Browsed by
Author: MTC POV

You’ve Qualified for a PPP Loan, Now What? How to Avoid Non-Compliance as You Begin to Utilize Funds

You’ve Qualified for a PPP Loan, Now What? How to Avoid Non-Compliance as You Begin to Utilize Funds

As a small business, you may have qualified to receive a piece of the Paycheck Protection Program (PPP) funds that were allocated by the Small Business Administration (SBA) in response to the economic disruption caused by the coronavirus (COVID-19) outbreak. In addition to bolstering cash flow, SBA’s PPP will also forgive loans if all employees are kept on payroll for eight weeks and the funding is utilized specifically for payroll, rent, mortgage interest or utilities.

This past Monday, SBA reported that it had successfully processed more than 100,000 loans from more than 4,000 lenders. Assuming your small business was able to quickly turn around the application, it’s likely you received your funding (or it may be on the way as the SBA preps to process PPP round two – as an additional $310 billion in funding was granted by the SBA this week).

As organizations begin to put this funding to use, it’s imperative that the requirements for where, when and how you use these funds are top of mind as the fear of non-compliance looms. Taking necessary actions now can assist your small business down the road to reach forgiveness – you don’t want a loan (and neither does the bank at these low interest rates), you want forgiveness.

  • FORGIVENESS SURROUNDING EMPLOYEES
    • As referenced prior, one stipulation regarding the PPP loan forgiveness states that “SBA will forgive all loans if all employees are kept on payroll for eight weeks and the money is used for payroll, rent, mortgage interest or utilities.”
    • It’s important to note that the eight-week period that is referenced commences on the exact date that the PPP funds are received.
  • PAID OR INCURRED – BE CONSISTENT IN THE APPROACH
    • The law states that costs must be paid or incurred, which could be two different things depending on timing. For ease of reporting, and to best match up cash flow, it’s likely best to track things on a cash basis.
  • ENSURE RENT, UTILITIES, MORTGAGE INTEREST ARE PAID AND UP TO DATE
    • No more than 25% of the forgivable amount of the loan can be attributable to these non-payroll costs.
    • If your facilities costs include common area maintenance, do your best to get billed by lessor or estimate and pay.
  • CONSIDER PRE-FUNDING BONUSES TO EMPLOYEES THAT WOULD OTHERWISE BE ENTITLED
    • If possible, consider matching contributions to retirement plans, such as 401(k) even if on a discretionary basis. You could also provide additional Health Savings Account (HSA) funding.
  • COMPENSATION IS LIMITED
    • Keep in mind, as a small business you are limited to no more than $100,000 (annualized) for one employee. This works out to $15,384 of compensation during the eight-week period.
  • KEEP TRACK OF HEADCOUNT
    • If you have had a recent reduction in employee headcount, consider bringing those employees back by June 30, 2020. They will count as Full-time equivalent (FTE) for the entire eight-week covered period.
  • SETUP A SEPARATE BANK ACCOUNT
    • While this is not required, it makes this significantly easier for inflow/outflow tracking purposes as you begin to use funding
    • Support for expenditures will need to be shown, but one dedicated account will make this process more painless.
  • NO DOUBLE DIPPING
    • If there are employees on your payroll that receive their salaries in the form of a government grant, they need to be excluded from your total employee count.
  • SOCIAL SECURITY TAX DEFERRAL
    • The Internal Revenue Service (IRS) has clarified that employers receiving PPP loans (that have not have been forgiven), may be able to take advantage of the Social Security tax deferral, without incurring penalties, until the date on which the lender issues a decision to forgive the PPP loan.
    • The tax that is deferred prior to the loan forgiveness date is due under the applicable dates provided in the statute (50% by December 31, 2021 and 50% by December 31, 2022).

Read more on: Assurance & Advisory | Income Tax Services

Top Digital Trends for Life Sceience Business in 2020

Top Digital Trends for Life Sceience Business in 2020

Life science and health care is the industry which is a late adopter of digital innovation but never left untouched by this. For life sciences companies who are looking to transform digital technology, here are the latest tech trends they should focus on.

