Author: rory-admin

Common tax return scams to watch out for in 2022
The due date for filing your taxes is just 10 days away as of writing, and as tax filers scramble to gather needed information to finish (or start) their filing – scammers are looking for ways to take advantage of the mad dash that occurs for many Americans every year.

The IRS has put together a compilation of scams they’re seeing this year, and they mention that scams may not be limited to the virtual space. Scammers may also call, mail or even show up to your door in person. So, it’s a good idea to be extra vigilant when protecting your PII (personal identifying information).

The “Tax Transcript” scam is one that commonly targets businesses, many employees will use their business email when they sign up to do their taxes and may expect communication from the IRS to come there, but scammers will send fake communications with malware attached instead. Users may click without even thinking twice (especially as email scams of this nature can be very convincing). See below for an example.

IRS Tax Email Scam Example. Credit: https://www.irs.gov/

IRS scam calls are also another common tactic. It’s a good time to reiterate that the IRS will NEVER call you asking for personal information. This news segment found on YouTube shows a scammer in action, these calls may increase as we get closer and closer to the filing deadline. You shouldn’t give out your personal information even if they have things like your address or full name (scammers will often do some research on you before calling).

Another scam aimed at businesses is one where the scammer will pose as a member of the accounting department where you work, they know many people will not question a call or email coming from a work authority. It may be a good idea if you’re a business owner to send out an email or have your accountant contact your employees to mention that like the IRS you will NEVER call or email unprompted requesting private information.

Stolen Identity Refund Fraud or SIRF is a very lucrative business, 2.8 million false returns were filed in 2018 with a potential worth of $16 billion dollars. It’s important to guard the PII information criminals need to file a false tax return on your behalf. Here are 5 steps you can take to safeguard your information:
1. The easiest? Have a good spam filter enabled on your email, that way many of these phishing scams won’t even make it to your inbox.
2. Check emails for signs it’s a phishing scam, we wrote an article on what to look for. Two standouts are an email domain that doesn’t match the sender (an IRS email won’t come from a Gmail account) or links that when you hover on them don’t match where they say they go.
3. Check with the purported sender, if the email looks like it’s coming from within your office network, but the email contents just don’t seem right – follow your gut and follow up with your department.
4. If you receive a call from a number you don’t recognize claiming to be the IRS or the authorities, try Googling the number. Many people will share information about experiences with scam numbers online as a way to warn others.
5. If you’ve already given your PII to a scammer, contact the major credit bureaus to freeze your credit and contact the IRS to report it ASAP. The IRS has steps in place for helping victims of identity theft, the sooner you act the sooner you can put a stop to the scammer’s activity under your identity.
Employee training is the best defense for business owners who want to prevent scams such as these ones as well as other cyber threats from effecting their business. Valley Techlogic offers security awareness training as well as top of line cyber security defense systems as part of all of our technology packages. Learn more today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
April 8, 2022
Five Email Migration Tips & Reasons We Suggest You Make that Move for Your Business
If you’re using a free email service such as Gmail, Yahoo, Hotmail or even AOL – it’s probably time to make the move to using your business’s domain instead.

We understand it can be hard to let an email you’ve been using for a long time go, and there can be some growing pains when you make the switch. Your existing customers and business associates know you by your existing email address, you may have it organized the way you like it. It can seem like a hassle, but there are some big reasons to make the switch.
1. You get what you pay for (in terms of support). Your free email box will also come with non-priority support from your service provider, if you have an issue even if it’s urgent you will still need to get in line with everyone else.
2. It’s a target for hackers. Hackers love free email accounts because their popularity makes them ubiquitous. When they access one used by a business, it’s even better.
3. Your email is more likely to be marked as “spam”. This is because spammers also use free email accounts to conduct their business, so your emails will just get lumped in with theirs.
4. You’re missing out on a business opportunity. Your free email domain doesn’t advertise your business to your customers, it advertises Google, Yahoo, etc.
5. It could be seen as unprofessional. Your customers may wonder why emails from you come from a free email provider instead of your domain, even if they never say it.
Even if we haven’t swayed you to make the change, you can still get your email domain established and try to slowly work it into your work routine to send some emails from that domain or switch some of your business accounts to using that email instead.

