Cyber Protection Solutions for SMBs

Data protection iconAs our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. Your Cyber Protection 

Cyber Protection Needs

We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
    • Ensure you team understands the risk, educate them so they can avoid falling prey, create a culture of security and data privacy.
  • Protect & Prevent
    • Leverage advanced and “next gen” technologies to prevent attacks and to protect your networks, systems, data, and people from attacks.
  • Recover & Respond
    • No system is perfect; make sure you can recover your data and systems, return to normal operations, and respond to the technical, legal, and communication challenges.

Successful Cyber Protection relies on your policies and procedures, technologies, and people working in sync. Across more than a dozen focus areas, you need to balance the level or protection you need with the costs and with the risks of not doing enough. You need to balance external requirements, such as government and industry regulations, with internal priorities.

Your Cyber Protection Solution

To design and implement an affordable, integrated, and effective cyber protection solution for your business, start with a Cyber Protection Assessment (CPA).  A CPA will assess your needs, within the context of your business, and preferred solutions across 15 areas of focus:

  • Written Information Security Plan
  • Patches and Updates
  • Email Encryption
  • Data Destruction
  • Background Checks
  • Written Information Response Plan
  • Antivirus and Intrusion Detection
  • Email and Web Security
  • Account and Identity Management
  • Employee Training
  • Firewalls
  • Backup / Continuity / Disaster Recovery
  • File Encryption
  • Network Access Security
  • Responsible Parties

Using the results of the Cyber Protection Assessment, you can plan and implement your levels of protection in each area to create the balance that is best for your business.

Next Steps and Resources

Your best next step is to contact us and discuss your cyber protection status and needs with one of our Cloud Advisors. Consider using our Cyber Protection Assessment to understand your needs, current protections, gaps, and priorities.

Related Resources:

4 More Protections for Your Business

Data protection iconIn our last blog post, we identified 3 must-have protections for any business using Google Workspace or Microsoft 365.

  • Backup/Recovery
  • Advanced Threat Protection
  • Multi-Factor Authentication

In combination, these protections help prevent successful attacks and give you the ability to recover should an attack be successful.

Here are 4 more protections for your business

Putting these protections in place improves your ability to prevent attacks, and your ability to survive.

1 Next-Gen Endpoint Protection

Basic anti-virus protection is not enough. Scanning files for known or similar patterns will not protect you from modern malware or ransomware.

Next-Gen Endpoint Protection solutions use advanced heuristics, behavior analysis, and machine learning to assess threats in real-time.  These solutions identify attacks, prevent them from running, and roll-back damaging activity.

2 DNS and Web Protection

Cyber attacks are not all breaches. Attackers can use DNS to block your use of the Internet or to impersonate you and your business. Both types of attacks hurt your business and your reputation.

Between 15% and 20% of malware is downloaded without your knowledge from websites. This malware is often hidden in third party content on websites your trust.

DNS protection creates a protective barrier that prevents others using your DNS service against you. Web Protection blocks dangerous web sites and prevents malware downloads to your devices.

3 Employee Communication and Education

Ignorance is not bliss. Employees who know are less likely to make a mistake and trigger an attack or breach. You want your team to understand:

  • The danger of cyber attacks and how to avoid them
  • The likely damage form cyber attacks
  • What to look for
  • What not to do

Employee communication and education is key to creating an aware and resilient team. Combined with testing and guidance, a communication and education program reinforces positive behaviors with on-going guidance and support.

4 Business Continuity for On-Premise Systems

Most small and midsize businesses still have some on-premise systems. The connectivity and integration across systems creates an increased risk for damage and loss. Even with backup/recovery in place, restoring systems, databases, applications, and data can take days. You want, and need, to be back in business quickly — in minutes or hours.

Business Continuity/Disaster Recovery (BCDR) solutions enable you to resume operations within minutes using images of your systems running in cloud data centers. With BCDR in place, your business runs smoothly while you recover your on-premise systems.

Failing to protect your data and systems is a failure to protect your business.  Contact us for a free assessment of your data and business protection needs.

3 Must-Have Protections for Microsoft 365 and Google Workspace

Data protection iconMicrosoft 365 and Google Workspace protect your data using a shared responsibility model.  They provide redundancy and backup to ensure your service is performing, available, reliable, and secure.  You are responsible for controlling access, managing permission, and protecting your data from loss.

Here  are 3 Must-Have Protections for your Microsoft or Google Cloud Services

 

1Backup Protection for your Data

Data in the cloud is just like data stored on local servers and workstations. Information in in Microsoft 365 or Google Workspace can be lost due to accidents or malicious acts.

  • User action — overwrites and deletes — can destroy content and files, whether accidental or deliberate.
  • Malware and ransomware corrupt files that sync to OneDrive, SharePoint, and Google Drive, can damage or delete your files.
  • Integrated third party apps can damage or delete information.

You need, and want, the ability to restore files, emails, contacts, and other information. A secure backup/recovery solution protects your data, and your business.

2Advanced Threat Protection

Cyber attacks come in many forms. The most common and most effective attacks still use email. Cyber criminals use behavior science and advanced phishing techniques to access your systems, collect personal information, steal data, and ransom your business.

Advanced Threat Protection (“ATP”) is more than “spam and virus protection.” ATP uses machine learning, advanced analytics and heuristics, and behavior analysis to identify and prevent cyber attacks from reaching your inbox. Methods like sandboxing safely test links and attachments before delivery.

Even an educated and aware team can and will fall prey to attacks. Prevention is key.

3  Multi-Factor Authentication

Your team members are human. While they may understand and respect the need for robust and unique passwords, human nature always tries to balance convenience.  Studies show that 70% of us will use the same, or substantially similar, passwords across systems. A hack or breach in a third-party tool poses a significant risk to your employees’ work identities.

A compromised identity does not enable access when you have additional authentication steps. Authenticator apps, dynamic security codes, and security tags/fobs each add physical verification to your digital access.

With cyber attacks on the rise, better protection is worth the minor inconvenience of multi factor authentication. Multi factor authentication delivers one of the best protections against breaches and unauthorized access.

Failing to protect your data in Google Workspace or Microsoft 365 is a failure to protect your business.  Contact us for a free assessment of your data and business protection needs.

Using MS Office 2010 or 2013 Puts You at Risk

Office 365 IconsOn October 13, 2020, Office 2010 reached “end of support” (EOS) and Office 2013 lost its connection to the cloud. You may be one of the many small businesses using one of these versions.

It is not uncommon for SMBs to avoid upgrading software. The cause is often a perceived “lack of need” for new features and concerns about cost. Continuing to use software past EOS is risky and will likely stifle productivity.

What This Means

Past EOS, Office 2010 no longer gets security updates and bug fixes. Continuing to use Office 2010 puts you at risk from cyber attacks.

With the loss of cloud connectivity, Office 2013 can no longer access the productivity and collaboration features in Office 365 and Microsoft 365.  More than losing features, your team is missing opportunities to improve the way you work, share, and communicate.

Next Steps

Moving to Office 2019, or to Microsoft 365, upgrades your business to a modern, secure collaboration and productivity suite. Beyond email and file sharing, the suite includes collaboration, conferencing, security, advanced threat protection, and more. Microsoft 365 saves more than 70% over purchasing these solutions separately.

To protect and empower your business, now is the time to act.

 

 

 

Evaulating SaaS Backup Solutions

Data protection icon

You have many choices when choosing your SaaS backup solution for Google Workspace (G Suite), Microsoft 365, Salesforce.com, and other cloud services.

When picking your solution, look for the data protection capabilities you need. At a minimum, a SaaS backup solution should offer the following.

Comprehensive Protection

Some SaaS backup solutions only protect email, files, and folders. Look for solutions that offer protection for contacts, shared drives, collaboration and chat tools, and calendars. Solutions with these features are far more effective at maintaining business continuity. And, the cost is often comparable.

Frequent Backups

More frequent backups let you to restore to a more recent point in time, minimizing data loss. Restores are faster and easier with less manual effort to perform restores. Services that backup multiple times per day will provide better results than those that only backup daily.

Access During Outages

Look for and choose a SaaS backup service that lets you export and access your data in the event of an outage. While limited in scope, the ability to use data should Google Workspace or Microsoft 365 be unavailable can help you keep essential work on-track.

Security & Compliance

The SaaS backup service you choose should be secure, with data encrypted at rest and in motion.  Additionally, services that meet SOC1/SSAE-16 and SOC 2 Type II reporting standards will help you meet HIPAA, GDPR, CCPA, SEC, and other regulatory compliance requirements.

Your Next Step:

We recommend you protect all data in Google Workspace or Microsoft 365 with a secure and robust backup/recovery solution.  Protecting your cloud-resident data is no different than protecting data hosted on servers and systems in your office. We can help you make the right choice.

For more information, view and download our eBook, SaaS Protection Buyers Guide.

Learn more about Cumulus Global’s data protection and security solutions, contact us to discuss you needs and options, or schedule a complimentary cloud advisor appointment.

3 Reasons for SaaS Data Protection

Data protection iconSaaS data is not immune to permanent data loss. Microsoft and Google make no guarantees when it comes to restoring deleted data, whether from human error or a malicious act. While Microsoft 365 and Google Workspace (formerly G Suite) may make collaboration more efficient, data protection and management is a shared responsibility. Both Google and Microsoft include some basic recovery capabilities, but they not enough to protect your business.

Here are 3 major reasons to add SaaS data protection to your Microsoft 365 or Google Workspace solution.

1: Data Loss Due to Permanent Deletion

If an employee accidentally deletes a critical spreadsheet from OneDrive or Google Drive, or a deleted folder of important emails passes the retention period in Trash, neither Microsoft nor Google will be able to recover your data.

Even if those files are within your retention period, locating and restoring lost data can cost you more time than you can afford.

2: Data Loss Due to a Ransomware Attack

If your business suffers a ransomware attack, you cannot roll-back your data to a point-in-time before the attack without a backup solution. Your data is likely gone forever.

More than losing valuable business data, you will face potentially crippling costs.  You may choose to pay the ransom (without any guarantee your files will be unlocked). You may work to rebuild your lost data. Either way, you will spend significant money, time, and lost productivity trying to save your business.

3. Time and Money Lost in Recovering Files

Retaining critical user data when employees leave your company is costly without a backup solution in place. The time spent to recover data might be more than what your business can afford. SaaS Data Protection lets you retain past employee data without the need to keep their Microsoft 365 or Google Workspace account active. You save time and money.

Whether you lose data or time, the impact to your bottom line can be significant. To address this challenge, you need a secure solution for this growing reliance on the cloud.

Learn more about Cumulus Global’s data protection and security solutions. To ensure your business continues to run smoothly, schedule a complimentary cloud advisor appointment.

Service Update: Datto SaaS Protection

Service Update: Datto SaaS Protection. The latest Datto SaaS Protection platform is now available to all of our costumers. For more recent customers, you are already on the newest platform.  For our longer term SaaS Protection (aka Backupify) customers, the transition process will begin as early as February 1, 2021. The process will complete before May 31, 2021.

Benefit:

With this move, all Datto SaaS Protection customers will have access to the latest features. These include protection for Microsoft Teams and Google Shared Drives, and the Daily Backup Success Report.

Process:

To ensure a smooth transition, any data on the legacy platform will be archived in one of Datto’s secure Microsoft Azure instances. A fresh backup set will initiate on the new platform. We can assist you in exporting your legacy backup data if you prefer to not have it stored by Datto on Microsoft Azure.

There are some unique aspects of the transition for some of our customers, our Service Team will contact you as needed to discuss your transition.

Please contact us with any questions or concerns.

Google Vault – What, How, and Why

Google VaultGoogle Vault is a compliant archive and e-discovery service.  Historically, Vault is an add-on for G Suite Basic and is included with G Suite Business and Enterprise.

As Google transitions to the new Google Workspace, Google includes Vault in Google all Workspace Enterprise subscriptions and Google Workspace Business Plus.  Vault is not available as an add-on for the Google Workspace Business Starter and  Standard subscriptions at this time.

To decide if you need, or want, Vault, understand the What, How, and Why.

