Do You Need a Zero-Trust Architecture for NIST 800-171 & CMMC?
Zero trust is a security model that assumes that a network or system is not inherently secure, and that all users, devices, and applications should be authenticated and authorized before being granted access to resources. This means that no device or user is trusted by default, and that access control is strictly enforced based on policies and rules. Zero trust is an approach to security that can be applied to…
Continued
Staying Secure While Shopping Online and In-Person During the Holidays
A Comprehensive Cybersecurity Guide The holiday season is nearly upon us, a time filled with joy and festivities but also a period when cybercriminals are especially active in targeting online shoppers. Cybercriminals primarily target victims during this period through social media platforms (41%), third-party websites (35%), emails (32%), phone calls (28%), and text messages (26%) and on average, victims of online shopping scams lose an average of $1500 during the…
Continued
Employee Spotlight – Kathy Carron
We’re extremely excited to welcome back Kathy Carron! Kathy is returning to TSI after about a year and a half break. During that time, she worked as a Salesforce CRM Administrator as well as an Account Manager. Kathy is from the Worcester area and has been in the IT industry for about 8 years. Kathy is looking forward to re-entering TSI and meeting her TSI clients! In the past, her…
Continued
Apple Users! New Vulnerabilities Being Exploited
In today’s digital age, where our lives are intertwined with technology, safeguarding our digital presence has become paramount. We’re here to raise the alarm regarding critical security vulnerabilities that have emerged within Apple products, vulnerabilities that are actively being exploited. Your devices and security are at stake, and it’s our responsibility to keep you informed and protected. On September 7, 2023, Apple released emergency security updates addressing two vulnerabilities CVE-2023-41064:…
Continued
Labor Day Weekend Cybersecurity Tips
Cybersecurity is a vital part of our lives, even during those relaxing vacation days, and while unwinding is the goal, we mustn’t lower our guard against cyber threats. To ensure you have a safe, stress-free Labor Day weekend, we developed five crucial cybersecurity tips to keep in mind. Beware of Public Wi-Fi: Public Wi-Fi zones can be a playground for cybercriminals. Whenever possible, avoid using them. If you have to…
Continued
Microsoft’s Important Update On MFA & SSPR Settings Change
Today we want to bring your attention to an important update from Microsoft regarding their authentication methods for Multi-Factor Authentication (MFA) and Self Service Password Reset (SSPR). As technology continues to evolve, ensuring the security of your organization’s sensitive data becomes increasingly crucial. Microsoft has recently announced a strategic shift away from legacy authentication methods and is introducing a new, significantly more secure platform for authentication. This change is set…
Continued
Stop Relying on NIST 800-171 Self-Assessments: 5 Reasons They’re (Probably) Wasting Your Time
As a CMMC Registered Practitioner Organization (RPO) with decades of cybersecurity experience, we have conducted countless assessments for organizations to help them address their compliance obligations and consistently notice that the vast majority of the organizations that have conducted self-assessments are strikingly off mark, leading to frustration, considerable time loss, and the unnecessary expenditure of valuable resources. While self-assessments may seem like a cost-effective way to evaluate compliance with the…
Continued
Enclaves for NIST 800-171 Compliance & CMMC? Not So Fast: 5 Things To be Aware of When Considering an Enclave Solution
In your quest as a Defense Industrial Base (DIB) contractor to tackle the intricate aspects of NIST 800-171 and CMMC compliance, you’ve likely been bombarded with a plethora of marketing claims promising swift, ‘silver bullet’ compliance solutions alleviating your woes. This is understandably enticing for small to medium-sized DIBs grappling between successfully addressing the complex layers of these extensive compliance prerequisites and the cost of implementing them. However, many DIBS…
Continued
Security Risk: .Mov and .Zip domains can lead to malware
We want to bring your attention to a concerning development involving the use of new top-level domains (TLDs) introduced by Google. Specifically, threat actors are leveraging TLDs such as .mov and .zip to target organizations, posing a significant security risk. The Deceptive Nature of .mov and .zip Domains: The primary concern lies in the fact that .mov and .zip are widely recognized file extensions for internet-shared files. Exploiting this familiarity,…
Continued
Fortinet Vulnerabilities: Stay Secure and Informed
We would like to draw your attention to a critical security notification recently issued by Fortinet, a prominent name in the cybersecurity industry. Fortinet has identified several vulnerabilities within their systems, emphasizing the importance of prompt action to mitigate potential risks and safeguard your organization’s digital assets. The identified vulnerabilities pose significant threats to the security and integrity of Fortinet systems, potentially leading to unauthorized access, data breaches, and compromise…
Continued
Cyber Security Policy Starter Kit:
10 Critical Policies That Every Company Should Have in Place
