Intellectual property is a company’s most valued asset.
Unfortunately, it is also what cybercriminals are hoping to catch on their on their next phishing trip in Hacker’s Pond.
It’s a business’s biggest nightmare at worst; a major inconvenience at best. When dealing with government agencies, the risk is even greater.
To that end, the Department of Defense rolled out its Cybersecurity Maturity Model Certification which surpasses compliance initiatives currently in place. Once implemented, CMMC will be a mandatory certification for all contractors and subcontractors doing business with the government.
“We appreciate you meeting with us today,” said Tracy Collins, CEO of Simple Helix. “We’re really excited to discuss a topic that’s top of mind for many of us.
“The only information is misinformation, right now.”
Collins empathized that each business has its own needs and budget; he recommended that companies do their research, keeping those factors in mind.
“Base your decisions on your business. You have choices, despite what you’re told by others, said Collins. “Consultants, suppliers, they all have great opinions, but do your homework.”
“The government will never tell you one way or another,” said Stan Lozovsky, vice president/chief operations officer of H2L Solutions. “They provide the requirement and it’s up to the company to meet those requirements.”
As CMMC is implemented, companies may not be able to do business with the government without the proper security procedures in place.
“CMMC is not here to hinder your business,” said Lozovsky. “It is here to protect your business and to force businesses to take a posture to protect information, your intellectual property, and how you do business.”
The government is taking a staggered approach to implementation, he said.
“The government has a five-year plan for roll-out,” said Lozovsky. “Whenever there’s a mod (modification), there’s a cost to the government, as well. There’s also a learning curve.
“You can’t really just flip a switch and expect everyone to just start doing everything, right off the bat.”
Self-certification will also be a thing of the past – third-party auditors must verify the certification criteria.
And history has demonstrated that self-certification isn’t always effective.
“It will force people into taking an active role in cybersecurity,” said Lozovsky.
“The CMMC implementation doesn’t have to be expensive,” said Scott McDaniel, vice president of Technology for Simple Helix. “Do your homework; you have choices with the vendors, tools, and the solutions that you choose to implement.”