 

Artificial Intelligence/Machine Learning

One of the biggest challenges for life sciences companies is the time it takes to develop a product or drug, it varies from 7-10 years.  A lot of this time is spent in reviewing and analyzing data, which can be reduced by using AI and ML. Researchers are focusing on writing AI scripts that can analyze the structures and unstructured data and present the meaningful value to the research community so that they can make faster decisions. AI can be used to select the right patient and sites for clinical trials to accelerate the trial process. Using AI and machine Learning, you can train the system to analyze people, drugs, trial results and regulations to expedite the drug delivery process. 

 

Automated Data Extraction

Data extraction is a critical step for life science companies and regulatory agencies. Companies can use automated scripts to read relevant research data, historical trends to make better business decisions. Regulatory agencies can use it to read the submitted data and analyze it and make decisions like who to send the data for review. Regulatory agencies can use this to inform the drug manufacturer or public as well about the safety concern of a drug or ingredient. 

 

Natural Language Processing

Reading unstructured data and understanding it in context of language and research has always been a challenge for life science companies. Additionally, companies that are submitting drugs in multiple markets have to face the challenge of translating content and labels in different languages. NLP can help this, It can be used to read unstructured data like texts, comments and data collected from kiosk in context of the scenario. NLP can be combined with machine learning to train the system and extract the right meaning. 

 

Blockchain

Managing and securing data is big for life science companies. Blockchain seems to be the right solution for clinical trial, drug delivery and supply chain management. It can be used to secure patient health records, trial outcomes, historical data, communication among stakeholders, and other related data. Some blockchain platforms are being launched to cater to the life sciences, there is more need to understand the use cases and come up with the right solutions.

 

Mobile Apps /Wearables for Data Collection

Last 10 years have seen an explosion in mobile apps and wearable for health and fitness. Life science companies were initially slow to adopt to these technologies, however, they are focusing more on this now. It really makes the clinical trial process faster and accurate. You can give apps and wearables to patients to gather the data in real time and make the right decision. Overall, these technologies make the process faster and less costly. 

Piyush Jain is CEO and Founder of Simpalm, a custom software development company based in Bethesda, MD.

Posted by
Piyush Jain
Author Bio
After graduating from Hopkins in 2006, Piyush Jain set out on the path of tech entrepreneurship and founded two companies, Simpalm and Ducknowl in Maryland. His interests are digital tech, IoT, Mobile apps, AI, machine learning, and blockchain.
Let the Data Talk

Let the Data Talk

“Let the Data Talk”

Nick Vass, J29 Inc.

 

 As companies continue to navigate through unchartered territories in remote work environments, it’s important for some of our teams to stay true to the countless acts that led our success to where it is. While the way we do business has been changed in the moment, the question of how we came to that decision-making process will stay true – by letting data have a seat at the table.

 

What does this mean? For our team at J29, we like to live by the phrase, “let the data talk.” While cliché at first, it’s important for us to stay true to our model of data driven decision making. From the time I first joined J29 to now, there are some key attributes that stand out:

  • Robust emphasis on collecting several fields of data
  • Consistent investment in improving our tools and skills to comprehend that data
  • Commitment to making data widely accessible
  • Office-wide willingness to listen to data-driven ideas that come through any level of our organization

Lastly, the continuous dedication to decisions being driven by data has always been an ongoing improvement. Simply put, our team strives to make sure that data silos are addressed and resolved before critical problems arise. Data silos can be cultural, technological, or even structural-based inadequacies in any department or organization. More times than not, a silo in place causes wasted resources and limited productivity to take care of a company’s most important asset – data.

 

Data silos prevent teams from seeing the bigger picture, and more importantly being able to have continued data-driven decision making. For J29, a data silo can prevent us from recognizing a security threats sooner and analyzing traffic for unusual patterns. By definition, a data silo is when only one team is able to access a certain data set or source of that data – creating inefficiencies when cross-collaboration and wide-spread project involvement is necessary.

 

Currently, J29 is supporting a state-of-the-art data consolidation project revolving around integrations to the State of Maryland’s new Total Human-service Integrated Network (MD THINK) platform. This revolutionary platform will be the first of its kind in the United States, thus solving a data silo issue of Maryland’s Social Service Administration, Family Investment Administration, and Child Support Administration not being able to cross reference data sets in dire times of need. Prior programs were buried deep in conflicting architectures, resulting in massive spending’s on maintenance and restrictions for modifications. Coming full circle with J29’s MD THINK works, the importance of having data drive your team is validly crucial to success. In the case of Maryland, a joint human-service decision to having data on a single, integrated platform will allow user groups access to a modernized cloud-based platform – eliminating duplicate data entry and creating a streamlined eligibility enrollment process.

 

When the final whistle sounds on developments and integrations, over 30,000 Marylanders will have access to more than 65 application environments and 30 AWS products – eliminating previously restricting data silos and allowing data-driven decision making to lead health and human services throughout Maryland.

 

In conclusion, for J29 we consider data to have a consistent seat at the “table” that allows for our team to deeply analyze where our decisions could, or could not carry us. Our company’s strong commitment to data-driven decision allows a deeper comprehension into what is truly going on and allowing our decisions to be targeted and fact-based, rather than theoretical and estimated.

Posted by
Nick Vass
Author Bio
Nick is responsible for overseeing J29's strategic development opportunities with partners serving in the government, and commercial sectors
A Fit Agile Framework

A Fit Agile Framework

A Fit Agile Framework

By Millie Paniccia

I’ve dedicated the last 18 years of my professional life to working in commercial software product development environments—from employee to executive. As the current Managing Partner of an advisory services firm, I have seen just about all there is to see in business, working with startups whose employees range from three to large organizations that have tens of thousands. Nowadays , I spend most of my time helping organizations with product delivery issues improve, scale or prepare for IPO.

I have learned that regardless of industry, organization size, or belief in an organization’s individuality, most of these environments actually have a lot in common—including teams comprised of good people with good intentions. Unfortunately, most of these teams are lacking a common framework in which to operate.

I believe that an Agile framework is much better than how we used to get work done. I have found that the application of Lean Agile principles with consistency, just like a good exercise regime, can transform how product is delivered to market.

How to Get Your Agile Principles In Shape

Extensive writing already exists defining Lean Agile principles and my intent is not to re-write these articles. The Scaled Agile Framework (SAFe ©) website and texts are an excellent resource on this topic. While all of the Lean Agile principles have value and importance, I have found organizations are most likely to get in shape and stay there, by staying mindful of the following.

  • Sometimes the only way to get into shape is to re-train teams, together
  • People really are doing their best 
  • Product and engineering need to be in the boat together

To read the full article click here https://www.tecveris.com/resources/getting-your-agile-framework-into-shape/

 

Posted by
Millie Paniccia
Author Bio
Millie has led PMO, Help Desk Operations, Software Development, QA and Product Development teams. Millie is a certified Scaled Agile Framework SAFe Agilist and strategic leader in Lean Agile adoption.
10 Ways to Protect Your Business Against Cyber Attack

10 Ways to Protect Your Business Against Cyber Attack

Best Practices for Fortifying Your Organization Against Cybercriminals

protect your business from cybercriminals

The connectivity of today’s employees has left executives unable to overlook the cybersecurity of their organization any longer. It’s no longer a question of if your business will be targeted by cybercriminals, it’s now a matter of if your cybersecurity precautions will fail you. Cybercriminals have reached a new level of sophistication – they can attack your infrastructure at all times of day, using automated algorithms, making it nearly impossible to keep them out all of the time. Staying current with your technology and processes is the only way to protect your business from harm.

To learn more about IT best practices for your organization, please click here!

Unsure of where to start? Begin by discussing our top 10 Cybersecurity Best Practices with your IT resource to ensure you have a solid foundation in place – and build up your defenses from there.

Top 10 Best Practices for Fortifying Your Organization Against Cyber Attack

  1. Backup, Backup, Backup!

Put in place a hybrid strategy for backing up your data – ensure that you have both a local backup and a cloud solution in place in case of disaster. Backups should be tested regularly, and should be performed no less than once per day. Ideally, your organization’s backup should be performed once every hour for premium recovery.

  1. Put a Strong Firewall in Place

With your employees accessing the web day in and day out, controlling the flow of internet traffic coming in and out of your business is crucial. A strong firewall is a vital asset in your suite of cybersecurity tools to have in place to protect your business.