If you are ready to make the change, we have five tips for getting started.
1. First, make a list of the emails that will need to be migrated and get those users (and yourself) setup with work domain emails.
2. Next, backup your existing email boxes data. Many free email providers offer a way to backup your data. For Gmail the steps are: 1. Navigate to “Privacy and Personalization” and click on “Manage or Delete Your Data” and click “Download Your Data”.
3. Consider using a service to help with the migration, there are online services for assisting with email migration.
4. Individually save any emails you can’t afford to lose. We suggest saving any especially important emails or their context individually somewhere else. Also, if you’ve been relying on your free inbox to manage important data now may be a good time to think about getting a backup program in place for your business.
5. Consider bringing in the professionals, if you’ve been using your free email account for a very long time and there’s too much at stake if something were to go wrong, we suggest reaching out to a professional team to make this switch for you. They will know how to make the transition as seamless as possible.
Click to grab the full size version.

If your business is located in the Central Valley, we have experts that can assist you with your email migration goals and taking steps to better secure your business’s data. Reach out to Valley Techlogic today to learn more through a 10-minute consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, an IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 31, 2022
Unsure if the person you’re interacting with may be a fake? This Chrome extension can detect fake profile pictures with 99.29% accuracy
As we discussed last week, financial scams may be on the rise in 2022. Social engineering is a pretty common tactic utilized by scammers when it comes to siphoning funds from unwitting victims, but there are some tools you can use to combat it.

Recently a company called V7 Labs has released an extension for Chrome that’s able to detect artificially generated profile pictures, such as those created by Thispersondoesnotexist.com (see below for an example).

The Fake Profile Detector extension can help you detect if a social media profile picture is a fake just by right clicking on it, it’s able to zero in on things you may miss at first glance – such as a pupil that’s not in the right place or clothing that appears to be bleeding into the skin. The extension does not work with video (yet). Also, just to note you should always verify an extension is from a trusted source before downloading it to your browser.

Social engineering scams aren’t limited to just financial scams, they’re also utilized to gain information or to spread misinformation. As AI tools have grown more sophisticated it’s not easy to rely on someone’s profile picture to give you a good indication of who you’re talking to online.

It’s also very easy to create fake profiles using real pictures, even pictures of people you may actually know. It’s typical for the scammer to start the conversation off with they got “locked out” of their main account and would like you to add their new one. You should also confirm with your friends and family before accepting a request from a new account.

Or maybe it was their actual social media account, but a scammer was able to gain access. Sometimes scammers may even leave the password alone. The victim then may not know they have an intrusion, and the scammer just monitors and deletes messages of the conversations they’re having without the victim’s knowledge.

We have created this chart of the top five things you should watch out for when it comes to social engineering scams.

Click to download the full size version.

Social engineering is not limited to just social media sites such as Facebook and Twitter. The most common type of social engineering are phishing attacks, and scammers setting their sites on businesses to take advantage of may have an easier time of convincing a user they are who they say they are when it comes to the more casual relationships we tend to have with colleagues.

We wrote a blog explaining what to look out for when it comes to phishing emails, but at Valley Techlogic we also think this issue can be tackled from a software and training perspective.

The tools we utilized will make sure that much of that suspicious spam never makes it to your end user, and the training we offer to our clients can help them make sure that if an employee does get a spoofed phishing email – they know exactly what to do about it.

To learn more, schedule a free consultation with our sales team today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 25, 2022
As we feared, Ukraine-Russia crisis leads to a surge in cyber attacks
As we’re nearing a month into the conflict between Russia and the Ukraine, cyber warfare between the two countries is reaching an all time peak. We covered the topic of Ukraine’s “IT Army” recently in this blog, and we mentioned growing concerns we’ve seen from users that there may be a spill over effect when it comes to cyber threats.

Cyberwarfare was inevitable as conflicts on the ground continue on, and as Russian hackers feel the “pinch” of the effects of sanctions imposed against Russia, we may see an uptick in financial scams. Especially as both countries have turned to cryptocurrency which can often be used as a safe haven for financial transactions taking place outside the public eye. In the case of Russia it’s being used to try and liquidate funds out of the country and in the case of the Ukraine they’re using crypto to bolster support for their economy.

