Business Continuity

Risk and Reward – Protecting the Value of Your Business

Business ContinuitySeveral weeks ago, in a town not far from our headquarters, a massive fire destroyed a building housing six small businesses.  Our local business journal followed up a few weeks after the disaster with a poll asking business owners how prepared they are for a major disaster.

  • Fewer than 50% of responding business owners feel that they are fully insured, have an emergency plan, and could be up and running in a few days.
  • 39% feel that it could take a month or so, but they could eventually reopen
  • 17% felt they would be out of business or would required state and local aid to survive

While not a scientific sampling, the results are alarming.  Alarming for a few reasons:

  • Even with insurance, it can take days or weeks to get authorization so you can move forward with your emergency plan.  Securing a new location and replacing fixtures, inventory, etc. takes time, as does recovering computer systems and data.
  • More than 50% of businesses closed for 7 days due to a disaster fail within 6 months of reopening.  While many businesses might re-open in a month, the future will be challenging.

Your Risks are Yours

A major fire in a block of retail and service businesses creates specific challenges, as do storms and floods.  Many more businesses, however, experience disasters equal or greater in scope even if they do not have the same level of physical damage. Some examples we have seen.

  • A distributor of customized office supplies lost all electronic business records for the past three years when they where hit by ransomware. The attack corrupted their on-site backup servers as well as their main file and database servers.
  • A news publisher lost all of their physical servers, firewalls, and networking equipment when a sprinkler head failed in their small equipment room.
  • A small plastics manufacturer lost the ability to use their process control systems when embedded Windows workstations were corrupted by a malware attack.

In each of these examples, businesses with customer commitments, production schedules, and deadlines were idled for days. For some, full recovery can take months.  Beyond the hard cost of recovering systems and data, these businesses suffered from soft cost losses.  Missed customer commitments, delayed invoicing and collections, and the time employees spent on the recovery effort all have lasting impacts on your business.

Business Continuity is a not just a good idea, it is a responsibility. 

As business owners, our employees, vendors, and customers count on us.  While people can empathize with the impact of a fire, there is less understanding for businesses that fall victim to cyber crime.  Malware, phishing, ransomware and other attacks are generally preventable when your team is alert and aware of the risks and when you put reasonable identity, data, and system protections in place. And since no protection is perfect, you need to be able to recover quickly enough for your business to continue operating smoothly.

Here is some food for thought:

  • Know Your RTO:  Understand how quickly your business needs to Return to Operational.  Maybe you can work on paper for a few days. Maybe you need to be up and running in a few hours because you are at a standstill until systems are back online. Your RTO goal will guide your decisions on what protection and recovery/continuity services are the right match for your needs and budget.
  • Assess Your Risk: Understand the different disaster scenarios and how they may impact your business.  Think about physical issues, such as loss of power and catastrophic system failures, as well as other disruptions, such as cyber attacks and potential actions by a disgruntled employee.
  • Watch Your Flank: Asses how different types of threats could impact your business.  We are beyond hiding our computers behind firewalls. We still have physical threats, but we also have threats focused on networks, user identities, access control, third party services, and data sources and services. Each threat vector needs a plan for protection, response, and recovery.
  • Factor in Humanity: We used to talk about balancing security with ease of use.  Today, the humanity equation is different as most IT disasters take advantage of human factors like our fundamental desire be helpful when asked. In many ways, your team is your best defense. They need to understand the risks, the methods of manipulation, and the signs that something is not quite “right”.  Your team needs to understand the value of inconveniences like multi-factor authentication and enhanced privacy and access controls — that these protect them as well as the company.

Your next step.

Contact us.  It is time for a serious conversation about protecting the value of your business.  A basic assessment of your business continuity profile will identify risks and gaps. From there, we can discuss improvements and their business value so you can make informed decisions that balance your risks, needs, and budget.  Business Continuity solutions — from disaster prevention through recovery — do not need to bust your budget.   For most business, changes in security settings on existing systems paired with modest, incremental services provide the protection and recover-ability you need.

G Suite: Modern Security for Modern Threats

Google CloudIn multiple blog posts over the past 2+ years, we have covered the changing and growing nature of threats to your organization, systems, and people.  For us the answer is CPR

Communicate and Educate;

Prevent & Protect;

Recover & Review. 

Once you have these basics in place, the challenge becomes keeping up with the times.  As the nature of threats change, the protective capabilities of our key systems should evolve as well.

