How To Implement Your IT Policy

Last week, we talked about the importance of developing a unified IT policy, and putting that policy down in writing. With a bit of work and patience, you can make sure that other managers, department heads, and the executive team understand and support the policy decisions.

How Can My Business Prepare for CMMC?

Last week, we discussed the upcoming changes to DFARS 252.204-7012 -- the Cybersecurity Model Maturity Certification (CMMC). The CMMC will involve serious changes in how defense contractors and subcontractors approach information security for their networks and computer systems.

How To Develop a Unified IT Policy

As your organization grows, you may find yourself growing from an IT department of one to working with a small team -- or more. With that growth will come the need to document processes and procedures that were previously ad-hoc, or “oral tradition” -- answers given in the moment in response to one-off questions.

What is the DoD Cybersecurity Maturity Model Certification (CMMC)?

In June 2019, Dawn Greenman of Johns Hopkins University and Liz Hogan of E-N Computers sat in on a briefing. The Department of Defense announced that it is introducing a new cybersecurity standard for contractors -- the Cybersecurity Maturity Model Certification (CMMC). With cyberattacks and cyber-warfare in the news week after week, it’s no surprise that the Department of Defense is ready to take a harder line on enforcing cybersecurity standards for defense contractors handling sensitive information.

How To Train Users to Avoid Malware

We’ve talked before about having a malware response plan in case one of your endpoints is infected by a virus, trojan, or worm. And while it’s always good to have an action plan, it would be even better if your users were able to avoid getting infected in the first place.

How To Configure Microsoft Certificate Services PKI (Part 2)

For the last few weeks, we’ve been looking at Microsoft AD Certificate Services PKI. Last week, we went over how to set up an offline Root CA. This week, we’ll get an intermediate Issuing CA set up and ready to issue certificates.

Setting Up the Issuing CA

For the issuing CA, you’ll need a domain-joined server running Windows Server 2016. Go ahead and log on to that server with domain admin credentials.

How To Train Your Users to Avoid Phishing Scams

Phishing is big business. Each year, businesses lose millions of dollars to phishing scams and other “social engineering” attacks. So naturally, sysadmins are interested in helping their users to identify and avoid these threats if and when they hit their inboxes.