Action1 2022 SMB IT Security Needs Study Highlights & Contradictions

Security firm Action 1 recently published the results of its 2022 SMB IT Security study after surveying 750 small and midsize businesses.Data Protection & Security

Key Findings and Contradictions of the Action1 SMB Report

It is no secret that perceptions about our security risks differ from reality.  Not surprisingly, some of the 2022 SMB IT security needs survey results contradict one another.

52% vs 65% vs 37%

52% of respondents acknowledge that they lack sufficient skills and technology to effectively protect against cyber attacks. But 65% believe the cost of protection is too high and 37% complain that security controls hurt productivity. Businesses clearly struggle to balance the security they need with the cost and the user experience. Often SMBs are presented with security solutions designed – and priced – for larger organizations. As employees use added security steps for everyday transactions (online banking, etc.), the overhead of security protocols is less intrusive.

63% vs 81% vs 40%

While 63% believe that their SMB faces a lower cyber risk compared to larger companies, 81% of respondents had at least one security incident within the past 12 months. 40% of SMBs had 2 or more incidents. Too many SMBs continue to have a false sense of security. Cyber criminals understand that is easier to hack 10, or even 100, small businesses than it is to successfully attack 1 large enterprise. And with current tools, cyber attacks are inexpensive to launch and manage.

Where the Security Risks Exist

40% vs 39% vs 34%

The most common forms of successful cyber attacks are password attacks (40%), ransomware or other malware (39%), and phishing (34%). Note that these forms of attack are not mutually exclusive.  One form of attack, malware for example, can be used to gather the information needed for a successful password breach.

63% vs 43%

Looking at root causes, 63% of SMB IT Security study respondents noted that attacks began with phishing.  Unpatched systems were the starting point for 43% of attacks. These numbers make sense as these attack vectors provide access to information that supports further attacks.

Who is Helping

96% vs 23%

The vast majority of SMBs rely on outside experts for help with their security needs.  93% of respondents use an IT firm for at least some of their IT security needs.  That said, 23% of small businesses are looking to replace their IT service providers in the coming year. While security is not the only trigger for changing providers, it is one consideration.

48% vs 33% vs 29%

SMBs responded that poor system performance (48%), system outages (33%), and long problem resolution times (29%) are the three primary reasons for switching service providers. Each of these issues relate to business interruptions.

2022 SMB Security Study Conclusions

Examining the SMB IT Needs Security Study results, we see three clear conclusions.

  1. Failing to recognize the risks leads business owners to under value security technology and services.  The cost to respond and recover to a single incident dwarfs the cost of reasonable protections.  For SMBs, the average successful cyber attack can disrupt business operations for 18 to 21 days at a total cost to recover exceeding $200,000.
  2. With 50% of employees working remotely, at least part time, individuals and systems are more exposed to attack. Physical security is no longer sufficient. SMBs need a security services designed to protect against the most common and the most costly types of cyber attacks.
  3. As an IT service provider, we must ensure that our services, first and foremost, do no harm.  While security protocols can introduce some inconveniences, our services cannot interfere with performance, availability, or reliability.

Next Steps to Improve Your IT Security

Step back and take a look at your security services and footprint.  Our Rapid Security Assessment is a quick and simple starting point to identify security gaps. You can also schedule a call with one of our Cloud Advisors to review your security and IT services.

 

Service Update: Vault Former Employee End of Life – Aug. 15, 2022

Cumulus Global 15 Years of ServiceService Update: Vault Former Employee End of Life: VFE Licenses will no longer be available as of January 15, 2023.

As previously announced by Google, free Vault Former Employee (VFE) licenses will no longer be available as of January 15, 2023. To maintain data for past employees, these licenses will transition to Archive User Licenses with compatible Google Workspace subscriptions.  This transition impacts fees beginning in January 2023.

Background

With the launch of Google Workspace, VFE license were replaced by Archive User Licenses.  Existing VFE customers with free licenses were grandfathered.  Google’s original plan to phase our VFE licenses by the end of January 2021 were delayed.  Google recently announced a definitive timeline.  Cumulus Global has also sent informational emails to all of our clients with VFE licenses.

