Author: rory-admin

We have updated our most popular resource for 2022 and have an offer you won’t want to pass up
As an IT service provider, we’re passionate about cybersecurity because we see the effects having inadequate coverage can have on businesses first hand.

The devastation that can occur after a cyber attack is staggering, we’ve given you the statistics before, such as:
1. The cost of cybercrime is predicted to hit $10.5 trillion by 2025
2. Cryptojacking cases quadrupled in 2021, but the hackers don’t make very much (less than $6 per day), however that doesn’t stop them from trying to gain access to your machines
3. It takes on average 287 for cybersecurity teams to detect and contain a data breach
4. Phishing is involved in 36% of data breaches (can you identify the signs of a phishing email?)
5. DDoS (Distributed Denial-of-Service) attacks are skyrocketing, with 9.75 million occurring in 2021
That’s why we’re thrilled to announce the release of our Tech Tip Card Deck, our deck contains 56 tips for getting your cybersecurity house in order with custom art representing each tip. Best of all, the deck is absolutely free to business owners in our area.

Beyond providing comprehensive technical support, we also want to support our community in staying safe online. If you’re a business owner in Central Valley and would like to have a set of our card deck for yourself, simply visit TechTipCards.com and request one today and we’ll get it shipped out to you ASAP.

We don’t believe technology has to be intimidating, each bite sized tip featured in the deck is easy to understand and easy to implement and will create real results for the online safety of yourself, your employees, and your business.

To up the offer even more, we have updated our most popular for 2022 and are also offering it to you right here, right now. Simply grab it below.

Click to grab the full size version.

Both of these are just a small showcase of what’s in store, we know for most people repetition is the key to success. We plan to deliver weekly content including thought provoking reports, eye catching resources that can even be customized for your office, and tech advice that can greatly impact and improve your use of technology within your business.

If you’d like to learn more, again visit TechTipCards.com or reach out to us for a free consultation today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
April 21, 2022
When the business is you, how data brokers create and sell detailed information based on your browsing history
This week, John Oliver of “Last Week Tonight with John Oliver” aired an eye-opening segment on the world of data brokers and how easy it is to create a very detailed profile about an individual simply from their online browsing history. We suggest watching that segment (which can be found on YouTube) but we also wanted to touch base on this topic ourselves and explain what happens, why this happens, and what you can do to browse safely (and privately) online.

There are really five clear ways data brokers capture your information online. The first is browser cookies. A cookie is a piece of information that a website stores on your device that it can than retrieve at a later time. Most websites you visit now ask you to give them permission to store cookies and most of us do so without thinking about it because the process of declining can be complicated (or perhaps you won’t be allowed on the site without doing so).

Data brokers both buy these cookies and also place cookies on your devices themselves, which allows them to offer you highly targeted advertising. We have two solutions to this once, Chrome and Firefox both have “Do Not Track” options which will not allow the cookies to track you from site to site. There’s also a browser extension called Ghostery which gives you the option of blocking trackers.

The second way data brokers are able to obtain information about you is through mobile applications. Many mobile applications that are “free” are not really free, you’re paying for them through the wealth of information that’s gained about you, such as your GPS data or even your private pictures and videos on your device (as many of these applications ask for “permission” for every service on your phone).

The solution to this one is to always research the applications you download on your phone, and never give them more permissions than they need. That “white noise” application you downloaded does not need permission to your location data for instance.

The third way may seem obvious if you stop to think about it, social media. Data brokers will scrape social media sites for information about you to “complete” their profiles on you. The easiest way to combat this is to think twice about what you’re sharing online, information such as your birthdate or where you work not only put you at risk for receiving very targeted spam – it’s also a cyber security hazard.

The fourth way is just public records. Court documents, census data, property records, vehicle registration records, marriage and divorce records are all public and all available to data brokers at their leisure. The best way to combat this one is to address the other ones we’ve mentioned so they cannot use this information combined with the above to create a highly detailed information package on you (a singular piece of data is less useful than a full picture). You can also sign up for alerts from Google so if your name is mentioned on the web you’ll be notified.

The fifth way may surprise you, but it’s your credit card company. Data brokers are able to buy your “anonymized” credit card data directly from your credit card company. They can then combine this data with receipts they may have accessed in other ways and your social media posts “Look at what I just bought!” and voila, data brokers now know how you’re spending your money (and what they should try to sell you next).

There Isn’t a good way to combat the last one and it illustrates the point the best, we need more restrictions on how our data is used and who is allowed to collect it. Some states are leading the way with this, such as the California Consumer Privacy Act (CCPA) which gives consumers more control over their online data (and the ability to remove it).

We’ve created this chart to give you five things you can do RIGHT NOW to protect your privacy online.

Click to grab the full size version.

While there are steps we can take to protect ourselves, more needs to be done to protect our privacy as we browse online. Privacy is also a concern for business owners and the businesses they run, if you would like to learn more about how Valley Techlogic can help schedule a consultation today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
April 14, 2022
Common tax return scams to watch out for in 2022
The due date for filing your taxes is just 10 days away as of writing, and as tax filers scramble to gather needed information to finish (or start) their filing – scammers are looking for ways to take advantage of the mad dash that occurs for many Americans every year.

The IRS has put together a compilation of scams they’re seeing this year, and they mention that scams may not be limited to the virtual space. Scammers may also call, mail or even show up to your door in person. So, it’s a good idea to be extra vigilant when protecting your PII (personal identifying information).

The “Tax Transcript” scam is one that commonly targets businesses, many employees will use their business email when they sign up to do their taxes and may expect communication from the IRS to come there, but scammers will send fake communications with malware attached instead. Users may click without even thinking twice (especially as email scams of this nature can be very convincing). See below for an example.

IRS Tax Email Scam Example. Credit: https://www.irs.gov/

IRS scam calls are also another common tactic. It’s a good time to reiterate that the IRS will NEVER call you asking for personal information. This news segment found on YouTube shows a scammer in action, these calls may increase as we get closer and closer to the filing deadline. You shouldn’t give out your personal information even if they have things like your address or full name (scammers will often do some research on you before calling).

Another scam aimed at businesses is one where the scammer will pose as a member of the accounting department where you work, they know many people will not question a call or email coming from a work authority. It may be a good idea if you’re a business owner to send out an email or have your accountant contact your employees to mention that like the IRS you will NEVER call or email unprompted requesting private information.

Stolen Identity Refund Fraud or SIRF is a very lucrative business, 2.8 million false returns were filed in 2018 with a potential worth of $16 billion dollars. It’s important to guard the PII information criminals need to file a false tax return on your behalf. Here are 5 steps you can take to safeguard your information:
1. The easiest? Have a good spam filter enabled on your email, that way many of these phishing scams won’t even make it to your inbox.
2. Check emails for signs it’s a phishing scam, we wrote an article on what to look for. Two standouts are an email domain that doesn’t match the sender (an IRS email won’t come from a Gmail account) or links that when you hover on them don’t match where they say they go.
3. Check with the purported sender, if the email looks like it’s coming from within your office network, but the email contents just don’t seem right – follow your gut and follow up with your department.
4. If you receive a call from a number you don’t recognize claiming to be the IRS or the authorities, try Googling the number. Many people will share information about experiences with scam numbers online as a way to warn others.
5. If you’ve already given your PII to a scammer, contact the major credit bureaus to freeze your credit and contact the IRS to report it ASAP. The IRS has steps in place for helping victims of identity theft, the sooner you act the sooner you can put a stop to the scammer’s activity under your identity.
Employee training is the best defense for business owners who want to prevent scams such as these ones as well as other cyber threats from effecting their business. Valley Techlogic offers security awareness training as well as top of line cyber security defense systems as part of all of our technology packages. Learn more today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
April 8, 2022
Five Email Migration Tips & Reasons We Suggest You Make that Move for Your Business
If you’re using a free email service such as Gmail, Yahoo, Hotmail or even AOL – it’s probably time to make the move to using your business’s domain instead.

