Create a Disaster Recovery Plan to Protect Your Data

Your company’s most precious business resource is its data. What is your game plan for protecting it?

Data loss cripples businesses – studies show that over 50% of businesses hit by cyber-crime close their doors within 6 months. What measures are you taking while cyber-criminals step up their game? If your game plan doesn’t include backups, you’re effectively planning to lose when (not if) a cybersecurity breach occurs. Don’t like losing? Let’s go over some game plan essentials to get that win.

Consider the elements

Even with strict information controls and excellent maintenance of technology, avoiding data loss incidents is all but impossible. You can account for what you can control – and that’s about it. Aside from the usual suspects – ransomware, human error, and technology failure – there are other forces that could destroy your business if you don’t have proper backups. Don’t let other variables, such as natural disasters, structural fires, and theft, derail your business success. Create a Disaster Recovery Plan to use as your playbook for succeeding in less-than-ideal conditions, and position yourself to recover that data quickly.

A strong lineup

Not all backups are the same. Businesses have different needs and budgets and every backup strategy needs to consider both. Think of this as your line up. How long can your business afford to be “down” in the event of a disaster? What players need to stay in as long as possible? What data is affordable to lose? Priority should be given to the data essential to carry out your essential business functions. In the event of a breach, recovering that data quickly could spare you big losses.

Use a long term strategy

A winning game plan takes you all the way, right? Backups protect your data by ensuring you have a ‘copy’ of everything you need in case of compromise. How long should you keep those copies? The compliance and regulatory requirements for your industry should guide how long you keep data backups. A good long-term strategy accounts for not just unexpected events, but also compliance requirements to ensure your data is there whenever you need it.

Plan for the wildcard

People are a constant variable in the biggest upsets. In times of emotional distress, employees often make poor decisions. Almost 75% of departing employees admit to taking company data in some form. 70% of intellectual property theft occurs within 90 days of an employee’s resignation. Worse yet, even more malicious activity can occur and hostile actors inside the workplace, unfortunately, purposefully delete data. Plan for the wildcards by having timely backups and enjoying peace of mind knowing you can get back to normal after a compromise.

The competitive advantage

If a disaster were to hit your area, how quickly would your business recover? How quickly would your competitors recover? Implementing a disaster recovery plan through effective backups ensures quick restoration and minimizes down time. Make backups your competitive advantage by ensuring you can get back on your feet faster and more effectively than your competitors.

A strong game plan accounts for all known and unexpected factors. It includes an aggressive offense for the things we can predict, and a solid defense for the sudden and unexpected. Plan for the win – backup your data and get back to business.

Want to secure a win for your business?

Our team will work with you to create a custom disaster recovery plan that fits your business needs, the data you need to protect, and your budget. Contact us today!

What is a CMMC RPO?

Throughout 2020, the U.S. Department of Defense released details surrounding the Cybersecurity Maturity Model Certification (CMMC) requirements for companies in the defense industrial base (DIB). These new consolidated cybersecurity requirements are driving suppliers and contractors to dedicate time, money, and other resources to strengthen their cybersecurity strategy to meet compliance. Depending on the company’s existing cybersecurity posture, some will have much more work to do than others, and they will all need professional guidance.

It’s no surprise that the market has been recently flooded with consulting firms claiming to be experts in CMMC compliance requirements. Keep in mind that not all third-party consultancies are created equal. As a small business, we understand how important it is to properly vet vendors, and make sure you’re getting the most out of every dollar you assign to projects like these.

The CMMC Accreditation Body (CMMC-AB) has introduced five certifications and authorizations to differentiate entities offering CMMC compliance services. These are:

Certified Third-Party Assessor Organizations (C3PAO)
Registered Provider Organizations (RPO)
Registered Practitioners (RP)
Certified Professionals (CP)
Certified Assessors (CA)

We’re happy to provide some details regarding the RPO authorization, and what is involved.

RPOs like The Greentree Group are authorized by the CMMC AB to provide consulting services to government contractors and other companies in preparation for their CMMC assessments. We can also assist during these assessments if there is a finding that will prevent you from attaining your desired CMMC maturity level. However, we do not conduct certification assessments, and we do not grant certified status. Only C3PAOs are equipped to conduct these certification assessments. As an RPO, we are here to provide CMMC guidance and support to companies impacted by these new regulations. It’s important to remember that C3PAOs cannot provide guidance unless they’re also certified as an RPO – and even then, they cannot offer the same services (assessment + guidance) to the same company.