  1. Install Antivirus Protection

Antivirus and Anti-Malware software is one of your organization’s most important lines of defense against cyber attack. Choosing the best program for your business, and monitoring the alerts as they come in will help you maintain a cyber secure environment for all users.

  1. Secure Your Email

Most attacks continue to come through via email. Ensure that your organization has an email service designed to halt email spam and phishing attempts in their tracks!

  1. Keep Your Technology Up to Date

All outdated technology can be a security vulnerability to your business. Keep your programs up to date on any patches or updates that are pushed out to keep your business as safe as possible. Additionally, refreshing your hardware on a regular basis will allow for greater protection as technology becomes more sophisticated.

  1. Monitor the Dark Web

monitor your business on the dark web

Did you know that your credentials (or the credentials of a team member!) could already be on the dark web? By adopting a dark web monitoring software, you can check the dark web regularly for instances of your organization’s credentials and take steps to mediate the issue before a cybercriminal uses those credentials to maliciously hack into your system!

  1. Secure All Mobile Devices

Today’s workforce is as mobile as ever. The first step towards protecting your team’s mobile devices is to establish password policies, encryption software, and to enable remote wiping on the device should you need it. A Mobile Device Management plan addresses each of these issues and more. Additionally, ask your team to be mindful of where they keep their devices – never leave a laptop in a locked car, for instance, as this is a prime opportunity for thieves.

  1. Assign a Resource to Monitor Your Infrastructure

Whether it’s your internal IT professional or a third party expert, it is critical to have a trusted resource to monitor all of your security software on an ongoing basis. Software protection is no good unless it’s working properly and each and every alert is dealt with in the proper manner. It only takes a small window of time to have huge consequences.

  1. Apply Password Policies Across Your Organization

Implementing strong passwords across your organization is one of the most effective policies to have in place to protect your infrastructure. Always avoid using personal data, common words spelled backwards, or any sequence of letters or numbers that are close together on the keyboard (12345, QWERTY). Also urge users to never, ever write down a password!

  1. Educate Your Employees!

Your employees are a cybercriminal’s best chance to breach your network. Educating your employees about the organization’s cybersecurity best practices is one of your best lines of defense against cyberattack. Users should be made of aware of the value of your data, how to spot a phishing attempt, and what your password policy entails. Revisit this tactic often, as a cyber-savvy workforce is a more effective strategy than anything else you can put in place.

To learn more about IT best practices for your organization, please click the button below!

comprehensive it solutions for maryland business

Related Articles:

A Fully Managed IT Services Provider Can Revolutionize Your IT
Secure Your Company’s Data Anywhere With Mobile Device Management
Is Cloud Computing Right for Your Business?

Posted by
Olivia Bushong
Author Bio
Advance Business Systems is a people company with an intense passion for improving their customers’ businesses and enhancing their team members’ lives. Advance helps organizations become more efficient and more effective through technology, processes and services backed by industry leading support. Whether it’s proactively managing a customer’s IT infrastructure, providing multifunctional devices or an electronic document management software solution, Advance provides solutions for productivity so organizations can focus on their core business. Celebrating over 50 years of serving Maryland businesses, Advance has deep roots throughout the state. As an independent, family owned business, Advance is proud to partner with organizations such as the Baltimore Ravens, Maryland Zoo, Maryland Athletics, and the National Aquarium for office technology and to demonstrate its commitment to the local community.
Does Regulatory Compliance Apply to My Business? Yes.

Does Regulatory Compliance Apply to My Business? Yes.

Today, almost all businesses are affected by compliance. Whether you’re in the healthcare industry and are bound by HIPAA regulations, or you’re a manufacturer attempting to meet NIST standards before you lose your government contract, your business cannot afford to be in the dark about compliance regulations.

What Technologies Should be in Place to Remain Compliant?

Data Encryption – All regulatory programs require organizations to encrypt and control their sensitive data. When data is encrypted and controlled with data loss prevention policies, the information is illegible– unable to be read without a secret key and proper permissions.