We have created this chart for the types of financial scams we think may increase in the coming days (though it should be noted, financial scams were already up 70% in 2021).

Click to download the full size version.

However, hackers have also represented a beacon in the war of information currently happening between Russia and the Ukraine. Ukraine’s “IT Army” is now over 400,000 people strong, with hackers from all over the world lending their support digitally in Ukraine’s effort to protect their democracy.

DDoS attacks on government sites with Russian origins as well as document leaks – which includes a 360k file data dump from a Russian federal agency – are continuing to happen regularly. It’s estimate that over 90% of exposed Russian cloud databases have been compromised at this point.

Also, with access being restricted to sites like Twitter and other social media platforms being restricted in Russia, Squad303 is a website that was created by a group of Polish programmers that can help foreigners relay information to Russian citizens. The website founders say that over 7 million text messages and 2 million emails have been sent through the site so far.

We again want to say we don’t know what the outcome of this conflict will be, but it seems clear that consumers and businesses should be wary of the ripple effects that will occur throughout the cyber sector, possibly for years to come.

Business owners who still believe they’re “too small” to be a target should be wary that proceeding with out cybersecurity protections may make them the low hanging fruit for hackers reacting to a state of desperation. Cybersecurity protections are a worthwhile investment in your future and the peace of mind in questionable times is priceless.

At Valley Techlogic, we’re experts in the field of cybersecurity. We can perform an evaluation of your business and tell you where you are now and where you need to be to not worry that your business is “ripe for picking”. Schedule a consultation today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 18, 2022
Our Five Best FREE Resources Ranked
At Valley Techlogic we believe educating our community on internet safety and providing concrete goals for businesses in our area to help improve their cybersecurity measures whether or not they’re covered by a Valley Techlogic plan is a valuable resource our company can provide to make us all a little safer online.

We’ve provided quite a few free resources and reports over the years, and we couldn’t help but notice which ones really have struck a cord with our audience.

Here are our top five free resources and reports, ranked by popularity. Bonus, you can grab all of these right from this page, still absolutely free.?

#5 The Data Contingency Planning Report

Our Data Contingency Report tells you EXACTLY what you need to have a solid plan for backing up your business’s files. Click to grab the report now instantly.

#4 The New IT Provider Checklist

Our New IT Provider Checklist lets you check off the MUST have for your new IT provider. If they don’t cover one or more of these items, you should keep looking.

#3 Our Section 179 Guide

Our Section 179 helps you get the best tax benefits from the tech purchases you make for your business. We’ll have the updated 2022 version available later this year.

#2 Our Cyber Security Framework Overview Report

Our Cyber Security Framework Overview Report goes over in plain text a number of popular frameworks, CMMC, HIPAA and more.

#1 Our Cyber Security Checklist

By far our most popular resource, this no nonsense checklist gets straight to the point on what you need to be fully covered from cyber threats.

To receive these resources and more, reach out to us to be added to our mailing list. That way you’ll be the first to receive tech tips, free reports and resources and more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 11, 2022
How the war in the Ukraine is being fought on the digital front
We’ve all been exposed to the ongoing crisis occurring in the Ukraine as Russian forces have made their way into the country and are heavily attacking major Ukrainian cities as they attempt to gain control of the capital city of Kyiv, causing nearly a million Ukrainian citizens to seek shelter in neighboring countries as of the time of writing.

The Ukrainian forces have been inspiring the world as they defend their country from this unprovoked invasion, and that defense is also occurring on the cyber front. We’ve reporting ourselves from time to time on Russian hacking gangs and their effects on the US. The Ukraine is not only defending their digital infrastructure during this war, but they are also responding offensively with what’s being dubbed the “IT Army”.

These volunteers to the Ukrainian government are conducting attacks on Russian led websites – some of which are currently serving propaganda on what’s really happening in the Ukraine to Russian citizens – and bringing those websites down. These also include sites belonging directly to the Kremlin and the Russian Ministry of Defense and more.

DDoS attacks are also occurring on Russian targets, being conducted by the hacker group Anonymous. They’ve made claims they’ve succeeded in taking down 1,500 Russian led websites and dumping more than 40,000 private Russian files on the Dark Web, including ones that came from the countries Nuclear Safety Institute.

