How to Tackle CMMC from an M&A Perspective

Upcoming CMMC Webinar- January 27, 2022

How to Tackle CMMC from an M&A Perspective

Webinar Date & Time
Friday, January 27th, 2023 from 12:00 – 1:00 PM EST

It’s time to shift your mindset from “CMMC is a burdensome expense” to “CMMC is a competitive advantage”. Take it from Rick Zimmerman, who recently sold his aerospace company (a Boeing Defense subcontractor) after adopting a compliant IT infrastructure.

In this webinar, Rick is joined by his investment banker and technology consultant to discuss the turnkey solution that enabled him to achieve CMMC compliance, increase shop productivity, and sharply increase the value of the business before selling.

Why now?

Companies in the Aerospace & Defense supply chain are at varying states of implementation with CMMC 2.0, and many will not be ready for mandatory compliance when it’s required in 2023. Compliance issues can threaten businesses of all sizes, but for small and mid-sized businesses with growth goals, these lapses can be especially destructive.

Through this conversation between Rick Zimmerman, Trevor Bohn (KAL Capital Markets), and Ben Scully (Avatara), you will learn the quickest and most cost-effective path to get ready and avoid any business interruption. Register to uncover the secret to increasing your company’s value with CMMC compliance.

Can’t make it live? Register anyway and we’ll send you the recording afterwards.

PHISH-BE GONE? How to Spot and Defend Yourself Against Phishing Emails

Since the beginning of the pandemic, businesses have had to adapt and become more reliant on a remote landscape. By doing so, a lot of business and communication are handled over email. However, with businesses moving to a more remote setup, there is also a shift in cyber security threat vectors. One of the more popular ones that have increased is phishing scams. These phishing scams have not only increased, but they have also become more convincing as well as harder to detect at a glance.

With phishing email scams becoming more frequent in today’s cyber environment, it is more important now to be more vigilant. Unlike some other cyber security threats, there are things that you can do to prevent yourself from becoming a victim. By utilizing some of

the following tips and tricks, you can reduce not only yourself but also your organization from becoming a victim of cyber phishing scams.

Phishing email scams are one of the most common scams used in today’s landscape. However, they are detectable if you know how to identify them. One particular way to detect them is by going right to the source. If you receive an email that looks to be legit but you just want to be sure, you can check the email address of the sender. By looking at the email address to see what the domain of the sender is, you can easily determine if it is a legit email or if it is someone trying to pretend to be someone else. The giveaway is in the “@domainName.com” portion of the email address. Scammers will try and make the email address as authentic as possible so you should always double-check and verify the email address to make sure the sender is authentic.

A second preventative measure for preventing becoming a victim of phishing emails is to look at the way the email is written. “Legitimate companies have trained staff and whenever they send out large or small messages/emails to staff, they require double checking and then only they send emails to their staff.” The spelling and grammar in an email is a good indicator if the email is legit or if it is a fake. Sometimes the emails are very convincing but little things like a comma where a period would normally be or the way currency are typed (i.e. 3,00 instead of $3.00) is another clear indicator that the email is probably not authentic.

The third preventative measure should be an obvious giveaway. If you receive an email that is requesting you to send sensitive Personally Identifiable Information (PII) across email is a very unsafe practice. “If your bank emails you to send your account number through email or asking for your username and password through email, it is recommended to not to send it.” You should also look for other not-so-obvious signs that would signify that the email isn’t authentic. Things like random graphics or greetings that say “Dear Customer” instead of your name. “Hackers often rush to get phishing sites up, so some of them will look significantly different from the original company.”

If you do receive a phishing email, there are a few things that you should do immediately. You should first not open it and delete it “since most viruses activate when you open an attachment or click a link within an email.” Sometimes, the email has a virus embedded in it and just opening the email will activate the virus without you even knowing. You should then notify your IT department and manager immediately that you have received a phishing email but DO NOT forward them the actual email. This will prevent the possible spread of the virus to other computers and users. Your organizations’ IT department will then take the necessary precautions and steps to limit the threat and make a note to prevent it from getting through your security in the future. If you follow these tips and strategies, you will be sure to help to prevent any spread of scams and viruses across your organization.

Written by: Robert Johnson, EMCO Technology, Inc.

