Categories
Insight

Sim Swapping: It’s Not as Fun as It Sounds

cybersecurity

Sim Swapping: It’s Not as Fun as It Sounds

Cybersecurity continues to dominate IT news, with one of the industry’s premier cybersecurity companies, FireEye, getting breached recently by nation-state hackers from a country with “top-tier offensive capabilities.” How can organizations protect themselves from bad actors when security companies struggle to? Having implemented some of the most stringent cybersecurity protocols for the Department of Defense, our experience has proven that a wide range of authentication solutions from short message service (SMS) and two-factor authentication (2FA) to true multifactor authentication (MFA) using hardware tokens can protect your enterprise from cyber criminals. That said, it is important to understand that all authentication, using SMS or not, is ultimately “hackable.” The level of effort required to execute a successful attack, and whether a capable adversary is motivated to execute it, is what determines if your data will be safe.

Despite appearing like simple fixes, 2FA and MFA have proven to be effective methods to prevent breaches while complying with industry and government standards such as CMMC and HIPAA. When choosing an MFA option, there are multiple factors to consider and, as with all cybersecurity options, decisions are based on a risk/benefit analysis. Authentication “factors” are broken down into three types of information the user provides: something they know (username and password), something they are (biometrics) or something they have (a hardware token). If two of these types of factors (2FA) are used, it makes for a strong protocol. If all three factors (MFA) are used, the greatest protection is achieved.

When implementing MFA, SMS based options are very attractive based on their ease of use, simple implementation, and low cost because SMS is standardized across the telecom industry and used by anyone with a smartphone. SMS 2FA sends a one-time password (OTP) to a user’s cellphone, which serves as the “something you have.” The problem with SMS 2FA is that an adversary can easily pretend to have your cell phone using a technique called Subscriber Identity Module (SIM) swapping. In the past, SIM cards were physical hardware that served as the identity of a phone. Today, SIM cards are represented digitally and can be transferred from phone to phone with little more than a phone call to the cellular provider. Using a combination of social engineering and phishing attacks, an adversary can impersonate a target’s SIM card and authenticate using the texted OTP.

It is helpful to look at the types of attacks used to beat SMS 2FA. The most common technical attacks involve session hijacking. An adversary will attempt to steal a session token by intercepting communications from the victim. This is known as a Man-in-the-Middle (MITM) attack. Also, if an attacker has access to an endpoint, known as Man-in-the-Endpoint (MITE), stealing session cookies is insignificant because the attacker has full control to execute any attack at his disposal. Understanding how adversaries will often use the path of least resistance is critical to businesses. In this regard, phishing and social engineering are the greatest risk to SMS 2FA. Simply by learning the target’s cellphone number, email, and some other identifying information, an attacker can call the victim’s service provider and transfer the target’s SIM information to their device.

The key to enterprise security is working with a partner who has the experience necessary to navigate risk-based decisions such as the use of SMS for 2FA. Nolij helps organizations prevent these attacks by explaining how these tactics are used, the precautions needed to mitigate the attacks, and by providing consistent phishing training to staff. For example, the best practice to decreasing any SMS swapping attacks is not to include a cell phone used for authentication messages in the email signature block. If attackers do not know your number, they cannot impersonate you. Additionally, using an authenticator app is a good solution because it requires an attacker to have physical access to a device. In cybersecurity, the goal is not to find a perfect solution, but to make hacking a system more trouble than it is worth. If a high degree of technical knowledge is necessary to conduct an attack, it may deter bad actors from trying at all. As the saying goes, “An ounce of prevention is worth a pound of cure.” 

Categories
Uncategorized

Voices of Nolij: Celebrating Women’s History Month

Leo Faal

Voices of Nolij: Celebrating Women’s History Month

In celebration of Women’s History Month, Nolij would like to acknowledge and honor the extraordinary women who keep our company growing year after year. Leo Faal, a financial analyst, exemplifies every woman who does not let her circumstances deter her from fulfilling her ambitions and following her dreams. Thank you Leo for making the brave journey from The Gambia and contributing to the success of Nolij through your skills, dedication and energy.

“I arrived in New York City in 1990 from the small country of The Gambia in West Africa when I was 17 years old. My ideas of the United States were shaped by movies that celebrated America as a land of possibility and I dreamed of moving here one day to better my life. As a small country, Gambia did not offer many advanced educational or career opportunities after high school. I am the youngest of seven children and lost my father when I was four years old. It had been drilled into me by my hardworking mother that education is the key to a successful life. My cultural education began in New York City, where I found everything to be big, exciting, and a little scary—especially the busy highways! Within months of moving to the United States, I was very fortunate to find a wonderful family who gave me friendship, a home, and a college education. I lived with my new adopted family for 12 years before getting married. After I got married, I became a stay-at-home mother to my two children for 16 years. Although I previously held retail sales positions at stores like Nordstrom, Nolij helped launch my career in finance. I began as an adult intern in the finance department and then transitioned to a full-time financial analyst. As a mature woman entering the job market for the first time, Nolij, a woman-owned company, gave me an extraordinary opportunity to grow professionally. Nolij supports and understands women’s life circumstances and the choices we make because of our families. As my teen daughter now starts her educational journey as a Frederick Douglass Distinguished Scholar, I echo my mother’s words to her often—’education is the key to the whole world and it’s never too late to make your dreams a reality.’ ”

Leo Faal,
Financial Analyst

Categories
Leadership Thoughts

Partnerships Are a Path to Success

partnership blog by ashley mehta

Partnerships Are a Path to Success

At Nolij, we value our partnerships. As a woman-owned business, strategic business partnerships have enabled Nolij to grow our customer base, improve our business and expand our service offerings. But before entering a partnership, you must ask yourself what the purpose is in forming a business relationship. Besides gaining new customers, there are many reasons why a small business enters a partnership: reach a new market, access to new products, strengthen a vulnerability or brand alignment. In the case of Nolij, we have successful professional relationships with consulting firms to win contracts, solve technology and business problems and expand service capabilities.

There are many types of partnerships, at varying levels, that help organizations grow and succeed. For example, we have relationships with service-based organizations, product providers and other consultancies to form joint ventures. We also partner with business process outsourcing companies (BPOs), like Paylocity, Cigna, and PB Mares, that provide operational support to Nolij. BPOs are invaluable and free up executive management to focus on business operations, strategy and customers. Despite the different types of partnerships, they are united by a similar customer profile.

Nolij has recently formed three new joint ventures to expand service offerings to our customers. Our joint ventures capitalize on synergies and bring together under one roof leading-edge emerging technologies that create economies of scale, efficiency, and security for our customers. Joint ventures and partnerships in general benefit all parties involved in that partners complement each other’s capabilities while saving customers time and expense. For example, through a successful partnership with a parallel IT consultancy, Nolij was able to implement an artificial intelligence contract tool for the Department of Health and Human Services (HHS) to transform its procurement processes and save millions in costs across the enterprise.

For each of our projects across different verticals, program offices and agencies, we form a pool of partners where our combined diverse capabilities best serve the needs of our clients. For the Department of Defense’s large-scale multi-year electronic health record (EHR) modernization project, we partnered with product solutions companies that brought added value. Nolij and our partners worked in tandem to modernize the EHR system, optimize workflows, create innovative ways for the system to communicate, and improve the continuum of patient care. In working with Department of Homeland Security clients, we leveraged our skills, in conjunction with automation products from partners, to enhance the Custom Border Protections systems. Our partner philosophy allowed this agency to dramatically improve and strengthen its automation testing skills.

A very important element in any partnership is the ability to deliver. Nolij works with many subcontractors, whether they are minority, veteran, or women-owned companies, that have the credentials, skills and maturity needed to help win a contract and successfully complete a project. Once a partnership is launched, it is crucial to honor contractual agreements.

Throughout our nine years, we have enjoyed effective partnerships that have been founded on mutual respect, transparency and honesty. Every day we continue to collaborate, be open- minded, flexible and fair with our teaming partners. At the end of a project, it is gratifying to celebrate success jointly with our colleagues and recognize each team’s strengths. 

Categories
Uncategorized

Nolij Donates 1,000 Power Packs to Fight Childhood Hunger

Nolij Donates 1,000 Power Packs to Fight Childhood Hunger
Nolij Donates 1,000 Power Packs to Fight Childhood Hunger

Nolij Donates 1,000 Power Packs to Fight Childhood Hunger

 

In Fairfax County, 1 in 13 children lives in poverty with 28 percent of students relying on free and reduced-price school breakfast and lunch for their daily meals. Because of the Covid-19 pandemic, children have been especially vulnerable to food insecurity. At Nolij, we believe that healthy children and strong families are the backbones of our communities. In partnership with Food for Others, Nolij employees recently contributed 1000 Power Packs to their food program initiative, The Power Pack Program. The Power Pack Program delivers assembled packs to 20 different local elementary schools. These packs provide children food for the weekend. Each power pack consists of two items each for breakfast, lunch and dinner, plus two snacks and two drinks. Nolij employees were able to assemble power packs from the safety of their homes.

“I am grateful that Nolij employees were able to help children in our community because this is where we work and live. Food insecure children are not strangers; they attend school, play on the same sports teams and participate in activities with our own kids. I feel a strong sense of duty, as a corporate citizen and mother, to help fight childhood hunger and bring attention to it.” –Ashley Mehta, President & CEO, Nolij Consulting.

We encourage other organizations to give back to their communities and help our next generation thrive so that together we can build a more vibrant future for all of us. If you would like to learn how you can make a difference or want more information on the Power Pack Program, please visit foodforothers.org. 

Categories
Uncategorized

Voices of Nolij: Celebrating Women’s History Month

Ona Dashpuntsag

Voices of Nolij: Celebrating Women’s History Month

In celebration of Women’s History Month, Nolij would like to acknowledge and honor the extraordinary women who keep our company growing year after year. Ona Dashpuntsag, a Human Resources Manager, exemplifies every courageous woman who follows her dreams and is undeterred by challenges. Thank you Ona for making the brave journey from Mongolia and making Nolij a much richer place.

“I belong to one of the last nomadic groups in the world, and I have always wanted to travel the world to explore and learn. When I was 19 years old, I decided to move to the United States to pursue better opportunities. Coming from a society where multigenerational families live together, and young women don’t usually leave home until marriage, I had to be strong and self-reliant. It was a difficult transition moving to a new county, learning a new language, and adapting to a new culture and society. Growing up, I dreamed of America as a magical place of freedom, prosperity, and full of opportunities. America has lived up to my hopes and fulfilled its promise that hard work, talent, resourcefulness, and initiative get rewarded. I could not see my family in Mongolia for the first six years, but I was fortunate enough to meet many wonderful people at Nolij who made me feel at home. Nolij has helped me to become the person I am today. I joined Nolij in 2015 as an intern supporting the HR team, and I am currently an HR Manager and oversee benefit administration, payroll, onboarding, and offboarding. Like my fellow Americans, I am hopeful and continue to focus on what the future will bring.” 

Ona Dashpuntsag
Human Resources Manager

Categories
Uncategorized

Voices of Nolij: Celebrating Women’s History Month

Voices of Nolij: Celebrating Women’s History Month

In celebration of Women’s History Month, Nolij would like to acknowledge and honor the extraordinary women who keep our company growing year after year. Jodi Kim, a junior software tester, exemplifies every remarkable woman who has a story to tell and gifts to share with the world. Thank you Jodi for your dedication and contributions.