SpaceX has also jumped into the fray, responding to pleas from the Ukrainian government to add Starlink as an option to keep necessary internet services online in case of a Russian disruption to the service. SpaceX quickly delivered 48 Starlink satellites with more on the way.

Also, in a move that’s literally slowing things down inside of Russia, it was discovered that a Russian led company had outsourced the main component of their EV charge stationed on along a major motorway between Moscow and St. Petersburg. The Ukrainian company that built the components used a backdoor to hack the machines, shutting them down and displaying anti-Putin messaging on the screen.

The Ukraine’s IT Army is also requesting assistance through the use of a Telegram channel belonging to the group, which as of time of writing has over 275,000 users. The IT Army is providing live updates on successful attacks on Russian led targets as well as attempting to communicate with Russian citizens as Russia leads a disinformation campaign has tried to unsuccessfully stifle public outage on this war.

It’s unclear what the outcome to the ongoing conflict will be at this moment, but this is an unprecedented moment in time marking the first time a war has a significant public digital elements involved. We’re all aware at this point of Russia’s hacking capabilities, but it will be interesting to see if their abilities are strictly offensive as they’re now on the receiving end of the attacks.

We’ve created this timeline of notable Russian hacking gang linked cyber attacks that have occurred against the US and other countries in the last 15 years.

Click to view the full size version.

We want to make a note that there has been some concern that this ongoing war between Russia and the Ukraine may lead to more cyber attacks on the US as the Russian economy has been significantly destabilized by sanctions enacted against Russia as a response to their attack on the Ukraine.

We’re uncertain if this will end up being the case, but if you’re having cybersecurity concerns for your business or just need some peace of mind, we would be more than happy to provide a consultation. You can schedule one here.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
March 3, 2022
5 Ways You Can Prepare Your Technology (and Your Employees) to Return to the Office
Whether your employees are still mostly remote, or you’ve moved into a hybrid setup, many employers are looking to return to business as usual as COVID numbers drop and speculation increases that we’re moving into the endemic phase of this illness.

We covered this topic much earlier in the pandemic, and we still agree with the advice we gave for prepping employee devices before bringing them back into the company network. We’re all aware of the waffling opinion about whether offices are really necessary or remote work is the wave of the future.

For some businesses the collaboration that occurs in person just couldn’t be replicated remotely, while others found that their employees were even more productive when not subjected to the hustle and bustle of office life. These choices are best made on an individual company and even individual employee basis.

We do think it’s a good idea to offer some more sound technology advice for returning to the office, even if you’re only considering the idea for now.
1. Check on your office network: If your office has been mostly unused the past couple of years, or only lightly used, it may be a good idea to make sure your network can still support your whole workforce. Employees coming in the first day and being unable to get online would be a poor way to kick things off.
2. Think about your existing technology structure as well: Has a server become unreliable in the time you’ve been away, or your current backup solution handles small uploads fine, but your entire staff would overload it? It’s a good idea to perform these upgrades before welcoming employees back.
3. Don’t switch the current workflow all at once: If there are systems in place that have been working throughout your time spent remote, don’t immediately switch back to “how things used to be”. It’s a good idea to evaluate whether the new systems and processes are perhaps better than the old ones too.
4. Also be sure to check incoming devices before allowing them on the company network: As we said in our previous article, devices that have been allowed outside of the office should be checked prior to coming back and logging into sensitive work systems. Hackers know how to bide their time so just because a device hasn’t shown any signs of malware doesn’t mean there is no malware.
5. Finally, now is the best time to bring in new assistance: An event such as returning to the office, or moving offices marks a great time to bring in technical assistance. A technical provider can help you get past where you are to where you want to be.
Is your office planning to stay hybrid or continue remote? Even if you’re not returning back to the office – now or ever – we’ve created this template of online safety tips your employees should keep in mind. Whether it’s with a company device if you allow it to be used personally during off hours or just for keeping their home network safe (because malware can spread).

Click to download the full printable version.