To prevent a loss of data, you should plan your transition to Google Workspace Archive User Licensing (AUL).  Note that AUL is a paid service running with monthly per user fees of $4 to $7.

Impact

If you take no action, you will either:

  1. Lose access to the VFE accounts and data; or
  2. Transition from a free service to the paid AUL service.

Archive User Licenses are not available with G Suite. Therefore, you must transition to Google Workspace to use AULs. 

The cost of AULs varies based on your Google Workspace subscription:

  • Google Workspace Business
    • Plus: $4/user/month
  • Google Workspace Enterprise
    • Standard: $5/user/month
    • Plus: $7/user/month

Note that AULs are NOT available with other Google Workspace licenses.

Action Plan

We will help you with the following steps:

  1. Decide if you need (or want) to continue keeping accounts for past employees.  If so, for how long will you keep the data and how many accounts do you need to license?
    1. Remove accounts no longer needed
    2. Export accounts to preserve data, as appropriate
  2. Assess your current G Suite or Google Workspace subscription for licensing and compatibility
    1. Plan your transition to Google Workspace if you are currently on G Suite Basic, Business, or Enterprise
    2. If you are on Google Workspace, determine if you need to upgrade licenses for AUL compatibility
    3. Confirm that your VFE licenses are now a free trial of Archive User Licenses and the trial end date
    4. Understand the impact on your monthly or annual costs
    5. Determine if you are eligible for transition incentive discounts
  3. Transition, as needed, to Google Workspace before your AUL Trial End Date.

Financial Impact

  • In addition to the per user fees for the Archive User Licenses themselves, you may need to upgrade your Google Workspace subscription to ensure access to AUL services.
  • For existing customers, Cumulus Global will begin invoicing for Archive User Licenses in January.  For those on an annual agreement, the fees will be prorated accordingly.

Please contact us by email, via our website, or by scheduling time directly with one of our Cloud advisors, with any questions or concerns regarding this Service Update covering Vault Former Employee end of life.

Cumulus Global Recognized on CRNs 2022 Fast Growth 150 List

2022 CRN Fast Growth 150

Cumulus Global proudly announced today that the company is being recognized for its sustained growth on the 2022 Fast Growth 150 List, published by CRN®, a brand of The Channel Company®. Ranked at #84, Cumulus Global is among the fastest growing IT solution providers and integrators in North America over the past two years. 

“We are honored for the recognition of our sales and growth, along with the confidence and trust of our clients,” stated Cumulus Global CEO Allen Falcon. “Our team collaborates, working with businesses to leverage cloud forward solutions and existing IT services to further their business goals. Our growth reflects positively on how clients see the value of our services.”

To maintain consistent growth within the highly competitive and rapidly evolving IT industry, solution providers must constantly evolve.  Staying ahead of changes within markets and client priorities requires forward-thinking business strategies, strong technical skills, and consistent service quality. CRN’s Fast Growth 150 list acknowledges companies, like Cumulus Global, that demonstrate an ongoing dedication toward success and innovation. 

“Despite the near-constant disruptions and unforeseen challenges today’s IT companies face, they must still be ready to adapt and change at a moment’s notice. With the CRN 2022 Fast Growth 150 list, we honor those IT solution providers that have managed to thrive in an industry where stability is often a luxury,” said Blaine Raddon, CEO of The Channel Company. “The companies that earned spots on this year’s list represent the very best in business acumen and strategy, inspiring fellow industry members and proving that with perseverance, meaningful growth is attainable in even the most chaotic business climates. On behalf of CRN and The Channel Company, I wish a heartfelt congratulations and continued success to all companies featured on the 2022 Fast Growth 150 list.”

As a Managed Cloud Services Provider, Cumulus Global blends the best aspects of traditional MSP services with a “cloud first” perspective. Leveraging the economies of cloud computing, Cumulus Global offers these robust, secure services at costs below traditional IT services for small and midsize businesses.

A sampling of the 2022 Fast Growth 150 list will be featured in the August issue of CRN Magazine. You can view the complete list online at www.crn.com/fastgrowth150.