“As a first generation Korean-American, I have inherited a strong work ethic from my parents and grandparents who emigrated from Seoul. When they came to the US, my grandparents initially struggled a great deal before they started a dry cleaning business and instilled this spirit of perseverance in my mother and me. My mother, despite being over-shadowed in a largely male-dominated field for years, now heads her own government contracting IT consultancy. I am fortunate to have started my career at Nolij because I am actively mentored, my opinions are respected and my voice matters. In fact, working in IT has led me to change my career path from health sciences, my college major, to technology and follow in my mother’s footsteps.”

Jody Kim
Junior Software Tester

Categories
Insight

Is A Post-Implementation Review Critical to Project Success?

Is A Post-Implementation Review Critical to Project Success?

Finishing a project in IT does not mean the same thing as ending the project management timeline. A Post Implementation Review (PIR) is conducted after completing the project and is one of the most important aspects of the project life-cycle because it ensures that the organization benefits from the project’s outcome. The objective of system enhancements and software upgrades is not an end in itself but rather to address the specific business needs. It is for this reason a PIR is crucial to a successful project. A PIR evaluates whether project objectives were met, how effectively the project was run, lessons for the future, and the actions required to maximize the benefits from the project outputs. This, no doubt, is the real measure of success.

In 2020, for example, Nolij was tasked by the U.S. Department of Agriculture (USDA) Foreign Agriculture Service (FAS) to do an independent PIR of their mission-critical Integrated Management Administrative Resource Tool (iMART) and their Production, Supply, and Distribution (PSD) systems after enhancements had been made. In collaboration with two FAS stakeholder groups, a team of senior business analysts from Nolij analyzed months of data to determine whether critical FAS business processes were being supported and help decision-makers improve investment decisions. The primary benefit of iMART to FAS is its unique ability to manage and integrate USDA’s strategic planning with human resources, logistics, and financial activities associated with overseas operations. The PSD system underpins the critical analysis and market intelligence that is foundational to the FAS mission of expanding U.S. agricultural exports through trade policy initiatives, marketing activities, and trade capacity projects. The PSD is the primary data system for global agricultural production, trade, consumption, and stocks.

Nolij analyzed months of data from PSD and iMART and provided recommendations on IT architecture, project management, customer acceptance, business process support and boosting high-performance in the workforce. Additionally, the concluding report included:

  1. Evaluation of return on investment (ROI) to date; an objective cost versus anticipated savings appraisal
  2. Assessment of enterprise architecture, IT infrastructure and system functionality by measuring performance, security risks and mitigation strategies
  3. Determining impact to stakeholders by evaluating business process support and FAS investment decision-making processes for IT projects

Working on the PIR for USDA was a wonderful collaborative opportunity for the Nolij business analyst team as demonstrated by the praise received from the FAS PSD project manager: “Thanks for the high-quality effort and results!” For Nolij, helping customers reach their business goals defines our success.

Learn more about Nolij Consulting and how we can advance your business goals at Nolijconsulting.com.

Categories
Leadership Thoughts

Nolij Consulting LLC awarded the Department of Homeland Security, U.S. Customs and Border Protection, Test Automation Support Services Task (TASS)

G2 Xchange awards

Nolij Consulting LLC awarded the Department of Homeland Security, U.S. Customs and Border Protection, Test Automation Support Services Task (TASS)

Nolij Consulting LLC, “Nolij”, awarded the Department of Homeland Security (DHS), U.S. Customs and Border Protection (CBP), Test Automation Support Services Task (TASS), a 4-year contract. Nolij met the challenges of a rigorous multi-phase solicitation process, which included a written proposal, an oral presentation, and a coding challenge to demonstrate end-to-end automation testing. Nolij’s capabilities and expertise beat out 10 highly skilled competitors. This thrilling win demonstrates Nolij’s extensive expertise in the design, development, and deployment of automation frameworks and suites, Agile framework and processes, automation scripting, software testing for enterprise deployments, security compliance, and performance testing. We are excited to support CBP in their mission and efforts and will live up to the demands of this agency. “CBP, thank you for this award. It’s a privilege to be awarded this contract and we’ll work hard every day to support your mission.” says Ashley Mehta, President and CEO of Nolij Consulting, a woman-led consulting business.

