DoD Ruling Effecting All DoD Contractors Now!

Attention all DoD Suppliers & prospective CMMC Clients:
On 9/29/2020 an interim rule was posted in the Federal Register which states that The Department of Defense (DoD) now has a requirement for all suppliers to complete a self-assessment to NIST SP 800-171 within the past three years, no later than November 30th, 2020.

That is just SIX WEEKS from now!!

Braxton-Grant Technologies is pleased to be able to offer a Self-Assessment Preparedness Program to help your organization successfully prepare for the required self-assessment; please inquire for pricing and details!

See www.braxtongrant.com , email pmoffice@braxtongrant.com , or call 443-545-2052 ext. 7032

For our friends in Maryland, did you know that there may be funds available to help you comply with this deadline…

The Maryland Defense Cybersecurity Assistance Program (DCAP) provides funding and assistance for Defense Contractors to comply with the DFARS and NIST 800-171 Standards for cybersecurity. The program which provides funding and resources for companies to comply with the cybersecurity standard is funded by the Department of Defense’s Office of Economic Adjustment (OEA) through the Maryland Department of Commerce and is being coordinated by the MD MEP.

PROGRAM REQUIREMENTS
• Must be a Defense Contractor with a physical location in Maryland
• 10% or more DoD related business OR a contract/procurement request for compliance

For more information on this program, go to:

Maryland Defense Cybersecurity Assistance Program

*********************************
DFARS 252.204-7019: Notice of NIST SP 800-171 DoD Assessment Requirements

This new DFARS clause notifies the contractor that they are required to maintain a record within the Supplier Performance Risk System (SPRS). Each contractor will be required to maintain a current DoD Assessment within the system. This means that each contractor will need to have a Low, Medium, or High assessment completed at least every three years and ensure that it is properly reported within SPRS.

Click here to access the SPRS. If you do not have an account with SPRS, you will need to request access through the Procurement Integrated Enterprise Environment (PIEE). Click here to access the PIEE. You will need a certificate to register /authenticate to PIEE / SPRS.

8 Ways To Identify Phishing Attempts

What is phishing? 

Phishing is a cybercrime that uses electronic communication to take advantage of users. Attackers attempt to gain sensitive or confidential information, such as usernames and passwords, credit card information, and more by posing as legitimate organizations or individuals. They use social engineering to manipulate victims into clicking on malicious links and entering this information. Below are eight ways to identify a phishing email. 

Types of Phishing 

Spear Phishing 

These attacks will not look random, like a general phishing attempt. Attackers will gather information about the victim to make the email feel more authentic. 

Clone Phishing 

Attackers will make almost identical copies of previously delivered email messages and change an attachment or link to something malicious.  

Whaling 

Specifically targeting high profile and/or senior executives at organizations, they will often present themselves as legal communication or other high-level executive business. 

Methods of Phishing 

Requests for Sensitive Information.  

A legitimate organization will never ask you to enter any information that is sensitive by following a link. You will usually be asked to go to the official website or app to enter your credentials and any other information that is required. 

Generic Salutations.  

Most hackers will greet you with a “Dear valued customer” or “Dear account holder”. Sometimes, ads will not even include a greeting. These are clear signs that this might be a phishing attempt. Genuine organizations will use your full name.  

 Check the Domain.  

Don’t just check the name of the sender. Check the email address attached by hovering over the ‘from’ address. If you see any changes from what you were expecting, like numbers or letters added, this might be a phishing attempt.  

 Bad Grammar.  

Legitimate organizations will send emails that are well written. There are no spelling errors or bad syntax. Hackers believe their prey are less observant and easier targets, so they tend to have spelling errors and grammatical mistakes in what they send out.  

 Forcing You on to Site.  

If in doubt, don’t open the email. A lot of the time, emails can be coded entirely as a hyperlink so any accidental click anywhere in the email can lead you to a malicious site or start a spam download on your computer. 

 Unsolicited Attachments.  

Authentic organizations will seldom send you attachments. They will usually direct you to their website to download what you need from there. It’s not foolproof because there are times when they will send you information that you need to download, but this isn’t very common. 

 Hyperlinks.  

Always hover over any links in the email because it may not be all it appears to be. When you hover over the link, it will show you the actual URL it will direct you to. 

 Sense of Urgency.  

One of a hackers favorite methods to hook a victim is asking them to act fast, either by offering a one-time deal for a limited time or stating that your account has been compromised. It is usually best to ignore these communications. 

Email Security 

Why is email such an easy target? Because while most people know how to send and receive emails, the same cannot be said about the understanding of how emails are sent or received. This lack of understanding also make gaining access to emails so simple, that hackers just can’t resist.  

The simplicity inherent to modern email interfaces lulls users into a false sense of security. “Of course the email is secure, how could it not be?”. We can check it anywhere. Send communication from anywhere at any time with a click of a button. However, a potent combination of human error and malicious agents can make emails one of the most dangerous threats to an organizations security. Email-based threats account for 25% of all data breaches within the US and causes major losses numbering in the billions of dollars annually.  

As with all cyber security, email security starts with employee training, helping employees understand how to identify and question suspicious looking emails. Alongside this training, organizations need to make sure that they have the right tools to fight against this data theft; anti-virus filters, email filtering, email encryption and more.  

