Issue link: https://iconnect007.uberflip.com/i/1472190
16 SMT007 MAGAZINE I JULY 2022 It's amazing what you'll find with something that simple, "Here's my network. Go find what you can," and it will scan the entire network and look for vulnerabilities. Remote Networks Matties: We've been talking about facilities, but in this remote work environment, we have to rethink cybersecurity. Now you have all these home networks connected to your network as well. What advice are you giving companies regarding that? Patel: For customers who are running remotely, we've set up virtual desktops that give them connectivity to their workplace. When the pandemic first hit, those who were thinking ahead had virtual environments set up so that even if an employee works from their home- based computer—not a company-issued com- puter—it's still safe. To log into their system and do their work, they must log into a virtual desktop. A virtual desktop is controlled; it has the security controls in place by the company, even if they're using their Microso home computer without any security in place. For those who are really working from home, look into a virtualized desktop, and leverage net- work security that you can control vs. relying on the home user's PC to keep the company data secure. The CMMC Planning Strategy Johnson: Manufacturers are facing staffing shortages. It's becoming a good argument to automate, add the sensors, and make facto- ries more digital because they may not be able to hire all the staff that they want. At the same time, they need to be adding additional secu- rity and working on their certifications so they can continue to keep their customers and their top line revenue. ose two requirements really are at odds, but it makes a very strong case that you need to have a very consistent, measurable, documented cybersecurity pro- cess, especially for CMMC. Patel: Yes, I think it can be simple. It doesn't have to be this 100-page cybersecurity docu- ment. Level 1 has 17 requirements which are the basis of cybersecurity hygiene. It's not as onerous as people think. Now with the Level 1 certification, the basic questions are: • Who has access to what? • Do you have an inventory of the systems running in your environment? Basic hygiene doesn't have to be an extrava- gant cybersecurity document. Now, when you get to Level 2, there are more requirements; absolutely you should have a cybersecurity program, or work with a com- pany which can monitor these things for you. At Level 1, you need to have only the basics in place. Understand what policies and proce- dures must be there. When deploying a new user PC or equipment, for example, you must consider: • Do you have a checklist? • Have you verified the firmware on the equipment or whether security soware patches are installed? • Is a computer being deployed? • Does it have the basics in place like malware protection? • Has the user been trained for security awareness? Depending upon your specific situation, it could be as simple as that. It doesn't have to be something only a cybersecurity professional knows how to interpret. Keep it simple; take an inventory of all the devices running on your net- work and ensure the users have been trained. Next, are your systems physically secured? If you have servers onsite, do you have a lock and key to the server room? Who has access to your ERP and what roles do they have? Does