Category: Cyber Security

  • How a phishing scam swindled this Shark Tank host out of $400,000

    How a phishing scam swindled this Shark Tank host out of $400,000

    We’ve focused a lot of articles on phishing scams and how no one is immune, even major money moguls like Barbara Corcoran from ABC’s Shark Tank with a net worth estimated at over $100 million fell victim to a phishing scam that wound up costing her $400,000.

    Business owners are a particularly lucrative target for bad actors, and phishing emails continue to grow more sophisticated. In this instance Barbara reports receiving an email that looked like it came from her secretary going to her accountant authorizing the amount to go to a real estate deal.

    Barbara like many business owners has deals going on all the time so the amount and type of authorization wasn’t unusual, allowing it to fly under everyone’s noses and make the scammers involved $400,000 richer. It wasn’t until her accountant sent an email to her real secretary confirming the transaction one last time that the scam was uncovered – and by then it was too late the transfer had already been sent.

    This case proves that even with strong checks and balances in place, phishing scams can happen to almost anyone. While Barbara was able to absorb the hit without it hurting her business – many out there could not.

    While the amount of money lost in this instance is quite substantial, millions of dollars are lost every day to cyber crime. It’s estimated that $1,797,945 is lost per minute according to Risk IQ’s Evil Internet Minute Report.

    Even if you think your business is too small to be a target you would be wrong, scammers cast wide nets looking for victims to fall in. Here are 4 things you can have in place that could prevent this kind of scam from happening to you.

    Email Best Practices

    Even with these checks in place it can still be tricky to avoid, especially if your business has become a particular target for a scammer. Another famous example is how Facebook and Google were tricked out of $100 million due to an extended attack phishing attack organized by a scammer located in Lithuania. A little less than half of the money lost was recovered.

    Another famous attack in 2014 saw the early release of four movies produced by Sony Pictures when North Korean hackers, upset about a movie that was being released at the time, sent targeted phishing emails that appeared as if they were coming from Apple to a top Sony executive. The damage that incurred from this attack was estimated to be over $80 million.

    With both of these attacks it’s not just about the money lost either, these attacks are easily searchable to this day and had an untold effect on their reputation at the time. Massive companies like Google, Facebook and Sony can weather the storm, but could your business do the same?

    Education is just one piece of the puzzle, active protection is another crucial element to avoiding the lengthy damage that can arise from a successful phishing campaign. At Valley Techlogic cyber security is a core focus for all of our plans. Learn more today with a quick and easy consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • On average, your information is shared 747 times a day according to a new study

    On average, your information is shared 747 times a day according to a new study

    We touched on data brokers and how they buy and sell your data in a previous article, but in an eye opening new study from the Irish Council for Civil Liberties (ICCL) they found that for US-based users their information is shared online with for marketing purposes on average 747 times per day.

    That means about 31 times an hour or once every two minutes your information is being sold or traded for marketing purposes so corporations can make an educated guess as to your buying habits when serving you advertising.

    The study used data from a 30-day feed from Google which can be accessed by industry specific entities but is not made available to the public. While the study was aimed at European internet users, who on average have their information shared 376 times per day, the figures they discovered are startling no matter where you happen to reside.

    The ICCL is pursuing legal action against online ad agencies, describing the real-time bidding (RTB) that’s occurring as a massive data breach and a violation of European data protection laws.

    There are a mishmash of laws aimed at protecting US consumers from having their information sold for online marketing purposes, however with no single comprehensive federal law in place any consumer looking to find recourse if they feel their data has been used illicitly will discover they have an uphill battle ahead of them.

    We all skim the lengthy TOS found when signing up for a service, while putting it out of mind that the cost of many “free” services in our data, but what if the data that’s being sold goes beyond what you’re posting on social media or what you purchased from an online retailer recently?

    With data breaches being a regular occurrence, you may not even be voluntarily opting-in to sharing the information that’s currently being traded about you on the internet and it may go beyond what you would want to have shared.

    Even your private medical data can be up for grabs and being sold by data brokers, for example every year Pfizer spends $12 million buying anonymized data for marketing purposes.

    So as with our article on data brokers we want to give you some tools to protect yourself and protect your data while using the internet. This time we want to give you 3 helpful ideas that will help you discover what’s out there already and how to close the gaps:

    1. Google Alerts : Create alerts with things like your name or social media handle, that way if you’re being mentioned on the internet, you’re instantly alerted to it.
    2. HaveIBeenPwned : You can use this site to see if your email or phone number have been involved in a breach and whether it would be a good idea to update or change that information.
    3. Credit Monitoring: While we don’t want to recommend a specific site as this choice can be somewhat personal, we think credit monitoring is a good idea for everyone these days. It’s so ubiquitous now that even your bank or credit card companies you already use probably have it built into their website.

