MNS Group has been selected as a Candidate Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessor Organization (C3PAO) by the CMMC Accreditation Body. Only C3PAOs are authorized to conduct CMMC assessments. MNS Group has the C3PAO Candidate designation until the DoD performs a Level 3 audit of our company. We will be able to conduct a CMMC Assessment as an Authorized C3PAO for the Organization Seeking Certification (OSC) after receiving our audit. 

The US Government is urging organizations to mandate MFA (Multi-factor Authentication) to protect against threat activity by Russia’s Foreign Intelligence Service (SVR). The FBI, the Department of Homeland Security (DHS), and the Cybersecurity & Infrastructure Security Agency (CISA) have put out a special joint advisory warning government agencies, information technology companies and other policy analysis groups to prepare for against attacks from APT29, a threat group that they describe as working for the SVR. This notice comes on the heels of the Biden administration’s formal attribution of the SolarWinds attack and targeted attacks on COVID-19 research facilities to SVR.

MNS Group advises organizations to implement MFA as an integral part of a unified cybersecurity program. The increase in complexity and sophistication of cyber-attacks on businesses and organizations of all sizes warrants the analysis and expansion of cybersecurity policy to mandate MFA as a bare minimum. If you are curious about ways to implement MFA into your programing, join us on May 27 or June 22 in our Security Basics Webinar series, MFA: The Biggest Bang for your Security Buck. Sign up today.

There is a great deal for businesses in the commercial space to glean from the CMMC standards to apply to their organization’s cybersecurity. Securing your data, defending the integrity and infrastructure of your business from cyberattacks and disruption is undeniably one of the most important roles for business leaders. Even if your business is not part of the DIB supply chain as a government contractor, or as a cybersecurity professional, businesspersons have a responsibly to fellow employees, clients, and their country to remain cyber-safe, cyber-secure and cyber-resilient.

As vaccines roll out across the world, we are all getting a little more optimistic that we will be able to travel (remember that?) and see friends and family again. But don’t get your wheelie suitcase out just yet. How will you PROVE, in an acceptable way, that you are vaccinated?

Multi-Factor Authentication (MFA) is a security feature offered by many websites, applications and devices that dramatically improves account security by requiring multiple pieces of evidence (your credentials) when logging into an account. There are three main categories of credentials: something you know, like a password or pin number, something you have, like a security token, verification text, call or email, or something you are, like your fingerprint, your voice or your face. Using our wall metaphor again, MFA is like having a second and third very high, slick wall. All good, right? Safe and secure! Or maybe not…

The economic shocks of 2020 are drastically affecting the technology budgets of 2021 and pencils are being sharpened. 2020 saw bootstrap, instinctive, reactionary, financial decisions. Many organization’s plans for 2020 were thwarted by the pandemic and were put on hold. There is now no such thing as business-as-usual processes; executives need budget processes streamlined in order to react quickly and strategically with a more proactive than reactive stance. With so much uncertainly going into the new year, how should companies address and prioritize their technology budgets for 2021?

Stalkerware is a term that is used for applications that are sold, usually by legally registered companies, to monitor children or track employees. The term “stalkerware” was coined for its wide use to monitor intimate partner’s or spouse’s activity without their consent. These apps are designed to run undetected and track or record user behavior and activity and may remotely control devices without the user’s consent or knowledge. They exfiltrate data like location, contacts, take screenshots, call and text logs, browser history, and even record phone calls. Some types of apps that are location services are expected, for instance, the Find My function in Apple phones to geographically locate devices and people, but this differs from stalkerware because it is a native application where the user is in control of who they share their location with. Stalkerware apps are especially insidious because the companies who design and sell them fail to protect all the data that is collected- opening the victims for double damage: not only do they have no privacy but much their personally identifying information for sale on the Dark Web as well leaving them open for attacks.

In March, nearly two-thirds of Americans worked remotely due to the novel coronavirus. June has arrived with the country largely opening back up for business but seeing a different business landscape. Many questions emerge, with one of the most important should employees return to the physical office- at all? Is it worth the risk of infection to meet in the office when Zoom has worked so well? How will the open office plan, so popular for communication, fare in light of social distancing? Will handshakes go the way of the rotary phone? Employees are conscious of the prospect of carrying the virus back to their families; business owners are examining the expense of outfitting offices to appropriately accommodate the protection of employees while staying productive and avoiding liability. What about the fact that employees are enthusiastic about the perks of working from home, and may resist returning to the office? With all these things accounted for, many businesses are extending the work from home option as a longer-term or even permanent strategy for their workforce. Whatever the reason, there are considerations businesses should take if they are considering a long or longer-term work from home arrangement for their employees.

The Corona Virus COVID-19 pandemic has had a drastic effect on how businesses operate, the clients they serve, and the bottom line. Organizations have had to adapt strategy and investments very quickly to keep up with the ever-evolving challenges. Extra pain is being felt as businesses work hard to honor commitments made due to restrictive contracts signed prior to the global pandemic.

What if scaling and the ability to shift resources were built into the agreements you make with your partners?

Threats come in ALL forms. of communication – from phone calls to ads and apps- but the most effective for these bad actors are SPEAR phishing emails. These emails are hyper-targeted, they may APPEAR to come for your bank, your boss or your babe, they may call you by name, they may make a reference to your work location or even your neighborhood. We have seen some DOOZIES… including “outsourced lawyers” asking for users to click on links to upload information related to downsized employees, bad actors who claim to have damning data on the victim, and threatening to use social media to reveal them.

Make 2020 the year that you begin to take 20 seconds to review emails before taking any action to determine if they are authentic. Check out how to review emails in some detail below: