Cumulus Global Recognized on the Channel Futures 2022 MSP 501

/in ,

The Annual MSP 501 Ranks Cumulus Global as a Best-in-Class Businesses with Innovation-Driven Growth

2022 MSP 501 WinnerJune 16, 2022 – Westborough, MA – Cumulus Global has been recognized as one of the world’s premier managed service providers on the prestigious 2022 Channel Futures MSP 501.  Selected by the editors of Channel Futures, Cumulus Global ranks at #139 on the list.  This ranking recognizes Cumulus Global for its performance across a broad range of criteria, including sales; recurring revenue and revenue mix; growth opportunities; innovation and solutions; profitability; and customer and company demographics.

“The recognition and inclusion on the 2022 MSP 501 is exciting and an honor,” stated Cumulus Global CEO Allen Falcon. “Our success directly results from the expertise and effort of our team, our cloud computing partnership with clients, and our vendor relations. Together, our cloud forward solutions help clients exceed their business goals and objectives.”

MSPs that qualify for the list pass a rigorous review by the research team and editors of Channel Futures. The team ranks applicants using a unique methodology. Financial performance according to long-term health and viability, commitment to recurring revenue, and operational efficiency are key analysis factors.

“It is not enough to delivery great services,” noted Falcon. “Continually improving our efficiencies and those of our clients creates near- and long-term value.”

The MSP 501 has evolved from a competitive ranking into a vibrant group of innovators focused on high levels of customer satisfaction at small, medium, and large organizations in public and private sectors. As with many firms listed on the MSP 501, Cumulus Global’s services and technology offerings focus on growing customer needs in the areas of cloud, security, collaboration, and support of hybrid work forces.

The complete 2022 MSP 501 list will be available on the Channel Futures website on Monday, June 20th.

Organizations interested in learning more about Cumulus Global’s services can contact us or schedule an appointment with a Cloud Advisor.

Background

“The 2022 Channel Futures MSP 501 winners are the highest-performing and most innovative IT providers in the industry today,” said Allison Francis, senior news editor for Channel Futures. “The 501 has truly evolved with the MSP market, as showcased by this year’s crop of winners. This is the fifth consecutive year of application pool growth, making this year’s list one of the best on record.”

The 2022 MSP 501 list is based on confidential data collected and analyzed by the Channel Futures editorial and research teams. Data collection ran from Feb. 1-April 30, 2022. The MSP 501 list recognizes top managed service providers based on metrics including recurring revenue, profit margin and other factors.

About Cumulus Global

A nationally recognized managed cloud service provider, Cumulus Global helps small and midsize enterprises get more value from your existing IT and new cloud computing services. Translating your business goals and objectives into solutions and services, we co-manage your IT services, support your team, and keep your IT systems in sync with your changing business needs and priorities.

About Channel Futures

 Channel Futures is a media and events platform serving companies in the information and communication technologies (ICT) channel industry with insights, industry analysis, peer engagement, business information and in-person events. We provide information, perspective, and connection for the entire channel ecosystem. This community includes technology and communications consultants, integrators, sellers, MSPs, agents, vendors and providers.

Channel Futures is part of Informa Tech, a market-leading B2B information provider with depth and specialization in ICT sector. Each year, we welcome 14,000+ research subscribers, over 4 million unique monthly visitors to our digital communities, 18,200 students to our training programs, and 225,000 delegates to our events.

Media Contacts

Allen Falcon
CEO, Cumulus Global
afalcon@cumulusglobal.com

 

Allison Francis
Senior News Editor, Channel Futures and MSP 501
allison.francis@informa.com

 

Hybrid Business Strategy: Examples, Considerations, and Recommendations

/in

Hybrid Workplace

The Business Side of Hybrid Workplace Strategy

The business side of hybrid workplace strategy is forefront as we make plans for the future. In a survey recently published by Gartner, CEOs were asked to identify the top enduring changes resulting from the pandemic. 45% of CEOs stated that hybrid and remote work was the most significant long-term impact. This equals all other noted enduring changes, combined. Nearly every business will have some degree of remote and hybrid working arrangements, as we experience a change in employee expectations and broader cultural shifts.

In past posts, we have looked at the technology and related managed cloud services needed to properly support remote and hybrid workplaces. The business administration issues related to hybrid and remote work are more complex than the technology solutions.

Four Hybrid Workplace Business Considerations

We’ve broken down what you should think about when it comes to hybrid workplace strategy into four key points. Each of these aspects of a hybrid workplace contains examples of how a hybrid business strategy might be implemented. See how these four considerations can help you strike the right balance and create a hybrid workplace that prioritizes people.

1. Working Environment

As we have noted before, as employers we are responsible for providing staff with a safe and healthy work environment.  If employees are working remotely, or from home, on a regular basis (an expectation for the job), their work environment must be managed appropriately through a hybrid work strategy.  We are responsible to ensure appropriate lighting, noise, desk space, seating, and ergonomic accommodations, as well as productivity tools, and cloud collaboration services.

2. Payroll, Benefits, and Compliance

With employees working at home, you are more likely to be paying employees who both live and work out of state (or in another tax jurisdiction). In addition to accurately representing their work location for payroll, you will need to provide benefits in each state and comply with each state’s employment laws.  Minimum wage, sick time, and paid leave are a few of the regulations that differ between states, and need to be considered in a hybrid business strategy.  Healthcare plans and providers will also differ, as do contributions to state unemployment insurance programs.  Additionally, you will need workers’ compensation insurance coverage for each state in which employees work.

3. Insurance

Beyond workers’ compensation, you may need to update your general liability coverages to address employees working from home.  Your insurer may see additional risk and/or the need to document work locations to ensure your business is properly covered.  Most policies require that you list any company-owned or leased work spaces, including co-working spaces.

4. Taxes

Lastly, when it comes to a hybrid workplace strategy, having employees work in your state while living in another is not uncommon. States have reciprocity agreements that dictate how these employees need to file their personal tax returns.  When you have remote employees working in other states, the rules are not yet as clear. Some states expect you to withhold taxes based on your employees’ locations, as this is their workplace.

Even more impactful, some states see an employee’s work location as creating nexus, and will require you to file business tax returns in that state.

Recommendations on a Hybrid Workplace Strategy

We strongly recommend that you proactively address the business side of hybrid work.  Speak with your HR, tax, and legal advisors as you navigate and design your hybrid strategy and remote work plans.

  • Consider using a Professional Employment Organization, or PEO, to manage payroll, benefits, HR policies, unemployment insurance, and workers’ compensation insurance.  In addition to operating across state lines, PEOs provide you with a unified approach to human resource services. They can assist with recruiting, onboarding, offboarding, and regulatory needs such as driver safety, OSHA compliance, and testing for banned substances. PEOs als0 assume liability for compliance errors.
  • Be prepared to provide employees working from home with the workspace and accommodations they need to be healthy, safe, and productive. Beyond IT, we can assist with home office workstations, desks, stands, lighting, and more.
  • Communicate with your insurance provider to ensure your coverages are appropriate and correct.
  • Consult your tax and legal advisors to ensure you understand when, and where, you have nexus with respect to corporate registrations and taxes.

If you’d like to chat more about hybrid business strategy, be sure to get in touch!

IT Security for Small Businesses

/in

Security, Privacy, & ComplianceStreamlining IT Security for SMBs

Streamlining IT security is a more balanced message about why and how to protect your business. Over the past year, we have covered the on-going, and increasing, threats to small businesses.  We often highlight the scope and severity of the risk, including how security trends will affect small business.  Hopefully this information, along with cost-effective solutions, prompts you to act. At times, we may appear to be fear-mongering.

Sound business practices, not fear, should be your motivation to protect against cyber attacks.

The market is awash with cyber security solutions. These range from single-protection products to complex advanced security monitoring and response services.  The number of options, and competing claims, is overwhelming.

Our Recommendations on IT Security for Small Businesses

Focus protections on the most common, and most damaging, types of attacks.

1. Focus on Risks

We know that:

  • More than 80% of cyber attacks start with, or involve email via phishing and other social engineering tactics
  • Ransomware is the most common type of attack
  • Business email compromise (BEC) is the most costly type of attack
  • Attacks via DNS and web content are becoming more of a risk

As such, small and midsize businesses should focus on preventing these types of attacks. Plan to limit your security approach and spending to prevention and recovery from these risks.

2. Use our CPR model as a guide

Communication and Education

Make sure your team knows how to spot an attack and what to do if they suspect an attack.  They should know the risks and steps you are taking to protect your business.

Periodically sharing articles or updates may be sufficient to strengthen your business.  Subscribing to a security awareness training service is an affordable way to provide this education. Your cyber insurance policy may require this service.

Protect and Prevent

To protect your business from the greatest risks, put the following solutions in place:

  • Multi-Factor Authentication (MFA)
  • Encrypt data at rest, including on servers, desktops, and laptops
  • Use advanced threat protection (ATP) on all email accounts for inbound messages
  • Ensure your endpoint protection (local anti-virus) is a next-gen solution
  • Use DNS/Web protection to prevent harmful downloads

Specific to business email compromise attacks and ensuring your legitimate emails are not flagged as dangerous, ensure your domain configuration include the following protocols and services:

  • An accurate and complete Sender Policy Framework (SPF) record
  • DomainKey Identified Mail (DKIM) for all sources of email (including marketing tools)
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC)

Respond and Recover

Even with protections in place, cyber attacks can be successful.  Ensure that you can return to operations quickly, even as a full recovery may take time. Your ability to recover and respond should include:

  • Backup/Recover data stored in the cloud (Microsoft 365, Google Workspace, etc.), as well as on local servers, desktops, and laptops
  • Continuity services so you can run images of key servers, desktops, and laptops if they are damaged by an attack

Note that continuity services also protects you from the impact of hardware issues, theft, and other losses.

Start with an Assessment to See Where Your Small Business Stands with IT Security

For a limited time, our Rapid Security Assessment is free of charge. Complete a 3 minute survey and receive a detailed report benchmarking your basic security services with respect to the most common cyber attacks against small and midsize enterprises.  

To learn more, please join us on May 17th at 3:00 PM ET for Streamlining Security, our May 3T@3 Webcast or schedule a no-obligation call with one of our cloud advisors.


Six Best Remote Work Strategies 

/in

Remote Work Strategy in Action

If you have remote workers, then how you manage your business and employees has, and will continue to change. We often talk about the technology that makes remote work efficient and that can help integrate teams. But supporting remote workers requires a broader perspective and understanding of the workplace.  As employers, we remain responsible for providing a safe, effective workplace regardless of where our employees work. Here a few considerations as you plan your hybrid business and remote work strategy.

If you have remote workers, then you should consider the following six best practices for a remote work strategy.

Six of The Best Remote Work Strategies

  1. Are responsible for their work environments, including the same health and safety regulations that apply in the office.
    • Ensuring safe and appropriate workspace ergonomics, sound levels, lighting, etc. are responsibilities of the employer.
    • Provide your remote workforce with appropriate furniture, lighting, and ergonomic tools.
    • And yes, an employee working from home might be eligible for Workers’ Compensation if they trip over their dog while working.
  2. Need to accurately track and manage working hours for non-exempt employees.
    • Avoid wage and employment related liabilities by ensuring hourly workers are compensated for all work time, including when they respond to the random off-hours email.
    • Setting clear policies and expectations can help avoid work hour, wage, and employment issues.
  3. Are responsible for ensuring their work is secure.
    • Remote work environments must be managed and secured to the same levels as those working in the office.
    • Data privacy regulations, such as HIPAA, PCI, and SEC17, do not end at the office door.
    • Networks, systems, applications, and data require the same levels of protection regardless of location.
    • Similarly, physical protections must be in place for printed documents.
  4. Can be accountable for intellectual property stored on personal devices.
    • Establish a clear policy and procedures for the use of personal devices for work.
    • Include the need for the company to install software or productivity tools to manage the business’ information on the device, including but not limited to cyber protections, personal/work data separation, local encryption, backup/recovery, and the ability to remotely remove work related data in an emergency.
  5. Want to avoid “in-person” bias.
    • Remote workers need mechanisms and unified communication options to participate in the informal conversations and interactions we take for granted when working in an office environment.
    • Supervisors and managers should help workers establish and build effective relationships, including those that offer mentorship and guidance, with direct co-workers and others in your firm.
    • Measures of performance should, explicitly, avoid the implicit bias that in-person visibility correlates to better involvement and teamwork.
  6. Should understand the tax implications for your business, and employees related to working remote.
    • Having employees in other tax jurisdictions can make proper payroll tax withholding and filing more complex.
    • States may or may not have reciprocal agreements and some states are imposing new rules.
    • Remote workers may create nexus in some jurisdictions, triggering sales tax and other tax obligations.
    • Work with your attorney and financial advisors to understand your requirements and to ensure compliance.