For those of us running G Suite, we may understand that Google has expanded the security footprint and capabilities, but have we altered our configuration to properly protect ourselves?

The first step in assessing your protections is to understand the risks.

  • 91% of attacks start with a phishing email
  • 66% of malware was installed via malicious emails or attachments
  • 90% of all reported breaches caused by employee negligence, extortion, and external threats

These statistics, while not unfamiliar, point to the change in risk from physical devices to data and human interactions.

As people can be your greatest risk, the best protections compensate for human behavior.

Step two is mapping your security needs to the right version of G Suite. Each version adds additional protections, allowing you to move up to the version that best meets your needs and priorities. Understand what each version offers and map them back to your regulatory and business requirements.

G Suite Basic

  • Encryption in transit and at rest, including policy-based TLS enforcement
  • 2-Step Verification via prompt, SMS, Security Key,or Authenticator app
  • Single Sign-on (SAML 2.0)
  • OAuth 2.0 and OpenID Connect
  • Restrict emails to authorized recipients
  • Drive audit logs

G Suite Business

  • Vault for compliant archiving and e-discovery for Gmail, Drive, and Hangouts Chat
  • Team Drives for centralized access controls and permissions management
  • Domain white-listing for Drive with alerts
  • Basic Information Rights Management (IRM) to manage scope of sharing by Organizational Units

G Suite Enterprise

  • G Suite Security Center with a unified security dashboard
  • Advanced Data Loss Prevention for Gmail and Drive files
  • Email content compliance and objectional content filters, with OCR
  • Security key enforcement
  • User S/MIME Certificates for Gmail encryption
  • App white-listing to control 3rd party data access
  • Sandboxing (pre-delivery deep scanning) or email attachments

Moving the right version of G Suite has never been easier.

While no one product or service will meet all of your security, privacy, and data management needs, moving to the right version of G Suite improves your security footprint and can mitigate the need for 3rd party solutions. To help you move, we are partnering with Google to offer pricing incentives.

Your next step is to contact us to schedule a complimentary Cloud Advisory Session to assess your needs, priorities, and options.


 

 

 

Google+ Changes: What you need to know

In December 2018, Google announced that the consumer version of Google+ is shutting down in April 2019.  As the usage lines between the consumer and business versions of Google+ have often been blurry, we want to clear up some of the confusion following the notices you may be getting from Google.

What is happening?
  • The consumer version of Google+ is going away.
    • If employees have setup Google+ accounts or communities not using their G Suite account, this content will be deleted.
    • If you have a Google+ circles or communities with “consumer” members, these users will be removed along with their content
  • You will no longer be able to create public communities outside of your G Suite domain.
  • The business version of Google+ is changing. You will no longer have pages, events, or the “tagline” profile field within the Google+ service.
  • If you cancel your G Suite service, all content in Google+ will be removed
What should you do?

The first step is to ask your users if they are using Google+ and, if so, how they are using the service.  If Google+ is not in use, no action is required.  If Google+ is in use, your next steps are determined by how you are using the service.

Google is updating the download tools for Google+ in March to include author, body, and photos for every post.  Once this is available, plan to download and save content you want to keep …

  • Posts from Google+ communities outside your G Suite Domain owned or managed by your users
  • Google+ Pages and Events of any type
  • Your Google+ tagline (download your profile)

In addition, you will want to:

  • Upgrade the Google+ Android app between Feb 22nd and March 7th.  After March 7, 2019, the current versions of the app will be unsupported.
  • Remove any Google+ gadgets from any classic Google Sites you may have
  • Have users opt out of the Google Play Services Public Beta Program to avoid issues with other Google apps, such as Email and Hangouts

As always, feel free to contact us with any questions.

 

G Suite

G Suite Price Hike: Your Next Steps

G SuiteAnytime a vendor critical to your business changes their product and pricing, it is tempting to reassess. We may see the world differently than other IT providers, but we, the team at Cumulus Global, strongly agree.  Now is a good time to examine your cloud services, as part of your full IT ecosystem, and determine if it is the right time to make a change for the better.

Step 1: Look Inward: Utilization

The first step is to look at your current service, and evaluate how well you are using its capabilities to operate and improve your business. By looking at your utilization today and what features and capabilities you expect to use in the future, you can decide if your current subscription is best or if you should consider an upgrade.

