Announcing our Latest Registered Practitioner

Dewpoint’s Senior Security Architect, Leon DuPree, received his Registered Practitioner (RP) certification through the Cybersecurity Maturity Model Certification-Accredited Body (CMMC-AB). Leon is passionate about delivering security solutions to his clients, applying his Information Technology (IT) experience and security expertise. In addition, he believes in promoting security best practices and the latest advancements in security through writing several articles for information technology-related publications and as a speaker on security-related topics for awareness. Leon is also a Certified Information Systems Auditor.

Dewpoint is a Registered Provider Organization for CMMC.  The CMMC-AB is the non-profit governing body that oversees the CMMC working in conjunction with the Department of Defense. It also establishes and oversees a qualified, trained, and high-fidelity community of assessors and consultants that can deliver consistent audits and informative assessments/services to participating organizations against a defined set of controls/best practices within the Cybersecurity Maturity Model Certification program.

What is trending in Project Management?

Project management is a staple for most organizations that undertake business or technical projects.  Since the formal launch of the Project Management Institute in 1969, project management has evolved tasks one of the “smart” guys performed to a full career path. The impact of Covid-19 has resulted in significant changes in the approach to managing projects from the conventional on-site collaborative approach within a traditional team environment.

The top four current key trends in project management are:

  1. Implementing Digital and Remote Teams – No longer is project management strictly bound to the confines of a typical office. Covid-19 has proven that project management can be performed with remote teams from different locations. Although there are benefits of collaborating in one location, including team building and accountability, there are also benefits of remote work such as increased flexibility, improved work/life balance, and the ability to retain top talent from anywhere. The key is finding the right balance for your organization to establish a highly skilled team that can deliver exceptional results.
  2. Understanding the importance of change management – often, projects fail not because the project goals and objectives were not delivered but because of employee resistance to follow the new processes and procedures resulting from the project. If employees are not actively involved and buy into the project, they will find workarounds, negating the efficiencies anticipated from the project.  Establishing change management early in the project with a clear communication plan and employee engagement improves acceptance upon project completion. 
  3. Adopting hybrid methodology – most businesses have found that one methodology does not fit all projects; thus, many use different methodologies to achieve results. Although the organization may have one standard methodology, project managers need to know various methodologies to recommend the “right fit” for the current project.
  4. Adjusting to disruptions in the supply change – from people to supplies Covid 19 has disrupted the supply chain, thus making project management more challenging when determining both the project cost and timeframe.  Understanding the risk and identifying alternatives to reduce the risk is more critical than ever.  Before starting the project, the project manager and key stakeholders need to take a realistic view of resource constraints and their impact on the project.

Although the role of project management will continue to evolve, the basics of project management principles will remain the same… to deliver cost-effective projects on time.  If your organization struggles to get the desired results from project management or needs project managers on a flexible basis to complete critical projects, learn more about how Dewpoint can help.

Is your Organization Ready when Disaster Strikes?

It is not a matter if a disaster will strike but when it will strike.  Ransomware attacks, phishing, password attacks, weather, or other types of disasters can shut down or severely impact the backbone of your business – information technology (IT).  Most organizations have an IT disaster recovery (DR) plan in place; however, the plan may not provide the anticipated results when a disaster occurs.  Implementing a robust Business Continuity Management (BCM) program can minimize the impact on your organization. 

 

A successful BCM program includes four areas, with specific activities in each and overseen by governance and program management: 

  1. Crisis and emergency management 
  2. Business continuity 
  3. Disaster recovery 
  4. Third-party risk and contingency management 

 

BCM program provides the foundation to coordinate, facilitate and execute activities to ensure effectiveness in: 

  • Identifying and continuously monitoring operational risks — including internal and external dependencies — and their impacts over time. 
  • Proactively implementing appropriate risk mitigation controls – keep abreast of current risks and threats (both internally and externally). 
  • Implementing response, recovery, and restoration strategies, solutions, and plans  determine the organizationrecovery priorities and critical resources and reevaluate as changes in the environment occur. 
  • Establishing command and control of crisis event responses – determine the organization‘s spokesperson,” including crisis communications. 
  • Debriefing after an exercise or disaster to improve recovery strategies, solutions, plans, and procedures improve the organization’s operational resilience and updates the plans and procedures to apply lessons learned. 

Implementing a BCM program can decrease downtime, lower recovery costs, and lessen data losses when a disaster occurs. It can also keep your most valuable resource – client confidence and data – from impact. Since over 40% of businesses never recover from a disaster, having a BCM program in place will make sure your organization does not become part of the statistic.  Dewpoint consultants can help you design and implement a disaster recovery plan or entire BCM program.  In addition, they can provide an independent review of your current plan to identify gaps and decrease risk.  So contact Dewpoint today before disaster strikes.   

Dewpoint Sponsor’s the Sparrow Health Classic on June 16th

Dewpoint is a sponsor of the 2021 Sparrow Health Classic to raise funds to support extraordinary care.  Sparrow continues to be at the forefront of healthcare technology, with a commitment to improving the quality of care for our patients and community. All proceeds raised will benefit the area of greatest need at Sparrow Health System.  To learn more about the Health Classic and how you can help, click here.

Another Cybersecurity Attack…Is Your Organization Prepared?

Cybersecurity attacks are escalating and becoming more sophisticated.  The latest attack is a wide-scale malicious email campaign operated by NOBELIUM, the same threat actor behind the SolarWinds attack.  The email attack is leveraging a legitimate mass-mailing service, Constant Contact, to masquerading as a US-based development organization, spreading malicious URLs.

Tom Burt, the vice president of customer security and trust from Microsoft, explained how the Native Zone malware was inserted into victim’s computers:

“Nobelium launched this week’s attacks by gaining access to the Constant Contact account of USAID. From there, the actor was able to distribute phishing emails that looked authentic but included a link that, when clicked, inserted a malicious file used to distribute a backdoor we call Native Zone. This backdoor could enable a wide range of activities from stealing data to infecting other computers on a network”.

 It is more critical than ever to make sure your systems are secure and your employees fully understand the impact of opening and clicking on phishing emails. Bad Actors find it easiest to infiltrate systems through email. Risks can be reduced by:

  • Complementing email security technology with user awareness training specifically to educate users on Business Email Compromise (BEC) phishing.  BEC attacks are designed to impersonate senior executives and trick employees, customers, or vendors into wiring payment for goods or services to alternate bank accounts.
  • Implementing standard operating procedures to authenticate email requests for financial or data transactions and other high-risk ad hoc transactions from email to more authenticated systems.
  • Upgrading secure email gateway solutions to include advanced phishing protection, imposter detection, and internal email protection.
  • Implementing Domain-based Message Authentication, Reporting, and Conformance (DMARC) to authenticate email domains and minimize the opportunity for domain abuse.
  • Implementing multifactor authentication to protect against account takeover.

 To avoid becoming the next victim of a cybersecurity attack resulting in substantial financial loss and, more importantly, damage to your reputation, reach out to Dewpoint to discover vulnerabilities in your organization.  More information on the specific Microsoft targeted attack can be found on the US Government website Microsoft Announces New Campaign from NOBELIUM | CISA.

For small and medium-sized defense contractors or public entities within the State of Michigan, Dewpoint is proud to be a pre-approved vendor under both the Michigan Defense Center Cybersecurity Program and the  State of Michigan Cybersecurity program, respectively.