In the office, remote or anything in between, Valley Techlogic can assist you with getting the most from the technology you use to facilitate running your business. Learn more with a free 10 minute consultation.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
February 24, 2022
CMMC Series: The Consequences for CMMC Non-Compliance
You may have thought we finished our series on the Cybersecurity Maturity Model Certification (CMMC) program, but we would be remiss if we didn’t cover the consequences and penalties for not complying with the program if you’re a current Department of Defense (DoD) contractor.

You may be thinking there’s a window to wait and see while rulings proceed on version 2.0 or have seen dates such as 2025 thrown out as the goal post for when the program will be completely finalized. Or maybe you’re just hoping the whole thing goes away, we get it. Looking at all of the controls and tiers can be overwhelming if your business is new to implementing cybersecurity measures.

However, the program is here to stay, and your business will be much better equipped to meet the requirements if you begin working on them now. There is a waiting list already for those wishing to obtain their certification earlier, and we expect the wait times to only grow as nearly 40,000 businesses who must comply with this program rush to get their certification before losing eligibility for existing contracts.

Beyond existing contracts, having your CMMC certification will make your business more competitive when seeking new contracts with the DoD. Progress towards CMMC is an investment in your business’s future, and it also meet the goals of the program which is protecting businesses from cyber threats.

So, what are the consequences for not working on CMMC compliance now, or in the future?

The DoD has said that all Defense Industrial Base (DIB) contractors must be compliant by 2025. There are no direct monetary penalties or fines for not being compliant at this time, however your business will no longer be eligible for defense contracts if you have not successfully completed your accreditation by that date.

Three years may seem like a long time but when you look at the scope of what’s necessary to be compliant with CMMC, it’s really a short window to get your ducks in a row. Tier one could be accomplished relatively easily by most businesses, but if your business handles any Confidential Unclassified Information, you’re really looking at a goal of tier three moving forward (or tier two if/when version 2.0 is released).

That’s also not counting the time spent in a waiting list for a member of the CMMC Accreditation Body to actually complete your assessment, you will need to work on your self-assessment status and POAM (Plan of Action and Milestones) prior to getting on the waiting list for CMMC accreditation.

It’s also important to note that your self-assessment must be confirmed by company leadership, it’s not enough to simply have your IT person or team complete the self-assessment and submit it.

The DoD has said they will randomly test contractor compliance and see if it matches what the contractor has inputted into Supplier Performance Risk System (SPRS). SPRS is a necessary requirement for being compliant with Defense Federal Acquisition Regulation Supplement (DFARS) which many contractors may already be aware of. They will be looking to see if your disclosures for DFARS in regards to CMMC/NIST match.

Submitting false information could make your business at risk for running afoul of the False Claims Act (FCA), which could leave you liable for civil fines and penalties. There is even a program in place to reward whistleblowers who bring to light businesses who are falsifying information about their cybersecurity practices on these forms.

This is all so much to say as there are significant risks involved with ignoring CMMC and we suggest you begin working on it now or we’re afraid you’ll be paying for it later.

If you need assistance with working on your CMMC accreditation, cybersecurity practices and compliance, DFARS forms or more – Valley Techlogic can assist you. Schedule a consultation today to learn how we can help your business meet your CMMC compliance goals for 2022.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
February 18, 2022
If you enabled 2-factor authentication on your Google account recently, your odds of being hacked dropped by half
Google began requiring 2-factor authentication on some user accounts this past year, and while there’s always some inconvenience involved in making that switch the benefits definitely outweigh it.

Google enrolled 150 million members in the last three months of 2021 in their 2-factor authentication program, and they’ve found that instances of accounts being hacked dropped by half for those users.

Google utilizes two-step verification, or 2SV which involves having a login challenge beyond a simple password entry. This may be a message in Google’s own authenticator application or a hardware security key depending on user preference.

Google said in their blog post on the topic, “This decrease speaks volumes to how effective having a second form of verification can be in protecting your data and personal information, turn on 2SV (or we will!), as it makes all the difference in the event your password is compromised.” Indicating Google’s plan to initiate the requirement across the board in the near future.

The hesitancy with users to utilize such an effective security measure seems to stem from inconsistent implementation as well as a general lack of education on the topic. We thought it would be helpful to present this “cheat sheet” on multi-factor authentication and other cybersecurity acronyms.

