The Greentree Group is a CMMC Registered Provider Organization (RPO)

We are now a Cybersecurity Maturity Model Certification (CMMC) Registered Provider Organization (RPO) authorized by the CMMC-AB.

This new achievement solidifies our position as a leader in CMMC compliance solutions and services meant to protect government data in defense contractor systems. According to the National Accreditation Board, CMMC-AB is an independent accreditation body “responsible for establishing, managing, controlling, and administering the CMMC assessment, certification, training, and accreditation processes for the Department of Defense (DoD) supply chain.” Our new Registered Provider Organization (RPO) status reflects our commitment to the CMMC Accreditation Body (AB) code of professional conduct. It allows our company to provide advice, recommendations, and consultation to our customers as they seek their own CMMC-AB certifications.

Since 1993, The Greentree Group has been providing comprehensive professional services and technology solutions to small and medium-sized organizations, including:

Cybersecurity solutions
I.T. Support
Cloud Solutions
Technology Strategy

We offer a suite of comprehensive business technology services to include solutions which support Cybersecurity Maturity Model Certification (CMMC) compliance. Our team of cybersecurity experts assist defense contractors in becoming CMMC audit ready by implementing technical solutions and developing documentation and policies required by CMMC. In addition, we provide options for ongoing services to maintain compliance after certification.

CMMC SUPPORTS IT MODERNIZATION AND SUPPLY CHAIN SECURITY

CMMC is a new cybersecurity compliance standard that will be required for contractors to bid and win DoD contracts. The Defense Federal Acquisition Regulation interim rule took effect on November 30, 2020 and initial assessments are expected to begin in calendar year 2021.

CMMC-AB authorized RPOs provide advice, consulting, and recommendations to their clients. They are the implementers and consultants, but do not conduct Certified Assessments. They understand the CMMC Standard, and are qualified as:

Aware – Employs staff trained in basic CMMC methodology
Registered Practitioner Staffed – Offers CMMC trained consultative services
Targeted – CMMC assessment preparation
Trusted – Bound by a professional code of conduct

View our listing on the CMMC-AB Marketplace!

Ready to learn more? Our team of cybersecurity professionals would be happy to provide more details about the CMMC requirements, and what they mean for your business. Contact us today!

7 Cybersecurity Tips for SMBs

7 cybersecurity tips for small and medium-sized businesses (SMBs), brought to you by Back To Business I.T.

Antivirus and Filters

Scanning your systems regularly to detect malware and potential vulnerabilities should be at the top of the list when it comes to cybersecurity measures. Putting web and email filters in place can help block nefarious traffic and messages from ever reaching your systems.

Restrict Access

Along the same lines of defense as Antivirus and Filters, use restrictions to limit staff access. The same way you restrict departmental access depending on where a person works, it’s a good idea to implement internet restrictions. This way employees are limited to the websites they can access on company computers – and thus lessen the risk that they’ll wander into some dark alley on the internet.

Train Your Staff

One of the biggest cybersecurity risks any company faces is its people. To err is human, right? And err we do. Phishing emails are the most common cyberattack, and how over 90% of successful breaches begin. Educate your staff on best cybersecurity practices. Our cybersecurity awareness training offers not only educational materials, but simulated training exercises to test employees’ preparedness in a safe sandbox environment. Contact us to learn more.

Step Up Your Authentication Game

Setting up multi-factor authentication means that system access has a two-layer protection. Requiring both a password and a pin, for example, will likely reduce your risk of unauthorized access. Much like having biometric and pin or pattern access on your phone protects your data from prying eyes – two-factor authentication on your systems can keep your data safer.

Patch and Update, Faithfully

Clicking that ‘update later’ button is usually a bad idea. Updates ensure your system has the latest information on potential vulnerabilities. Patching does just that – patches certain ‘holes’ or fixes bugs in the system. This is part of why it’s critical to use up to date hardware/software – so you can be sure the manufacturer is working constantly to keep it as secure as possible.

Back Up Your Data

In the case of a breach, having your data backed up can make the difference between paying the ransom or not. Cybercrime isn’t the only reason to back up your data though – as other events can affect system functionality and disrupt your business. In the context of cybersecurity, it can give you the upper hand. If your data is securely backed up, there’s usually less down time in the event of an attack.

Have a Cybersecurity Policy in Place

All the good intention in the world won’t take the place of a solid information security policy. Make sure your staff is aware of the processes and best practices for cybersecurity in your company. You’ve worked hard for your business, protect its future.

Here at Back To Business I.T., we’re a business too. We have the same concerns and face the same challenges. Our customizable solutions are meant to change as your business grows – fitting your needs, and your budget. Take your business to the next level with a technology partner you can trust. Contact us today!

Managing Your Digital Presence by Updating Privacy Settings

Do you still have a MySpace, or a Xanga? There are probably a few accounts out there that you no longer use – and probably didn’t remember you had. But they are still part of your digital presence and should be monitored. How do these old accounts pose a cybersecurity threat?

Easy Targets: Well, old accounts usually have outdated privacy settings. That means cyber-criminals could be using your personal information to build a social-engineering profile for you, making it easier to target you in phishing or spear phishing attacks. If they have info on your subscriptions, memberships, likes, affiliations, etc. they can make their phishing bait emails much more believable.

Data Leaks: Let’s say your privacy settings on those old accounts are locked down tight. How robust is that website’s security? How easy is it for cyber-thieves to break in and steal it? Chances are, websites or services that aren’t widely used anymore aren’t going to have the most up to date information security measures in place. Do you really want to risk it?

Optics: Another reason to clean up your old accounts may be simply to moderate the content that’s out there. As we all know, the internet is forever. When we post a comment, publish an article, or share a photo, our name is tied to that media until we delete it. Do you have accounts with NSFW photos, comments, or content? A quick search on any search engine should reveal content tied to your digital identity. Is there something you don’t want shared?

So go ahead, take a stroll down your memory lane on the internet and see what you find. Deactivate accounts you no longer need, manage old content and how it’s shared, and enjoy the peace of mind.