About Cumulus Global

Cumulus Global is an industry-leading managed cloud service provider with a mission to deliver solutions with tangible value.

  • What We Do: We translate your business goals and objectives into solutions and services.
  • How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from co-managed services, on-going support, and client success services. We help you adapt as your business changes and grows.
  • What We Offer: Managed cloud solutions featuring Google, Microsoft, and more than three dozen providers.

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers, and end-users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelcompany.com  

Follow The Channel Company: Twitter, LinkedIn, and Facebook.

The Channel Company Contact:

  • Jennifer Hogan
  • The Channel Company
  • jhogan@thechannelcompany.com

Debunking 5 Cyber Security Myths for SMBs

Data Protection & SecurityAs owners and leaders of small and midsize businesses (SMBs), we have limited resources for IT and cybersecurity.  We should not be surprised, therefore, that SMBs face the biggest threat from ransomware and other cyber attacks.  Beyond the cost and risk of ransomware and encryption attacks, SMBs face business email compromise (BEC) attacks and threats to disclose regulated information.  Recovery costs, fines, and legal actions resulting from a successful attack can destroy your business. And yet, many SMBs remain unaware of the risk and/or lacking reasonable data protections and security.  This post intends to debunk five (5) cyber security myths for SMBs.

1My company is too
small to be a target

While note every attack is successful, one global report states that 86% of SMBs have been hit by ransomware attacks, with 20% attacked more than six times. With fewer resources and less focus on cyber security, SMBs represent an attractive target for attackers.  The increase in remote work and use of remote desktop protocols creates additional opportunities for attackers. Securing and managing these services requires time and attention.

The impact of a successful ransomware attack continues to increase.  According to Verizon’s 2020 Data Breach Investigations Report, the average cost of a successful ransomware attack grew from an average of $34,000 to just under $200,000.

2I cannot afford to protect
against cyber attacks

Cyber attacks are inevitable. Protecting your business does not require expensive solutions.  Your cost for endpoint protection for your devices, advanced threat protection for email, and security awareness training is pennies per day per person.  You can deploy multi-factor authentication (MFA), local disk encryption, and the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) protocols for free. You can deploy cloud-based business continuity and disaster recovery (BCDR) for less than traditional backup/recovery solutions.

3I have backups,
so I am safe

Not all backup solutions are equal.  Many backup/recovery solutions for SMBs run on the same servers and networks as your business systems. Ransomware and other cyber attacks will seek out and encrypt/damage backup servers to render your backups useless.  Your backup/recovery solutions should be segregated from your production network and systems to shield them from attack.  Business Continuity/DR solutions offer the additional ability to bring systems back on line in an alternate cloud data center while you recover your primary systems.

4Technology alone
will save me

As with most security protocols, people are your first line of defense.  As many as 93% of cyber attacks begin with a phishing attack. People click on links, unwittingly downloading malware or sharing usernames and passwords.

Security awareness training should be a standard practice within your business.  The training is a proven way to reduce risk, decrease infections and help desk requests, reduce the chances of a security breach and strengthen the overall security posture.

5Cyber resiliency is
too hard to achieve

Cyber Resilience is the ability to withstand security attacks and land on your feet, no matter what happens. Cyber resilience protects your business, customers, and employees from ransomware, business email compromise, and other potential issues and attacks.

While some gaps in security will always remain, you can affordably improve your cyber resiliency.

To overcome these 5 small business cyber security myths, review your security footprint, and improve your resilience, please contact us by email, via our website, or by scheduling time directly with one of our Cloud advisors, with any questions or concerns regarding this service update.

Service Update: Client Information Update – July 6, 2022

Cumulus Global 15 Years of ServiceService UpdateAs part of our commitment to provide industry-leading services, we are launching a project to verify and update our client information.

Beginning this month, we will be contacting all of our clients to confirm and update their company information.  Our goal is to ensure that we have current and correct information about your business and the people.

Why are we undertaking this effort?