WHAT GOES INTO BECOMING AN RPO

A company must do the following to become certified as a CMMC RPO:

Be an entity owned by a “US person”.
Be registered with the CMMC-AB in order to receive authorization to use the official logo distributed by the CMMC-AB.
Sign an RPO agreement, reflecting a commitment to comply with the CMMC-AB Code of Professional Conduct.
Clear an organizational background check.
Have at least one Registered Practitioner (RP) on their team. An RP is specially trained and authorized by the CMMC-AB to deliver “non-certified advisory services informed by basic training on the CMMC standard” at all times.
Pay an annual registration fee.

These requirements put in place by the CMMC-AB are helpful for companies seeking certification because they provide a measure of legitimacy. As with any new regulations or rules, there will be many companies claiming to be experts in the field, and competing for your business. By selecting a company that has attained its RPO authorization, businesses can be confident that their choice is well suited for the job and committed to CMMC standards.

CHOOSING THE RIGHT CMMC RPO FOR YOUR COMPANY

RPO authorization is an important consideration when choosing a provider- but there are other things you should keep in mind. Other important questions you may want to ask –

How much experience does the RPO have in cybersecurity and maintaining compliance in highly regulated spaces?
- The Greentree Group has supported both DoD programs and DIB clients with obtaining and maintaining required cybersecurity compliance for over a decade

Do they have experience with other frameworks such as CIS CSC, NIST SP 800-53, NIST SP 800-171, and ISO 27001?
- Greentree has cybersecurity experts for the cybersecurity framework you require

How knowledgeable are they about the defense contracting environment?
- Greentree’s cybersecurity team has a combined 50+ years of defense contracting experience

How many years have they been in business? Are they well-established?
- The Greentree Group has been in business for 26 years with an established reputation for excellence in customer support

How easy is it for the provider to scale efforts appropriate to your business?
- We support clients of all different sizes and architectures, as your business grows our support for your cybersecurity needs can grow with you

Note: Back To Business I.T. is a service brand of The Greentree Group.

WHY IS THE RPO AUTHORIZATION IMPORTANT FOR YOUR BUSINESS?

The new CMMC-AB authorization process for RPOs is an effective way for companies to sift through the increasing chatter in the CMMC consultancy space. The RPO certification signals that a consulting firm is invested in the CMMC space, and has committed to cybersecurity best practices. By visiting the CMMC marketplace, companies can look for certified RPOs in their area and reach out on their own terms.

We are authorized by the CMMC-AB as an RPO, and ready to guide your business along in the CMMC journey. Are you ready to learn more? Fill out this form and one of our cybersecurity experts will be happy to provide more information about CMMC compliance.

The Greentree Group is a CMMC Registered Provider Organization (RPO)

We are now a Cybersecurity Maturity Model Certification (CMMC) Registered Provider Organization (RPO) authorized by the CMMC-AB.

This new achievement solidifies our position as a leader in CMMC compliance solutions and services meant to protect government data in defense contractor systems. According to the National Accreditation Board, CMMC-AB is an independent accreditation body “responsible for establishing, managing, controlling, and administering the CMMC assessment, certification, training, and accreditation processes for the Department of Defense (DoD) supply chain.” Our new Registered Provider Organization (RPO) status reflects our commitment to the CMMC Accreditation Body (AB) code of professional conduct. It allows our company to provide advice, recommendations, and consultation to our customers as they seek their own CMMC-AB certifications.

Since 1993, The Greentree Group has been providing comprehensive professional services and technology solutions to small and medium-sized organizations, including:

Cybersecurity solutions
I.T. Support
Cloud Solutions
Technology Strategy

We offer a suite of comprehensive business technology services to include solutions which support Cybersecurity Maturity Model Certification (CMMC) compliance. Our team of cybersecurity experts assist defense contractors in becoming CMMC audit ready by implementing technical solutions and developing documentation and policies required by CMMC. In addition, we provide options for ongoing services to maintain compliance after certification.

CMMC SUPPORTS IT MODERNIZATION AND SUPPLY CHAIN SECURITY

CMMC is a new cybersecurity compliance standard that will be required for contractors to bid and win DoD contracts. The Defense Federal Acquisition Regulation interim rule took effect on November 30, 2020 and initial assessments are expected to begin in calendar year 2021.

CMMC-AB authorized RPOs provide advice, consulting, and recommendations to their clients. They are the implementers and consultants, but do not conduct Certified Assessments. They understand the CMMC Standard, and are qualified as:

Aware – Employs staff trained in basic CMMC methodology
Registered Practitioner Staffed – Offers CMMC trained consultative services
Targeted – CMMC assessment preparation
Trusted – Bound by a professional code of conduct

View our listing on the CMMC-AB Marketplace!

Ready to learn more? Our team of cybersecurity professionals would be happy to provide more details about the CMMC requirements, and what they mean for your business. Contact us today!

7 Cybersecurity Tips for SMBs

7 cybersecurity tips for small and medium-sized businesses (SMBs), brought to you by Back To Business I.T.