    Opt out of targeted marketing

    You also can “opt out” of personalized marketing with your Google account, while that won’t stop your information from being shared and used to try and market it to you with, it will at least make it so those ads aren’t reaching you as often. You may also be shocked to learn what they’ve already compiled about your interests.

    List of interests
    The lists that are compiled on your interests can be quite comprehensive.

    Google Isn’t the only one who offers this option, iPhone users can also opt out as well as users of social media sites such as Facebook and Instagram.

    Concerns over data protection aren’t limited to just consumers, businesses should also take steps to protect their data and that of their employees. If you’d like to learn how Valley Techlogic can help you secure your data learn more with a quick consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • College shuttered after 157 years due to ransomware attack

    College shuttered after 157 years due to ransomware attack

    While ransomware wasn’t the only thing behind the decision to close Lincoln College, located in rural Illinois and established in 1865, it was the final blow after taking substantial financial losses due to the COVID-19 pandemic.

    The school, which had survived through the Spanish Flu, the Great Depression, two world wars and even a fire in 1912 will close its doors for good on May 13th, 2022.

    The ransomware attack which occurred in December 2021 crippled their recruiting and fundraising efforts for two months, not being resolved until March 2022 as a statement on the school’s website reads.

    “Furthermore, Lincoln College was a victim of a cyberattack in December 2021 that thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections. All systems required for recruitment, retention, and fundraising efforts were inoperable.

    Fortunately, no personal identifying information was exposed. Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester.”

    The school made attempts to avoid the closure, but the efforts came too late, and we’re sorry to say they’re far from unique in being a school that was targeted by a cyberattack. According to this report over 1043 schools suffered ransomware attacks in 2021.

    Cyber criminals don’t think twice when targeting schools, hospitals, and infrastructure that’s needed by the community. We reported on the on Colonial Pipeline hack that created a major disruption at gas stations across eastern US last May.

    Schools and hospitals are appealing targets because investing in cyber security measures is not generally a priority and they often store large amounts of PII (Personal Identifying Information) in their systems.

    Many senators have taken note of this and have called on the Department of Homeland Security to instate measures that would bolster the security of our schools, especially K-12.

    A ransomware payment isn’t the only thing attackers stand to gain when they successfully infiltrate a network, here’s a chart with the way hackers “double dip” from during their attacks:

    Hacker Motivations Infographic

    In the end Lincoln College did choose to pay the ransom to gain control of their systems again, but it sadly made no difference in saving the college.

    60% of businesses close within 6 months following a ransomware attack, and only half businesses have a cyber response plan available to quickly respond to an attack. The slow response time will only add insult to injury as you try to get back on your feet and as we’ve seen in this case, it can be fatal to your business.

    Valley Techlogic can help you not only have a contingency plan in place, but also help you enact cyber security measures in your business that will prevent an attack from occurring in the first place. Learn more today through a quick consultation.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • We have updated our most popular resource for 2022 and have an offer you won’t want to pass up

    We have updated our most popular resource for 2022 and have an offer you won’t want to pass up

    As an IT service provider, we’re passionate about cybersecurity because we see the effects having inadequate coverage can have on businesses first hand.

    The devastation that can occur after a cyber attack is staggering, we’ve given you the statistics before, such as:

    1. The cost of cybercrime is predicted to hit $10.5 trillion by 2025
    2. Cryptojacking cases quadrupled in 2021, but the hackers don’t make very much (less than $6 per day), however that doesn’t stop them from trying to gain access to your machines
    3. It takes on average 287 for cybersecurity teams to detect and contain a data breach
    4. Phishing is involved in 36% of data breaches (can you identify the signs of a phishing email?)
    5. DDoS (Distributed Denial-of-Service) attacks are skyrocketing, with 9.75 million occurring in 2021

    That’s why we’re thrilled to announce the release of our Tech Tip Card Deck, our deck contains 56 tips for getting your cybersecurity house in order with custom art representing each tip. Best of all, the deck is absolutely free to business owners in our area.

    Beyond providing comprehensive technical support, we also want to support our community in staying safe online. If you’re a business owner in Central Valley and would like to have a set of our card deck for yourself, simply visit TechTipCards.com and request one today and we’ll get it shipped out to you ASAP.