We understand it can be hard to let an email you’ve been using for a long time go, and there can be some growing pains when you make the switch. Your existing customers and business associates know you by your existing email address, you may have it organized the way you like it. It can seem like a hassle, but there are some big reasons to make the switch.
1. You get what you pay for (in terms of support). Your free email box will also come with non-priority support from your service provider, if you have an issue even if it’s urgent you will still need to get in line with everyone else.
2. It’s a target for hackers. Hackers love free email accounts because their popularity makes them ubiquitous. When they access one used by a business, it’s even better.
3. Your email is more likely to be marked as “spam”. This is because spammers also use free email accounts to conduct their business, so your emails will just get lumped in with theirs.
4. You’re missing out on a business opportunity. Your free email domain doesn’t advertise your business to your customers, it advertises Google, Yahoo, etc.
5. It could be seen as unprofessional. Your customers may wonder why emails from you come from a free email provider instead of your domain, even if they never say it.
Even if we haven’t swayed you to make the change, you can still get your email domain established and try to slowly work it into your work routine to send some emails from that domain or switch some of your business accounts to using that email instead.

If you are ready to make the change, we have five tips for getting started.
1. First, make a list of the emails that will need to be migrated and get those users (and yourself) setup with work domain emails.
2. Next, backup your existing email boxes data. Many free email providers offer a way to backup your data. For Gmail the steps are: 1. Navigate to “Privacy and Personalization” and click on “Manage or Delete Your Data” and click “Download Your Data”.
3. Consider using a service to help with the migration, there are online services for assisting with email migration.
4. Individually save any emails you can’t afford to lose. We suggest saving any especially important emails or their context individually somewhere else. Also, if you’ve been relying on your free inbox to manage important data now may be a good time to think about getting a backup program in place for your business.
5. Consider bringing in the professionals, if you’ve been using your free email account for a very long time and there’s too much at stake if something were to go wrong, we suggest reaching out to a professional team to make this switch for you. They will know how to make the transition as seamless as possible.
Click to grab the full size version.

If your business is located in the Central Valley, we have experts that can assist you with your email migration goals and taking steps to better secure your business’s data. Reach out to Valley Techlogic today to learn more through a 10-minute consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 31, 2022
Unsure if the person you’re interacting with may be a fake? This Chrome extension can detect fake profile pictures with 99.29% accuracy
As we discussed last week, financial scams may be on the rise in 2022. Social engineering is a pretty common tactic utilized by scammers when it comes to siphoning funds from unwitting victims, but there are some tools you can use to combat it.

Recently a company called V7 Labs has released an extension for Chrome that’s able to detect artificially generated profile pictures, such as those created by Thispersondoesnotexist.com (see below for an example).

The Fake Profile Detector extension can help you detect if a social media profile picture is a fake just by right clicking on it, it’s able to zero in on things you may miss at first glance – such as a pupil that’s not in the right place or clothing that appears to be bleeding into the skin. The extension does not work with video (yet). Also, just to note you should always verify an extension is from a trusted source before downloading it to your browser.

Social engineering scams aren’t limited to just financial scams, they’re also utilized to gain information or to spread misinformation. As AI tools have grown more sophisticated it’s not easy to rely on someone’s profile picture to give you a good indication of who you’re talking to online.

It’s also very easy to create fake profiles using real pictures, even pictures of people you may actually know. It’s typical for the scammer to start the conversation off with they got “locked out” of their main account and would like you to add their new one. You should also confirm with your friends and family before accepting a request from a new account.

Or maybe it was their actual social media account, but a scammer was able to gain access. Sometimes scammers may even leave the password alone. The victim then may not know they have an intrusion, and the scammer just monitors and deletes messages of the conversations they’re having without the victim’s knowledge.

We have created this chart of the top five things you should watch out for when it comes to social engineering scams.

Click to download the full size version.

Social engineering is not limited to just social media sites such as Facebook and Twitter. The most common type of social engineering are phishing attacks, and scammers setting their sites on businesses to take advantage of may have an easier time of convincing a user they are who they say they are when it comes to the more casual relationships we tend to have with colleagues.

We wrote a blog explaining what to look out for when it comes to phishing emails, but at Valley Techlogic we also think this issue can be tackled from a software and training perspective.

The tools we utilized will make sure that much of that suspicious spam never makes it to your end user, and the training we offer to our clients can help them make sure that if an employee does get a spoofed phishing email – they know exactly what to do about it.

