes in 2022 to make yourself healthier and happier, make your devices healthier too by keeping them up to date with security patches and updates (especially with vulnerabilities such as Log4J running amok).

    We hope these tips help you have a happy holiday at home. For your business, the holidays may represent a time of stress as you wonder if you’ll have coverage for the technology in your business or if your current service provider will be available to take your calls and service requests.

    At Valley Techlogic, we are dedicated to our customers success. We offer after hours, weekend and holiday support – usually at no additional cost for customers who have one of our service plans. Also, for the rest of December we’re offering one month FREE to new customers.

    To learn more about the kind of benefits you receive as a Valley Techlogic customer, we’ve created this chart:

    Click to see the full size version.

    As you can see, all of your preventative maintenance is covered under a Valley Techlogic service plan. This may even free up time for you if you’re a business owner who’s been handling a lot of these items yourself, which during the holiday season is invaluable. If you’d like to learn more schedule a quick consultation with us today. Happy Holidays!

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • If you’ve never heard of the Log4J vulnerability, you’re probably at risk

    If you’ve never heard of the Log4J vulnerability, you’re probably at risk

    News is moving fast on the Log4J vulnerability, also known as “Log4shell”. It was first discovered in the video game Minecraft, developers realized hackers could exploit the vulnerability to gain access to the targeted computer and take it over. They quickly released a patch but also made a disclosure that brought the exploit to the public’s view.

    The Cybersecurity & Infrastructure Security Agency (CISA) has now made a running repository that lists all of the software and devices vulnerable to this exploit. There you will find guidance on patching the effected products.

    So, what is the Log4J vulnerability and what does it do?

    It all stems from the building blocks that are used when a programmer is creating their code. Programmers will take bits of code that commonly available and used to act as a foundation for the program they’re trying to write, and in this case one of those foundational bits of code was Log4J. Log4J is used by Java to create a log of activity for the device it’s running on. It copies everything that happens as the program runs, and it makes sense that the vulnerability was initially discovered in Minecraft (a Java based game).

    This communicative bit of code is found in many different programs, which is why it could be devastating if it was widely exploited. Hackers would be able to send a message to the “Log4J” effected product giving it commands. This would essentially allow them to take over the device and have full access.

    Minecraft Isn’t the only thing based in Java either, Java is an extremely popular programming language and bits of it can be found in almost everything. Created in 1995, Java can be found on everything from your own personal laptop to the supercomputers used to solve complex scientific equations. 9937 companies openly report including Java in their tech stack, including Google, Airbnb, Amazon and more.

    Java is also the preferred language for mobile applications, such as Android. Any business interested in having a mobile facing application (which they absolutely should considering mobile devices command the highest percentage of the worldwide web traffic at 54.8%) will need to utilize Java to accomplish it.

    This is so much to say, Java is in nearly everything which makes an exploit that targets a common component of it a recipe for disaster.

    All is not lost however, now that the exploit has been discovered many businesses are working furiously on patches and notifying their customers. You can check the CISA link found at the beginning of this article to keep track of what’s being done by specific businesses.

    Click to open the full size version.

    This ordeal is a good reminder to stay up to date on patches that are offered by the software you utilize, but if you’re running a business, orchestrating patching across many different devices company wide can be much more difficult.

    Valley Techlogic offers preventative maintenance in all of our service plans, as well as disaster recovery services if the unthinkable does occur. Learn more today by scheduling a short consultation with us.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • AWS had an outage this week that took out many top websites and is causing delivery issues for Amazon

    AWS had an outage this week that took out many top websites and is causing delivery issues for Amazon

    Amazon Web Services (AWS) is so prevalent in their cloud services they could be considered an internet backbone. Their cloud computing network is so ubiquitous with online web hosting it would be difficult to find a business that doesn’t utilize their service for some or all of their online hosting requirements.

    So, when an outage occurs on their networks the effects are far reaching and severe. This week’s outage lasted five hours and effected major players – such as Netflix, Southwest Airlines, the Associated Press, Delta and more. The outage mostly occurred on the east coast but even Amazon’s own e-commerce site was affected, which may cause delays in some deliveries as Christmas shopping is in full swing.

    This outage echo’s the Facebook outage that happened on October 4th  in that there is a ripple effect that occurs when these large providers have an outage. This instance is also similar in that, like with Facebook, there has been no word as of posting as to why yesterday’s outage even happened.

    The outage didn’t just affect big businesses either, many smaller businesses that utilize AWS for their company hosting found themselves locked out services necessary to complete their job duties. It points to the issues that can occur when all of our information is locked into just a few centralized places.