What Google Vault Does

Vault is a compliant archive/e-discovery service for Google Workspace.  The service captures all email, documents, and chats, even if they have been deleted by the user.  As such, Vault meets federal and state regulations for legal discovery.  Vault features include:

  • Archive:
    • Inbound, outbound, and internal email messages
    • Documents
    • Internal and external chat messages
  • “Matters”:
    • Search and gather all relevant materials
    • Save searches and results
  • Legal Holds:
    • Retain relevant data regardless of retention period
    • Prevent removal of data until a “Matter” is resolved
  • Audit Trails:
    • Capture activities
    • Document searches and exports
  • Reports:
    • Export data related to a “Matter” for delivery
    • Documentation that validates data integrity

How Vault differs from Backup

While Vault and backup systems both preserve and protect data, they serve very different purposes and functions.

Vault is intended to keep, find, export, and deliver data in a way that complies with Federal and State laws for legal discovery.

Backup systems are designed to preserve and restore information that has been lost or damaged.

In Vault, you can retrieve individual items and small batches of data. Doing so, however, does not restore the data to its prior location. Nor does Vault preserve meta data, such as date last modified and permissions.

Backup systems cannot guarantee that you have preserved all of your data.  Most backups are configured to remove deleted items from backup files after set periods of time.  Backup systems also prune data into weekly and monthly snapshots, resulting in a potential loss of versions.

Why You May Need or Want Vault

The driving factor for most businesses and organizations is regulatory compliance.  A range of laws and industry regulations require businesses to maintain records, including but not limited to:

  • Sarbanes/Oxley
  • Freedom of Information / Public Records
  • SEC-17
  • FINRA
  • PCI-DSS
  • HIPAA

If you are not subject to these regulations, you may want Vault in order to maintain data for:

  • Policy enforcement
  • Contact and legal negotiations
  • Personnel matters
  • Quality control

We recommend that your Google Workspace (G Suite) subscription is protected  by a backup/recovery solution.  You may not need or want Vault.  If you do not have a regulatory need, assess the value proposition of the added business protection and cost.

Learn more about Cumulus Global’s data protection and security solutions, contact us with any questions, or schedule a complimentary Cloud Advisor appointment.

SaaS Backup – 4 Dangerous Misconceptions

SaaS Backup is just as important, and necessary, as backups for data hosted on in-house servers and systems.

Data protection iconWith more remote work, our reliance on SaaS applications and services such as Microsoft 365 and Google Workspace has become more critical to our success. Easy access to files and folders from anywhere and the integrated collaboration tools keep our teams connected and productive.

Here are 4 common, but dangerous, myths and misconceptions about SaaS applications and services that will put your data and your business at risk.

Myth 1: SaaS Applications do not Require Backup

While SaaS applications protect against data loss in their cloud servers, this does not protect against user error, accidental and malicious deletion, or ransomware attacks. And while accidental deletion of files is by far the most
common form of data loss in SaaS apps, ransomware can be the most damaging. Ransomware is designed to spread across networks and into SaaS applications, impacting many users.

Ransomware isn’t only an on-premises problem. It can and does spread into the cloud, especially when using the OneDrive and/or Drive File Sync clients.

You need a way to quickly revert files, folders, settings, and permissions in the event of an attack.

Myth 2: File Sync is a Backup

While file sync tools like Microsoft OneDrive or Google Drive File Sync do create a second copy of files and folders, they do not replace backup. File sync automatically copies changes to synchronized files. If a file or folder is infected with ransomware, the malware will automatically be copied to all synced versions of that file.

File sync services do offer some restore capabilities via versioning, but they fall short of a true SaaS backup solution.

  • If a file is deleted, older versions of the file are also deleted
  • End users control backup and recovery, so you have no control over coverage or process
  • Large restores are a time-consuming, manual process.

Beyond simply lacking the restore capabilities of a backup solution, file sync and share can introduce ransomware to Microsoft 365 or Google Drive. File sync and backup are not competitive solutions, rather they can and should be used together.

File sync and share tools are for productivity; backup is for data protection and fast restore.

Myth 3: SaaS Applications are Always Available

While SaaS apps are highly reliable, outages do occur. In 2020 alone, Microsoft 365 suffered five significant outages in the space of six weeks. Last year, Google Workspace suffered a global outage, leaving users with no access to for several hours.

Outages and slow restore times are not just an inconvenience. When you cannot access important business data, productivity falls and revenue suffers. Creating backups that are independent of a SaaS provider’s cloud servers is the only way to ensure access to essential files in the event of an extended outage.

Myth 4: Microsoft and Google are Responsible for Backup

Microsoft and Google ensure they will not lose your cloud data. However, they do not take responsibility for restoring data if you lose it. This is why Microsoft recommends third party backups for Microsoft 365 data, having defined the concept of the Shared Responsibility Model.

In the Shared Responsibility Model:

  • Microsoft and Google protect your data against:
    • Service interruptions due to hardware or software failure
    • Loss of service due to natural disaster or power outage
  • You must protect your data against:
    • Accidental deletion and damage
    • Hackers, ransomware attacks, other malware
    • Malicious insiders

The Shared Responsibility Model places the onus of data protection squarely on you. Google and Microsoft are responsible for keeping their systems up and running; you are responsible for preserving and securing your data.

To review your data protections, and your ability to recover from accidental or malicious loss, contact us or schedule an appointment with our Cloud Advisors.

Passwords – 3 Fails and 3 Wins

Data protection iconBad passwords are the cause for over 80% of cyber security incidents.

Bad passwords are bad for business.  ID Agent, a leading provider of Dark Web ID monitoring and protection services, recently surveyed over 2 billion passwords to find the worst problems and mistakes. The research boiled down the least secure passwords into three groups.

  1. Team Pride: Using your favorite team or team slogan is risky. This information about you is often easily found on social media.
  2. Rock and Roll: Your music preferences are also likely visible to the world on social media and in streaming services. As these services may or may not be secure, band names, song titles, and artists are high risk passwords.
  3. Heroes: Heroes are weak and vulnerable when they are part of your password. Our favorite hero — fictional or not — is easily discoverable and exploitable.

Bad password habits can lead to Dark Web exposure. Here are 3 ways to protect yourself.

Communicate and Educate: Consistently communicate with your team about cyber risks and the need for good password habits. Educate and guide your team to reinforce behaviors.

  • Discourage reuse, sequential, iterated, recycled, or simple passwords.
  • Encourage use of secure, company-approved, password vaults.
  • Solve access problems to prevent the need for sharing passwords for convenience.
  • Increase phishing training to avoid password compromises.

Prevent & Protect: One of the best ways to prevent breaches due to compromised passwords is to add multi-factor authentication (MFA) for every user.

  • Weak user-made passwords are stronger with a second identifier.
  • Stolen/compromised passwords are much harder to use with MFA in place.
  • MFA is a compliance tool with HIPAA, PCD-DSS, SJIC, and other industry and legal regulations.
  • Identifiers and tokens can be delivered via phone, app, or fob.

Other prevention and protection strategies include: advanced threat protection, encryption of data at rest and in motion, permissions management, and dark web monitoring.  Dark Web monitoring lets you know when personal or company data is circulating, even if you have not had a breach. Third-party partner and service breaches put your systems and data at risk. As such, you should:

  • Monitor the Dark Web for lists of you company’s potentially compromised passwords and available personally identifiable information (PII).
  • Spot compromised passwords that employees may be reusing on our systems.
  • Find password and credential threats quickly, to mitigate them faster.

Respond and Recover: Even with protections in place, cyber attacks can succeed.  Whether a data breach, denial of service attack, or ransomware, be prepared to respond and recover. You want and need to get your business up and running as quickly as possible.

  • Backup all company data, on premise and in the cloud, so that you can recover corrupted files quickly.
  • Have business continuity solutions in place for critical systems and applications, so that you can be up and running in minutes or hours, rather than days or weeks.

Your Next Step

CPR With “CPR” in mind, learn how Cumulus Global can help you minimize your risks and maximize your recovery to ensure your business continues to run smoothly.

Schedule a complimentary cloud advisor appointment to learn more.