What is ITAR Compliance?

The Department of State is responsible for ITAR.

ITAR Defined

International Traffic in Arms Regulations (ITAR) control the export and import of defense-related articles and services on the United States Munitions List (USML). According to the U.S. Government, all manufacturers, exporters, and brokers of defense articles, defense services, or related technical data must be ITAR compliant. Therefore, more companies are requiring their supply chain members to be ITAR compliant as well. In General:

For a company involved in the manufacture, sale or distribution of goods or services covered under the USML, or a component supplier to goods covered under the United States Munitions List (USML), the stipulation or requirement of being “ITAR certified (compliant)” means that the company must be registered with the State Department’s Directorate of Defense Trade Controls (DDTC) if required as spelled out on DDTC’s web site and the company must understand and abide by the ITAR as it applies to their USML linked goods or services. The company themselves are certifying that they operate in accordance with the ITAR when they accept being a supplier for the USML prime exporter.

In other words, companies must register with the DDTC and know what is required of them to be ITAR compliant and then certify that they possess that knowledge.

What Does the ITAR Mean For My Company?

Overall, it is important to understand that registering with the DDTC to sell your products or services in the ITAR industry is not enough; you must be sure not to violate ITAR compliance regulations. The expectation is that you are educated and trained in ITAR regulations. Keep in mind that ITAR violations may result in criminal or civil penalties, being barred from future exports, and/or imprisonment, including:

  •  Civil fines as high as $500,000 per violation
  •  Criminal fines of up to $1,000,000 and 10 years imprisonment per violation

ITAR Compliance and Manufacturing Companies

As an important U.S. export control law, the ITAR affects the manufacture, sale, and distribution of technology. The goal of the legislation is to control access to specific types of technology and their associated data. Overall, the government is attempting to prevent the disclosure or transfer of sensitive information to a foreign national. As a result, ITAR can be challenging for global corporations, since data related to specific technologies may need to be transferred over the internet or stored locally outside of the United States in order to make business processes flow smoothly. The obligation lies with the manufacturer or exporter to take the necessary measures and steps to certify that they are, in fact, meeting ITAR compliance requirements.

Specifically, ITAR [22 CFR 120-130]:

  •  Covers military items or defense articles
  •  Regulates goods and technology designed to kill or defend against death in a military setting
  •  Includes space-related technology because of application to missile technology
  •  Includes technical data related to defense articles and services
  •  Involves strict regulatory licensing and does not address commercial or research objectives

ITAR Data Security Recommendations

Now that you know the significance of ITAR Compliance and the penalties of failing to comply, it is important to understand how to secure your ITAR-controlled data. While data security will have different requirements for every company, here are some best practices to follow in securing ITAR data:

  •  Maintain a formal information security policy
  •  Build and maintain a secure network by installing and maintaining firewall configuration to protect data and avoiding the use of vendor-supplied passwords and other security defaults
  •  If your company is owned, or has investors from outside of the United States, you must ensure that their access is strictly limited
  • Assign a unique ID to each person with computer access
  •  Regularly test security systems and processes
  •  Protect sensitive data with encryption
  •  Regularly monitor and test networks
  •  Implement strong access control measures
  •  Track and monitor all access to network resources and sensitive data
  •  Maintain a vulnerability management program
  •  Implement measures to prevent the loss of ITAR-controlled data

This list is not exhaustive, but is meant to provide a starting point for securing sensitive data and meeting ITAR compliance. By following and adopting these measures to your company’s needs, you can ensure that ITAR data is still accessible where it needs to be while staying protected against loss or unauthorized access.

Diverse Tech Services has significant experience in assisting companies with ITAR compliance. We work with manufacturers to ensure their company meets the stringent documentation and security requirements.

Call 317-524-5700 or e-mail Sales@DiverseTechServices.com to learn more.

 

What to Watch For – Ransomware Attacks

TeslaCrypt is one of the most prevalent ransomware attacks in the US

Ransomware – What You Need to Know

Diverse Tech Services has noticed a sharp increase in attempted ransomware attacks over Q1 and Q2 2016.  These attacks are primarily initiated through e-mail attachments, but also through social media websites linking to infected websites. Websites like Facebook, Twitter, and Pinterest are susceptible to these attacks by linking users to outside web addresses.
What does ransomware do?

