The deadline for the supply chain to meet compliance with NIST SP 800-171 under Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 was December 31, 2017. As we are all aware, the enforcement and teeth of this deadline was deferred until NOW.

A while back, I wrote up this list of tips and tricks for customers and partners. As with everything else, reminders are a great as we have very busy lives and sometimes important items are given a lower priority. As I was reading this list today, it reminded me to take care of a few personal items on this list. Send it along to friends, colleagues and family – there are some good tidbits in here.

Hopefully you spent the holidays with family and friends instead of reading the latest publication “Framework for Improving Critical Infrastructure Cybersecurity” Version 1.1 Draft 2 published by National Institute of Standards and Technology (NIST) on December 5, 2017. If you read it, like I did, kudos! I am not saying it was riveting and should be an episodic series based subscription on Amazon or Netflix, but, there are a few areas that should have every business paying attention.

You’ll find some basic hygiene tips here and a more detailed narrative on patching is also included for some holiday reading. Please prepare your cyber posture for 2019 and protect your business.

In the wake of the past several weeks of broad and damaging cyber-attacks, it’s important that we talk about proactive measures the small and medium organizations should consider to protect your environment. Many of my colleagues have articulated the damage and origins of the recent attacks: WannaCry & Petya. I find these insights extremely valuable to understand the root and attributions of the malware itself.

How to best understand the Cybersecurity guidance and volumes of information is an ominous challenge? The foundational cybersecurity work produced by NIST (National Institute for Standards and Technology) is a comprehensive cybersecurity review.

There has been a lot of recent news and discussion about several malware variants that have been defined as ransomware attacks. There are and have been other damaging malware attacks, but ransomware popularity is currently very well publicized.

The latest leading-edge data intelligence topics referred to as Artificial Intelligence (AI), Machine Learning (ML) and, Artificial Neural Networks (ANN) are currently experiencing significant venture and corporate capital investments.

Ransomware is also getting in to business systems through the vulnerability of operating systems and software. Targeted attacks are being delivered on outdated security software or system software.

I have been getting calls and emails for the last few weeks about all the hacks and cyber events. The central question is always, “what do I do to protect myself?” It’s actually an impossible question to answer.

The definition of CUI, or Controlled Unclassified Information, by the Department of Defense is challenging for most small and medium manufactures to grapple.

I was messaging with a very good friend and colleague this week and we started chatting about incident response plans. We noted that most people have a plan in place at home; he raised examples around personal security elements such as home alarms, dogs, door locks and cameras.