Is Your Business Ready for CMMC?

Is Your Business Ready for CMMC?

What is the CMMC?

CMMC stands for Cybersecurity Maturity Model Certification. This certification will be taking over the role of NIST 800 – 171 regarding qualifications to work with Department of Defense. The Cybersecurity Maturity Model Certification will have many of the same controls as NIST 800 – 171 but will have about 33 more in addition. CMMC will be needed by every contractor and subcontractor to continue working with the DoD by 2020. So, is your business ready for CMMC?

A lot of details of the CMMC are still being determined.  

CMMC Requirements:

CMMC will have several of the same controls as NIST 800-171. Also, there is a requirement of a 3rd – party audit in order to receive certification. This is different from the self- verification of NIST. With NIST, contractors could rank themselves with the honors- system. Now, with CMMC, this is not the case. The contractors will have to find a CMMC approved auditor and go through the process. The auditor will rank the contractors from 1 to 5. The levels of the contractors are important because that will determine not only the contractors’ status, but this will also show which contracts they can bid on. 

What are the levels of CMMC?

Now that we know what the requirements are, let’s go over the levels. There are five levels of the CMMC. These levels are based on the maturity level of your security standards. The levels range from 1 to 5. Level 1 is the most basic level, “Basic Cyber Hygiene”. The next Level is 2, “Intermediate Cyber Hygiene”. Following, is Level 3, which is “Good Cyber Hygiene”. Level 4 is “Proactive”. Finally, Level 5, is the “Advanced or Progressive” level. The higher the maturity level, the better off your company will become. 

5 levels of CMMC

Common Questions regarding CMMC

There is still unknown information about the CMMC. The information below is what we do know now.  

  • The final version of the CMMC will be available this upcoming January (2020).
  • The auditors for the CMMC must be an approved, non-related, 3rd- party.

For more information on if your business is ready for CMMC, click below

Why You Need an MSP for Your Business

Why You Need an MSP for Your Business

An MSP is a Managed Service Provider. But you might be curious on why you need an MSP for your business what they really do? A Managed Service Provider is a group or company, like Bravo, that supervise their clients’ IT infrastructure needs. Companies may lack the in-house IT capabilities that they need, thus turn towards an MSP service. These services are very useful for small to medium-sized companies because they no longer need IT providers to fix problems, they can just reach out to their MSP and everything gets taken care of for them by experts.

What an MSP Can Do

MSPs are usually used with smaller or medium size companies, however there are large-scale companies that use MSPs as well. MSPs are a must have for any organization, especially with organizations that have strict security mandates.

All businesses bear risk to security breaches; MSPs keep their businesses safe while allowing them to focus on their mission and customers.

  • MSPs have a support capability that allows for around-the-clock monitoring and protection.

  • MSPs consist of subject matter experts. They have experience ensuring security and compliance in various organization types.

  • MSPs can even eliminate the need for an IT department, or augment their current staff, which will help with reduce your company’s cost and improve efficiency.

Benefits of Using an MSP

There are many benefits to having an MSP. The ones that really stand out are as follows: Safety & Security, Support & Expertise, and Reduced Costs.

Safety & Security:
Every business fears security breaches. This could be disastrous for your company. An MSP provides constant protection and gives you peace of mind – knowing that your company is safe.

Support & Expertise:
The MSP team is there for YOU and YOUR business. They will make sure that your needs and wants are satisfied with accuracy and with quickness, so you can focus on what you do best!

Reduced Costs:
An MSP not only keeps your business secure, it does so with low costs. Outsourcing services to experts is much cheaper than building an in-house team. MSPs often have pricing packages that allow for flexibility to fit your budget whether you’re large or small.


Interested in more ways to secure your business? Subscribe below to receive our weekly digest:

Liked What You Read? Check Out Our Other Blogs!

5 Best Ways to Prevent Phishing Attacks

laptop experiencing a phishing attack

Over the years, phishing has evolved and is a major threat all businesses must address. Phishing is the number one cyber threat and many attacks specifically target small and midsize businesses. In the past, phishing emails were easy to identify, however, attacks are now much more sophisticated and virtually indistinguishable from genuine emails.

According to Verizon’s Data Breach Investigations Report, 1 in 14 employees were tricked by a phishing attack. These phishing emails are being used to obtain login credentials to email accounts and corporate networks, to spread malware infections, and install ransomware. Ransom payments alone totaled more than $1 billion in 2016; however, even bigger losses resulted from computer downtime. So how can you defend against phishing attacks without breaking the bank?

Here are the 5 best ways to prevent phishing attacks and better secure your organization.

1. Spam Filtering Software

One of the most important lines of defense is to implement a spam email filtering solution. Spam filtering software prevents most phishing emails from reaching employees’ inboxes to minimize human error. Advanced spam filters can block more than 99% of spam emails, however, cybercriminals are constantly developing new techniques that fool spam filters. It only takes one phishing email that is not caught in the filter to infect an entire network.

2. Awareness Training

Security awareness training is an essential part of a phishing defense strategy and should be mandatory for all employees. Training programs should occur multiple times throughout the year as annual training sessions are not enough because employees may be frequently tested by cybercriminals in different ways.

3. Phishing Simulations

Conducting phishing simulation exercises are great for determining how effective your training program has been. These simulations allow you to see which employees are more susceptible to phishing attacks and can be provided with additional training. Overall, this can help organizations better protect themselves and decrease the odds of a security incident.

4. Multi-factor Authentication

Multi-factor authentication is an important security control that can help to prevent account access by unauthorized individuals. If an employee discloses a username and password in a phishing attack, multi-factor authentication can prevent the attacker from gaining access to the account. Even if the attacker attempts to log in with the username and password, account access can only be gained with the second factor – a code sent to a mobile phone when an unfamiliar device is used to access an account.

Multi-factor authentication may not prevent unauthorized individuals from obtaining user credentials through phishing emails and websites, however, it can protect against phishing by limiting the damage that can be caused by stolen employee credentials.

5. Be Aware of New Threats

Phishing tactics change, so it is important to keep up to date on the latest threats and make sure you are prepared. Make sure to sign up to threat intelligence services and follow reports of phishing attacks in the media. Companies who have been targeted in phishing attacks often publish warnings and words of wisdom. Use this information to keep your employees aware of the new tactics and techniques being used by scammers through email security alerts and monthly cybersecurity newsletters.

Mounting an effective defense against phishing requires a combination of technologies, policies, and good security awareness. Adopt these 5 best ways to prevent phishing attacks and you will be able to greatly reduce susceptibility to phishing scams, improve your security posture, and potentially save millions of dollars by preventing data breaches.

IT Governance

Interested in more ways to secure your business? Subscribe below to receive more information:

Liked What You Read? Check Out Our Other Blogs!

The Microsoft Cloud for Government

What is the Microsoft Cloud for Government?

The Microsoft Cloud for Government is a complete cloud platform designed specifically for U.S. Federal, State, and Local Governments providing cost savings opportunities, rigorous security and compliance – including FedRAMP, HIPAA, and CJIS-capable features – and the flexibility to run in government, public, or private clouds with an integrated open platform – all from one trusted provider.

As part of Microsoft Cloud ecosystem, there are three major cloud environments: Azure, Office 365 and Dynamics 365. They provide these cloud environments with the emphasis in a holistic approach to security, leadership in compliance and commitment to transparency and privacy.

Azure : Application Innovation

Microsoft Azure is an open, flexible, enterprise-grade cloud computing platform. Microsoft invested and built a Public Sector environment that is a physically isolated instance of Microsoft Azure that employs world-class security and compliance services critical to U.S. government for all systems and applications built on its architecture.

Office 365 : Productivity

Office 365 provides your organization with easy-to-use productivity and collaboration tools that allows your users increase productivity and less time sifting through paperwork. The secure and compliant platform lets departments seamlessly work together from anywhere with an Internet connection on nearly any device. Office 365 U.S. Government plans provide all the features and capabilities of Office 365 services to enable organizations to increase productivity while meeting U.S. compliance and security standards.

Dynamics 365 : Business Apps

Dynamics 365 is the solution that equips your employees with data, along with reporting, modeling, and powerful workflows, while also offering security features that can limit access to sensitive data. Dynamics can also free data trapped in outdated systems and automate monotonous tasks, allowing employees to focus on more important work. Microsoft Dynamics allows government agencies of all sizes to share data and connect teams and departments, while maintaining the highest level of compliance standards.

How can Bravo help?

Bravo taps into the power of Microsoft technologies to develop custom software applications and solutions for Federal, State, Local, and Commercial organizations. We have helped many Agencies migrate to the Government Cloud and have pioneered enterprise applications that have become central components in our clients’ business success.

Please contact us – It’s easy.