    We don’t believe technology has to be intimidating, each bite sized tip featured in the deck is easy to understand and easy to implement and will create real results for the online safety of yourself, your employees, and your business.

    To up the offer even more, we have updated our most popular for 2022 and are also offering it to you right here, right now. Simply grab it below.

     

    Valley Techlogics Cybersecurity Checklist
    Click to grab the full size version.

    Both of these are just a small showcase of what’s in store, we know for most people repetition is the key to success. We plan to deliver weekly content including thought provoking reports, eye catching resources that can even be customized for your office, and tech advice that can greatly impact and improve your use of technology within your business.

    If you’d like to learn more, again visit TechTipCards.com or reach out to us for a free consultation today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • As we feared, Ukraine-Russia crisis leads to a surge in cyber attacks

    As we feared, Ukraine-Russia crisis leads to a surge in cyber attacks

    As we’re nearing a month into the conflict between Russia and the Ukraine, cyber warfare between the two countries is reaching an all time peak. We covered the topic of Ukraine’s “IT Army” recently in this blog, and we mentioned growing concerns we’ve seen from users that there may be a spill over effect when it comes to cyber threats.

    Cyberwarfare was inevitable as conflicts on the ground continue on, and as Russian hackers feel the “pinch” of the effects of sanctions imposed against Russia, we may see an uptick in financial scams. Especially as both countries have turned to cryptocurrency which can often be used as a safe haven for financial transactions taking place outside the public eye. In the case of Russia it’s being used to try and liquidate funds out of the country and in the case of the Ukraine they’re using crypto to bolster support for their economy.

    We have created this chart for the types of financial scams we think may increase in the coming days (though it should be noted, financial scams were already up 70% in 2021).

    Cyber Financial Scams Chart
    Click to download the full size version.

    However, hackers have also represented a beacon in the war of information currently happening between Russia and the Ukraine. Ukraine’s “IT Army” is now over 400,000 people strong, with hackers from all over the world lending their support digitally in Ukraine’s effort to protect their democracy.

    DDoS attacks on government sites with Russian origins as well as document leaks – which includes a 360k file data dump from a Russian federal agency – are continuing to happen regularly. It’s estimate that over 90% of exposed Russian cloud databases have been compromised at this point.

    Also, with access being restricted to sites like Twitter and other social media platforms being restricted in Russia, Squad303 is a website that was created by a group of Polish programmers that can help foreigners relay information to Russian citizens. The website founders say that over 7 million text messages and 2 million emails have been sent through the site so far.

    We again want to say we don’t know what the outcome of this conflict will be, but it seems clear that consumers and businesses should be wary of the ripple effects that will occur throughout the cyber sector, possibly for years to come.

    Business owners who still believe they’re “too small” to be a target should be wary that proceeding with out cybersecurity protections may make them the low hanging fruit for hackers reacting to a state of desperation. Cybersecurity protections are a worthwhile investment in your future and the peace of mind in questionable times is priceless.

    At Valley Techlogic, we’re experts in the field of cybersecurity. We can perform an evaluation of your business and tell you where you are now and where you need to be to not worry that your business is “ripe for picking”. Schedule a consultation today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • How the war in the Ukraine is being fought on the digital front

    How the war in the Ukraine is being fought on the digital front

    We’ve all been exposed to the ongoing crisis occurring in the Ukraine as Russian forces have made their way into the country and are heavily attacking major Ukrainian cities as they attempt to gain control of the capital city of Kyiv, causing nearly a million Ukrainian citizens to seek shelter in neighboring countries as of the time of writing.

    The Ukrainian forces have been inspiring the world as they defend their country from this unprovoked invasion, and that defense is also occurring on the cyber front. We’ve reporting ourselves from time to time on Russian hacking gangs and their effects on the US. The Ukraine is not only defending their digital infrastructure during this war, but they are also responding offensively with what’s being dubbed the “IT Army”.

    These volunteers to the Ukrainian government are conducting attacks on Russian led websites – some of which are currently serving propaganda on what’s really happening in the Ukraine to Russian citizens – and bringing those websites down. These also include sites belonging directly to the Kremlin and the Russian Ministry of Defense and more.

    DDoS attacks are also occurring on Russian targets, being conducted by the hacker group Anonymous. They’ve made claims they’ve succeeded in taking down 1,500 Russian led websites and dumping more than 40,000 private Russian files on the Dark Web, including ones that came from the countries Nuclear Safety Institute.