If you are running G Suite Basic or G Suite Business:

  • Are you using it solely for email, calendars, or contacts or are your using the collaboration features?  
  • Does Drive, or can Drive and Team Drives, serve as your primary file service?  
  • Are you paying for separate services, such as teleconferencing and web/video conferencing, that are included within G Suite at no additional cost?

Understanding the capabilities of each G Suite subscription and asking the right questions, you assess how you will use G Suite going forward.  Contact us, we are here to help.

Step 2: Look Outward

Currently, about 30% of our client migrations to G Suite and Office 365 are from another cloud service, not from on-premise or hosted email servers.  While this number may be surprising to some, for us it makes sense. Companies that moved to G Suite or Office 365 several years ago are looking at how the cloud has advanced how their businesses have changed, and how their overall IT needs and services have evolved.  

Is now the time to switch?

The decision to switch from G Suite to Office 365, or vice versa, makes solid business sense for for some of our current and prospective clients. For some, they remain reliant on the desktop MS Office suite and want better integration. For others, they have business apps running on MS SQL Server and want the integrated business intelligence and analytic capabilities of Office 365. For still others, a unified security infrastructure covering desktops, laptops, and mobile devices is the driving need.

If you think switching is a worthwhile consideration, we are offering our Productivity Cloud Assessment and Recommendations at no cost through March 31, 2019.  Complete our Cloud Productivity Questionnaire and we will schedule a Cloud Advisor Session and present you with our assessment and recommendations. The service, normally $895, will help you jump start the process for considering a change in platform.

Additionally, check out this blog post for ways to mitigate the price increase.

Step 3: Talk to Us

Whether you expect to stay the course or change directions, we are here to help. Because we partner Google, Microsoft, and dozens of other cloud providers, you get our objective assessment and recommendations. Because we understand small and midsize businesses, you will get pragmatic advice and solutions focused on your needs and desired outcomes.

Please take advantage of our experience and expertise.

G Suite

Managing the Impact of the G Suite Price Increase

G SuiteTo help manage the impact of the pricing increase, we are able to offer renewal and upgrade discounts based on your current licensing. Converting from Monthly/Flex to Annual locks in the current pricing for a year. Upgrading your G Suite Version provides you a discount off the current upgrade pricing for 12 to 24 months.

Convert Monthly/Flex to Annual

  • For clients using G Suite Basic or G Suite Business on the Monthly/Flex plan, we can mitigate the increase by switching you to the annual prepaid plan before the end of March.  
  • Doing so secures the current $50 per user or $120 per user annual cost until your renewal in 2020.

G Suite Basic to Business Upgrade

  • For clients using G Suite Basic, you can take advantage of upgrade discounts to G Suite Business.
  • The discounts up to 33% off current prices based on the commitments of 12, 15, or 18 months.
  • At the end of this promotional term, your subscription resets to the new pricing.

G Suite Business to Enterprise Upgrade

  • For clients using G Suite Business, you can upgrade to G Suite Business with discounts up to 38% off current pricing, based on the term commitment of up to 24 months.  
  • At the end of this promotional term, your subscription resets to the new pricing.

While we expect additional upgrade incentives after the price increase takes effect, the above offers expire at the end of March.

To assess your G Suite service and determine if any of these options are right for you, please contact us for a Cloud Advisor Session.

G Suite

G Suite Price Increase

G SuiteAs you are likely aware, Google announced a 20% price increase for G Suite Basic and G Suite Business Editions, along with a discontinuation of the discounted pricing for G Suite Basic when prepaid annually.

The Basics

Effective April 2, 2019, the pricing for G Suite Business and G Suite Basic will increase as noted in the table, below.


License

Current
As of
Apr 1, 2019
Effective
Increase
G Suite Basic, Flex/Monthly $5 / user $6 /user 20%
G Suite Basic, Annual $50 / user $72 / user 44%
G Suite Business, Flex/Monthly $10 / user $12 / user 20%
G Suite Business, Annual $120 / user $144 / user 20%

 

For organizations on the monthly/flex plan, the price increase takes effect as of April 2, 2019.

For companies on an annual plan, the price increase takes effect with your next annual renewal on or after April 2, 2019

If you took advantage of an upgrade promotion, your current pricing will remain through the end of the current 12, 15, or 18 month promotional period.

If you have a “Switch and Save” discount from Cumulus Global, your discount is a percentage off Google’s published pricing. Cumulus Global continue those percentage discounts off Google’s new pricing.

Why is Google Raising Prices?

As posted by Google:

More than a decade ago, we introduced Gmail—our first cloud-native productivity app—to help make email safer and easier for everyone. Since then, we pioneered more ways for teams to collaborate in real-time with products like Google Calendar, Docs, Drive and Hangouts. Together, these apps make up G Suite, our set of intelligent, secure productivity and collaboration tools.

We’ve brought businesses more than a dozen new G Suite services to help them reimagine how they work, including powerful video conferencing (Hangouts Meet), secure team messaging (Hangouts Chat) and enterprise-grade search capabilities(Cloud Search). We’ve also infused our products with advanced artificial intelligence to make it easier to respond to emailsgather insights from data and protect against phishing attacks before they happen.

Today, more than four million organizations use G Suite to collaborate efficiently and securely, and analysts have taken notice. IDC’s Wayne Kurtzman notes, “Google has established G Suite as a secure, enterprise-ready, AI–powered productivity and collaboration platform. With its broad set of capabilities, G Suite offers a strong value proposition to customers.”

Over the last ten years, G Suite has grown to provide more tools, functionality and value to help businesses transform the way they work.

In our opinion, G Suite still represents a good value for most businesses, particularly those moving to cloud-based applications and systems. We discuss ways to mitigate the impact of the price increase in this blog post.

Please contact us with any questions or concerns.

Uncertainty

For 2019: Focus on Outcomes

UncertaintyAs we close out 2018, we reflect on a year that has been a bit of a wild ride.  For our customers, we clearly are leaving a period of sustained growth into more uncertain economic times. At the macro level, the economy shows competing signs of growth and contraction. Our political climate is less certain and predictable.

We Live in Uncertain Times

Economies and business climates vary by region. Taking a look at a non-scientific survey of businesses in central New England (Worcester Business Journal, Central Massachusetts Economic Forecast 2019, December 24, 2019), we get a pulse of where are are and where we may be going. We also see a new way forward for small and midsize organizations looking to weather whatever stormy or calm seas may be in our future.

  • Only 35% see the economy improving in 2019, while 65% see the economy stagnating or declining in the coming year.  This is a significant change from a year ago when 65% expected the economy to improve.
  • While the number of business leaders who believe the economy has improved over the past year is at 77%, the number of those uncertain of our current economic health more than doubled from 7% for 2018 to 15% for 2019.
  • On the positive side, the number of business leaders expecting to hire additional staff in 2019 jumped to 49% from 40% a year ago.
  • At the same time, 72% of those surveyed are “very concerned” about finding qualified talent to hire, a major increase from only 50% of hiring employers a year ago.

In short, we see the economy as having improved over the past year, but are uncertain what course it will chart in 2019.  Many of us plan on growing but are concerned about being able to find, hire, and retain the right people.

Charting a Course

Economic uncertainty can, and sometimes should, cause us to pause and re-evaluate our plans. We often see businesses reacting quickly and pulling the plug or delaying technology projects and changes. Often, these decisions make it more difficult for you to manage changes you want or need to make in order to adapt to a changing business climate. Here are some thoughts on evaluating technology decisions during changing or uncertain times.

  • Understand What is Possible
    2018 is the year in which Machine Learning, AI, and Bots came into the mainstream. These technologies can, when deployed properly, can improve operations, expand the productivity of your workforce, and mitigate operating costs.
  • Remember the Cloud
    Most small businesses have not yet fully adopted a cloud computing strategy. Cloud computing is a means to scale IT resources and costs to the size of your business without sacrificing features, capabilities, or security.
  • Focus on Outcomes
    Don’t worry about the technology, focus on the outcome. What do you want to achieve? What do you need to happen? How do you want things to be different after making a change? Understand and clearly define the endpoint, as this will drive how you define and manage the projects and changes that will get you from Point A to Point B. Let the outcome guide priorities and, subsequently, the technologies and changes needed to make a difference.
  • Balance the Quantitative and Qualitative
    Not all outcomes will have a specific dollar value.  When deciding on outcomes, consider the near-term and long-term value to your business. Employee engagement and satisfaction improves retention. Automating repetitive tasks improves productivity. Training and support improves morale and fosters innovation.
  • Consider All Opportunities
    “Cut to Survive” rarely works.  Look beyond quick hits and savings. Look for opportunities that: (1) reduce operating expenses; (2) improve team and individual productivity; (3) simplify your IT services; (4) differentiate your business in your markets; (5) help employees do their jobs better; (6) improve customer service and engagement; (7) empower team collaboration and innovation; and/or (8) help you better understand your business and the metrics that measure success.

