Effective cybersecurity requires consistent investment in technology and business practices to be prepared for an evolving cyberspace. Humans are the weakest link in cybersecurity with 37.9% of untrained users failing phishing tests according to training organization KnowBe4. In response to more frequent private and state-sponsored cyberattacks, United States legislators introduced the Cybersecurity Maturity Model Certification (CMMC). The CMMC framework outlines five levels of security practices and processes, with each level increasing the cryptographic security and business practices required.  Level 1 focuses on basic cyber hygiene practices.

According to research by the Enterprise Strategy Group, 53% of senior IT decision makers believe that their organization has a problematic shortage of cybersecurity skills. For companies looking to be CMMC compliant by the deadline this Fall, it is critical they invest in employee training and foster a culture of security. While cultures will vary from industry to industry and company to company, the heart of a secure culture should be educating employees.

  • First, employees should be required to use multi-factor authentication (MFA)—preferably a token-based solution that limits or eliminates the need for username/ password shared secrets. User-authentication is often the first line of defense against hackers and will alert employees if their account is compromised. Frequently updating token activation data ensures hackers must always be guessing when attempting to gain access to an account.
  • Second, employees should be aware of the importance of updating personal and company devices. Many updates from companies like Microsoft and Apple include vital security patches keeping up to date with the latest cybercrime trends. If shared username/ password shared secrets MFA methods are used, employees working from home should also regularly check if updates are available for their Wi-Fi routers and any other device connected to their network. In addition, For IT departments should frequently inform employees of hardware patches from company device providers such as Dell or HP.
  • Lastly, employees should check emails for disguised addresses or “weird” patterns. IT departments must have the responsibility of monitoring email activity and alerting employees of possible threats and support digitally signed emailing where emails that are not properly signed with trusted cryptography can be quarantined at the mail server or by the corporate email client.

Global cybercrime is expected to cost $6 trillion by 2021 according to reporting from cybercrime magazine. As legislators beef up regulations and hackers continue to evolve to more threatening attacks, it is imperative companies respond or risk losing their intellectual property or suffer fines from industry regulation. For more information regarding CMMC and how SPYRUS can help you meet CMMC requirement with cost effective asymmetric solutions, contact one of our security experts.