Every organization has some level of risk that can impact the organization. Regardless of whether you have a formal quality management system or must meet regimented regulations, leadership, as well as additional stakeholders, have a particularly vested interest in identifying and planning for all potential risks to an organization. The National Institute of Standards and Technology (NIST) has created a guide for conducting risk assessments. Regardless of the technology, the establishment of a standard approach is key.

IT / OT Infrastructure, Digital Information and IoT devices

With the spread of COVID-19, new challenges and opportunities will arise for keeping your business safe from cybersecurity threats. As the government and businesses work on mitigating the impact of the ongoing outbreak, social distancing measures are leading to an increase in remote working across all sectors. The immediate challenge is “how can I protect my digital assets from a cyber-attack?” Some key vulnerabilities to a cyberattack are Information Technology / Operational Technology (IT / OT) infrastructure, digital information and Internet of Things (IoT) devices.

As the world weathers the COVID-19 virus pandemic, we are faced with posturing for such and protecting / helping ourselves, family, friends, co-workers and members of our greater communities; but a procrastination of sorts -- coupled with a distrust / disbelief that this will impact me (downplaying the magnitude of such) and not knowing what we don’t know, exponentially raises the risk of infection and serious health consequences coming to bear.

This is an original NIST Cybersecurity Insights blog post, written by Jeff Greene.

Your employer has unexpectedly directed you to telework—and you are feeling overwhelmed. With many changes happening at once, telework security could be an afterthought or completely overlooked. This could put you and your organization at increased risk from attackers, who are always looking for opportunities to take advantage of disruption generally and weak security practices specifically. But it’s more than your organization at risk—if your telework device is compromised, anything else connected to your home network could be at risk too.

This is an original NIST Cybersecurity Insights blog post, written by Jeff Greene.

Conference calls and web meetings—virtual meetings—are a constant of modern work. And while many of us have become security-conscious in our online interactions, virtual meeting security is often an afterthought, at most. Who hasn’t been finishing one call when attendees of the next call start joining – because the access code is the same? In the moment it may be annoying, or even humorous, but imagine if you were discussing sensitive corporate (or personal) information. Unfortunately, if virtual meetings are not set up correctly, former coworkers, disgruntled employees, or hackers might be able to eavesdrop. Using some basic precautions can help ensure that your meetings are an opportunity to collaborate and work effectively – and not the genesis of a data breach or other embarrassing and costly security or privacy incident.

This is an original article from NIST Manufacturing Innovation Blog.

Cybersecurity threats are a huge business risk for all companies. Small and medium-sized businesses (SMBs) — including manufacturers — are especially vulnerable to attacks. Small and medium-sized manufacturers (SMMs) are often seen as an easy entry point — a “soft” target — into larger businesses and government agencies. One of the first steps when prioritizing how to manage your business risk is to gather information about the threat environment. The 20 important (and shocking) cybersecurity statistics listed below focus on what manufacturers need to know about the “what” and “so what” of cybersecurity, so they can start planning their “now what” actions.

With the release of version 1.0 of the CMMC framework, the DoD will being to include these certification requirements in new DoD solicitations, beginning in the fall of 2020.

The inforgraphic below provides a high-level look at what the Cybersecurity Maturity Model Certification (CMMC) means for DoD contactors. It offers steps contractors can take to prepare for CMMC, important dates and descriptions of practices and processes required to achieve each of the 5 levels of CMMC certification.

This is an original article written by Elliot Forsyth, Vice President of Business Operations at the Michigan Manufacturing Technology Center (The Center), part of the MEP National Network.

Contributed by our partners at John Wood Community College.

Regional companies will learn practical ways to adapt for the future at the “ABC’s of a Thriving Workforce” conference set for Tuesday, September 24 from 9a.m. to 2:30 p.m. at John Wood Community College’s auditorium in Quincy.

This is an original article written by Michael Allbritton, Cybersecurity Analyst and Trainer with Alpine Security. 

Introduction

Today we all communicate constantly over the internet. Some people say we spend too much time on our mobile devices, and we do not interact enough with the world, and with the people around us. However, that is a discussion for another time. In this blog post we want to discuss how we keep our internet communications secure from eavesdropping.