  • We want to ensure that authorized persons are requesting service changes or actions:
    • We are not always notified when somebody leaves your business or when roles and responsibilities change
    • To help ensure your security, we will limit security change requests to specific individuals
    • We want to ensure that only authorized persons can commit your business to new services that will increase your costs
  • We want to avoid any unnecessary delays in shipping, billing, or processing payments

Company and Contact Info

At the company level, we will be confirming and/or updating:

  • Your primary, billing, and shipping addresses, if different
  • The person(s) responsible and contact information for billing and payments
  • Business level contacts responsible for accepting proposals and approving contracts and contract changes
  • Technical and administrative contacts and their service authorization levels

Authorization Levels

We will be asking you to identity contacts and the authorization levels.  These levels determine their ability to request services and make changes to your account and services.

  • Admin
    • Open service tickets for problems on behalf of users or the IT team
    • Request administrative actions that do not change security settings or permissions
    • Request changes or removal of users and groups
    • Schedule service requests for end users (with Premium Service)
  • Super Admin
    • Admin, plus
    • Request new user accounts
    • Request changes in security settings within client policies
    • Identify and authorized Admins
    • Co-manage service changes and/or deployment/migration projects
  • Business Admin
    • Admin and Super Admin, plus
    • Identify and authorized Super Admins
    • Sign quote, proposals, or contracts that add, modify, remove services

The Process

Over the next several weeks, expect or receive an email message from a member of “Data Heroes” team.  The message will include a linked or attached spreadsheet with the current information we have for the account.  Following the directions provided, you can update, remove, and add information. Follow the simple steps to return the spreadsheet to the team.  Our team will update your company and contact information as needed in our financial and operational systems, and will follow up if they have any specific questions.

Please contact us by email, via our website, or by scheduling time directly with one of our Cloud advisors, with any questions or concerns regarding this service update.

Service Update: Google Workspace Transition Update – June 30, 2022

Google WorkspaceService Update: As part of the transition from G Suite to Google Workspace, Google began rolling out service changes to both the Google Workspace and G Suite platforms.

Please contact us by email, via our website, or by scheduling time directly with one of our Cloud advisors, with any questions or concerns.

Additional Storage

You can no longer add additional storage to G Suite Basic or to Google Workspace Business Starter licenses. This change impacts both managed and personal storage. Existing added storage will remain in place and functional.  You cannot, however, adjust the amount of existing additional storage to a user account. Nor can you add any additional storage to accounts approaching the 30GB limit.

If you need additional storage for users, the preferred action is to transition to Google Workspace Business Standard, which includes 2TB per user of storage that is pooled and available to all users accounts.

By default, Google will move your entire domain (all users) to Google Workspace Business Standard. Your standard license fees will double from $6 per user per month ($72/year) to $12 per user per month ($144/year). We can assist in arranging discounts to help mitigate your cost increase if you transition before your renewal period (annual commitments) or Google’s automated transition (month-to-month customers).

Depending on your number of user licenses, you may be able to split licensing between Google Workspace Business Starter and Standard subscriptions, limiting the more expensive licensing to only those users with a need for more than 30GB of storage.

Automatic Transitions

We have been discussing the transition from G Suite to Google Workspace and providing updates since November of 2020.  Google is now working to finish the transition process.

Google is automatically transitioning month-to-month customers to Google Workspace.  Your account administrators will receive notice 60 days in advance of the transition.  Google will transition all of your users based on storage, features, and security settings in use.  By default, all users will transition to the highest license level needed by any user within your domain.  These changes will increase your license costs; for many these increases will be significant.

You may be able mitigate costs by  splitting licenses within the Business and Enterprise tiers. Eligibility is based on your number of users and utilization.

We can also work to obtain discounts related to your transition.

For us to help, we need to begin your transition before Google initiates your automatic transition process.

Please contact us by email, via our website, or by scheduling time directly with one of our Cloud advisors, with any questions or concerns regarding this service update.

Cyber Security Will Change Companies

Security, Privacy, & ComplianceAt a recent security and risk management summit, Gartner shared their views of how cyber security will change companies.  While Gartner’s predictions focus on larger enterprise, several of their observations will likely hold true for small and midsize businesses (SMBs).

Here are some observations and our view of how they will impact small and midsize businesses.

Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP.

Privacy regulations will continue to expand as more nations pass legislation establishing privacy requirements.  Within the US, we expect more states to follow California, New York, and Massachusetts with varying levels of regulations. Along with the regulations come the potential for fines and increase civil litigation. In many of the statues, the protection is afforded the customer based on the customer’s location, not the location of the business.

For SMBs, establishing an maintaining a sound security footprint is essential.  Beyond the technology tools, businesses need to educate employees and have the policies and procedures in place. These policies and procedures should define expectations for employees and for how the business will respond to an incident.

By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE (Security service edge) platform.

Protecting access to systems is more challenging as the proliferation of usernames and passwords continue.  As the human element can be the greatest security challenge, Identity and Access Management (IAM) solutions will become the norm.

For SMBs, Single Sign-On (SSO), centralized identity/password vaults, and other tools are available and are, generally affordable.  Many SMBs current hesitate given the incremental cost per user per month. As the cost and risk of missing becomes greater, we expect SMBs will see value of Identity and Access Management solutions. These solutions will become the norm, not an add-on.

By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.

With increased concern and scrutiny from customers, consumers, and regulators, businesses are under increasing pressure to monitor and protect against third-party cyber security risks.  This trend will impact SMBs in two ways.

  1. Given the prevalent use of business email addresses as identities for third party applications and services, SMBs will monitor for reported breaches. Third party breaches give cyber criminals an attack vector.
  2. Larger enterprises will see businesses in their supply chains as potential security risks. They will increasing include cyber security requirement in vendor authorization process and in contracts.

SMBs need to be ready to meet the security and risk management demands — people, process, and technology — of their customers.

By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.

As businesses adapted to the COVID-19 pandemic, the inability of most businesses to respond to large scale disruptions exposed flaws in traditional business continuity planning. The pandemic put a spotlight on the need for business resiliency and continuity plans for businesses that had not yet considered continuity to be a priority.  The level of planning to address the threats from cybercrime will need to be the same as the planning for other disasters and business disruptions.

For SMBs, leveraging cloud solutions will remain the most cost-effective business continuity option.  Moving systems and applications into cloud services increases security, adds redundancy, provides geographic diversity, and provides better remote access than on-premise systems.  SMBs are at greatest risk from local or regional issues. Cloud services … even if only a “lift and shift” of existing servers and applications … will be accepted as a cost-effective way to improve security and resiliency.

We expect small and midsize businesses will need to expand their security footprint. They will need to improve resiliency.  Appropriate solutions are available and are affordable.  Businesses can meet their security, resiliency, continuity, and operational needs effectively and affordably. The inherit advantages of cloud services and solutions make this possible.

To evaluate your requirements and readiness for better security and resilience against cyber attacks and other business disruptions, contact us for a consultation, or book some time with a Cloud Advisor.  The consultation is free and without obligation.


Cumulus Global Recognized on the Channel Futures 2022 MSP 501

The Annual MSP 501 Ranks Cumulus Global as a Best-in-Class Businesses with Innovation-Driven Growth

2022 MSP 501 WinnerJune 16, 2022 – Westborough, MA – Cumulus Global has been recognized as one of the world’s premier managed service providers on the prestigious 2022 Channel Futures MSP 501.  Selected by the editors of Channel Futures, Cumulus Global ranks at #139 on the list.  This ranking recognizes Cumulus Global for its performance across a broad range of criteria, including sales; recurring revenue and revenue mix; growth opportunities; innovation and solutions; profitability; and customer and company demographics.

“The recognition and inclusion on the 2022 MSP 501 is exciting and an honor,” stated Cumulus Global CEO Allen Falcon. “Our success directly results from the expertise and effort of our team, our partnership with clients, and our vendor relations. Together, our cloud forward solutions help clients exceed their business goals and objectives.”

MSPs that qualify for the list pass a rigorous review by the research team and editors of Channel Futures. The team ranks applicants using a unique methodology. Financial performance according to long-term health and viability, commitment to recurring revenue, and operational efficiency are key analysis factors.

“It is not enough to delivery great services,” noted Falcon. “Continually improving our efficiencies and those of our clients creates near- and long-term value.”