Code Phishing – The Growing Scam of the Pandemic

As the world of technology continues to expand, so does the number of threatQR Codes vectors that could possibly compromise the security of an individual and company alike. As the landscape for the threats continues to change, the more important it is for everyone to be more vigilant and aware of the potential dangers that are beginning to pop up more and more. One of the major ways that are being targeted is being utilized more and more by restaurants and other retailers alike. QR codes have now become just one of the latest ways that attackers will try and gain access to devices of unsuspecting customers alike. QR codes have now become just one of the latest ways that attackers will try and gain access to devices of unsuspecting customers.

QR codes are bar-code like objects that are used for a number of things. They can be used to easily navigate to a specific website for a retailer or to data storage as well. They are not only used in retail, they are also used in video games as well as other activities like geocaching. While these companies and activities can be legitimately using the QR codes, hackers are using the public’s blind trust of seeing them at stores and restaurants to gain access to unsuspecting victim’s devices.

An example of how they do this is particularly at restaurants. Since COVID-19 began and then restaurants began reopening again, many of them utilize QR codes for customers to see the menu. By doing this, it makes it much easier for customers to see the whole menu for the restaurant. However, hackers know this and will create their own QR codes and drop them on tables or on the floor near tables. They are hoping that a customer will scan it with their device and once they do, it will either download data to their device without the user knowing it or it can even navigate them to a fake website that the hacker has set up in the hopes of the customer entering personal information like email addresses or passwords.

Once a hacker has access to the device, they can gather any and all the information that they would like. They can use the information entered by the user to start phishing attacks by email spoofing or even just gaining access to your email to read and exploit using your email address or even gain access to your financial information. There are things that you can do in order to help prevent it from happening to you or your organization.


Computer.org gathered a list of ways to prevent this from happening to you. They recommend “scanning QR codes of trusted sources only, regularly update your device’s security as well as remain vigilant.” Another way to limit your exposure is using a QR code reader. Apps like Kaspersky’s QR code Reader and Scanner offer the ability to scan QR codes with a little more confidence. Beaconstac.com has rated this app one of the best because “it offers Kaspersky’s safety checks that ensure a QR code doesn’t lead to a dangerous link or malicious content” as well as “keeps a history of all QR scans done within the app.”

Written by: Robert Johnson, EMCO Technology, Inc.

Cloud Solutions For Business: Can Your Company Benefit?

Do you utilize cloud solutions for business and if not, is outsourcing to the cloud smart for you? The benefits of outsourcing cloud services come down to cost and efficiency.  The three main business functions (Email, File Storage, and Business Applications) are the most common data pieces outsourced to cloud services. Without the cloud, the corresponding groups of data for these three functions would have to be stored on an onsite server.  But do cloud solutions for business make sense for your company?

There are substantial costs and inconveniences when purchasing and maintaining a dedicated server, other hardware, and software internally. Your company must be prepared to pay for the cost of labor, set-up, and maintenance of the server and other IT infrastructure and assets.  Consider this:

    • Servers generally need to be replaced within five years at a significant cost
    • Hardware and software need to be maintained, requiring updates and maintenance at regular intervals.
    • There is significant cost associated with using the business application software
    • As technology grows so does the need for experienced technicians with an increasingly diverse range of technical competencies.

Using cloud solutions, your small business can instead pay for the reduced cost of cloud services as opposed to a dedicated server and the costs associated with onsite IT resources.

EMCOs cloud solutions are convenient, secure and easy to integrate into your existing network. This makes it possible for your employees to easily access their files and applications when working remotely.

Cloud services automatically sync and update, so your files are always ready when you need them on all of your devices no matter where the day takes you. Cloud services are easily scalable, so they can immediately grow with your company’s needs as opposed to the time-consuming processes of hiring new IT personnel and buying updated/upgraded IT assets.

We optimize cybersecurity by ensuring that all systems and applications are updated and patched regularly. The cloud makes it easier to practice good cyber hygiene, which will help protect your company against current and future cyber threats.  Cloud services also serve the important function of backing up company data and services. Since your cloud is hosted in secure facilities with numerous backup and restore options, it is possible to quickly restore operations in the aftermath of a man-made or natural disaster. Best of all, EMCO Cloud Services meet a number of regulatory compliance standards like HIPAA, FINRA, Sarbanes Oxley and more!

When it comes to maintenance, as we monitor your cloud services 24/7, we’ll  advise you on when to upgrade to new options that best suit your company’s objectives and budget. Our knowledge and experience makes us uniquely qualified to continually test and fine tune the output of your cloud-based and onsite IT assets in order to maintain the highest level of performance and security.

Finally, we understand that not everyone has the expertise in their own company to understand the purchasing, usage, maintenance and security of cloud computing. We don’t believe in a one size fits all approach and not everything in your business needs to run on the cloud. For many small business, a hybrid approach may be best. EMCO techs have the expertise to assess your unique organizational needs and make the most cost-effective and operationally effective recommendations on cloud solutions for you.

Think your company can benefit from cloud services?

Call us today for a free consultation about our cloud solutions for businesses to move your business forward safely.

Protect Yourself from Scareware

Ransomware is a word you’ve probably heard often over the past few years and it has been the key topic on many articles and information we’ve shared, but we realized this week, is the increasing need to educate you about Scareware.

Forcepoint defines it best: Scareware is a malware tactic that manipulates users into believing they need to download or buy malicious, sometimes useless, software. Most often initiated using a pop-up ad, scareware uses social engineering to take advantage of a user’s fear, coaxing them into installing fake anti-virus software. Scareware goals can vary from selling useless, fake tools to the installation of damaging malware that exposes sensitive data. Scareware has been known to convince users to download ransomware, a form of malware that holds the user’s data hostage in exchange for a payout.

You’ve probably experienced this and may not even realize it.  Have you ever encountered a surprise pop-up telling you your computer is at risk and software needs to be downloaded or installed to prevent damage?  You are smart and most likely, you ignored the message, but not everyone does—and these messages are getting more and more sophisticated and seem very, very legit.

Over the past few weeks, we’ve had a few reports of users experiencing this scareware tactic.  However, in two cases, instead of being contacted through a pop-up or email, the user  was the one who called a number they believed was the manufacture of a piece of hardware and ended up on a bogus call where the person on the other end tried to get them to pay for a solution.  Thankfully, the users were smart enough to know something wasn’t right and left the call before any harm was done.  They called EMCO to give us a heads up about the incidents and that consideration prompted this article for you.

So how do you protect yourself?

Easy, the first thing you do is DON’T BUY ANYTHING!!  If you think there is something legitimate to the claim, seek the advice of IT professional.  You can also search known cyber security threats at https://www.cisa.gov/cybersecurity .

Second, DON’T PANIC and get help. Call your IT department or tech support company, and if you are experiencing this on your personal equipment and don’t have an IT dept to call, call a local tech company like us for some guidance.

Third, understand a reputable software company like Microsoft, Apple or HP will NOT call you about issues with your computer nor will they threaten you via email.

Recent data breaches such as SolarWinds affected some of the most reputable Fortune 500 companies, so chances are we will continue to see an increase in ransomware and scareware events.   Continue to be diligent and smart about protecting yourself  against and reacting to these events.

What the Heck is ‘Smishing’?

If your anything like me your phones become an integral part of managing your day-to-day life both personally and professionally.  In many ways this has improved both the ease of accessing many vital services like banking, while also helping to secure them with technologies like multi-factor-authentication (MFA). Its hard to beat the convenience of looking up a product review, ordering it and receiving it as early as that day, and most of the time it’s smooth sailing. Unfortunately, as with all good things there’s a lot of room for malfeasance here and enterprising criminals have been quick on the uptake.

While most of the text messages (or Short Message Service ‘SMS’ if you want to be technical) you receive are probably legitimate, chances are you’ve gotten a few like this too:

Now I love winning things as much as anyone, but my complete lack of a Costco subscription was more than enough to tip me off to what was really going on here, a Smishing Attack. ‘Smishing’ like its older brother ‘Phishing’ are communications with a link to an infected site or designed to convince you to share PII or other critical info; Smishing is simply Phishing over SMS instead of E-mail. While many of these are easy enough to notice thanks to grammatical errors or incongruencies like I experienced above, some of them are harder to notice if you’re not on guard.

Smishing attempts like this are often designed to look official and apply to the broadest range of potential victims as possible. Since most of us order packages, we might not think twice before clicking on that link or perhaps a phony tracking number. Unfortunately, that’s all it takes for an adversary to potentially hijack control of your phone and all the data on it, and if you’re a business owner you should consider that every employee of yours is at risk of falling victim to these Smishing attacks which could put your business in jeopardy.