    SpaceX has also jumped into the fray, responding to pleas from the Ukrainian government to add Starlink as an option to keep necessary internet services online in case of a Russian disruption to the service. SpaceX quickly delivered 48 Starlink satellites with more on the way.

    Also, in a move that’s literally slowing things down inside of Russia, it was discovered that a Russian led company had outsourced the main component of their EV charge stationed on along a major motorway between Moscow and St. Petersburg. The Ukrainian company that built the components used a backdoor to hack the machines, shutting them down and displaying anti-Putin messaging on the screen.

    The Ukraine’s IT Army is also requesting assistance through the use of a Telegram channel belonging to the group, which as of time of writing has over 275,000 users. The IT Army is providing live updates on successful attacks on Russian led targets as well as attempting to communicate with Russian citizens as Russia leads a disinformation campaign has tried to unsuccessfully stifle public outage on this war.

    It’s unclear what the outcome to the ongoing conflict will be at this moment, but this is an unprecedented moment in time marking the first time a war has a significant public digital elements involved.  We’re all aware at this point of Russia’s hacking capabilities, but it will be interesting to see if their abilities are strictly offensive as they’re now on the receiving end of the attacks.

    We’ve created this timeline of notable Russian hacking gang linked cyber attacks that have occurred against the US and other countries in the last 15 years.

    Russian Hacking In The Last 15 Years
    Click to view the full size version.

     

    We want to make a note that there has been some concern that this ongoing war between Russia and the Ukraine may lead to more cyber attacks on the US as the Russian economy has been significantly destabilized by sanctions enacted against Russia as a response to their attack on the Ukraine.

    We’re uncertain if this will end up being the case, but if you’re having cybersecurity concerns for your business or just need some peace of mind, we would be more than happy to provide a consultation. You can schedule one here.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • CMMC Series: The Consequences for CMMC Non-Compliance

    CMMC Series: The Consequences for CMMC Non-Compliance

    You may have thought we finished our series on the Cybersecurity Maturity Model Certification (CMMC) program, but we would be remiss if we didn’t cover the consequences and penalties for not complying with the program if you’re a current Department of Defense (DoD) contractor.

    You may be thinking there’s a window to wait and see while rulings proceed on version 2.0 or have seen dates such as 2025 thrown out as the goal post for when the program will be completely finalized. Or maybe you’re just hoping the whole thing goes away, we get it. Looking at all of the controls and tiers can be overwhelming if your business is new to implementing cybersecurity measures.

    However, the program is here to stay, and your business will be much better equipped to meet the requirements if you begin working on them now. There is a waiting list already for those wishing to obtain their certification earlier, and we expect the wait times to only grow as nearly 40,000 businesses who must comply with this program rush to get their certification before losing eligibility for existing contracts.

    Beyond existing contracts, having your CMMC certification will make your business more competitive when seeking new contracts with the DoD. Progress towards CMMC is an investment in your business’s future, and it also meet the goals of the program which is protecting businesses from cyber threats.

    So, what are the consequences for not working on CMMC compliance now, or in the future?

    The DoD has said that all Defense Industrial Base (DIB) contractors must be compliant by 2025. There are no direct monetary penalties or fines for not being compliant at this time, however your business will no longer be eligible for defense contracts if you have not successfully completed your accreditation by that date.

    Three years may seem like a long time but when you look at the scope of what’s necessary to be compliant with CMMC, it’s really a short window to get your ducks in a row. Tier one could be accomplished relatively easily by most businesses, but if your business handles any Confidential Unclassified Information, you’re really looking at a goal of tier three moving forward (or tier two if/when version 2.0 is released).

    That’s also not counting the time spent in a waiting list for a member of the CMMC Accreditation Body to actually complete your assessment, you will need to work on your self-assessment status and POAM (Plan of Action and Milestones) prior to getting on the waiting list for CMMC accreditation.

    It’s also important to note that your self-assessment must be confirmed by company leadership, it’s not enough to simply have your IT person or team complete the self-assessment and submit it.

    The DoD has said they will randomly test contractor compliance and see if it matches what the contractor has inputted into Supplier Performance Risk System (SPRS). SPRS is a necessary requirement for being compliant with Defense Federal Acquisition Regulation Supplement (DFARS) which many contractors may already be aware of. They will be looking to see if your disclosures for DFARS in regards to CMMC/NIST match.

