Entries by Robert Duffy

,

What is a POAM?

Plans of Action and Milestones, or a POAM, is a “document that identifies tasks needing to be accomplished. It details resources required to accomplish the elements of the plan, any milestones in meeting the tasks and scheduled completion dates for the milestones”, as defined by NIST. When your organization is working towards NIST 800-171 compliance, […]

Why Should My Company Have a Disaster Recovery Test Plan?

Disasters are unpredictable, but disaster recovery shouldn’t be. Disaster recovery tests (DRT) are a necessity to ensure that you can recover from a disaster. You don’t want to find out the hard way that your disaster recovery plan isn’t working. A DRT is a simulation of an event that could potentially happen in the future. […]

What is Cyber Hygiene?

Cyber hygiene is all about forming good habits with your digital devices. These habits and routines improve your online security (and that of your organization). By maintaining the health of your system, you can mitigate potential security breaches and keep ahead of threats and issues that can target more vulnerable out-of-date software and hardware.  The […]

Key Updates in CMMC 2.0

The Department of Defense (DoD) announced on Nov 4th, 2021 that the Cybersecurity Maturity Model Certification (CMMC) version 1.0 will be replaced with a streamlined program called ‘’CMMC 2.0.’’  We’ll be discussing the key differences and how to ensure your organization should prepare now for CMMC 2.0 and when it goes into effect. What’s Changed? […]

6 Cybersecurity Best Practices to Protect Your Business

As a small or large business with multiple ongoing projects and revenue goals, it can be easy to overlook basic cybersecurity measures. However, what may seem like an extra expense can be invaluable to your company’s future security and profitability. According to surveys taken from 2006 to 2020, data breaches have been steadily increasing in […]

How to Recognize Social Engineering Before It’s Too Late

While technological hacking is typically at the forefront of every business owner’s mind, social engineering is often overlooked. This form of hacking takes advantage of human nature in order to acquire sensitive information, creating a potentially disastrous situation for a business’ cybersecurity infrastructure. However, there are ways to discourage social engineering from infiltrating your processes. […]