These are real messages I’ve received on my phone and just two of the dozens I’ve gotten in the past couple of years. Please be warry of unsolicited messages and think twice before clicking on any links even if they seem legitimate. If you’re concerned about any messages you’ve received or want to know more about software solutions that could help protect you and your employees from Smishing EMCO technology can help!

This One is For Our Accounting Friends

We recently received a call from an  accountant, who wanted a second opinion  after his firm’s server had experienced an intrusion that resulted in malware being placed on the server.  This  gave the intruder access to customer’s names, birth dates, addresses, social security numbers, tax returns,  and other information used to file returns.  He wanted our professional advice as he felt his IT had missed something critical in his security.

After the fact, we had to help this firm notify their customers of new procedures to prevent this from happening in the future.

ONLY AFTER BEING HACKED, did the firm decide it was worth their money and time to enhance their data security procedures.  ONLY NOW are they looking for malicious code to remove from their system, enable extra levels of security and upgrading their security.

ONLY AFTER BEING HACKED.

The firms customers, on the other hand, now have to monitor their credit, change their passwords, initiate a fraud alert, and be diligent about watching their financial accounts and identities.

This costs them time and money from someone they trusted to be secure about protecting their sensitive information.   These clients have cause to pursue legal recourse for lost time, security and money, especially if they become a further victim.

We aren’t saying there is a guarantee to keep your company’s data from being breached because of the software or IT company you may use, but if you aren’t being proactive and paying attention, your security may be lacking which is going to cost you more in the long run.  EMCO also engineers multifaceted solutions that protect your data and make it difficult to breach.

Cyber criminals are smart and stealthy.  If you aren’t keeping up with them by investing in the right levels of security in terms of hardware and software, you are putting your business and your clients at-risk unnecessarily.   EMCO makes it our business to be smarter than the cyber criminals.

Don’t let this happen to you.  Investing in data security is more important now than ever. Not being proactive and prepared is going to affect your bottom line more than making the short term investment now.

Call us for a free consultation to review your current security protection and we’ll give you our best recommendations to protect your business and your client’s trust.

Is Your Tech Ready to Re-Open?

As the business world prepares to reopen, there are many new things owners need to consider in order to do so. Unlocking the doors and turning on the lights isn’t going to fly in the face of a 2 month+ shutdown and COVID-19 regulations now imposed on every business.

When it comes to moving your technology back from a remote work environment, to the office setting, it is important to consider the time it will take to reintegrate your team back to their new normal environment.

Many companies may continue to have employees working remotely and both business models need to be prepared to provide as much business continuity as possible.

Here are our Top 9 Activities to Prep Your Tech for Reopening:

(1). Your tech team should be the first person on-site before other employees return to the office. Give them time to check on systems that were left in the office and make a list of issues that need to be addressed. In fact, we should recommend that any PC that has been left off for extended time should be turned on at least one or two days before returning to work so that the machine has time to perform lots of updates.

(2). If you have outsourced your IT to a third party, be in constant communication with them to help you get up and running. While you may need someone to physically turn servers and devices on, your IT Partner can remote in to do much of the updates and virus scanning you need.

(3). Clean and dust. Make sure to take the time to clean computers of dust and debris on a regular basis. Additionally, dust that collects in the air vents of the PC could cause overheating, so be sure to move CPUs and clean the back of them.

(4). Inspect power supply and devices. Most offices more than likely use surge protectors or similar devices to power their computer. It’s crucial to make sure these devices are in safe working order.

(5). Probably the most important is updates. Turn machines on, make sure everything boots up then start running any necessary updates. Shut down or restart the computer at least weekly and whenever the program tells the User to in order to install updates. This helps to make sure software and security updates are properly installed.

(6). Run antivirus. It is possible that computers may have vulnerabilities that clients haven’t noticed if they don’t have security or an IT person that may have been monitoring this over the past few months. It’s important to run a antivirus scan weekly to make sure any changes made or files downloaded have not compromised their system.

(7). Don’t respond to email, instant messages, texts, phone calls, etc., asking for passwords. Only click on links from trusted sources. This includes any link where they can’t tell where it will take them. Don’t open unsolicited or unexpected attachments. If they can’t verify an attachment is legitimate, delete it.