    Submitting false information could make your business at risk for running afoul of the False Claims Act (FCA), which could leave you liable for civil fines and penalties. There is even a program in place to reward whistleblowers who bring to light businesses who are falsifying information about their cybersecurity practices on these forms.

    This is all so much to say as there are significant risks involved with ignoring CMMC and we suggest you begin working on it now or we’re afraid you’ll be paying for it later.

    If you need assistance with working on your CMMC accreditation, cybersecurity practices and compliance, DFARS forms or more – Valley Techlogic can assist you. Schedule a consultation today to learn how we can help your business meet your CMMC compliance goals for 2022.

    VTL Can Help With Your CMMC Progress!

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • If you enabled 2-factor authentication on your Google account recently, your odds of being hacked dropped by half

    If you enabled 2-factor authentication on your Google account recently, your odds of being hacked dropped by half

    Google began requiring 2-factor authentication on some user accounts this past year, and while there’s always some inconvenience involved in making that switch the benefits definitely outweigh it.

    Google enrolled 150 million members in the last three months of 2021 in their 2-factor authentication program, and they’ve found that instances of accounts being hacked dropped by half for those users.

    Google utilizes two-step verification, or 2SV which involves having a login challenge beyond a simple password entry. This may be a message in Google’s own authenticator application or a hardware security key depending on user preference.

    Google said in their blog post on the topic, “This decrease speaks volumes to how effective having a second form of verification can be in protecting your data and personal information, turn on 2SV (or we will!), as it makes all the difference in the event your password is compromised.” Indicating Google’s plan to initiate the requirement across the board in the near future.

    The hesitancy with users to utilize such an effective security measure seems to stem from inconsistent implementation as well as a general lack of education on the topic. We thought it would be helpful to present this “cheat sheet” on multi-factor authentication and other cybersecurity acronyms.

    Cybersecurity Acronym Cheat SheetWith breaches being ever more common, having that additional step past just a password before a hacker can access your account can make all the difference. A password you use across multiple website (which is also a bad idea) may be leaked without you even being aware of it, and the prompt from a multi-factor authentication application may even be your first clue that your accounts are being accessed by someone other than yourself.

    Google’s own authenticator is found on the Play Store and the Apple App Store and is a solid option, however we suggest users use whatever they feel most comfortable with or whatever is offered by the the websites they frequent (especially for important sites like banking or for work related web portals).

    To add to your security effectiveness, we suggest using a password manager as well so you can work on having more varied passwords – especially for sites that don’t currently offer multi-factor authentication as an option.

    If you’d like tangible security, hardware security keys are a good option and many of them have widespread support for your online accounts such as email, social media, or even your password manager (adding another layer).

    Your devices also probably come with multi-factor security options built in, we’ve been pleased with the implementation of Windows Hello for Windows devices (even when we’re bleary eyed in the early morning, it always seems to recognize us). Fingerprint scanners for mobile devices have also come a long way and is a pretty convenient (and secure) way to keep access to your phone limited to just you.

    If you’re a business owner in the Central Valley and want to embark on the process of enabling multi-factor authentication within your business, Valley Techlogic can help. Our security experts can help you with enabling multi-factor authentication within your business as well help you meet your cybersecurity compliance goals. Reach out to us today to learn more.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • CMMC Series: Preparing for your assessment

    CMMC Series: Preparing for your assessment

    This is our fifth article on this topic and as we bring it to a close, I’d like to first look back at what we’ve covered so far.

    We started the series looking at what’s ahead for the Cybersecurity Maturity Model Certification (CMMC) program in 2022. Then we covered tiers one, two and three as they exist in the current 1.0 model of the program. We’re anticipating that tiers two and three will be merged going forward as version 2.0 rolls out (placing a larger burden on defense contractors looking to scale past the beginner controls in tier one and become more competitive in the marketplace).

    So, if you’re reading this you’ve hopefully begun the process of implementing the controls within your business and are thinking it’s time to begin the process of obtaining your certification. There are several steps that come before actually obtaining your certification (although it should be noted that the CMMC Accreditation Body is currently in the process of hiring and waiting lists for certification could be lengthy at this time). The sooner you begin implementing the CMMC controls within your business, the sooner you can attempt to get on the waiting list to receive your certification.