To learn more, schedule a free consultation with our sales team today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 25, 2022
As we feared, Ukraine-Russia crisis leads to a surge in cyber attacks
As we’re nearing a month into the conflict between Russia and the Ukraine, cyber warfare between the two countries is reaching an all time peak. We covered the topic of Ukraine’s “IT Army” recently in this blog, and we mentioned growing concerns we’ve seen from users that there may be a spill over effect when it comes to cyber threats.

Cyberwarfare was inevitable as conflicts on the ground continue on, and as Russian hackers feel the “pinch” of the effects of sanctions imposed against Russia, we may see an uptick in financial scams. Especially as both countries have turned to cryptocurrency which can often be used as a safe haven for financial transactions taking place outside the public eye. In the case of Russia it’s being used to try and liquidate funds out of the country and in the case of the Ukraine they’re using crypto to bolster support for their economy.

We have created this chart for the types of financial scams we think may increase in the coming days (though it should be noted, financial scams were already up 70% in 2021).

Click to download the full size version.

However, hackers have also represented a beacon in the war of information currently happening between Russia and the Ukraine. Ukraine’s “IT Army” is now over 400,000 people strong, with hackers from all over the world lending their support digitally in Ukraine’s effort to protect their democracy.

DDoS attacks on government sites with Russian origins as well as document leaks – which includes a 360k file data dump from a Russian federal agency – are continuing to happen regularly. It’s estimate that over 90% of exposed Russian cloud databases have been compromised at this point.

Also, with access being restricted to sites like Twitter and other social media platforms being restricted in Russia, Squad303 is a website that was created by a group of Polish programmers that can help foreigners relay information to Russian citizens. The website founders say that over 7 million text messages and 2 million emails have been sent through the site so far.

We again want to say we don’t know what the outcome of this conflict will be, but it seems clear that consumers and businesses should be wary of the ripple effects that will occur throughout the cyber sector, possibly for years to come.

Business owners who still believe they’re “too small” to be a target should be wary that proceeding with out cybersecurity protections may make them the low hanging fruit for hackers reacting to a state of desperation. Cybersecurity protections are a worthwhile investment in your future and the peace of mind in questionable times is priceless.

At Valley Techlogic, we’re experts in the field of cybersecurity. We can perform an evaluation of your business and tell you where you are now and where you need to be to not worry that your business is “ripe for picking”. Schedule a consultation today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 18, 2022
Our Five Best FREE Resources Ranked
At Valley Techlogic we believe educating our community on internet safety and providing concrete goals for businesses in our area to help improve their cybersecurity measures whether or not they’re covered by a Valley Techlogic plan is a valuable resource our company can provide to make us all a little safer online.

We’ve provided quite a few free resources and reports over the years, and we couldn’t help but notice which ones really have struck a cord with our audience.

Here are our top five free resources and reports, ranked by popularity. Bonus, you can grab all of these right from this page, still absolutely free.?

#5 The Data Contingency Planning Report

Our Data Contingency Report tells you EXACTLY what you need to have a solid plan for backing up your business’s files. Click to grab the report now instantly.

#4 The New IT Provider Checklist

Our New IT Provider Checklist lets you check off the MUST have for your new IT provider. If they don’t cover one or more of these items, you should keep looking.

#3 Our Section 179 Guide

Our Section 179 helps you get the best tax benefits from the tech purchases you make for your business. We’ll have the updated 2022 version available later this year.

#2 Our Cyber Security Framework Overview Report

Our Cyber Security Framework Overview Report goes over in plain text a number of popular frameworks, CMMC, HIPAA and more.

#1 Our Cyber Security Checklist

By far our most popular resource, this no nonsense checklist gets straight to the point on what you need to be fully covered from cyber threats.

To receive these resources and more, reach out to us to be added to our mailing list. That way you’ll be the first to receive tech tips, free reports and resources and more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 11, 2022
How the war in the Ukraine is being fought on the digital front
We’ve all been exposed to the ongoing crisis occurring in the Ukraine as Russian forces have made their way into the country and are heavily attacking major Ukrainian cities as they attempt to gain control of the capital city of Kyiv, causing nearly a million Ukrainian citizens to seek shelter in neighboring countries as of the time of writing.

The Ukrainian forces have been inspiring the world as they defend their country from this unprovoked invasion, and that defense is also occurring on the cyber front. We’ve reporting ourselves from time to time on Russian hacking gangs and their effects on the US. The Ukraine is not only defending their digital infrastructure during this war, but they are also responding offensively with what’s being dubbed the “IT Army”.

These volunteers to the Ukrainian government are conducting attacks on Russian led websites – some of which are currently serving propaganda on what’s really happening in the Ukraine to Russian citizens – and bringing those websites down. These also include sites belonging directly to the Kremlin and the Russian Ministry of Defense and more.

DDoS attacks are also occurring on Russian targets, being conducted by the hacker group Anonymous. They’ve made claims they’ve succeeded in taking down 1,500 Russian led websites and dumping more than 40,000 private Russian files on the Dark Web, including ones that came from the countries Nuclear Safety Institute.

SpaceX has also jumped into the fray, responding to pleas from the Ukrainian government to add Starlink as an option to keep necessary internet services online in case of a Russian disruption to the service. SpaceX quickly delivered 48 Starlink satellites with more on the way.

Also, in a move that’s literally slowing things down inside of Russia, it was discovered that a Russian led company had outsourced the main component of their EV charge stationed on along a major motorway between Moscow and St. Petersburg. The Ukrainian company that built the components used a backdoor to hack the machines, shutting them down and displaying anti-Putin messaging on the screen.

The Ukraine’s IT Army is also requesting assistance through the use of a Telegram channel belonging to the group, which as of time of writing has over 275,000 users. The IT Army is providing live updates on successful attacks on Russian led targets as well as attempting to communicate with Russian citizens as Russia leads a disinformation campaign has tried to unsuccessfully stifle public outage on this war.

It’s unclear what the outcome to the ongoing conflict will be at this moment, but this is an unprecedented moment in time marking the first time a war has a significant public digital elements involved. We’re all aware at this point of Russia’s hacking capabilities, but it will be interesting to see if their abilities are strictly offensive as they’re now on the receiving end of the attacks.

We’ve created this timeline of notable Russian hacking gang linked cyber attacks that have occurred against the US and other countries in the last 15 years.

Click to view the full size version.

We want to make a note that there has been some concern that this ongoing war between Russia and the Ukraine may lead to more cyber attacks on the US as the Russian economy has been significantly destabilized by sanctions enacted against Russia as a response to their attack on the Ukraine.

We’re uncertain if this will end up being the case, but if you’re having cybersecurity concerns for your business or just need some peace of mind, we would be more than happy to provide a consultation. You can schedule one here.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 3, 2022
5 Ways You Can Prepare Your Technology (and Your Employees) to Return to the Office
Whether your employees are still mostly remote, or you’ve moved into a hybrid setup, many employers are looking to return to business as usual as COVID numbers drop and speculation increases that we’re moving into the endemic phase of this illness.

We covered this topic much earlier in the pandemic, and we still agree with the advice we gave for prepping employee devices before bringing them back into the company network. We’re all aware of the waffling opinion about whether offices are really necessary or remote work is the wave of the future.

For some businesses the collaboration that occurs in person just couldn’t be replicated remotely, while others found that their employees were even more productive when not subjected to the hustle and bustle of office life. These choices are best made on an individual company and even individual employee basis.

We do think it’s a good idea to offer some more sound technology advice for returning to the office, even if you’re only considering the idea for now.
1. Check on your office network: If your office has been mostly unused the past couple of years, or only lightly used, it may be a good idea to make sure your network can still support your whole workforce. Employees coming in the first day and being unable to get online would be a poor way to kick things off.
2. Think about your existing technology structure as well: Has a server become unreliable in the time you’ve been away, or your current backup solution handles small uploads fine, but your entire staff would overload it? It’s a good idea to perform these upgrades before welcoming employees back.
3. Don’t switch the current workflow all at once: If there are systems in place that have been working throughout your time spent remote, don’t immediately switch back to “how things used to be”. It’s a good idea to evaluate whether the new systems and processes are perhaps better than the old ones too.
4. Also be sure to check incoming devices before allowing them on the company network: As we said in our previous article, devices that have been allowed outside of the office should be checked prior to coming back and logging into sensitive work systems. Hackers know how to bide their time so just because a device hasn’t shown any signs of malware doesn’t mean there is no malware.
5. Finally, now is the best time to bring in new assistance: An event such as returning to the office, or moving offices marks a great time to bring in technical assistance. A technical provider can help you get past where you are to where you want to be.
Is your office planning to stay hybrid or continue remote? Even if you’re not returning back to the office – now or ever – we’ve created this template of online safety tips your employees should keep in mind. Whether it’s with a company device if you allow it to be used personally during off hours or just for keeping their home network safe (because malware can spread).

Click to download the full printable version.

In the office, remote or anything in between, Valley Techlogic can assist you with getting the most from the technology you use to facilitate running your business. Learn more with a free 10 minute consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
February 24, 2022
CMMC Series: The Consequences for CMMC Non-Compliance
You may have thought we finished our series on the Cybersecurity Maturity Model Certification (CMMC) program, but we would be remiss if we didn’t cover the consequences and penalties for not complying with the program if you’re a current Department of Defense (DoD) contractor.

You may be thinking there’s a window to wait and see while rulings proceed on version 2.0 or have seen dates such as 2025 thrown out as the goal post for when the program will be completely finalized. Or maybe you’re just hoping the whole thing goes away, we get it. Looking at all of the controls and tiers can be overwhelming if your business is new to implementing cybersecurity measures.

However, the program is here to stay, and your business will be much better equipped to meet the requirements if you begin working on them now. There is a waiting list already for those wishing to obtain their certification earlier, and we expect the wait times to only grow as nearly 40,000 businesses who must comply with this program rush to get their certification before losing eligibility for existing contracts.

Beyond existing contracts, having your CMMC certification will make your business more competitive when seeking new contracts with the DoD. Progress towards CMMC is an investment in your business’s future, and it also meet the goals of the program which is protecting businesses from cyber threats.

So, what are the consequences for not working on CMMC compliance now, or in the future?

The DoD has said that all Defense Industrial Base (DIB) contractors must be compliant by 2025. There are no direct monetary penalties or fines for not being compliant at this time, however your business will no longer be eligible for defense contracts if you have not successfully completed your accreditation by that date.

Three years may seem like a long time but when you look at the scope of what’s necessary to be compliant with CMMC, it’s really a short window to get your ducks in a row. Tier one could be accomplished relatively easily by most businesses, but if your business handles any Confidential Unclassified Information, you’re really looking at a goal of tier three moving forward (or tier two if/when version 2.0 is released).

That’s also not counting the time spent in a waiting list for a member of the CMMC Accreditation Body to actually complete your assessment, you will need to work on your self-assessment status and POAM (Plan of Action and Milestones) prior to getting on the waiting list for CMMC accreditation.

It’s also important to note that your self-assessment must be confirmed by company leadership, it’s not enough to simply have your IT person or team complete the self-assessment and submit it.

The DoD has said they will randomly test contractor compliance and see if it matches what the contractor has inputted into Supplier Performance Risk System (SPRS). SPRS is a necessary requirement for being compliant with Defense Federal Acquisition Regulation Supplement (DFARS) which many contractors may already be aware of. They will be looking to see if your disclosures for DFARS in regards to CMMC/NIST match.

Submitting false information could make your business at risk for running afoul of the False Claims Act (FCA), which could leave you liable for civil fines and penalties. There is even a program in place to reward whistleblowers who bring to light businesses who are falsifying information about their cybersecurity practices on these forms.

This is all so much to say as there are significant risks involved with ignoring CMMC and we suggest you begin working on it now or we’re afraid you’ll be paying for it later.

If you need assistance with working on your CMMC accreditation, cybersecurity practices and compliance, DFARS forms or more – Valley Techlogic can assist you. Schedule a consultation today to learn how we can help your business meet your CMMC compliance goals for 2022.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
February 18, 2022