Issue link: https://iconnect007.uberflip.com/i/1440051
50 SMT007 MAGAZINE I JANUARY 2022 basic protection of your digital environment and processes before most of your competitors do. at might sound like a lot, but it's essen- tially taking an inventory, identifying the most important items and biggest threats, and safe- guarding them appropriately. It's Just Baseline Security Instead of looking at CMMC as yet anoth- er set of regulations, we encourage our clients to see it as a description of baseline security— similar to the way ISO sets out basic quality standards. You might be ISO certified already, without regulations telling you to be. You do it because it's a good practice, and your custom- ers expect you to have it. CMMC is not much different. Certification will show your customer base that you have taken the steps necessary to protect their data and your own operations. e protections nec- essary for Level 1 certification will be all that most of you will truly need. ey amount to basic risk avoidance, not that different from requiring hearing protection, safety glass- es, or safe processes in your production envi- ronment. We can take potential customers on tours of the shop floor, but not the digital sub- floor, so to speak, on which operations rest. Because we can't visualize our networks, it's hard to see risks in them—until something hap- pens. But what if we could see? Imagine your budget spread- sheets, payroll in- formation, confi- dential client files, or other mission critical documents were only available in hard copy. Would you keep them piled in front of an open window, stack them next to a fire- place, leave them in the hands of a dis- gruntled employee, or give them to someone you bumped into on the street to deliver to your customer or accountant? If you saw any of these things, you'd stop everything and make sure these key items were locked in a fire- proof, water-tight safe to which only you and a few trusted staff had the combination. What I'm describing might sound ridicu- lous, but I assure you it is not. We see these is- sues regularly on networks of companies large and small, but that is because we can see in the digital environment in a way most manufactur- ers simply cannot. e hard truth for the leaders of manufactur- ing organizations—especially those that serve the DoD—is this: You might already be safe, and you might not. Take Strategy-Level Action e risk is in not knowing what you don't know. I'm not suggesting you should become a technology expert on top of what you already do—not at all. I am suggesting that your digital operations should get strategy-level attention, as in a well-thought-out business continuity or disaster recovery plan that includes protecting your data. If you and I were meeting in your office right now, I'd be asking you three key questions: