Wisconsin Veterans Forward

How Cyber Security Compliance Can Help You Land Big Money DoD Contracts (Part 1)

June 27, 2022 Wisconsin Veterans Chamber of Commerce Season 2 Episode 146
Wisconsin Veterans Forward
How Cyber Security Compliance Can Help You Land Big Money DoD Contracts (Part 1)
Show Notes Transcript

(Part 1) If you want to land a big money DoD contract, you had better have your cybersecurity ducks in a row. Learn how businesses can shield themselves (and our country) from hackers with nefarious plans, while attaining new levels of compliance that could open doors to receiving lucrative DoD contracts.

We invite Scott Singer, President of CyberNINES, to discuss.

Connect with Scott here: https://www.linkedin.com/in/scottfsinger/

Learn more about CyberNINES: https://cybernines.com/

Questions? Comments? Continue the discussion by requesting access to our exclusive WVF Facebook Group.

⭐⭐⭐⭐⭐

Wisconsin Veterans Forward is brought to you by the Wisconsin Veterans Chamber of Commerce, a nonprofit organization that serves veterans and military families by supporting veteran owned and veteran-friendly businesses throughout the state. 

On behalf of our members, we serve as an advocate for Wisconsin’s veteran business community and promote economic opportunity for military veterans, military families, and veteran-friendly businesses.

Follow us on all platforms: https://linktr.ee/Wivetschamber

 

Intro & Outro Themes: 

Barry Dallas - I’m Gone (https://uppbeat.io/t/barry-dallas/im-gone)

Noise Cake - Light It Up (https://uppbeat.io/t/noise-cake/light-it-up)



Speaker 1:

Today on Wisconsin veterans forward today, we are talking about what tech has to do with, uh, with, with landing contracts and saving money as a business owner and all these amazing, beautiful, wonderful things that you wouldn't think would have anything to do with tech are cyber security in particular. But they do. I recently learned that if you want to get these big money, giant D O D contracts like these, these legit, you know, they're, groundbreakers like, like these, these are, these are the kind of contracts that really open up things for your business. Uh enduringly if you want those, you have to check a lot of boxes. It's not just you put in a bid and if it's, you know, the best thing for the least money, you get the job. Like you have to check a lot of boxes. And a lot of that now, a lot of those boxes have to do with cyber security compliance, like the do D isn't going to do business with you or hire you to contract, uh, anything or to provide products or services for them. If you are a vulnerability or a liability, or if you are going to make them or their assets or their people, or their process is vulnerable to an attack of some kind to, to, uh, to, if it opens up a cybersecurity vulnerability, you're not gonna get the contract. So they have to make sure that you check a lot of these boxes. I didn't know that. And I also didn't know that a lot of insurance companies are not gonna ensure your business in various ways. If you are not at least minimally cybersecurity compliant. And if you don't check a lot of those, those boxes, you may pay higher premiums with less coverage. That's not cool. So not only should you have your cyber security world kind of in order, I've learned in the last week and excited to learn more, uh, because obviously it's the safe thing to do to safeguard your company and your assets and your family, your personal assets. But also if you want to save money and get better coverage through your insurance premiums and potentially be compliant for state or federal contracts, you gotta have your cybersecurity ducks in a row. Folks. It's true. I didn't know that. And I'm really interested to learn more. Scott singer is the, the president, the head guy, the CEO of cyber nines. And they're a company that specializes in cyber security compliance, and they specialize in helping businesses benefit, become eligible for contracts. Save money, benefit in a myriad of ways from having their cybersecurity ducks in a row from being compliant. Joe May not sound like cybersecurity and cybersecurity compliance in particular is the sexiest thing in the world, but you know what it is, and it's way sexier than paying higher insurance premiums and getting less coverage. There are few things less sexy than high insurance premiums. Yikes. Folks excited to get into this with Scott, uh, uh, from cyber nines, right after this, you are listening to Wisconsin veterans forward. Wisconsin's premier audio resource for veterans, military families, veteran owned and veteran friendly businesses. Wisconsin veterans forward is brought to you by the Wisconsin veterans chamber of commerce@wwiveteranschamber.org. Very happy to introduce our friend Scott singer of cyber nine. How are you?

Speaker 2:

Good. Thanks for having me.

Speaker 1:

Yeah, you bet. So, okay. We'll, we'll cut right to the cybersecurity being a sexy thing that we were talking about that before the, before the show, uh, cybersecurity compliance, what brought you to cybersecurity compliance? Were you growing up? And you were like, you know, when I grow up, I'm gonna be a, you know, I'm gonna work on cybersecurity compliance. What brought you there?

Speaker 2:

Wow. I don't even know how to answer that question.<laugh> um, cause it's such a long journey to get to the place where I got to now. So I've got a 50 page, um, PowerPoint presentation, Adam, that I thought I'd bring up and kind of talk through that journey with you. Will that work?

Speaker 1:

You were serious at first? I didn't, it's like, I really dunno how to handle this situation right

Speaker 2:

Now.<laugh> no. So, um, you know, I was 30 years in the Navy. I had a couple jobs in the Navy where, um, one job, I was the executive officer for a reserve cybersecurity unit and Pacific fleet. That was really interesting, got me interested in it, but most of my career has been in it. And, um, I spent 16 years with Medtronic, a medical device company around it. And you know, when we started, it really, wasn't a massive thing. Um, you know, just getting hacked in cybersecurity. Wasn't an issue because it, wasn't kind of a sexy place to be, I guess at some point now it's a way to make money and for the bad guys. And so over time, um, I've just gotten really interested in it. The last 10 years I worked for a defense contractor and, um, I just saw the regulations growing and growing and companies getting hit. Our company got hit really bad from, uh, an attack from a certain other country that wanted all of our stuff on how to build aircraft carrier elevators, wow. To take planes up to the flight deck. And so that really, that really got to me to be honest with you, and that's really where this started. So that's kind of how I got to this place. And then after I left my last company about a year and a half ago, started cyber nines with a company in town called five nines. We joined forces and started cyber nines. And, um, we've been pretty busy since then.

Speaker 1:

I believe it are we, uh, as business owners or as individuals who use the internet, are we in more danger now than ever before?

Speaker 2:

Uh, that's a good question. I think it goes up and down. I think there's a L a lot more people understand. Um, what happens when you click on an email these days everybody's aware of phishing emails and you know, probably that email from the Nigerian prince really isn't gonna get you anymore. Right. Um, however, the emails have gotten much better too. Um, and they're harder to tell whether, um, it's a spoofing email or not. And so I would say it's kind of been, um, it's a growing, you know, business, unfortunately. Yeah. Um, there's actually ransomware as a service, you know, you've, I don't know if people have heard software as a service or things

Speaker 1:

Like that. Ransomware as a service,

Speaker 2:

There is a whole market out there for ransomware as a service. So you don't have to be a brainiac these days to really make money, uh, with ransomware, you can actually rent it. And the people you're renting from gets the money and the person doing the attack gets the money. So it it's a big problem.

Speaker 1:

That's crazy. Am I, so let's say I live in rural Idaho and I have, uh, you know, a satellite internet connection. Uh, I've got a small business. Do I have to worry about a cyber attack? It couldn't possibly happen to me. Right.

Speaker 2:

You know, I actually think, um, they're more susceptible in a lot of ways to getting hit with a ransomware attack. You know, there's different approaches, you know, there's the, the spray and prey kind of attacks that just go out and anybody, you know, lots of people get the messages and they get hit. And then all of a sudden your screen, you know, your computer goes, a screen comes up saying, please pay this$10,000 Bitcoin to this address, or we're gonna delete all your data that happens all the time. And, you know, so those small businesses, the best thing you can do is back up your data. And even if it's as simple as using a USB drive key or mobile, you know, mobile storages device, plug it into your computer, you know, once a week, every other day, however, you know, you have to sort of think about how long can I be, you know, dead in the water without my data. Can I go two days, three days, four days, you know, it depends on your business model. Um, so it depends, you know, if you're taking lots of transactions, you need lots of backups. Right, right. But if you're taking like an order a day or an order every few days, then you don't have to back up your data as fast, but back it up. And then the thing is, don't leave your backup connected to your computer Because if you get hit by ransomware attack, it's gonna crawl right up that backup.

Speaker 1:

Interesting. My, my backup is always plugged in. It's probably a bad idea.<laugh> probably a bad idea. Um, I will rectify that right after this. Uh, so, so you work with folks on ensuring up their cybersecurity specifically, um, you know, obviously for their, their personal, their business safety, but so they can be compliant and being compliant, having your ducks in a row from a cybersecurity standpoint, so to speak, uh, there's actually finan potential financial benefits to that. And we'll talk about, you know, contracting in a minute, but you mentioned insurance as well. Uh, can you touch on that for a bit?

Speaker 2:

Sure. Uh, and this comes back to the, just the number of ransomware attacks that have had, um, insurance companies have gotten better at understanding how to underwrite policies and the risk involved with underwriting, these policies. And they don't want to take on the risk. Um, when companies don't have those good backups, they aren't using multifactor authentication. You know, when you get that code back on your phone that says, put this number into this program, mm-hmm,<affirmative>, that's multifactor authentication. And so if you're not using tools like that, they don't want Toure you. And so there's companies that are just not getting cyber cyber security insurance anymore because they haven't completed these, these items.

Speaker 1:

Interesting. So, so now the, the insurance companies know if you're sured up and if you're not, if you could be a liability, they're just either, they're either gonna charge you through the nose for less coverage or just not cover you at all.

Speaker 2:

Correct.

Speaker 1:

How does someone then become minimally compliant? I mean, I've got, let's say I'm a business owner. I'm that same business owner in rural Idaho. Um, I have McAfee, you know, virus protection on my computer. Is that enough?

Speaker 2:

No, it's not gonna be enough. Uh, the first thing is that's gonna happen is that when you go try and get an insurance policy for your company and, and keep in mind a lot of these mom and pop businesses that you kind of started with here, um, they, they don't necessarily, um, think about even getting a cybersecurity policy. Mm okay. Tends to be, you know, more of the, the larger to mid-size businesses that even do this. However, um, you're gonna get a form that is the insurance. Company's gonna send you a form when you ask to get some insurance policy and it's gonna have some requirements on it. Right. And the key thing is not to just fill out that form and say, yeah, yeah, yeah, we're doing all that stuff. No, you know, that's not the right place to go. The place to go is most of these companies are also gonna be using a managed service provider. And that's the place to start, you know, go to your managed service provider with your form. Or obviously you can come to a company like cyber nines too, but, you know, get some help with it. Okay. And you know, it's gonna cost you a little money to walk through these things, but the real basic cyber hygiene items that we're talking about here, it's again, it's that multifactor authentication, it's backups, it's complex passwords, it's changing passwords. It's, it's just things that you should be doing blocking and tackling your cyber security hygiene. And, um, but that external provider, that company that you're using to help with the I T they can help you figure out how to, you know, fill that form out. And it, it shouldn't be very expensive,

Speaker 1:

So it's not arduous and like prohibitively expensive to just make sure that you're protected and people probably should do it anyways, regardless of what size business you have.

Speaker 2:

Of course I, and you know, one of the couple things I didn't talk about, but it's things like virus, software, firewalls, keeping all those things current, right. It's when you get that request to update your desktop, whether it's windows 10 or windows 11, you gotta do it. You gotta keep all those things current.

Speaker 1:

Right. Make sure you're you're you got all your OS updates, so you're not vulnerable to an attack. And, uh, do you need a dedicated it person on staff to, to be constantly on the lookout? Uh, I mean, if you have a medium or, or larger size business, I mean, you have to have folks on staff, right?

Speaker 2:

No, again, the model really is going to outsourcing. There really is a lot. I mean, as the companies get bigger, you see more people on site. I mean, we've worked with a lot of companies and we really don't see onsite it people until you start getting into companies that are like above a hundred people, sixty, seventy, a hundred sixty, seventy people, then we start seeing regular onsite staff. So there really are a lot of companies that are using these outsourced it companies to do that work. So

Speaker 1:

Interesting. Let's so let's talk about contracting. So for, uh, we talk all the time about getting veteran own businesses, getting them obviously certified as veteran owned or service connected, disabled veteran owned businesses, getting them into diverse supply chain pipelines, getting them into state and federal government, uh, contracting pipelines. So they can land those lucrative opportunities to provide their services or their products to the department of defense, to the state, to the corporate entities. Um, and I, I know that there are things, obviously you have to be able to provide the service that they need at the cost that is, you know, the most cost effective for them, but I hadn't considered the compliance end of things. Is that relatively new, uh, at least from a federal standpoint, to get those, those, uh, those contracts. Good question. Other Adam, we're gonna find out the answer to that question and more in part two, the very next episode of Wisconsin veterans forward, it's there waiting for you. Let's go. Thank you for listening to Wisconsin veterans forward brought to you by the Wisconsin veterans chamber of commerce. Please visit us@iveteranschamber.org. Don't forget to subscribe to this podcast, leave a rating and review in whatever platform you're listening through.