Antivirus and Filters

Scanning your systems regularly to detect malware and potential vulnerabilities should be at the top of the list when it comes to cybersecurity measures. Putting web and email filters in place can help block nefarious traffic and messages from ever reaching your systems.

Restrict Access

Along the same lines of defense as Antivirus and Filters, use restrictions to limit staff access. The same way you restrict departmental access depending on where a person works, it’s a good idea to implement internet restrictions. This way employees are limited to the websites they can access on company computers – and thus lessen the risk that they’ll wander into some dark alley on the internet.

Train Your Staff

One of the biggest cybersecurity risks any company faces is its people. To err is human, right? And err we do. Phishing emails are the most common cyberattack, and how over 90% of successful breaches begin. Educate your staff on best cybersecurity practices. Our cybersecurity awareness training offers not only educational materials, but simulated training exercises to test employees’ preparedness in a safe sandbox environment. Contact us to learn more.

Step Up Your Authentication Game

Setting up multi-factor authentication means that system access has a two-layer protection. Requiring both a password and a pin, for example, will likely reduce your risk of unauthorized access. Much like having biometric and pin or pattern access on your phone protects your data from prying eyes – two-factor authentication on your systems can keep your data safer.

Patch and Update, Faithfully

Clicking that ‘update later’ button is usually a bad idea. Updates ensure your system has the latest information on potential vulnerabilities. Patching does just that – patches certain ‘holes’ or fixes bugs in the system. This is part of why it’s critical to use up to date hardware/software – so you can be sure the manufacturer is working constantly to keep it as secure as possible.

Back Up Your Data

In the case of a breach, having your data backed up can make the difference between paying the ransom or not. Cybercrime isn’t the only reason to back up your data though – as other events can affect system functionality and disrupt your business. In the context of cybersecurity, it can give you the upper hand. If your data is securely backed up, there’s usually less down time in the event of an attack.

Have a Cybersecurity Policy in Place

All the good intention in the world won’t take the place of a solid information security policy. Make sure your staff is aware of the processes and best practices for cybersecurity in your company. You’ve worked hard for your business, protect its future.

Here at Back To Business I.T., we’re a business too. We have the same concerns and face the same challenges. Our customizable solutions are meant to change as your business grows – fitting your needs, and your budget. Take your business to the next level with a technology partner you can trust. Contact us today!

Battling the Myths of How Businesses Control Their IT Infrastructure

In order for businesses to stay ahead of the competition, they need to be innovative. One word that is often associated with being innovative is technology. A business’s technology stems directly from their IT infrastructure. This includes their server(s), hardware, technology, managed services, software, network, etc. In order to allow innovation, businesses need to have a stable, secure and up-to-date IT infrastructure. By having this, it will allow technology to help the business operate smoothly.

Back to Business I.T. helps businesses to create, monitor and maintain their IT infrastructures. After helping many clients, we have experienced a lot of different IT environments. Through these environments, we have noticed there are some common myths that businesses believe regarding how to control an I.T. infrastructure. Below we discuss three myths and explain the realities to these situations.

1) Myth: A business can hire one person to run their entire IT infrastructure.

Reality: This may be true in some very rare cases but for most businesses, they find success in having a team of experts to control their IT infrastructure. IT managed services firms have a team of experts who work together to monitor and maintain these infrastructures. This is what allows technology to continue running for a business. So, outsourcing a business’s IT department to an managed service provider is needed.

2) Myth: An employee considered to be “tech savvy” can take on a business’s technology issues.

Reality: Taking an employee, who already has responsibilities in their current position, and throwing them into an IT environment can be dangerous. Monitoring and maintaining an IT infrastructure is a full-time job. It should not be given to someone who does not have the time to put in the work that is required. Also, being considered “tech savvy” does not mean they have the expert knowledge to provide the stable, secure and up-to-date IT infrastructure that every business needs.

3) Myth: Outsourcing a business’s IT department to a third-party managed service provider is expensive and not worth the high costs.

Reality: Outsourcing a business’s IT to a managed services firm can take up a major portion of their IT budget. However, when looking at the big picture, it can save the business money. For example, if a business’s IT network is invaded by a major threat that their one-man IT department or “tech savvy” employee cannot handle, the business is going to acquire substantial losses. Not only will they have to find and pay an IT expert or firm to resolve the issue, they will also lose a lot of important data in the process. Yet, if the business had outsourced their IT infrastructure to a managed services firm before this happened, they could have contained the threat in a much more cost and time saving manner.

In order for businesses to keep up with the competition and become innovative enough to stand out against them, they need to start investing in their technology. By doing this, they will be gaining access to opportunities that will help their business to grow.

If you are interested in learning more about what an IT managed service provider can do for your business, let’s start a conversation.