The MSP 501 has evolved from a competitive ranking into a vibrant group of innovators focused on high levels of customer satisfaction at small, medium, and large organizations in public and private sectors. As with many firms listed on the MSP 501, Cumulus Global’s services and technology offerings focus on growing customer needs in the areas of cloud, security, collaboration, and support of hybrid work forces.

The complete 2022 MSP 501 list will be available on the Channel Futures website on Monday, June 20th.

Organizations interested in learning more about Cumulus Global’s services can contact us or schedule an appointment with a Cloud Advisor.

Background

“The 2022 Channel Futures MSP 501 winners are the highest-performing and most innovative IT providers in the industry today,” said Allison Francis, senior news editor for Channel Futures. “The 501 has truly evolved with the MSP market, as showcased by this year’s crop of winners. This is the fifth consecutive year of application pool growth, making this year’s list one of the best on record.”

The 2022 MSP 501 list is based on confidential data collected and analyzed by the Channel Futures editorial and research teams. Data collection ran from Feb. 1-April 30, 2022. The MSP 501 list recognizes top managed service providers based on metrics including recurring revenue, profit margin and other factors.

About Cumulus Global

A nationally recognized managed cloud service provider, Cumulus Global helps small and midsize enterprises get more value from your existing IT and new cloud computing services. Translating your business goals and objectives into solutions and services, we co-manage your IT services, support your team, and keep your IT systems in sync with your changing business needs and priorities.

About Channel Futures

 Channel Futures is a media and events platform serving companies in the information and communication technologies (ICT) channel industry with insights, industry analysis, peer engagement, business information and in-person events. We provide information, perspective, and connection for the entire channel ecosystem. This community includes technology and communications consultants, integrators, sellers, MSPs, agents, vendors and providers.

Channel Futures is part of Informa Tech, a market-leading B2B information provider with depth and specialization in ICT sector. Each year, we welcome 14,000+ research subscribers, over 4 million unique monthly visitors to our digital communities, 18,200 students to our training programs, and 225,000 delegates to our events.

Media Contacts

Allen Falcon
CEO, Cumulus Global
afalcon@cumulusglobal.com

 

Allison Francis
Senior News Editor, Channel Futures and MSP 501
allison.francis@informa.com

 

The Business Side of Hybrid

Hybrid Workplace

The business side of hybrid is forefront as we make plans for the future. In a survey recently published by Gartner, CEOs were asked to identify the top enduring changes resulting from the pandemic. 45% of CEOs stated that hybrid and remote work was the most significant long-term impact. This equals all other noted enduring changes, combined. Nearly every business will have some degree of remote and hybrid working arrangements, as we experience a change in employee expectations and broader cultural shifts.

In past posts, we have looked at the technology and related services needed to properly support remote and hybrid workers. The business administration issues related to hybrid and remote work are more complex than the technology solutions.

Business Considerations

Working Environment

As we have noted before, as employers we are responsible for providing staff with a safe and healthy work environment.  If employees are working remotely, or from home, on a regular basis (an expectation for the job), their work environment must be managed.  We are responsible to ensure appropriate lighting, noise, desk space, seating, and ergonomic accommodations.

Payroll, Benefits, and Compliance

With employees working at home, you are more likely to be paying employees who both live and work out of state (or in another tax jurisdiction). In addition to accurately representing their work location for payroll, you will need to provide benefits in each state and comply with each state’s employment laws.  Minimum wage, sick time, and paid leave are a few of the regulations that differ between states.  Healthcare plans and providers will also differ, as do contributions to state unemployment insurance programs.  Additionally, you will need workers’ compensation insurance coverage for each state in which employees work.

Insurance

Beyond workers’ compensation, you may need to update your general liability coverages to address employees working from home.  Your insurer may see additional risk and/or the need to document work locations to ensure your business is properly covered.  Most policies require that you list any company-owned or leased work spaces, including co-working spaces.

Taxes

Employees working in your state while living in another is not uncommon. States have reciprocity agreements that dictate how these employees need to file their personal tax returns.  When you have remote employees working in other states, the rules are not yet as clear.  Some states expect you to withhold taxes based on your employees’ locations, as this is their workplace.