Change, particularly in uncertain times, often come with increased risks. Deciding to invest or make changes is more difficult. Not doing anything, however, is a decision.  It is a decision to NOT actively manage how your business moves forward; it is a decision to let external forces determine your future. How you move forward may require more thought and analysis, but continue to move forward.


We are here to help!  Wondering how you can get more value from your current IT services, cloud solutions, or emerging technologies?  Contact us to schedule a complementary Cloud Advisor session. 


Drive-by Downloads

This post is part of our Cyber Threat Series.

The Challenge:

Drive-by downloads are exploit kits that download invisibly from infected websites. These websites may be malicious sites built for malware distribution or trusted sites infected by hackers. Many of these attacks take advantage of weaknesses in popular software and tools, including video players, Java, and Adobe Reader.

Downloads may install and run other malware or may themselves be malicious. Many drive-by downloads install cryptoware, or ransomware, that encrypts files and holds them for ransom.

What to Do:

User education and web protection are the best protection from drive-by downloads. Cyber-aware users understand the risks and can avoid malicious links and sites. Web protection can prevent unexpected downloads and malicious behavior from reaching your systems and users.

DNS protection and secure DNS services provide additional protection by preventing impersonation, hijacking, and domain level attacks.

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Phishing and Spear Phishing

This post is part of our Cyber Threat Series.

The Challenge:

Cyber criminals prefer Phishing attacks. Phishing and Spear Phishing remain the primary vector for Malware attacks. Hackers evenly distribute attacks between two variants: Malicious Email Attachment (39.9%)  and Malicious Link (37.4%).

Leveraging human nature, phishing attacks look and feel like legitimate emails. Recipient often miss the cues that the email is fraudulent. We respond by clicking links to malicious websites, opening pictures or videos with hidden downloads, or opening infected attachments.

Advanced phishing attacks correlate public information from social media and pirated information from compromised systems to further personalize the attacks. These advanced attacks do a better job of hiding the malicious intent. As such, even savvy users fall prey.

What to Do:

The best protection is multi-level and multi-vector:

  • Teach your users about the risks and how they can help prevent attacks. User awareness leads to smart decisions on when to trust and when it’s safe to click.
  • Protect your devices with “Next Gen” endpoint protection. This includes your desktops, laptops, and mobile devices. Phishing attacks are usually platform independent and, therefore, trigger from most any email client or application.
  • Protect your email with an independent advanced threat protection (ATP) service. ATP covers inbound and outbound traffic.  ATP uses pre-analysis and testing of links and attachments for mismatched domains, copycat content, and malicious behavior. This “sandboxing” lets the ATP service block attacks from reaching your inbox.
  • Add a DNS and Web Protection solution to your environment.  Web protection blocks infected or fraudulent web sites, including blocking malware on infected sites we trust. DNS protection prevents hackers from corrupting and using your domain identities.
  • Deploy backup/recovery and continuity services that protect your on-premise and cloud data. Should an attack make it through your protections, you should be able to keep your business running while you clean up the damage.

Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.


 

Brute Force Attack

This post is part of our Cyber Threat Series.

The Challenge:

Hackers use Brute Force Attacks to target a single service exposed to the Internet, including Remote Desktop, Outlook Web Access, and email services. Brute Force Attacks gain access by trying every viable access method or password.

Hackers use these attacks to access your data or to install other malware within your systems. Patient hackers space out attempts; they are difficult to notice or detect. When hackers rush, the impact can be similar to a DDOS attack.

Hackers can launch Brute Force Attacks externally or from malware-infected systems on your network. Internal attacks often target specific systems and vulnerabilities, such as SQL Server and SQL Injection vulnerabilities.

What to Do:

Require robust passwords; they are your first protection from Brute Force Attacks. Put controls in place to enforce best-practice password structure and expiring passwords can thwart an attack.

Deploy Multi-Factor Authentication. MFA creates and additional level of protection since a compromised password is not sufficient for access.

To protect against internal attacks, ensure systems run current operating system versions. Keep all systems current with patches and updates.

Deploy “Next Gen” protections to keep Brute Force Attack malware from making it onto your servers and clients:

  • Advanced threat protection (ATP) for email
  • Endpoint and mobile device protection
  • DNS security and protection
  • Web protection and filtering

 


Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.