    The assessment process will follow these steps:

    1. You will need to begin implementing a plan for CMMC within your business, and conduct a self-assessment against the NIST 800-171 (or partner with a provider like Valley Techlogic to assist you with this).
    2. As you improve your processes you can submit your score to the Department of Defenses’ (DoD) Supplier Performance Risk System (SPRS).
    3. From there you will need to identify the scope you wish to obtain for your business (it’s our opinion maturity level 3 will be required for most defense contractors in the future).
    4. Obtain a third-party gap assessment, this will show you where your business is and where it needs to be to achieve your goals.
    5. After addressing the gaps found in the assessment, you can look to the CMMC Accreditation Marketplace and choose a CMMC Third-Party Assessment Organization (C3PAO) to conduct your CMMC assessment.
    6. The CMMC Accreditation Body will review the assessment submitted by your C3PAO and award you your CMMC certification.

    Of course, this is boiling down many months (or even years) of preparation into what looks like 6 easy steps.  The process will be time consuming and potentially costly, but for those who wish to continue doing business with the DoD it’s a necessary investment in the future.

    As we’ve mentioned in past articles on the topic, defense contractors who refuse to comply with the CMMC process will no longer be eligible for defense contracts in the future. Beyond that, if you reach a higher level of certification, you will be in a better position to receive more contracts as it will be used as a comparative tool going forward.

    If you’re like assistance with the CMMC self-assessment process or preparing for your CMMC AB assessment, Valley Techlogic has experience in this area. We have helped businesses begin the process of becoming CMMC ready, if you’d like to learn more schedule a consultation with our experts today.

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.

  • Cyber Insurance – What you can do to ensure your business will be covered in 2022

    Cyber Insurance – What you can do to ensure your business will be covered in 2022

    Last month we released our new cyber insurance report which is an in depth look into this topic, but we wanted to touch on what we’re specifically seeing so far in 2022 in today’s article because from what we’re seeing in from our clients and in the industry – cyber insurance requirements are on the rise.

    If you’re new to cyber insurance or aren’t sure what’s covered under this sort of policy, for most insurance providers cyber insurance offers coverage for technology related disasters. This could include a cybersecurity event such as ransomware or a data breach but depending on your level of policy it might also include IT related downtime not related to cybersecurity such as internet outages. You may even see coverage for specific device issues, such as the loss of an office server that’s critical for day-to-day operations.

    When it comes to the cybersecurity related coverage what many people don’t realize is it’s not only meant for covering your own losses, but also the potential loss incurred by your customers. If you have a data breach, your cyber insurance coverage will cover the cost of any litigation brought by your customers and it may also cover items such as on-going credit monitoring if their PII (personal identifying information) was exposed in the data breach your company suffered.

    It can be easy to feel detached from a loss you haven’t suffered yet. To put some perspective to, it during the Anthem data breach in 2015 when involved 80 million patient records, their costs to notify their customers (which HIPAA regulations stipulate must be done by snail mail) exceeded $40 million in just postage. That’s not even taking into consideration all of the other costs associated with that breach.

    They’re a major corporation, so again it may be difficult to imagine yourself in those shoes, but even for small companies the average costs are as high as $200,000 per breach. Also, if you’re hit with a ransom and think you can just pay it and get out intact, think again. Many times, even if you receive the de-encryption key from the hackers your data may still be lost.

    It’s not surprising that insurance providers are looking at this and wondering how they can alleviate some of the risk they’re taking providing insurance to customers going forward. The requirements are increasing, even for us as a technology provider for businesses we’re seeing longer forms that we’re assisting our customers with when they go to acquire a new cyber insurance policy.

    These longer forms are featuring more difficult questions as well. We have made cybersecurity a staple feature of our plans so our customers are in a good place for obtaining a cyber insurance policy, but the truth is if cybersecurity has been on the back burner for your business, you may have a difficult time in 2022 and beyond finding an insurer that’s willing to cover you.

    As an idea of where to start before you go to obtain a cyber insurance policy, we’ve created this checklist of items you can begin to work on to put your business in a better position this year.

    Be Cyber Insurance Ready in 2022
    Click to grab the full size version.

    Many of the items listed are easy for even someone who’s not very tech savvy to tackle, but if you’d really like to protect your business from hackers this year, we suggest teaming up with a tech provider like Valley Techlogic.

    Cybersecurity is a core focus for our business, we will match your business with a cybersecurity framework that makes sense – for example CMMC for defense contractors, HIPAA for healthcare providers, NIST or CIS for small and medium sizes businesses of any industry – and use that framework to have a concrete game plan for making sure your networks and devices are impenetrable to bad actors. Learn more today with a quick consultation

    Looking for more to read? We suggest these other articles from our site.

    This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.