Even more impactful, some states see an employee’s work location as creating nexus, and will require you to file business tax returns in that state.

Recommendations

We strongly recommend that you proactively address the business side of hybrid work.  Speak with your HR, tax, and legal advisors as you navigate your hybrid and remote work plans.

  • Consider using a Professional Employment Organization, or PEO, to manage payroll, benefits, HR policies, unemployment insurance, and workers’ compensation insurance.  In addition to operating across state lines, PEOs provide you with a unified approach to human resource services. They can assist with recruiting, onboarding, offboarding, and regulatory needs such as driver safety, OSHA compliance, and testing for banned substances. PEOs als0 assume liability for compliance errors.
  • Be prepared to provide employees working from home with the workspace and accommodations they need to be healthy, safe, and productive. Beyond IT, we can assist with home office workstations, desks, stands, lighting, and more.
  • Communicate with your insurance provider to ensure your coverages are appropriate and correct.
  • Consult your tax and legal advisors to ensure you understand when, and where, you have nexus with respect to corporate registrations and taxes.

 

Streamlining Security for SMBs

Security, Privacy, & ComplianceStreamlining security is a more balanced message about why and how to protect your business. Over the past year, we have covered the on-going, and increasing, threats to small businesses.  We often highlight the scope and severity of the risk.  Hopefully this information, along with cost-effective solutions, prompts you to act. At times, we may appear to be fear-mongering.

Sound business practices, not fear, should be your motivation to protect against cyber attacks.

The market is awash with security solutions. These range from single-protection products to complex advanced security monitoring and response services.  The number of options, and competing claims, is overwhelming.

Our Recommendation: Focus protections on the most common, and most damaging, types of attacks.

1. Focus on Risks

We know that:

  • More than 80% of cyber attacks start with, or involve email via phishing and other social engineering tactics
  • Ransomware is the most common type of attack
  • Business email compromise (BEC) is the most costly type of attack
  • Attacks via DNS and web content are becoming more of a risk

As such, small and midsize businesses should focus on preventing these types of attacks. Plan to limit your security approach and spending to prevention and recovery from these risks.

2. Use our CPR model as a guide

Communication and Education

Make sure your team knows how to spot an attack and what to do if they suspect an attack.  They should know the risks and steps you are taking to protect your business.

Periodically sharing articles or updates may be sufficient.  Subscribing to a security awareness training service is an affordable way to provide this education. Your cyber insurance policy may require this service.

Protect and Prevent

To protect your business from the greatest risks, put the following solutions in place:

  • Multi-Factor Authentication (MFA)
  • Encrypt data at rest, including on servers, desktops, and laptops
  • Use advanced threat protection (ATP) on all email accounts for inbound messages
  • Ensure your endpoint protection (local anti-virus) is a next-gen solution
  • Use DNS/Web protection to prevent harmful downloads

Specific to business email compromise attacks and ensuring your legitimate emails are not flagged as dangerous, ensure your domain configuration include the following protocols and services:

  • An accurate and complete Sender Policy Framework (SPF) record
  • DomainKey Identified Mail (DKIM) for all sources of email (including marketing tools)
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC)

Respond and Recover

Even with protections in place, cyber attacks can be successful.  Ensure that you can return to operations quickly, even as a full recovery may take time. Your ability to recover and respond should include:

  • Backup/Recover data stored in the cloud (Microsoft 365, Google Workspace, etc.), as well as on local servers, desktops, and laptops
  • Continuity services so you can run images of key servers, desktops, and laptops if they are damaged by an attack

Note that continuity services also protects you from the impact of hardware issues, theft, and other losses.

Start with an Assessment

For a limited time, our Rapid Security Assessment is free of charge. Complete a 3 minute survey and receive a detailed report benchmarking your basic security services with respect to the most common cyber attacks against small and midsize enterprises.  

To learn more, please join us on May 17th at 3:00 PM ET for Streamlining Security, our May 3T@3 Webcast or schedule a no-obligation call with one of our cloud advisors.