(8). Folks coming back to work are going to forget all their passwords. Now is a great time to develop a new password security policy and add password security software to your systems.

(9). Check the batteries!!! It may seem silly but keyboards, mice or other peripherals lying around untouched for weeks may need new batteries!

Your IT protocols may need to change moving forward.  For businesses who will have remote workers, work with your IT team and partners to design the best remote working solution for your staff.  Your solutions need to provide workers the right tech to stay productive, but also security and compliance.

If you find that your IT provider has closed, or isn’t open for business when you are, or perhaps your IT employees aren’t returning to work just yet, don’t hesitate to reach out to the EMCO team for a free consultation.

 

The End of Windows 7. What Should You Do Now?

Time has run out. Running Windows 7? Today is the Day to Upgrade!

As of today, Microsoft is no longer supporting the Windows 7 operating system.  What does this mean for your business?  While, yes, your computers will still run, they will, however, be left vulnerable to malware attacks that may be sitting dormant on your computer right now but will also expose updated computers on your network to security breaches.

There are free updates for users to upgrade to Windows 10 from Windows 7 or 8, but you need to know if your equipment can handle the update.

What you need:

  • Processor: 1 GHz or higher
  • RAM: 2 GB, but upgrading to 4GB+ would be better
  • Hard Drive: at least 32GB

Check your peripherals such as printers and scanners to ensure they are compatible with the update too.

Updating can be cumbersome.  Are you or your staff ready?   There are 3 ways to go about this:

  1. Replace with New Hardware (Recommended): For all but the newest of machines, replace Windows 7 workstations with new hardware running Windows 10. Given our experience with system performance when upgrading the OS on the same hardware, we recommend simply replacing Win 7 systems outright. This will ensure the system is new and performance will not be a problem. It also alleviates the need to spend significant money to upgrade the operating system on an older system, only to spend again in a year or two.                                                                                                                                              
  2. Clean Install of Win 10 on Existing Hardware:(Recommended for any system less than 2 years old) This upgrade path will allow you to reuse the older hardware, however, the process includes backing up all data from the Win 7 system, reformatting the hard drive and installing Windows 10 Pro as a fresh install. This has been proven to be the cleanest most effective way to install a working copy of Win 10 on older hardware.                           

 

  1. In-Place Upgrade Win 7 to Win 10 (Not Recommended): This option would attempt to upgrade the existing OS on existing hardware from Windows 7 Pro to Windows 10 Pro. Although less expensive and the quickest option to attempt, this migration path is frequently unsuccessful. We have seen a high percentage of machines that fail to upgrade due to hardware/drive incompatibilities. We’ve also seen a high percentage of instances where a machine will upgrade, but system performance will be degraded due to a new operating system using older hardware / software.

Is this something you have planned for and your team could handle?  Let us review your situation and make personal recommendations for the best way to proceed with the updates for your unique business.

A 20 min call could save you a ton of time, money, downtime and stress. 

  • EMCO has upgraded 55 client computers already. The majority have opted to purchase new machines in addition to the system.  Machines were old.
  • Went to their offices and swapped out the machines and got them up and running in about 2-4hrs of downtime. Great time for meetings, right?  No data was lost.
  • We have found most of the time the desktop printers haven’t been compatible, and we took care of ordering new printers in budget and quickly. A dictation office needed a whole new peddle—so really check your peripherals.
  • It’s a nice time to hit refresh. Make an investment in your biz—update screens for better resolution, update the printers and scanners as well as desktop and laptops because if those devices are running win 7 or 8, THEY ARE OLD!

Now is the time.  The EMCO Team will help your business stay up-to-date, safe and running!

Another Data Breach

ANOTHER DATA BREACH

The Wawa data breach occurred in March and yet wasn’t discovered until November. The longer that “dwell time” is, the more damage hackers can do. If a company doesn’t have the right technology or expertise of people monitoring their IT/Security during this time, they’ll fall prey to massive data breaches (and thus lawsuits) just like Wawa.

ALL businesses should have an IT/Security budget and take full advantage of all of the available technology to keep their data as safe as possible.

Antivirus alone is NOT the solution. Malware hides and waits. You MUST have a layered approach to security.

Learn the lesson Wawa didn’t. This article shares steps you can take as a consumer to monitor your data if you think you’ve been compromised. http://bit.ly/35d9LAp