This month I want to talk about 2 things: DoD compliance requirements and expectations, and moving everyone to a new more, modern antivirus/security software.
- Compliance, compliance, compliance: One thing that is important to understand (and know) is what your customers are expecting as far as your NIST/CMMC scoring. Most of the ones we encounter want to see progress and are ok with an ongoing to-do list (the POAM) and a score of 80 or better. This is much easier and cheaper than if they are requiring a NIST 800-171 score of 110. To get to that point, we must integrate Security Information and Event Management (SIEM) tool that consolidates all the logged information on your network into a centralized app for analysis. So, if Acme Aircraft is requiring a NIST score of 110, we can and will do it. We will not insist that everyone have a score of 110 if it is not required. In reality, it is not always about the score, but the accuracy of the score and balancing cybersecurity with the credible threats.
- New antivirus software: We are currently evaluating and testing replacements for Trend WFBS, which has been our stable and effective antivirus product for 10 years. Unfortunately, it is now classified as a “legacy” product and is on the list of products to be phased out. We are going to be replacing it with a next generation antivirus. We expect to have this finalized in the next 30 days and will roll it out incrementally. We will let you know when we start the roll-out.
- OBTW: M1 is now at version 9.5.500. Let us know when you want to upgrade your installation and we will make it so!
Additionally, we wanted to mention the following ongoing issues:
- Microsoft 365 (formerly know as Office 365) continuous login requests: A recent Office security update is causing some people to have to enter their Office credentials more often than usual. This is not a scam, and it is not one of our PhishBait campaigns. It is a wide-spread issue and I am sure they are working on a fix.
- Password mismanagement: We cannot stress enough that keeping passwords in Word docs, Excel sheets, in web browsers, or stickies under your keyboard is a VERY bad idea. Yet, we are still finding all these on a regular basis. A password manager is the only solution as far as we are concerned. The best part – you don’t have to remember any passwords except the one to get in your password manager! It does it all for you! We use Keeper (https://www.keepersecurity.com/) and also share it with our customers for FREE. Any subsequent licenses are on $3.75 / month. And if you don’t want to use keeper, try one of these:
- Zoho Vault
- Password Boss
The bottom line is – use something designed to keep passwords secure. Remember – it’s not if someone tries to hack you, it is when .
Thanks, everyone! We appreciate your business.
Pearce and The Gang