Browsed by
Author: MTC POV

10 Ways to Protect Your Business Against Cyber Attack

10 Ways to Protect Your Business Against Cyber Attack

Best Practices for Fortifying Your Organization Against Cybercriminals

protect your business from cybercriminals

The connectivity of today’s employees has left executives unable to overlook the cybersecurity of their organization any longer. It’s no longer a question of if your business will be targeted by cybercriminals, it’s now a matter of if your cybersecurity precautions will fail you. Cybercriminals have reached a new level of sophistication – they can attack your infrastructure at all times of day, using automated algorithms, making it nearly impossible to keep them out all of the time. Staying current with your technology and processes is the only way to protect your business from harm.

To learn more about IT best practices for your organization, please click here!

Unsure of where to start? Begin by discussing our top 10 Cybersecurity Best Practices with your IT resource to ensure you have a solid foundation in place – and build up your defenses from there.

Top 10 Best Practices for Fortifying Your Organization Against Cyber Attack

  1. Backup, Backup, Backup!

Put in place a hybrid strategy for backing up your data – ensure that you have both a local backup and a cloud solution in place in case of disaster. Backups should be tested regularly, and should be performed no less than once per day. Ideally, your organization’s backup should be performed once every hour for premium recovery.

  1. Put a Strong Firewall in Place

With your employees accessing the web day in and day out, controlling the flow of internet traffic coming in and out of your business is crucial. A strong firewall is a vital asset in your suite of cybersecurity tools to have in place to protect your business.

  1. Install Antivirus Protection

Antivirus and Anti-Malware software is one of your organization’s most important lines of defense against cyber attack. Choosing the best program for your business, and monitoring the alerts as they come in will help you maintain a cyber secure environment for all users.

  1. Secure Your Email

Most attacks continue to come through via email. Ensure that your organization has an email service designed to halt email spam and phishing attempts in their tracks!

  1. Keep Your Technology Up to Date

All outdated technology can be a security vulnerability to your business. Keep your programs up to date on any patches or updates that are pushed out to keep your business as safe as possible. Additionally, refreshing your hardware on a regular basis will allow for greater protection as technology becomes more sophisticated.

  1. Monitor the Dark Web

monitor your business on the dark web

Did you know that your credentials (or the credentials of a team member!) could already be on the dark web? By adopting a dark web monitoring software, you can check the dark web regularly for instances of your organization’s credentials and take steps to mediate the issue before a cybercriminal uses those credentials to maliciously hack into your system!

  1. Secure All Mobile Devices

Today’s workforce is as mobile as ever. The first step towards protecting your team’s mobile devices is to establish password policies, encryption software, and to enable remote wiping on the device should you need it. A Mobile Device Management plan addresses each of these issues and more. Additionally, ask your team to be mindful of where they keep their devices – never leave a laptop in a locked car, for instance, as this is a prime opportunity for thieves.

  1. Assign a Resource to Monitor Your Infrastructure

Whether it’s your internal IT professional or a third party expert, it is critical to have a trusted resource to monitor all of your security software on an ongoing basis. Software protection is no good unless it’s working properly and each and every alert is dealt with in the proper manner. It only takes a small window of time to have huge consequences.

  1. Apply Password Policies Across Your Organization

Implementing strong passwords across your organization is one of the most effective policies to have in place to protect your infrastructure. Always avoid using personal data, common words spelled backwards, or any sequence of letters or numbers that are close together on the keyboard (12345, QWERTY). Also urge users to never, ever write down a password!

  1. Educate Your Employees!

Your employees are a cybercriminal’s best chance to breach your network. Educating your employees about the organization’s cybersecurity best practices is one of your best lines of defense against cyberattack. Users should be made of aware of the value of your data, how to spot a phishing attempt, and what your password policy entails. Revisit this tactic often, as a cyber-savvy workforce is a more effective strategy than anything else you can put in place.

To learn more about IT best practices for your organization, please click the button below!

comprehensive it solutions for maryland business

Related Articles:

A Fully Managed IT Services Provider Can Revolutionize Your IT
Secure Your Company’s Data Anywhere With Mobile Device Management
Is Cloud Computing Right for Your Business?

Posted by
Olivia Bushong
Author Bio
Advance Business Systems is a people company with an intense passion for improving their customers’ businesses and enhancing their team members’ lives. Advance helps organizations become more efficient and more effective through technology, processes and services backed by industry leading support. Whether it’s proactively managing a customer’s IT infrastructure, providing multifunctional devices or an electronic document management software solution, Advance provides solutions for productivity so organizations can focus on their core business. Celebrating over 50 years of serving Maryland businesses, Advance has deep roots throughout the state. As an independent, family owned business, Advance is proud to partner with organizations such as the Baltimore Ravens, Maryland Zoo, Maryland Athletics, and the National Aquarium for office technology and to demonstrate its commitment to the local community.
Does Regulatory Compliance Apply to My Business? Yes.

Does Regulatory Compliance Apply to My Business? Yes.

Today, almost all businesses are affected by compliance. Whether you’re in the healthcare industry and are bound by HIPAA regulations, or you’re a manufacturer attempting to meet NIST standards before you lose your government contract, your business cannot afford to be in the dark about compliance regulations.

What Technologies Should be in Place to Remain Compliant?

Data Encryption – All regulatory programs require organizations to encrypt and control their sensitive data. When data is encrypted and controlled with data loss prevention policies, the information is illegible– unable to be read without a secret key and proper permissions.

Data Life Cycle Management – It is easy to lose track of information after it leaves its original source. Do you know what happens to your data after you hit send on an email? Most regulatory standards require that you track exactly who sees that data and what they do with it. Data Life Cycle Management software allows organizations to track the entire lifecycle of their documents– and revoke access to that sensitive information at any time.

Disaster Recovery – What is the first step your business would take in the event of a breach? How long would it take to get up and running if you suffered a natural disaster? Being compliant means having a disaster recovery plan in place, and testing that plan regularly to ensure its effectiveness.

Next Steps

Due to the complexity of the requirements and what is at risk if you don’t comply, an IT resource that understands the complexities of maintaining compliance in your industry is essential. Consider a third-party resource, so you can focus on your business while they handle the rest.

Posted by
Advance Business Systems
Author Bio
Advance Business Systems helps organizations focus on their core mission by providing technology that can increase efficiency and effectiveness and services that eliminate the distractions that many organizations face. The right resources and a plan are critical to an organization achieving and exceeding their goals. Advance provides services such as IT planning and support that will take IT off your plate, keep you from worrying about data security and position your business for the future. Having the right business technology solutions in place, such as multifunctional copiers, interactive white boards and document management software, can greatly improve the flow of information through an organization.
10 Regulatory Actions to Take Immediately If You’re a Manufacturer in the Greater D.C. or Maryland Area

10 Regulatory Actions to Take Immediately If You’re a Manufacturer in the Greater D.C. or Maryland Area

If you’re a manufacturer within 50 miles of Washington D.C., your organization is probably working with the United States government in some way, shape or form. Whether you have a contract directly with the government or you provide products or materials to someone who does, your company is now responsible for ensuring that you are compliant with NIST 800-171 standards.

Are you interested in how a comprehensive IT solution could benefit your business? Click here to browse our Managed IT homepage!

WHAT IS NIST 800-171?

As of December 31st 2017, the National Institute of Standards and Technology (NIST) has published a document stating that all manufacturers that work with the US government (Department of Defense, General Services Administration, and NASA), are now responsible for maintaining compliance with their cybersecurity standards, outlined in document NIST 800-171. The document spells out the strict data management guidelines that manufacturers must meet in order to work with the government.  And take note– just because you do not have a direct contract with the government does not mean you are not affected. Even if your organization does something as removed as supplying parts to a subcontractor of the government, it is required that your organization become compliant as well.

This document outlines the standards to which all manufacturers must update their systems in order to maintain cybersecurity best practices. With hackers attempting to breach the infrastructure of government agencies and private organizations alike, this document strives to protect both Controlled Unclassified Information (CUI) and Covered Defensive Information (CDI). Even though this information is technically unclassified, it is still sensitive data. This document strives to control the dissemination of this information.

Failure to meet these standards could mean the loss of your contract altogether.

10 Data Security Actions Your Business Should Consider Today to Work towards Compliance with NIST 800-171

While the actual document lists over 100 points that your organization will need to address, we’ve outlined 10 impactful data security changes you can make to your infrastructure to get started immediately.

  1. Limit access to your internal systems to authorized users and devices
  2. Apply a limit to the number of unsuccessful log in attempts for each user
  3. Automatically log off of devices after a certain amount of inactivity
  4. Provide security-awareness training to employees
  5. Restrict employees from self-installing software on their devices
  6. Require users to sign in to all systems before accessing any internal systems
  7. Prohibit password reuse for a specified number of generations
  8. Enforce a minimum password complexity when creating new passwords
  9. Restrict the use of portable storage devices if they do not have an identifiable owner
  10. Only allow physical access to organizational systems and equipment to authorized individuals

How Can I Become Fully Compliant with NIST 800-171?

Clocking in at 110 standards that your organization must meet in order to maintain compliance, it is clear that you will need to seek the help of an expert to get these updates underway. Due to the complexity of some of the requirements and what is at risk you don’t comply, we recommend utilizing an internal IT team or partnering with a resource that you trust to apply these changes. Equally as important, is establishing a process or resource to ensure you remain compliant!

If you do not have the capacity or expertise to apply these updates internally, seek the help of a dedicated 3rd Party IT company that understands the complexities of maintaining compliance in the manufacturing industry. With a third-party resource, you can stick to running your business while your third party handles the rest.

Posted by
Olivia Bushong
Author Bio
As a business solutions provider, Advance helps organizations become more efficient and more effective through technology, processes and services backed by industry leading support. Whether it’s proactively managing a customer’s IT infrastructure, providing multifunctional devices or an electronic document management software solution, Advance provides solutions for productivity so organizations can focus on their core business. Celebrating over 50 years of serving Maryland businesses, Advance has deep roots throughout the state. As an independent, family owned business, Advance is proud to partner with organizations such as the Baltimore Ravens, Maryland Zoo, Maryland Athletics, and the National Aquarium for office efficiencies and to demonstrate its commitment to the local community.
MTC Partners with MD Association of Counties for 2018 Summer Conference Tech Show

MTC Partners with MD Association of Counties for 2018 Summer Conference Tech Show

The Maryland Tech Council is partnering with the Maryland Association of Counties (MACo) to co-host an exclusive deep-dive focusing on Maryland tech, biotech and cyber vendors. These sessions with feature over 50 tech exhibits and three intensive technology sessions, complete with demonstrations of the latest technology for county governments. Exhibitors will present everything from GIS to 3-D printing, body cameras, virtual reality and more, featuring cutting-edge technology that is revolutionizing sectors across Maryland.

Click here to learn more about #MACoCon

The Specter and Meltdown Vulnerabilities: a CPU/Architecture Perspective

The Specter and Meltdown Vulnerabilities: a CPU/Architecture Perspective

Specter and Meltdown, names given to a recently discovered vulnerability that affects almost every computer chip manufactured in the last 20 years. If exploited, attackers could gain access to data previously considered completely protected. The Specter and Meltdown flaws work by exploiting two important techniques used to make CPU chips execute faster, called speculative execution and caching.

Speculative execution allows a CPU to attempt to predict the future to work faster. For example, if the chip determines that a program contains multiple logical branches, it will start calculating the values for all of the branches before the program decides which branch to take. When the correct branch is determined, the CPU has already produced the values for that branch. If the CPU sees that the same function is frequently used, it might use idle time to compute that function so it has what it thinks the answer will be ready if needed.

Caching is used to speed up memory access. Random access memory (RAM) is located on separate chips and it takes a relatively long time for the CPU to access data in the RAM. There is a special small amount of memory storage called CPU cache that is built on the CPU chip itself that can be accessed very quickly. This cache memory gets filled with data that the CPU will need soon or often. Data that is produced by such speculative execution is often stored in the cache, which contributes to making it a speed booster. The problem arises when caching and speculative execution start circumventing protected memory.

Protected memory is a foundational concept underlying computer security. It allows a program to keep some of its data private from some of its users, and allows the operating system to prevent one program from seeing data belonging to another. In order to access data, a process needs to undergo a privilege check, which determines whether or not it’s allowed to see that data.

A privilege check can take a relatively long time. Due to speculative execution, while the CPU is waiting to find out if a process is allowed to access that data, it starts working with that data even before it receives permission to do so. The problem arises because the protected data is stored in CPU cache even if the process never receives permission to access it. Because CPU cache memory can be accessed more quickly than regular memory and due to the long latency associated with privilege checks, the process can potentially access certain memory locations that it shouldn’t be allowed to access. As this problem exists in the hardware there is no direct way to correct it. Software patches have been offered to mitigate the exposure but have led to some degradation in performance of the CPU. In many cases, the software patch is targeted at a specific product and installing the wrong patch can severely impact system operation.

The most immediate action security teams and users can take to protect computer systems is to prevent execution of unauthorized software and avoid access to untrusted websites. Security policies must be are in place to prevent unauthorized access to systems and the introduction of unapproved software or software updates.

Posted by
Written by: Prof. Bill Pierce. Submitted by Ivana Shuck
Author Bio
Prof. Bill Pierce, the author of this article, is an Assistant Professor of computer science at the Department of Computer Science & Information Technology at Hood College in Frederick, Maryland. He teaches undergraduate and graduate courses in Computer Architecture, Digital Logic and Switching Theory, Digital Signal Processing and Musical Computing.*
We Digitized Our Lives, We Just Forgot to Secure Them

We Digitized Our Lives, We Just Forgot to Secure Them

We are a connected, digital society that depends heavily on networks, databases and other digital systems to operate. Almost every aspect of our lives, from the most basic tasks at the workplace to our personal communication and social interactions, to the way we shop and the tools we use to study and learn, depends on some form of electronic interaction or data exchange. These digital environments are practical, useful and fast, but in our excitement to use, leverage and widely deploy them, we have forgotten to secure them.

The spree continues

Last year, the national fast food restaurant chain, Arby’s, acknowledged that malware installed on payment systems inside specific corporate stores might have compromised more than 355,000 credit and debit card numbers. A few months later, personal information and the medical diagnoses of at least 7,000 patients at the Bronx Lebanon Hospital Center in New York had leaked. By the end of the summer, Kmart and Verizon had revealed malware infections and data leaks, all leading to the Equifax compromise, a breach potentially affecting up to 143 million customers. Even Uber suffered a data breach allegedly exposing personal information of 57 million users and drivers. Even companies in cybersecurity can be affected. Take Deloitte for example, a company once named by Gartner Research as the “best cybersecurity consultant in the world,” which had its email system hacked. The naive justification of all these compromises can be attributed to profit-driven “corporate irresponsibility”—companies and organizations minding their bottom lines rather than exercising care about securing their data.

Not my problem

Terms like breach, data leak, attack, hack, exploit and malware have become common in our vernacular, and they are immediately associated with malicious intent. For most individuals, cybersecurity incidents remain distant acts of socially awkward—but brilliant—teenagers or nefarious hackers in far-away countries. That’s until someone’s financial or health records become available on the Internet.

Companies on the other hand are aware of the impact of breaches, but for many, they are only identified as risks that are hedged against with the cost of actively protecting digital assets and that of inaction. For small businesses, a hacking attack may be detrimental, with 60 percent of small companies being unable to sustain more than six months after a compromise. For large organizations, cybersecurity insurance policies give a sense of safety from financial risk, yet there is no policy that could ever recover the reputational cost and loss of trust.

Cybersecurity compromises are not always the product of malicious intent and unauthorized access. Data breaches are also caused by unintentional omissions, software errors, poor maintenance of systems and software operator negligence or misplaced trust in careless third parties. In all cases and at all levels, dealing with cybersecurity incidents, whether malicious or inadvertent, will not be reduced until all stakeholders, from organizations to individuals, assume their share of responsibility.

The hunt for cybersecurity talent

The need for qualified cybersecurity staff has become a mainstay discussion. Cybersecurity professionals are expected to have specific, technical, specialized skills that match each organization’s technology mix. The result has been the springing up of an entire industry of cybersecurity certifications that existing information technology professionals flock to obtain. These are good options to meet current demand, but their value is often as short-lived as the product or technology they are based on.

Unlike other fields, specific technology skills are required in cybersecurity, but they are not sufficient to succeed. The field is highly technical and requires professionals to continuously cross the lines between computer science, information technology and mathematics. It also requires many important skills such as problem solving and critical thinking. These skills can’t be obtained by a weeklong vendor training or series or set of professional certifications. These are skills that are cultivated with formal education, enriched with technical training and further enhanced with on-the-job work experience.

For information on our cybersecurity program, click here.

Posted by
Written by:Dr George Dimitoglou, submitted by: Ivana Shuck
Author Bio
George Dimitoglou is an Associate Professor in the Department of Computer Science and Director of the Center for Computer Security and Information Assurance at Hood College, Frederick, MD. Before joining the faculty he spent time in the industry and government working in the areas of information systems, telecommunications, data archiving and space science. He holds a doctorate in Computer Science with concentration in Parallel and Distributed Systems from the School of Engineering & Applied Science of The George Washington University; a M.S. from the University of Maryland and a B.S. from Temple University. He is the recipient of a Mission Contribution Award from the European Space Agency, a NASA Goddard Space Flight Center National Resource Award, a Kobe City (Japan) Mayor's Award for Outstanding Performance (robotics competition) and a Faculty Advisor Award by the IEEE National Capital Area Section. He is a member of the the IEEE, the ACM, the Mathematical Association of America and the ϕKϕ Honor Society.
For Companies, Defense is Still the Best Defense

For Companies, Defense is Still the Best Defense

As a strategy, attacking one’s enemies as a way to protect oneself has been promoted  throughout history as the best kind of defense. This doctrine has been suggested by Machiavelli, Sun Tzu and even Abraham Lincoln when he referred to “…offensive operations, being the surest, if not the only means of defence…” [1].

The problem is this doctrine of counter-attack doesn’t work well in cyberspace. When a company’s assets are hacked, all a company can do is endure the reputation damage, attempt a quick recovery of compromised assets, address vulnerabilities, harden security and move forward.

Options such as attacking the hackers, “hacking back”, counter-hacking,  or the more eloquent “active defense” surely go through the minds of every person dealing with a compromise.

Doing so in the U.S. is illegal. The Computer Fraud and Abuse Act (CFAA) [2] makes most forms of counter-hacking unlawful. Also retaliation significantly increases the risk of putting the company in the cross-hairs of more hackers and becoming subject to more attacks.

The legal aspect and increased risk notwithstanding, the ability, effectiveness and value of hacking back is questionable.

A key factor is attribution, the ability to identify the attacker with a degree of confidence that doesn’t turn the victimized company into a reckless villain. Even during naive cyber attacks, hackers attempt to hide their tracks either by spoofing their IP addresses or using intermediate, often compromised systems of other organizations as staging platforms to launch their attacks. Counter-hacking the wrong network, IP or another innocent company’s systems would not accomplish anything.

The effectiveness of counter-hacking should be evaluated against the type and might of the adversary. Starting from the least to the most powerful, the first category are opportunistic hackers, individuals that hunt for technological vulnerabilities. Their motivations range from asserting bragging rights in subversive online forums to asking for ransom in bitcoin to return deleted data and restore defaced websites. Their methods are based on blunt attack instruments that scan thousands of networks and system for vulnerabilities, using code and instructions found on the internet. For a company attempting to retaliate against these hackers, it resembles an infinite game of whack-a-mole.  And typically the hackers have no assets to attack — launching a cyber attack doesn’t require more infrastructure than a computer and an internet connection.

The second category are professional hackers, or hired guns. These freelancers operate with surgical precision. Their targets are specific companies and their motivation can be industrial espionage or disrupting operations to reduce capability and provide competitive advantage for the hacker’s “employer”. Attribution in this case is very hard as a company attempting to retaliate must distinguish between the attack executioner and the party that paid them.

The third category is state-sponsored hackers. These are literal armies of hackers that deploy coordinated hacking campaigns on a variety of targets and may range from industrial espionage against a country’s entire business sector to the disruption of power plants and electrical grids. The asymmetry of power in this case is so pronounced that companies have little or no chance to accomplish anything by launching a counter-attack against a state ,other than becoming a prime target.

It is clear from the above that hacking back is a lost cause. Yet companies are becoming increasingly frustrated and continue to discuss options for retaliation. If not active counter attacks, perhaps baiting hackers and planting software that operates either as a timebomb or a beacon in fake but sensitive-looking documents. In the first case, the planted software “explodes” after being stolen, infecting the hacker’s files and network similar to dye packs planted in bags of money in banks. In the second case, a beacon software generates location signals, revealing the location of the perpetrator.

While these methods may make potential hackers think twice about conducting operations, they will do very little to thwart their activities.

It is safe to say that a state-to-state adversarial engagement in cyberspace is a completely different matter. The balance of power is different and its resemblance to military combat lends itself to applying more traditional engagement doctrines such as the strategic offensive principle of war. The number of stories of clandestine sabotage as a counter or preemptive attack are increasing.

The unconfirmed release from US and Israel of Stuxnet [3-5], a virus released to impede Iran’s nuclear plants by destroying centrifuges is a case of a preemptive attack.   Another, borderline funny, retaliation example is the outing of a hacker by the country of Georgia. Frustrated by continuous Russian cyber attacks, they baited a hacker with software that once stolen by the hacker, took photos of him using his webcam.

While these and many other similar stories are newsworthy and often have political implications, vigilantism has no place in industry. Companies should focus on excelling in their domains of operation.  Organizations in all sectors, manufacturing, banking, health and technology should act legally and maintain an ethical advantage against hacking attacks, while acting to harden their cyber defenses and make it as hard as possible for hackers to profile, attack and profit from their crimes.

REFERENCES

  1. “From George Washington to John Trumbull, 25 June 1799,” Founders Online, National Archives, last modified February 1, 2018, http://founders.archives.gov/documents/Washington/06-04-02-0120. [Original source: The Papers of George Washington, Retirement Series, vol. 4, 20 April 1799 – 13 December 1799, ed. W. W. Abbot. Charlottesville: University Press of Virginia, 1999, pp. 156–159.]
  2. Computer Fraud and Abuse Act of 1986, U.S. Code, Title 18, Part I, Chapter 47, § 1030
  3. Ellen Nakashima, Greg Miller, and Julie Tate; June 19, 2012; “U.S. Israel Developed Flame Computer Virus to Slow Iranian Nuclear Efforts, Officials Say;” The Washington Post; http://www.washingtonpost.com/world/national-security/us-israeldeveloped-computer-virus-to-slow-iranian-nuclear-efforts-officials-say/2012/06/19/gJQA6xBPoV_story.html.
  4. David E. Sanger, June 1, 2012, “Obama Order Sped Up Wave of Cyber Attacks Against Iran,” New York Times, http://www.nytimes.com/2012/06/01/world/middleeast/ obama-ordered-wave-of-cyberattacks-against-iran.html?pagewanted=all&_r=0
  5. Joby Warrick; February 16, 2011; “Iran’s Nuclear Natanz Facility Recovered Quickly From Stuxnet Cyber Attack;” The Washington Post Online; http://www.washingtonpost.com/wp-dyn/content/article/2011/02/15/AR2011021505395.html
Posted by
George Dimitoglou
Author Bio
George Dimitoglou, Ph.D., is an associate professor of computer science at Hood College and director of the Cybersecurity master’s program at the Hood College Graduate School. He is also the director of the Center of Computer Security and Information Assurance. Professor Dimitoglou earned a bachelor's degree in computer science from Temple University and a Ph.D. in computer science from The George Washington University.
POV From CEO, Tami Howie: Protecting Innovation Protects Patients and Our Economy

POV From CEO, Tami Howie: Protecting Innovation Protects Patients and Our Economy

Innovation is at the heart of Maryland’s economy and the wellbeing of patients in our state. New, groundbreaking cures and treatments save and extend the lives of patients, pushing the bounds of modern medicine, for the benefit of all. Innovative companies are able to leverage Maryland’s combination of technology know-how, business-friendly climate, and highly-educated, highly-skilled workforce to produce these cures and provide hundreds of thousands of Marylanders with well-paying jobs.

However, despite all this, the Maryland General Assembly is currently debating drug pricing legislation that would threaten the innovative potential that makes these benefits possible. New regulations, SB 1023/HB 1194, would create a government-controlled commission with broad leeway to influence drug prices and increase burdensome reporting requirements adding yet another layer of complexity to drug manufacturing.

Click here to read more >>

POV From CEO, Tami Howie: Support Senate Bill 1188

POV From CEO, Tami Howie: Support Senate Bill 1188

We’re for new rules for the new economy…. 

We’re the most Innovative State in the Nation.

We have around 12,000 IT companies – second only to Silicon Valley.

We’re the cyber security capital of the United States, home to the National Security Agency, the U.S. Cyber Command and the National Cybersecurity Center of Excellence, and around 1,200 cyber security companies.

Our workforce is extraordinary – with the highest concentration of engineers and scientists anywhere in the country, and we rank second in the concentration of STEM employment.

I could go on and on.

Simply put, our tech sector is strong. We’re competing – and leading – regionally, nationally and globally in the new digital economy.

All Marylanders should be proud of our position as a technology leader.

If want to remain at the top of these rankings, we need smart public policies. That’s why we support Senate Bill 1188.

Strong, reliable and fast mobile broadband service is necessary to connect everything in an increasingly connected world – from smartphones and tables to autonomous vehicles and diagnostic medical equipment, and so much more.  This legislation will make help speed up the installation of the infrastructure necessary to bring 5G mobile broadband service to Marylanders.

Known as small cells, this equipment can be affixed to street lights, utility poles or buildings to help provide mobile broadband coverage. This equipment is needed to meet explosive growth in mobile data usage. Plus, small cells are integral to preparing for superfast 5G speeds that soon will be the norm.

You can read more about our take on this bill in the Baltimore Business Journal. Read it HERE.

We look forward to working with each of you to win passage of this critical infrastructure legislation and get it to Gov. Hogan’s desk this session.

WANT TO HELP US BRING 5G TO MARYLAND?

Contact your state senator officials OR members of the Senate Finance Committee via email (listed below) or phone (410) 841-3677.

thomas.mclain.middleton@senate.state.md.us
john.astle@senate.state.md.us
joanne.benson@senate.state.md.us
brian.feldman@senate.state.md.us
steve.hershey@senate.state.md.us
jb.jennings@senate.state.md.us
katherine.klausmeier@senate.state.md.us
james.mathias@senate.state.md.us
edward.reilly@senate.state.md.us
jim.rosapepe@senate.state.md.us

Can non-degreed, skilled workers thrive in the biotech ecosystem?

Can non-degreed, skilled workers thrive in the biotech ecosystem?

The skills to pay the bills, 20 years ago, was the catch phrase that started the BioTechnical Institute of Maryland, Inc. (BTI) a non-profit located in Baltimore, MD.   Margaret Penno, Ph.D,  a researcher at Johns Hopkins Medical Institutions, had the idea that as the regions bioscience enterprise develops, everyone should be included.  In other words, a rising tide raises all boats.  Since its founding, BTI has trained entry-level lab technicians in R & D, production and bio-manufacturing positions at institutions like Johns Hopkins and at local biotech companies such as Emergent Biosolutions and Becton Dickenson to name a few employers of our graduates. Three assumptions are the foundations of BTI. The first is that there are good people that are under and unemployed that can do the work if trained properly.  The second, is that those trained cannot afford the cost or time constraints of a college education. They need to work and BTI does not charge a tuition. And third, as biomanufacturing matures, college graduates will not want to do the repetitive critical tasks associated with “working on the factory floor.”  As it turns out, these assumptions were correct.

Those interested in this competitive program are put through a battery of academic tests followed by criminal background screening and a drug test to ensure employability prior to enrollment.   The curriculum at BTI called the Laboratory Associates Program lasts for 9-weeks and is Maryland Higher Education Commission approved.  The program is based on the principles of current good manufacturing practices (cGMP) which gives the graduates the best opportunities, whether they enter academic laboratories or biomanufacturing and learn to follow standard operating procedures (SOPs). The final capstone of the program is a paid internship designed to give a real-world experience outside of the BTI laboratories.

In 2006, BTI extended its outreach to be more inclusive and get more candidates into the employment funnel. To accomplish this goal, an additional program called BioSTART was introduced with much success.   BioSTART is a bridge program that lasts 6-weeks prior to the beginning of the Laboratory Associates Program. Now candidates enroll in our BioSTART to Laboratory Associates Program.  BioSTART accomplishes two objectives: it allows those with less math, reading or employment skills, gain critical competencies targeting success in the Laboratory Associates Program and during employment, and it provides an opportunity to learn what biotechnology is about in a slower paced environment.  The implementation of BioSTART has allowed BTI to expand its training and placement opportunities to many more motivated individuals.

The Laboratory Associates Program is all about hands-on skills that are applicable to many industries, such as biological laboratories, biomanufacturing, environmental and food testing, and bio detection.  As an example of the Laboratory Associates Program content, students start with the basics, such as hand washing SOPs and documentation.  Then move on to molecular biology topics such as DNA isolation, bacterial growth and polymerase chain reactions followed by almost 2 weeks of animal cell culture, including clean room gowning just to name a few of the topics covered in the BTI program.

What we have learned with our near 20 years of training the under and unemployed is the employer gains well-trained and prepared workers who have the necessary hands-on skills to fill laboratory positions with cutting edge companies. These opportunities are a win-win as the employer gains the necessary workforce and the employee is provided with a job that promises a future, fortifies families, and stabilizes communities while promoting economic growth for an expanding industry sector.

 

 

Posted by
Timothy W Fawcett
Author Bio
Timothy Fawcett, Ph.D. has been in the biotechnology business for over 30 years. Trained as a biochemist he has held senior positions in both academics and industry and has been a mentor to many young scientists throughout his career. For the last 13 years Dr. Fawcett has been the Director of the BioTechnical Institute of Maryland (BTI) a non-profit institute located in Baltimore, Maryland. He is also the Founder and Director of BioSciConcepts, a social venture of BTI that provides hands-on training for professional scientists in cell culture, baculovirus based expression, as well as topics such as molecular biology, PCR and real-time PCR. BioSciConcepts is an internationally recognized provider of expertise in cell culture and the biological sciences and has provided consultation services to several small and large biotechnology companies.