REDUCE YOUR

Cybersecurity Risks

Cybersecurity Banner

Small businesses are increasingly targets of cyberattacks. The latest data shows that 43% of all cyber attacks have been perpetrated against small businesses. About 60% of these small businesses lack the cyber resiliency to survive and cannot recover. (Verizon’s Data Breach Investigations Report) Cyber resilience is a business’s ability to prepare for, respond to and recover from cyberattacks. Limiting the impact of attacks, defending against them and continuing operations after attacks are all part of a business’s resiliency.

What is cybersecurity?

Cybersecurity processes and technologies help protect systems from unauthorized access and cyber crime. It is the protection of devices, applications and data that are part of an interconnected system.

Why does it matter?

Businesses with a strong cybersecurity plan are able to identify and mitigate risks and respond to threats and attacks, to reduce downtime and costs often associated with a cyber attack.

Where will it take me?

Cybersecurity planning raises the role of security in an organization, to ensure that all employees, including business leaders, take part in keeping data, devices, applications and processes protected from disruption.

Cybersecurity Rapid Assessment
Cybersecurity Rapid Assessment

The Cybersecurity Rapid Assessment enables organizations to take proactive, practical steps toward strengthening their cybersecurity posture while reducing the financial and operational risks associated with a potential breach.

Click to expand

A Rapid Gap Assessment is a structured engagement in which Industry Extension Services (IES) works with organizations to evaluate existing cybersecurity policies, practices and technical controls to identify critical vulnerabilities and areas of risk. Through this assessment, IES helps small- and mid-sized businesses define their operational environment, strengthen asset and user management practices, develop a comprehensive System Security Plan (SSP), and prioritize remediation actions that reduce risk while enabling informed investment in long-term cybersecurity resilience.

Topics covered:

  • Comprehensive review of the current cybersecurity environment, including devices, user accounts, software, policies and existing gaps
  • Identification of critical vulnerabilities and prioritized recommendations for rapid improvement
  • Cost-effective risk reduction strategies that help prevent costly cyber incidents and minimize operational disruption
  • Improved resource allocation by focusing time and investment on the most impactful remediation actions
  • Business continuity planning through greater awareness of cyber threats and potential operational impacts
  • Development of a sustainable cybersecurity culture focused on continuous improvement rather than one-time compliance efforts

    • Duration:

    Varies, ranging from 4-10 days
    Clients will be given long-term access to tools, resources, online training and documentation to support them in their cybersecurity journey.

    Format:

    A combination of on-site and virtual meetings

    Recommended For:

    Small and mid-sized manufacturing clients

    Contact your Regional Manager to schedule.

    Phishing
    How to Protect Against Phishing Attacks

    This on-demand cybersecurity course equips participants with practical knowledge and skills to recognize, prevent and respond to phishing attacks, helping protect both employees and organizations from costly cyber breaches.

    Click to expand

    This cybersecurity course is designed to provide participants with the knowledge to understand the specific risks posed by phishing and cyberattacks. Participants will learn cybersecurity basics, how to identify phishing attacks and how to avoid becoming a victim of a cyber breach. 

    This course is delivered on-demand, electronically. Learn how to identify phishing attacks, as well as how to avoid becoming a victim of a cyber breach

    Participants will:

  • Learn about cybersecurity phishing scams
  • Learn how to identify and avoid phishing scams
  • Analyze phishing emails
  • Learn tips and tricks for preventing scams

    • Topics covered:

  • Cybersecurity
  • Phishing
  • Best practices for email safety
  • Passwords
  • Malware
  • Multi-Factor Authentication
  • Training
  • Ransomware
  • Vishing

    • Duration:

    1 Hour

    Format:

    On-Demand, delivered electronically online
    This course is available online, 24/7. Upon approval of your purchase and successful check-out, you will be securely linked to this online course. The registration fee entitles a single user 180 days to complete the course from the date of registration. The instructional hours represent the estimated time to complete the online course, including exercises. However, actual times may vary from user to user.

    Recommended For:

    Anyone who works with computers, email, office settings and networked devices. The course is perfect for managers, owners, and other decision-makers in small- to mid-sized businesses in North Carolina and beyond.

    REGISTER ONLINE
    Cybersecurity 101 for Small Business
    Cybersecurity 101 for Small Business Course

    This on-demand course provides small and mid-sized businesses with a foundational understanding of today’s cybersecurity threats and practical steps they can implement immediately to strengthen their organization’s cyber defense and resilience.

    Click to expand

    This course provides a detailed overview of current threats to small business, keys to defense, and finally provides activities and resources that can be implemented today to ensure a stronger cyber posture. The course covers common threats like phishing and ransomware, risk management, business continuity and the use of documentation and policies to prevent cyber attacks.

    Participants will:

  • Be able to define the current cybersecurity issues facing small to mid-size businesses
  • Recognize the value of asset documentation and categorization
  • Be aware of the controls and policies that help protect people, data, and devices in their business
  • Have the ability to analyze their current incident response plan and make needed changes

    • Duration:

    1 Hour

    Format:

    On-Demand, delivered electronically online
    This course is available online, 24/7. Upon approval of your purchase and successful check-out, you will be securely linked to this online course. The registration fee entitles a single user 180 days to complete the course from the date of registration. The instructional hours represent the estimated time to complete the online course, including exercises. However, actual times may vary from user to user.

    Recommended For:

    Anyone in the professional world, such as staff who operate, maintain, or manage operational technology. This course is a 101-level course and has no prerequisites. It is designed with small to midsize businesses in mind, but can be utilized by employees in all job roles that interact with technology.

    REGISTER ONLINE
    Cybersecurity CMMC Webinar
    Cybersecurity and CMMC Webinar

    This webinar provides an overview of cybersecurity requirements and Cybersecurity Maturity Model Certification (CMMC), helping manufacturers understand how compliance strengthens security posture and supports competitiveness within the Department of War (DoW) supply chain.

    Click to expand

    Staying Competitive in a Crowded Field

    CMMC is an evolving standard that will help businesses stay secure and differentiate themselves from competitors. In this webinar, we’ll discuss the latest in CMMC, cybersecurity, and DoD contracting.

    Topics covered:

  • Where CMMC adoption is today
  • What the future of CMMC compliance looks like
  • How CMMC helps keep manufacturing organizations competitive

    • Duration:

    Less than 1 hour

    Format:

    Pre-recorded free workshop

    Recommended For:

    Businesses interested in CMMC, members of the DoW supply chain, companies interested in becoming part of the DoW supply chain

    WEBINAR
    DOWNLOAD FLYER
    How Much Breach Cost
    How Much Would a Cyber Breach Cost Your Business? Webinar

    This webinar examines the financial and operational impact of cyber breaches and helps businesses understand why proactive cybersecurity investment is critical to protecting operations, revenue and supply chain continuity.

    Click to expand

    The financial implications of a cyber breach can be staggering. A cyber breach can cause thousands of dollars worth of damage, and most businesses are not prepared to recover quickly, costing them more in downtime and possible supply chain disruption.

    During this webinar, we’ll discuss the cost of doing business in 2024, and why investing in defense is more efficient than paying to recover from an attack.

    Topics covered:

  • What is the current cyber security threat landscape
  • How much will it cost you if breached
  • Focusing on cyber security before an incident happens is more cost-effective and protects you from the many risks cyber-attacks pose

    • Duration:

    Less than 1 hour

    Format:

    Pre-recorded free workshop

    Recommended For:

    Anyone who owns or operates a small to midsize business or is vulnerable to a cyber leak.

    WEBINAR
    Cybersecurity Resources
    Cybersecurity Resources

    Click to expand

    Free Resources

    Mission Possible
    ACCESS NOW
    Mission 1
    ACCESS NOW
    Mission 2
    ACCESS NOW
    Mission 3
    ACCESS NOW
    Mission 4
    ACCESS NOW
    Mission 5
    ACCESS NOW
    DFARS CMMC
    DFARS Cybersecurity Requirements and CMMC

    Click to expand

    DFARS Cybersecurity Requirements

    DFARS Cybersecurity Requirements

    Clause 252.204-7012 – Safeguarding Covered Defense Information and Cyber Incident Reporting

    If your company provides products being sold to the Department of Defense (DoD), you are required to comply with the minimum cybersecurity standards set by DFARS.

    All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards. Contractors who do not meet these minimum standards risk losing their DoD contracts and losing out on future contract bids.

    This DFARS subpart applies to contracts and subcontracts requiring contractors and subcontractors to safeguard covered defense information that resides in, or transits through, covered contractor information systems by applying specified network security requirements. It also requires reporting of cyber incidents.

    DFARS provides a set of adequate security controls to safeguard information systems where contractor data resides. Based on NIST Special Publication 800-171 “Protecting Controlled Unclassified Information in Non-Federal Information Systems and Organizations”, manufacturers must implement these security controls through all levels of their supply chain.

    DFARS requirements also include developing a plan of actions and milestones (POAM) and system security plan (SSP).

    DFARS: Additional Resources:

  • DIBNet Portal: the official gateway for reporting cyber incidents for DoD contractors and sub-contractors
  • The DoD Frequently Asked Questions web page addresses common questions on the implementation of DFARS cybersecurity requirements
  • NIST documents for protecting controlled unclassified information in nonfederal systems and organizations:
    • Cybersecurity Section of website

    CMMC: Cybersecurity Maturity Model Certification

    The Cybersecurity Maturity Model Certification (CMMC) 2.0 aims to protect Federal Contract Information [FCI], unclassified information that is to be protected from public disclosure, and Controlled Unclassified Information [CUI], information that requires safeguarding or dissemination controls.

    While DFARS 252.204-7012 allowed businesses to “self-attest” to compliance with NIST SP 800-171, CMMC 2.0 will require businesses to demonstrate compliance according to a three-tiered maturity system which will require “triennial third-party assessments for critical national security information; annual self-assessment for select programs.” Any organization in the DoD supply chain that processes, stores and/or transmits CUI as well as any organization that provides protection for CUI/FCI are required to demonstrate their compliance with CMMC.

    There are three levels within the CMMC. The most common expectation will be for businesses to demonstrate compliance with level 2, demonstrating cybersecurity practices in line with the 110 controls within NIST 800-171 prior to being awarded a contract. The required level for a contract will be determined by the type and amount of CUI a contractor will handle during the contract and will be stated in the contract.

    CMMC: Additional Resources:

  • Project Spectrum
  • North Carolina Military Business Center Cybernc.us site
    • TRACKS-CN Logo
    TRACKS-CN: Resources for Students and Educators Cyber4RAM

    A new credential for cyber awareness at the convergence of robotics/automation and cybersecurity

    More Resources for Small Businesses and Manufacturers
  • NIST Cybersecurity Framework
  • Cybersecurity Small Business Corner

    • Join our mailing list. Stay Informed!

    SUBSCRIBE
    WRITE A GOOGLE REVIEW