As featured on MassMEP’s Manufacturing Podcast — Episode 109

If you’ve ever wondered how cybersecurity, government contracts, and strawberry ice cream intersect—you’re in luck. Our own John and Pete were recently welcomed back by Hayley and Kevin at MassMEP to talk all things CMMC, cybersecurity, smishing scams, and how to build a better risk posture for 2025 (with a few laughs along the way).

You can listen to the full episode here:🎧 Ep. 109 – New Episode, Same Certification Process

🍦 Cyber Ice Cream Flavors of the Day

The crew kicked off the episode with a fun question— What ice cream flavor sums up your day?

Here's how the team answered:

Pete—Coffee Coffee BuzzBuzzBuzz ☕, acknowledging his well-caffeinated state.

John—Strawberry 🍓 because it was simply all he could think about (and yes, he went to get some right after the call)...

Kevin—Rocky Road, it was looking like a tough day.

Hayley—Tutti Frutti—because you just never know what you're going to get.

📱 Smishing, Phishing, and "USPS" Texts That Steal Your Life

A big topic in the first half of the episode: Smishing, or phishing attacks via text message.

John shared a real story from the holidays, where a friend-of-a-friend fell for a fake USPS text. Her phone number was hijacked, her MFA codes were intercepted, and 15+ accounts were compromised.

The takeaway? Slow down. Be skeptical. And no, the Post Office didn’t magically get your cell number.

🔐 CMMC in 2025: What’s New?

The second half of the episode dove into CMMC (Cybersecurity Maturity Model Certification) and what’s changing:

• CMMC is back to three levels instead of five.

• Level 1 covers Federal Contract Info (self-assessed).

• Level 2 covers Controlled Unclassified Info (CUI) and requires a third-party audit.

• Level 3 is the highest tier—reserved for prime contractors and R&D—audited by the DoD directly.

And while your MSP doesn’t need to be certified under CMMC, John made the case for why they should:

🛠️ Compliance ≠ Plug-and-Play

One of the biggest myths in cybersecurity? That you can just buy a tool and be compliant.

Pete added a solid tip: When in doubt, look for FedRAMP-certified tools. The FedRAMP Marketplace is a great place to start when evaluating providers or platforms.

As threats grow more complex—especially with the rise of AI—the mindset around cybersecurity must shift too. For businesses, this means budgeting for cybersecurity like any other strategic priority—measuring ROI not just in tools, but in resilience and readiness.

💸 How Synagex + MassMEP Can Help

CMMC compliance isn’t easy, and manufacturers shouldn’t go it alone.

That’s why Synagex and MassMEP partner to deliver value-packed gap assessments—not just to check a box, but to clarify the path forward, cost it out, and help you get started. And in Massachusetts, state funds and assistance programs make this more attainable than ever.

🧠 Final Thoughts: Be Paranoid. Ask Questions.

The group closed with a reminder: You don’t need a ton of sensitive data to be a target. Even basic information—names, birthdays, email access—can be leveraged by attackers.

Ready to understand your risk—and do something about it?

Let’s talk. Synagex and MassMEP are here to help guide you through the chaos and toward calm, compliant, modern IT.

🔗 Listen to the full episode

📩 Reach out to Synagex

Today, on National IT Service Provider Day, we’re raising a toast (and maybe a coffee mug or two) to all the hardworking tech pros who keep businesses secure, supported, and successful. But here at Synagex Modern IT, we’re not just any IT service provider—and that’s by design.

🎥 Check out this special video from John, our President and CEO, along with other members of the team!

In the video, John shares what sparked the idea behind Synagex:

From the very beginning, John set out to flip the script on traditional IT. That means ditching the complications, providing the absolute BEST customer service, and keeping things fun (yes, fun!)—even when we're talking backups and endpoint detection.

💬 You’ll also hear from our team in the video:

Whether it’s through our quirky training videos (“Don’t Be a John!” anyone?) or how we show up for our clients every day, we’re proud to be doing IT differently.

So today, we celebrate all IT service providers—and give a special shout-out to our own wild and wonderful Synagex crew. Thanks for bringing the brains and the energy, every single day.

Happy #NationalITServiceProviderDay from all of us at Synagex Modern IT!

April Fools’ Day is all fun and games—until you become the punchline of a cyberattack. 😬 While pranks are expected today, hackers and scammers pull tricks year-round. Here’s how not to be the fool:

🚫 Clicking Suspicious Links – That “hilarious” video your coworker sent? Could be a phishing attempt. Verify before you click!

🤦 Using “AprilFools123” as a Password – Weak passwords make hackers’ jobs way too easy. Use strong, unique passwords (or better yet, a password manager).

📝 Storing Passwords on Sticky Notes All Over Your Desk – If your login credentials are displayed like a vision board, you might as well hand them to the hackers yourself. Digital password managers exist for a reason—use one!

🛑 Ignoring MFA (Multi-Factor Authentication) – If you’re not using MFA, you’re basically leaving your digital front door wide open.

📢 Oversharing Online – That quiz telling you which type of potato you are? Probably just collecting your personal info. Stay cautious.

🎭 Falling for Fake Urgency Scams – “Your account has been compromised! Click now to reset your password!” 🚨 Sound familiar? Verify directly with the company before acting.

In short—don’t be a John! 😆 Our very own John has shown us all the ways NOT to handle cybersecurity. Learn from his mistakes so you don’t end up starring in the next security training video!

Stay sharp, stay secure, and enjoy April Fools’ Day safely!