There are different types of ransomware. However, all of them will prevent you from using your PC normally, and they will all ask you to do something before you can use your PC.

They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider.

Ransomware can:

  • Prevent you from accessing Windows.
  • Encrypt files so you can’t use them.
  • Stop certain apps from running (web browser, anti-virus).

Ransomware will demand that you pay money (a “ransom”) to get access to your PC or files. We have also seen them make you complete surveys.

There is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.

How to protect yourself?

  1. Be cautious about unsolicited attachments
    The crooks are relying on the dilemma that you should not open a document until you are sure it is the one you want, but you cannot tell if it is the one you want until you open it. If in doubt, leave it out.
  2. Do not enable macros in any document attachment received via email
    Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of malware infections rely on persuading you to turn macros back on, so do not do it!
  3. Regularly backup your important files
    There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. If your company has a share drive or file server, make sure to save your important files there. Often saving them to “My Documents” or to the “Desktop” does not ensure that they are backed up.

 

How does ransomware work?

Ransomware is computer malware that installs covertly on a victim’s computer, executes a cryptographic attack that adversely affects it, and demands a ransom payment to restore it.

Simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, and display a message requesting payment to unlock it. More advanced malware encrypts the victim’s files, making them inaccessible, and demands a ransom payment to decrypt them. The ransomware may also encrypt the computer’s Master File Table (MFT) or the entire hard drive.

Thus, ransomware is a denial-of-access attack that prevents computer users from accessing files since it is intractable to decrypt the files without the decryption key. Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate file.

 

How does Diverse Tech Service stop the threat?

Diverse Tech Services utilizes the latest in security tools. We work to block all threat vectors to ensure total protection. When it comes to stopping these advanced threats in their tracks, we rely on our Email Security Service, or ESS.

ESS is a comprehensive and affordable cloud-based email security service that protects both inbound and outbound email against the latest spam, viruses, worms, phishing, and denial of service attacks.

Whether you manage your own mail server such as Microsoft Exchange or use a hosted service like Microsoft Office 365, Spam and viruses are blocked in the cloud prior to delivery to your network, saving network bandwidth and providing additional Denial of Service protection.

Seven Reasons Manufacturers Need Managed Services

  1. Skilled Resources: With an experienced managed services partner, manufacturers gain access to technologists with diverse experiences and depth of knowledge that can help them balance their IT needs with effectively running a manufacturing business.
  2. Lower Costs: These experienced, efficient technology experts are likely a fraction of the cost of full-time employees staffed round the clock thanks to managed services’ shared resource model.
  3. Best Practices: No more cutting corners. Professional managed services providers (MSPs) adhere to proven industry standards like the Information Technology Infrastructure Library’s (ITIL v3) best practices; Companies that operate on a global basis should also be able to deliver a common services platform that is consistent across all geographies, yet is flexible enough to meet unique regional needs.
  4. Proactive vs. Reactive Management: MSPs can offer detailed performance reviews that allow manufacturers to examine operational analytics and address issues proactively before a major service outage is experienced.
  5. Guaranteed Uptime: Using a managed services provider reduces the risk of downtime by properly managing physical, storage, and fixed network assets.  All changes are captured in an auditable configuration management database (CMDB) for compliance purposes, and stringent SLAs can be custom tailored to the organization’s needs.
  6. Predictable Costs: By embracing a managed service model, manufacturers can simplify budgeting with more predictable monthly costs for technology management.
  7. Time Savings: Knowing that they have a robust, reliable infrastructure in place puts the manufacturer’s struggle of prioritizing IT needs in the past. Previously overworked IT employees can now redirect their efforts to more value-added activities, focusing their time and attention on supporting business initiatives and building competitive advantage.

Touch on a frustration? Spark an interest? Reach out today! Call 317-524-5700 to learn more about Diverse Tech Services proven solutions for manufacturers.

Four Things That Happen When You Outsource

Upon partnering with an independent IT service, many changes are put into motion. With this newly acquired support system available to your company, the way in which you conduct business will be affected for the better. Here are just a few examples of what to expect after outsourcing your IT team.

You reduce labor costs.
Hiring and training new IT staff can become very expensive. Outsourcing lets employers focus their resources where they need them most, minus the training costs.

You level out the playing field.
Most small businesses cannot afford to staff the same amount of in-house support that you find at bigger companies, but when utilizing an independent IT support team, they gain access to the technology and expertise capable of keeping them neck-and-neck with bigger companies.

You stay focused on what matters most to your business.
Every business, no matter how large, has limited resources. Managers only have so much time to give. Outsourcing allows these managers more freedom to focus on their day-to-day priorities head-on, without the hassle of having to resolve technological issues themselves. By allowing a qualified managed services provider to handle your IT, this frees up your resources to concentrate on the areas that bring growth and success to your business.

You can implement new technology. Now.
An organized IT service has the resources and the ability to start new projects for your company right away. Taking on the same project with an in-house team could take weeks, burning time as you look for hires and money as you train your new members. When you outsource, your project can be tended to without bringing everything else to a halt.

Have an IT project planned in 2016? Looking to protect your data? Perhaps you need technology infrastructure management; Diverse Tech Services has you covered. Call us at (317) 524-5700 today for a free network audit and technology analysis.

Diverse Tech Services Website Update Enhances The User Experience

Diverse Tech Services announced today that the DiverseTechServices.com website point release 2.0 has been rolled-out in beta. Each release will provide better access to up-to-date and actionable information, as well as trends and resources related to Managed IT, technology solutions, and evolving best practices in the alignment of IT infrastructure with organizational objective.

The website design refresh includes user experience enhancements, new content about products and services, along with additional features to support external clients and internal staff. Prior site visitors should empty their cache and refresh browser to view the new content.

The newly designed website will bring all products, support services, user resources, and IT information together under one portal, enabling clients, industry analysts, media contacts and internal staff to quickly access our extended 24/7 help desk services and ticketing systems. Navigation will be much easier to use. Other improvements include changes to security layers, additional connections to social and collaboration platforms, and more.

The company will be gradually rolling out additional website changes over the next few months, and visitors are encouraged to check back frequently for news and updates – and contact the website development team to provide user feedback and recommendations which will support continuous improvement processes for future releases.

Running Your Business From Your Phone

If you are a manager or owner of a company, your life is probably spent in meetings, answering emails, traveling, and a whole slew of other responsibilities. For many, work may take you out of the office, which means running your business can become even more complicated than it already is. Thankfully, today’s technology filled world means that running your business form your phone is completely possible. With so many apps available to schedule your time, manage your tasks, and stay connected to your work, it really is possible to run your business from your phone. Here are a few ways you can do this:

Read more

Business Security: Keeping Your Data Secure

Keeping your business protected is about more than the physical locks you keep on the front doors or on the filing cabinets. It involves have passwords on computers and networks, having firewall protection, and having a plan in place for data disasters. Keeping your data secure is vital to keeping your business secure, but how can you do that? How can you protect your data in today’s technology driven world? Here are just a few ways to start protecting your data:

Read more

Selecting a New ERP System

Whether you are looking for a new enterprise resource planning system or are looking to purchase your first one, there are specific elements you need to look for. Your ERP system allows you to collect, store, manage and interpret data from a variety of business activities. Through this data, you can improve your processes, plan products, and increase/manage your manufacturing and service delivery. Without an ERP system, you could be looking money, productivity, and other critical resources. However, choosing the wrong ERP system can be just as detrimental. As you begin the search for a new system, here are a few things to keep in mind:

Read more

The Benefits of Going Paperless

For many businesses, technology is becoming more and more integrated into their daily processes. From generating reports to tracking data, technology makes our lives easier. However, many businesses still rely on paper for many tasks and projects. While going completely paperless may not be an option for you, there are certainly great benefits of going paperless, or, at least, relying less on paper than in the past.

Read more

How to Use a Password Manager

If you are like most, then you probably have multiple passwords that you use on a daily basis. From unlocking your computer to accessing your email, you should be using different passwords for every account you have. By using multiple passwords, you are creating a better security wall and protecting yourself even more. However, keeping track of all of those passwords can be tedious. Luckily, password manager can store all that information securely for you.

Read more