What Time Is It? CMMC Time.
On December 16, the final CMMC 2.0 rule went into effect. As you know, CMMC 2.0 is an updated cybersecurity standard affecting those organizations that handle federal contract information (FCI) or controlled unclassified information (CUI), as well as their subcontractors. While there has been some discussion over whether the rule will change as a new […]
CMMC 2.0 – Why Certifications Matter
CMMC (Cybersecurity Maturity Model Certification) 2.0 is now the law of the land, and compliance is no longer optional for any organization handling federal contract information (FCI) or controlled unclassified information (CUI). As you undertake your journey towards CMMC 2.0 compliance, you’ll encounter a number of acronyms related to the professional certifications of the providers […]
Social Media and Social Engineering: You Are the Weakest Link
In today’s environment of rampant data breaches and ransomware attacks, the focus often turns to hardware and software solutions. These are a vital part of any organization’s defenses, to be sure, and should be regularly maintained and updated. In most cases, however, the biggest threat to an organization’s cybersecurity standing is not in a computer, […]
Manufacturing and CMMC 2.0
Hill Tech Solutions’ Principal Consultant, Ron Hill, CISSP spoke at the RAMP (Regional Additive Manufacturers Partners) MD symposium in Harford County, MD, about the coming Cybersecurity Maturity Model Certification (CMMC 2.0) and its importance to manufacturers. Here are his remarks: Good morning, I’m Ron Hill with Hill Tech Solutions. I want to talk about something […]
Time to Say Goodbye to P@$$w0rds Like This?
Just in time for National Cybersecurity Awareness Month, the National Institute of Standards and Technology (NIST) has updated its password security guidelines in a way that brings some major changes to conventional wisdom on the topic. The changes appear in NIST Special Publication 800-63B, aimed at cloud services providers (CSPs). Some of the revisions will […]
Malvertising: A New Path for Hackers
Much of the focus in the cybersecurity arena over the past few years has been on email as a point of entry, and with good reason. Both ransomware attacks and the phishing attempts that make many of them possible are on the rise, threatening organizations of all sizes. Training team members to recognize these attempts […]
Hashing and Salting: Better Password Security
In this age of rampant and expensive ransomware attacks, many organizations find it necessary to revisit security procedures. The venerable username and password login doesn’t lend itself to good security (especially when 72% of workers admit to using the same password across four or more accounts), and while multi-factor authentication helps quite a bit, it’s […]
So … Who Got Hacked Today?
This year of 2024 has brought a seemingly endless series of cybersecurity incidents targeting some of the biggest brand names and the products in the most widespread use. The techniques and the amount and types of information compromised have varied, but it all adds up to one large and disturbing picture. Let’s take a look: […]
Dealerships Dealing with CDK Hack
By now you’ve probably heard about the ransomware attack on CDK Global, a software provider serving some 15,000 auto dealerships in the U.S. In the ongoing debate over whether victims should or should not pay ransom, it appears CDK did, and pretty quickly. But there was, and is, a lot to untangle. CDK provides software […]
It’s Happening: CMMC Rule Submitted for Final Review
Showing surprising speed for anything governmental, the Department of Defense (DoD) has submitted the CMMC 2.0 program rule and supporting documentation to the Office of Information and Regulatory Affairs. What that means to affected companies is that the window to achieve compliance is a shorter one than had been anticipated. Demonstrating the urgency required by […]