Data Life Cycle Management – It is easy to lose track of information after it leaves its original source. Do you know what happens to your data after you hit send on an email? Most regulatory standards require that you track exactly who sees that data and what they do with it. Data Life Cycle Management software allows organizations to track the entire lifecycle of their documents– and revoke access to that sensitive information at any time.

Disaster Recovery – What is the first step your business would take in the event of a breach? How long would it take to get up and running if you suffered a natural disaster? Being compliant means having a disaster recovery plan in place, and testing that plan regularly to ensure its effectiveness.

Next Steps

Due to the complexity of the requirements and what is at risk if you don’t comply, an IT resource that understands the complexities of maintaining compliance in your industry is essential. Consider a third-party resource, so you can focus on your business while they handle the rest.

Posted by
Advance Business Systems
Author Bio
Advance Business Systems helps organizations focus on their core mission by providing technology that can increase efficiency and effectiveness and services that eliminate the distractions that many organizations face. The right resources and a plan are critical to an organization achieving and exceeding their goals. Advance provides services such as IT planning and support that will take IT off your plate, keep you from worrying about data security and position your business for the future. Having the right business technology solutions in place, such as multifunctional copiers, interactive white boards and document management software, can greatly improve the flow of information through an organization.
10 Regulatory Actions to Take Immediately If You’re a Manufacturer in the Greater D.C. or Maryland Area

10 Regulatory Actions to Take Immediately If You’re a Manufacturer in the Greater D.C. or Maryland Area

If you’re a manufacturer within 50 miles of Washington D.C., your organization is probably working with the United States government in some way, shape or form. Whether you have a contract directly with the government or you provide products or materials to someone who does, your company is now responsible for ensuring that you are compliant with NIST 800-171 standards.

Are you interested in how a comprehensive IT solution could benefit your business? Click here to browse our Managed IT homepage!

WHAT IS NIST 800-171?

As of December 31st 2017, the National Institute of Standards and Technology (NIST) has published a document stating that all manufacturers that work with the US government (Department of Defense, General Services Administration, and NASA), are now responsible for maintaining compliance with their cybersecurity standards, outlined in document NIST 800-171. The document spells out the strict data management guidelines that manufacturers must meet in order to work with the government.  And take note– just because you do not have a direct contract with the government does not mean you are not affected. Even if your organization does something as removed as supplying parts to a subcontractor of the government, it is required that your organization become compliant as well.

This document outlines the standards to which all manufacturers must update their systems in order to maintain cybersecurity best practices. With hackers attempting to breach the infrastructure of government agencies and private organizations alike, this document strives to protect both Controlled Unclassified Information (CUI) and Covered Defensive Information (CDI). Even though this information is technically unclassified, it is still sensitive data. This document strives to control the dissemination of this information.

Failure to meet these standards could mean the loss of your contract altogether.

10 Data Security Actions Your Business Should Consider Today to Work towards Compliance with NIST 800-171

While the actual document lists over 100 points that your organization will need to address, we’ve outlined 10 impactful data security changes you can make to your infrastructure to get started immediately.

  1. Limit access to your internal systems to authorized users and devices
  2. Apply a limit to the number of unsuccessful log in attempts for each user
  3. Automatically log off of devices after a certain amount of inactivity
  4. Provide security-awareness training to employees
  5. Restrict employees from self-installing software on their devices
  6. Require users to sign in to all systems before accessing any internal systems
  7. Prohibit password reuse for a specified number of generations
  8. Enforce a minimum password complexity when creating new passwords
  9. Restrict the use of portable storage devices if they do not have an identifiable owner
  10. Only allow physical access to organizational systems and equipment to authorized individuals

How Can I Become Fully Compliant with NIST 800-171?

Clocking in at 110 standards that your organization must meet in order to maintain compliance, it is clear that you will need to seek the help of an expert to get these updates underway. Due to the complexity of some of the requirements and what is at risk you don’t comply, we recommend utilizing an internal IT team or partnering with a resource that you trust to apply these changes. Equally as important, is establishing a process or resource to ensure you remain compliant!

If you do not have the capacity or expertise to apply these updates internally, seek the help of a dedicated 3rd Party IT company that understands the complexities of maintaining compliance in the manufacturing industry. With a third-party resource, you can stick to running your business while your third party handles the rest.