With breaches being ever more common, having that additional step past just a password before a hacker can access your account can make all the difference. A password you use across multiple website (which is also a bad idea) may be leaked without you even being aware of it, and the prompt from a multi-factor authentication application may even be your first clue that your accounts are being accessed by someone other than yourself.

Google’s own authenticator is found on the Play Store and the Apple App Store and is a solid option, however we suggest users use whatever they feel most comfortable with or whatever is offered by the the websites they frequent (especially for important sites like banking or for work related web portals).

To add to your security effectiveness, we suggest using a password manager as well so you can work on having more varied passwords – especially for sites that don’t currently offer multi-factor authentication as an option.

If you’d like tangible security, hardware security keys are a good option and many of them have widespread support for your online accounts such as email, social media, or even your password manager (adding another layer).

Your devices also probably come with multi-factor security options built in, we’ve been pleased with the implementation of Windows Hello for Windows devices (even when we’re bleary eyed in the early morning, it always seems to recognize us). Fingerprint scanners for mobile devices have also come a long way and is a pretty convenient (and secure) way to keep access to your phone limited to just you.

If you’re a business owner in the Central Valley and want to embark on the process of enabling multi-factor authentication within your business, Valley Techlogic can help. Our security experts can help you with enabling multi-factor authentication within your business as well help you meet your cybersecurity compliance goals. Reach out to us today to learn more.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
February 10, 2022
CMMC Series: Preparing for your assessment
This is our fifth article on this topic and as we bring it to a close, I’d like to first look back at what we’ve covered so far.

We started the series looking at what’s ahead for the Cybersecurity Maturity Model Certification (CMMC) program in 2022. Then we covered tiers one, two and three as they exist in the current 1.0 model of the program. We’re anticipating that tiers two and three will be merged going forward as version 2.0 rolls out (placing a larger burden on defense contractors looking to scale past the beginner controls in tier one and become more competitive in the marketplace).

So, if you’re reading this you’ve hopefully begun the process of implementing the controls within your business and are thinking it’s time to begin the process of obtaining your certification. There are several steps that come before actually obtaining your certification (although it should be noted that the CMMC Accreditation Body is currently in the process of hiring and waiting lists for certification could be lengthy at this time). The sooner you begin implementing the CMMC controls within your business, the sooner you can attempt to get on the waiting list to receive your certification.

The assessment process will follow these steps:
1. You will need to begin implementing a plan for CMMC within your business, and conduct a self-assessment against the NIST 800-171 (or partner with a provider like Valley Techlogic to assist you with this).
2. As you improve your processes you can submit your score to the Department of Defenses’ (DoD) Supplier Performance Risk System (SPRS).
3. From there you will need to identify the scope you wish to obtain for your business (it’s our opinion maturity level 3 will be required for most defense contractors in the future).
4. Obtain a third-party gap assessment, this will show you where your business is and where it needs to be to achieve your goals.
5. After addressing the gaps found in the assessment, you can look to the CMMC Accreditation Marketplace and choose a CMMC Third-Party Assessment Organization (C3PAO) to conduct your CMMC assessment.
6. The CMMC Accreditation Body will review the assessment submitted by your C3PAO and award you your CMMC certification.
Of course, this is boiling down many months (or even years) of preparation into what looks like 6 easy steps. The process will be time consuming and potentially costly, but for those who wish to continue doing business with the DoD it’s a necessary investment in the future.

As we’ve mentioned in past articles on the topic, defense contractors who refuse to comply with the CMMC process will no longer be eligible for defense contracts in the future. Beyond that, if you reach a higher level of certification, you will be in a better position to receive more contracts as it will be used as a comparative tool going forward.

If you’re like assistance with the CMMC self-assessment process or preparing for your CMMC AB assessment, Valley Techlogic has experience in this area. We have helped businesses begin the process of becoming CMMC ready, if you’d like to learn more schedule a consultation with our experts today.

Looking for more to read? We suggest these other articles from our site.
This article was powered by Valley TechLogic, IT service provider in Atwater, CA. You can find more information at https://www.valleytechlogic.com/ or on Facebook at https://www.facebook.com/valleytechlogic/ . Follow us on Twitter at https://x.com/valleytechlogic.
February 4, 2022