Categories
Leadership Thoughts

Why Nolij Thinks AI Will Lead to A More Collaborative Workforce

Why Nolij Thinks AI Will Lead to A More Collaborative Workforce

Artificial Intelligence (AI) is being rapidly incorporated into the workplace and our daily lives, fundamentally disrupting the way we live and work. Machines are transforming the nature of work and the workplace itself by taking over more of the tasks performed by people, complementing the work that we do, and even performing certain tasks that go beyond human abilities. In medicine, machine learning algorithms are used to assess images such as scans and x-rays, looking for early warning signs of disease. New generations of AI-powered autonomous systems are increasingly being employed in a variety of fields, ranging from self-driving cars to customer service bots and automated supermarket check-outs. Concern over this looming shift is widespread. AI is often perceived as something that will eventually replace people, lead to widespread job losses and devalued interpersonal relations at work.

When reflecting on AI in the workplace many people envision a dystopian environment where robots take control of day-to-day activities or decisions, essentially making people obsolete. It is emerging AI systems beyond-human cognitive abilities that many fear will dehumanization the future workforce. So, how will AI technologies really change the role of people in the workplace of the future? AI will automate repetitive, process-oriented, schedule-related tasks, which will allow employees to focus on more people-oriented activities, like employee engagement, and utilize skills such as empathy, social skills, and emotional intelligence, analysis and big-picture decision making. Taking these factors into account, we built an AI product called Renaissance to help procurement and acquisition professionals. Renaissance scans millions of documents at lightning speed to locate relevant data and frees up the workforce to focus on mission-critical work. Our AI product allows employees to concentrate on the soft skills required to move the business forward while automating operational processes.

As people skills become the focus, higher cognitive skills such as analysis, creativity and critical thinking will be even more valuable. These skills will give organizations the competencies to be more innovative, which will in turn lead to rapid growth. Therefore, organizations benefit from an increased in productivity generated by greater automation, meaning more revenue that can be spent on creating jobs throughout all the sectors.

Renaissance demonstrates that the dystopian perception of AI domination over people in the workplace is not wholly accurate. The unique capabilities of human beings are more relevant than ever, even in the face of rapid technological progress. We embrace AI technologies by exploring how it will augment human capabilities to cultivate a broader view of systems. In direct contrast to dystopian perceptions, AI could lead to a workforce based on enhanced human collaboration. 

However, what we do anticipate is that employees will need to contend with significant workforce transitions by acquiring new skills and adapting to the increasingly proficient machines in the workplace. As company leaders, it will be imperative for us to navigate large-scale change in a variety of areas while keeping human capabilities and values front and center. While AI will undoubtedly displace some jobs, such displacement will create new opportunities as adoption to new technologies have done previously. For example, we have seen a near eradication of jobs like switchboard operator, travel agent, or elevator operator. Meanwhile, new titles like data scientist, app developer, and social media director have emerged. We at Nolij promote forging a partnership between AI and the workforce to create optimal outcomes for our clients, rather than a competition between people and machines.

Categories
Leadership Thoughts

2020 Virtual National Women Veterans Leadership and Diversity Conference Career Fair

2020 Virtual National Women Veterans Leadership and Diversity Conference Career Fair

Ashley Mehta, the amazing President of Nolij Consulting LLC, is joining that lineup for the 2020 Women Veterans Leadership and Diversity Conference Presented by B3 Group, Inc.

Ms. Mehta will join three other dynamic women to discuss how and why “Empowered Women Empower Women Veterans!”

I can’t wait to have this important conversation on Friday, November 13th.