Posted by
Olivia Bushong
Author Bio
As a business solutions provider, Advance helps organizations become more efficient and more effective through technology, processes and services backed by industry leading support. Whether it’s proactively managing a customer’s IT infrastructure, providing multifunctional devices or an electronic document management software solution, Advance provides solutions for productivity so organizations can focus on their core business. Celebrating over 50 years of serving Maryland businesses, Advance has deep roots throughout the state. As an independent, family owned business, Advance is proud to partner with organizations such as the Baltimore Ravens, Maryland Zoo, Maryland Athletics, and the National Aquarium for office efficiencies and to demonstrate its commitment to the local community.
MTC Partners with MD Association of Counties for 2018 Summer Conference Tech Show

MTC Partners with MD Association of Counties for 2018 Summer Conference Tech Show

The Maryland Tech Council is partnering with the Maryland Association of Counties (MACo) to co-host an exclusive deep-dive focusing on Maryland tech, biotech and cyber vendors. These sessions with feature over 50 tech exhibits and three intensive technology sessions, complete with demonstrations of the latest technology for county governments. Exhibitors will present everything from GIS to 3-D printing, body cameras, virtual reality and more, featuring cutting-edge technology that is revolutionizing sectors across Maryland.

Click here to learn more about #MACoCon

The Specter and Meltdown Vulnerabilities: a CPU/Architecture Perspective

The Specter and Meltdown Vulnerabilities: a CPU/Architecture Perspective

Specter and Meltdown, names given to a recently discovered vulnerability that affects almost every computer chip manufactured in the last 20 years. If exploited, attackers could gain access to data previously considered completely protected. The Specter and Meltdown flaws work by exploiting two important techniques used to make CPU chips execute faster, called speculative execution and caching.

Speculative execution allows a CPU to attempt to predict the future to work faster. For example, if the chip determines that a program contains multiple logical branches, it will start calculating the values for all of the branches before the program decides which branch to take. When the correct branch is determined, the CPU has already produced the values for that branch. If the CPU sees that the same function is frequently used, it might use idle time to compute that function so it has what it thinks the answer will be ready if needed.

Caching is used to speed up memory access. Random access memory (RAM) is located on separate chips and it takes a relatively long time for the CPU to access data in the RAM. There is a special small amount of memory storage called CPU cache that is built on the CPU chip itself that can be accessed very quickly. This cache memory gets filled with data that the CPU will need soon or often. Data that is produced by such speculative execution is often stored in the cache, which contributes to making it a speed booster. The problem arises when caching and speculative execution start circumventing protected memory.

Protected memory is a foundational concept underlying computer security. It allows a program to keep some of its data private from some of its users, and allows the operating system to prevent one program from seeing data belonging to another. In order to access data, a process needs to undergo a privilege check, which determines whether or not it’s allowed to see that data.

A privilege check can take a relatively long time. Due to speculative execution, while the CPU is waiting to find out if a process is allowed to access that data, it starts working with that data even before it receives permission to do so. The problem arises because the protected data is stored in CPU cache even if the process never receives permission to access it. Because CPU cache memory can be accessed more quickly than regular memory and due to the long latency associated with privilege checks, the process can potentially access certain memory locations that it shouldn’t be allowed to access. As this problem exists in the hardware there is no direct way to correct it. Software patches have been offered to mitigate the exposure but have led to some degradation in performance of the CPU. In many cases, the software patch is targeted at a specific product and installing the wrong patch can severely impact system operation.

The most immediate action security teams and users can take to protect computer systems is to prevent execution of unauthorized software and avoid access to untrusted websites. Security policies must be are in place to prevent unauthorized access to systems and the introduction of unapproved software or software updates.

Posted by
Written by: Prof. Bill Pierce. Submitted by Ivana Shuck
Author Bio
Prof. Bill Pierce, the author of this article, is an Assistant Professor of computer science at the Department of Computer Science & Information Technology at Hood College in Frederick, Maryland. He teaches undergraduate and graduate courses in Computer Architecture, Digital Logic and Switching Theory, Digital Signal Processing and Musical Computing.*
We Digitized Our Lives, We Just Forgot to Secure Them

We Digitized Our Lives, We Just Forgot to Secure Them

We are a connected, digital society that depends heavily on networks, databases and other digital systems to operate. Almost every aspect of our lives, from the most basic tasks at the workplace to our personal communication and social interactions, to the way we shop and the tools we use to study and learn, depends on some form of electronic interaction or data exchange. These digital environments are practical, useful and fast, but in our excitement to use, leverage and widely deploy them, we have forgotten to secure them.