    When the internet was first established it was originally designed to be a decentralized network. No one business was meant to control most of it, that was so no single point failure could level it. Now “Big Tech” has eroded that goal and it will be difficult to undo the current state of things.

    It’s hard to argue though that AWS Isn’t a convenient service to use, they have streamlined the cloud computing process where many others have sought to make it convoluted for the end user, they have flexible payment options and it’s accessible on demand. When you compare it to Azure, who groups users under a domain (making it difficult to access the one you need) and is slower when it comes to large data transfers unless you have a premium subscription, it’s easy to see why many businesses choose AWS.

    Still, diversifying our networks would help protect us from outages such as these and major breaches. If you’re a business looking into cloud solutions, you might consider the Multicloud Redundancy approach.  What this means is you might have some of your data and services hosted by AWS and some hosted by another provider.

    Another option is hybrid cloud. Hybrid cloud is when you have a mixture of on premises storage (such as your office server), private cloud services and public cloud services (like AWS).

    Chart of cloud solution options
    Click to view the full size version.

    At Valley Techlogic we utilize AWS, but we also take the hybrid cloud approach. In fact, our backup program TechVault utilizes three different methods of storing your data. In this world of uncertainty when it comes to cybersecurity attacks and online outages that you have no control over, diversity is key.

    If you would like to learn more about TechVault or need help with your cloud service choices, reach out to us today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Grab our 2021 HIPAA compliancy checklist and see how you can address HIPAA in the New Year

    Grab our 2021 HIPAA compliancy checklist and see how you can address HIPAA in the New Year

    HIPAA (which was enacted on August 21, 1996) is not a new topic for healthcare providers and those who handle Protected Healthcare Information (PHI), yet many healthcare providers still do not meet the target goals assigned by the program to prevent a data breach that could devastate their business.

    That may be due to the cost and complexity that surrounds meeting all of the necessary components of HIPAA. It’s estimated the actual costs of HIPAA compliancy are around $8.3 billion per year. For physicians, they can be looking to spend $35,000 a year to meet the technology requirements alone.

    When you look at the numbers, it’s easy to see why many healthcare providers would simply choose to roll the dice under the assumption there’s only a small chance their business would ever be affected by a breach or cyberattack. We’re here to tell you, that’s really not a good idea.

    Patient records and other PHI data is some of the most valuable data available on the Dark Web, with patient records averaging $250 to $1000 each. That means even a small doctors office may be sitting on hundreds of thousands of dollars’ worth of data to would be cyber criminals.

    These records are then used to create credible profiles for criminals such as drug traffickers, who use them to purchase prescription medications under your client’s identity (while also having your clients’ personal details, such as where they live). This means a breach would not only be a risk to your business but also equals a risk to your client’s safety.

    We know no provider would willingly put their client’s health and safety in jeopardy, it’s antithetical to the oaths that healthcare workers commit to as they launch into their chosen profession. Knowing the risks involved doesn’t make the hurdles associated with implementing HIPAA effectively in your business any less daunting. That’s why we’re here to help, below is the checklist with the six most effective measures you can implement in 2022 to bring your business to HIPAA compliancy.

    HIPAA Compliancy Checklist
    Click to view the full version.

    Many of those items are not difficult to implement even sooner, such as security awareness training (the number one cause of data breaches is human error).

    Reviewing the way your vendors handle PHI data and obtaining confirmation that they’re protecting things on their end is also as simple as making some phone calls.

    For other items, such as an annual HIPAA checkup it may be best to have a technology partner that can help you not only address your current HIPAA concerns but also a path forward that includes accessible goals for your business.

    If you’re in the Central Valley, Valley Techlogic can be that partner. Many of our clients are in the healthcare sector, and we have helped them establish their compliancy with HIPAA and have helped them maintain it going forward.

    We have over a decade of experience with the topic of cybersecurity and can apply our tools and knowledge directly to your business under one of our easy to budget for inclusive monthly plans. Schedule a quick call to learn more about how we can help your business be HIPAA compliant in the new year.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Hackers and the holidays, US government warns ransomware doesn’t take days off

    Hackers and the holidays, US government warns ransomware doesn’t take days off

    As you prepare to take some time off to enjoy with your families (especially if a certain health crisis kept the festivities to a minimum in 2020) it’s important to take some steps to make sure your business is still protected in your absence.

    The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory yesterday to businesses and consumers alike, warning that hackers often take advantages of holidays and other times people may let their guard down to wreak more havoc.

    The advisory included a warning of a possible increase on the following cyber threat events:

    1. Phishing attacks: That email from your Aunt Beth seeing if you’re going to bring the green bean casserole with a “Google Form” to check it off may not be what it seems to be.
    2. Fraudulent site spoofing: Especially for sites that may be seeing increased traffic due to holiday shopping (Black Friday anyone?).
    3. Unencrypted financial transactions: An easy way to check, is to look for the S in HTTPS, don’t enter your financial data into unencrypted websites.

    Beyond attacks aimed at individuals, attacks aimed at businesses also tend to rise during the holidays and on weekends.

    Such was the case for the attack on Kaseya, which occurred over Fourth of July weekend in 2021, and the Colonial Pipeline hack happened during Mother’s Day weekend the same year. Hackers realize there is less coverage on the weekend and during Holidays and they have taken advantage of it to great success.

    It’s not just large businesses that are a target either, many wannabe hackers have day jobs too and more time on their hands during the holidays to target businesses that could be local to them. That includes yours.

    So, here’s a list of things to check off before you leave the office this week to enjoy some well deserved time off.

    Holiday Crisis Checklist
    Click to view the full size version.

    As you can see, our number one recommendation is knowing who is going to cover your business if a cyber event does happen while everyone is home for the holidays. If you try to think of who that person is and you either come up empty or maybe it’s you, that’s a problem.

    Another problem is if your normal IT coverage is on a one time or break fix solution basis. The service you normally use could either be too swamped themselves to help you during the holidays, or maybe they’re taking time off too and are simply unavailable to help you.

    This is where having a contract with a technology service provider could really save the day during a crisis. When you have a contract with a business to provide your technology services, they’re bound by the service level agreement (SLA) you sign at the start of service. They will be better equipped to help your business if there’s a crisis – even during the holidays.

    If you’re in the Fresno, Modesto, Sacramento or anywhere else in the Central Valley and aren’t really sure who you would turn to if a technology crisis occurred during the holidays, Valley Techlogic is here for you. Learn more today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Cybersecurity Maturity Model Certification 2.0 has been announced, what it means for you and your business

    Cybersecurity Maturity Model Certification 2.0 has been announced, what it means for you and your business

    If you’re a contractor or subcontractor for the Department of Defense (DoD) you probably at least have an awareness of the evolving situation surrounding the CMMC (Cybersecurity Maturity Model Certification) program, or maybe you’ve even begun the self-assessment process.

    Announced summer of 2019, version 1.0 was released January 31st, 2020, and a 5 year roll out was planned to get DoD contractors and subcontractors compliant with the framework. The framework is based on the security controls found in the National Institute of Standards and Technology (“NIST”) Special Publication (“SP”) 800-171, with many of the security controls found in CMMC having a direct correlation to a control found in NIST 800-171.

    While the initial CMMC framework was aimed at bringing defense contractors up to speed in their cybersecurity efforts to protect critical Controlled Unclassified Information (CUI), the use of the broad term CUI instead of the defense specific Covered Defense Information (CDI) phrase may indicate that this framework will extend beyond just defense contractors in the future.

    The controls found in NIST are applicable to businesses of all sizes and in all sectors so following the CMMC or NIST frameworks whether or not you’re defense contractor/subcontractor will mean your business will be well protected and compliant with rules and regulations set by your vendors, clients, and services for your business such as cybersecurity insurance.

    In it’s original iteration there were 5 maturity levels found in CMMC, with levels 1-3 really closely following NIST and 4-5 going beyond the scope of what NIST covers. They were described as “maturity levels” as they were meant to measure the maturity of the cybersecurity practices found within your organization.

    For most defense contractors, reaching level 3 of CMMC would be an ideal goal. Levels 4 and 5 covered practices outside the scope of most business’s and would require more specialized (and expensive) security practices. Even in version one of CMMC contractors were allowed to self-certify for maturity level 1, but beyond that would require outside certification. The waiting list to receive that certification is long, so planning to implement the required cybersecurity measures and getting on the waiting list to be certified ASAP is a good idea.

    Now, as of November 4th the DoD has announced an update to CMMC. Version 2 may be removing two of the levels and some of the security measures that were unique to CMMC framework, making the framework match NIST even more closely. Below is the chart we have created with the outlined changes as we know them and as of this posting.

    CMMC Version 1 and 2 Chart
    Click to view the full size.

    This is an evolving situation and as the rollout progresses it’s imperative that businesses that receive DoD contracts begin or continue to increase their efforts in becoming CMMC certified, which may mean drastically increasing your cybersecurity efforts across the board.

    Valley Techlogic has experience in helping businesses meet the goals found within the CMMC framework and we’re ready to help your business meet your certification and cybersecurity goals today. Click here to schedule a quick consultation to find out more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, adns, n IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.