Need more info? The Federal Trade Commission can help you identify and avoid phishing scams. Also make sure your employees follow the Braxton-Grant Technologies guide on the fundamentals.  

Reducing Your Digital Footprint

digital footprint is the trail and traces that people leave behind online, on social media, websites, or chats.  Often, you may be leaving a trail unwittingly.  These days we are bombarded with so much noise when we go online.  “Sign up with us and get a free something or other.”  “20% off XXXX when you register…”  We set up accounts on social media platforms and apps every day without thinking twice.  Most often, when you do that, you are adding to your digital footprint and leaving yourself open to vulnerabilities or in the least, unwanted solicitations.

There are many ways you can reduce that footprint or make it more positive.  Here are eight simple steps you can take to stay a little safer online.

Check your privacy settings on your social media accounts.  

It’s very important to know who is seeing the information you post online.  And now social networks offer you more control with settings that can help you manage the content you share.  Keep in mind that updates and changes to the platform can affect your privacy settings, so make sure to check them once or twice year.

Antivirus software should always be up to date.  

Updating your software regularly will ensure that any vulnerabilities will be patched up.  Security holes aren’t preventable but with the latest versions of AV software, hackers will have a harder time getting into your system.  Before clicking that little “New update available” popup, make sure that the updates are accurate and relative.

Delete or deactivate old shopping or social accounts. 

Did you buy a widget from Widgets-R-Us last year to fill out the ol’ Christmas shopping list?  What happens if widgetsrus.com goes under, and the assets for the company are auctioned off to the highest bidder?  Your personal data is now in the hands of an unknown third party.  Deleting your data from a service by contacting a company directly and asking for your customer data to be deleted is the best way to cover yourself in this case.  If you cannot do this, at least delete your account on the website!

Browse the Internet with “Do not track” enabled.

Most modern browsers and even operating systems have the option for you to send a request to each website you visit which says, “do not track my activity on this website”.  While imperfect, this is a simple way to keep your data out of the hands of compliant websites.

Don’t click on random surveys.

Unless going through a trusted service, such as Survey Monkey or Google Opinion rewards, giving data to a random website to “Find out what Game of Thrones Character is your spirit animal” is a surefire way to get your information out to the world at large.  That’s not a good thing.  It’s all fun and games until your email address gets leaked in a data breach.

Have a public-facing email.

Let’s face it, you can’t always avoid giving out your email.  There are tangible, financial incentives tied to giving away your email address.  The reason for this, however, is because they can make a lot more money off of your email than you will save to get your discount.  Using a single email which is dedicated to absorbing spam offers and which, at worst, you can simply delete without any major repercussions allows you to avoid not only spam email, but also exposing your proper email in a data breach.

Clear your browsing history and cache.

Clearing your browser history isn’t just for getting away with browsing sites you shouldn’t be using at work.  It also protects you in the event that your computer is compromised; it will be harder for a thief to see what sites you frequent.  Clearing your browser cache, on the other hand, will clear out tracking cookies which are used by websites to track you, even between multiple websites.  Enabling “Do not track” can prevent some of these cookies from being stored, but clearing your cache deletes any that make it to you despite your request.

Think about your offline presence.

You need to be aware of the information you share offline.  Make sure you understand how the businesses you use, whether it be a utility company or a grocery store, will use your information.  Most information you see online originates from somewhere offline.

Every time you post, share, or enter your information online, you are creating a digital trail.  It’s not always a bad thing.  A digital footprint can be a positive image, an extension of who you are online.  But be aware of the risks and keep track of your information.

Print out the handy little guide above so you can take it wherever you go.

Baltimore Data Connectors Press Release

On June 13 Braxton-Grant Technologies, Inc.  participated in the Baltimore Data Connectors Cybersecurity Conference with Array Networks.   Braxton-Grant is an important partner for Array Networks in the Mid-Atlantic region and particularly in the Federal, State, and Local Government space.  Array Networks develops purpose-built systems for deploying virtual networking and security functions with guaranteed performance.  Proven around the world, Array is recognized by leading enterprises and service providers for next-generation technology that delivers agility at scale.  Braxton-Grant is a reseller of and service provider for Array Networks products and its engineers are available to implement the AVX Networks Functions Platforms and integrate them into customer networks in both cleared and uncleared environments.  Braxton-Grant can work with customers to determine which 3rd Party network functions the company could benefit from having on the Array Networks to provide reduced cost, space, power , and cooling on a platform designed with reserved resources per VM to provide superior performance and guaranteed SLAs.  Braxton-Grant can also offer an integrated solution withFortinet next-gen security solutions on the Array platform.   For further information on how Braxton-Grant can help deliver the benefits of Array Networks to your environment as well as the many other cybersecurity products and services we can deliver to your networks please see www.braxtongrant.com.

Braxton-Grant Wins 2017 Symantec Secure One Services Partner of the Year

We are proud to announce that we recently won the “Secure One Services Partner of the Year” from Symantec for Fiscal Year 2017! This is the second year in a row we have won this prestigious award!

Secure One Services is directed at partners who consider service and support an integral part of their business and want to grow their services business with Symantec. As a partner, Braxton-Grant Technologies meets a set of stringent support readiness and training requirements, including Symantec accreditation.