The spree continues

Last year, the national fast food restaurant chain, Arby’s, acknowledged that malware installed on payment systems inside specific corporate stores might have compromised more than 355,000 credit and debit card numbers. A few months later, personal information and the medical diagnoses of at least 7,000 patients at the Bronx Lebanon Hospital Center in New York had leaked. By the end of the summer, Kmart and Verizon had revealed malware infections and data leaks, all leading to the Equifax compromise, a breach potentially affecting up to 143 million customers. Even Uber suffered a data breach allegedly exposing personal information of 57 million users and drivers. Even companies in cybersecurity can be affected. Take Deloitte for example, a company once named by Gartner Research as the “best cybersecurity consultant in the world,” which had its email system hacked. The naive justification of all these compromises can be attributed to profit-driven “corporate irresponsibility”—companies and organizations minding their bottom lines rather than exercising care about securing their data.

Not my problem

Terms like breach, data leak, attack, hack, exploit and malware have become common in our vernacular, and they are immediately associated with malicious intent. For most individuals, cybersecurity incidents remain distant acts of socially awkward—but brilliant—teenagers or nefarious hackers in far-away countries. That’s until someone’s financial or health records become available on the Internet.

Companies on the other hand are aware of the impact of breaches, but for many, they are only identified as risks that are hedged against with the cost of actively protecting digital assets and that of inaction. For small businesses, a hacking attack may be detrimental, with 60 percent of small companies being unable to sustain more than six months after a compromise. For large organizations, cybersecurity insurance policies give a sense of safety from financial risk, yet there is no policy that could ever recover the reputational cost and loss of trust.

Cybersecurity compromises are not always the product of malicious intent and unauthorized access. Data breaches are also caused by unintentional omissions, software errors, poor maintenance of systems and software operator negligence or misplaced trust in careless third parties. In all cases and at all levels, dealing with cybersecurity incidents, whether malicious or inadvertent, will not be reduced until all stakeholders, from organizations to individuals, assume their share of responsibility.

The hunt for cybersecurity talent

The need for qualified cybersecurity staff has become a mainstay discussion. Cybersecurity professionals are expected to have specific, technical, specialized skills that match each organization’s technology mix. The result has been the springing up of an entire industry of cybersecurity certifications that existing information technology professionals flock to obtain. These are good options to meet current demand, but their value is often as short-lived as the product or technology they are based on.

Unlike other fields, specific technology skills are required in cybersecurity, but they are not sufficient to succeed. The field is highly technical and requires professionals to continuously cross the lines between computer science, information technology and mathematics. It also requires many important skills such as problem solving and critical thinking. These skills can’t be obtained by a weeklong vendor training or series or set of professional certifications. These are skills that are cultivated with formal education, enriched with technical training and further enhanced with on-the-job work experience.

For information on our cybersecurity program, click here.

Posted by
Written by:Dr George Dimitoglou, submitted by: Ivana Shuck
Author Bio
George Dimitoglou is an Associate Professor in the Department of Computer Science and Director of the Center for Computer Security and Information Assurance at Hood College, Frederick, MD. Before joining the faculty he spent time in the industry and government working in the areas of information systems, telecommunications, data archiving and space science. He holds a doctorate in Computer Science with concentration in Parallel and Distributed Systems from the School of Engineering & Applied Science of The George Washington University; a M.S. from the University of Maryland and a B.S. from Temple University. He is the recipient of a Mission Contribution Award from the European Space Agency, a NASA Goddard Space Flight Center National Resource Award, a Kobe City (Japan) Mayor's Award for Outstanding Performance (robotics competition) and a Faculty Advisor Award by the IEEE National Capital Area Section. He is a member of the the IEEE, the ACM, the Mathematical Association of America and the ϕKϕ Honor Society.