Next Steps to Create a Remote Work Strategy

Cloud infrastructure technologies help facilitate remote work and hybrid work environments. You can deploy systems, apps, and tools to make remote and hybrid work efficient and secure. Remote and hybrid work models, however, span every aspect of your business.  Policies, procedures, operations, and culture all require attention, planning, and support.

Work with your legal and financial advisors, and your HR resources, to ensure  your remote/hybrid plans will benefit your business.

Service Update: Advanced Threat Protection

/in ,

Service Update Announcement

Beginning July 1, 2022, Cumulus Global is adding Advanced Threat Protection services to all clients using Microsoft 365 and Google Workspace.

With more than 40% of cyber attacks targeting small businesses and two thirds of attacks using email, Advanced Threat Protection is no longer an option. The stakes are too high. Recovery takes an average of 21 days and 60% of small businesses fail within six months of a successful attack.

To minimize the impact, we are waiving the standard setup fee and discounting the service by 20% for customers with an annual commitment. The fee will be reflected on your annual invoice or monthly invoices, as appropriate.

You may opt out of the Advanced Threat Protection service. To opt-out, please notify us by email prior to May 25, 2022. If you elect to opt-out, please review the terms of our Service Level Agreement as posted on our website.

Please contact us or schedule time with one of our cloud advisors if you have any questions.

Business Email Compromise – The Costliest Type of Cybercrime

/in

Email, Communications, & MobilityBusiness Email Compromise

While the massive number and scale of ransomware attacks get the most media attention, Business Email Compromise (“BEC“) attacks are the costliest type of cybercrime.

What is a Business Email Compromise (BEC)?

In a BEC attack, the criminal impersonates you and convinces somebody who trusts you to send money. While successful attacks often begin with unauthorized access to your email account, savvy criminals use email and domain impersonation techniques. They trick others into thinking that you are asking for, or instructing them to complete, a money transfer.

As we noted in a recent post, real estate agents and brokers are prime targets of Business Email Compromise attacks because they regularly discuss transferring large amounts of money with their clients. As noted in this recent email scam article from the Associated Press, however, BEC attacks are hitting a wide range of small businesses, nonprofits, and schools.

Business Email Compromise attacks succeed when cyber criminals are able to collate enough information about you to gain access to your account or impersonate you.  Here is how they do it:

  • Given that you use your email address to log into many systems, a third party breach can provide attackers with your email address and enough information to calculate your password.
  • Third party breaches often provide hackers with enough personally identifiable information (PII) about you to launch a successful phishing attack that captures your username and password.
  • Scanning social media posts can also provide hackers with enough PII to successfully phish for your identity.
  • Malware, known as an Advanced Persistent Threat (APT), that makes it past your endpoint protections can gather usernames, passwords, and other information while running undetected on your computer.

How to Prevent Business Email Compromise

Protect Your Identity

To keep your email account secure, you need to protect your identity.

  • Understand the risks and follow practical advice for safe online hygiene. Use unique, complex passwords across systems; avoid oversharing personal information; and learn to recognize phishing and impersonation attacks.
  • Use “Next-Gen” endpoint protections to prevent zero-day attacks, APTs, and more traditional forms malware.  These solutions use heuristics, AI, and behavioral analysis of files to identify an attack. They can also “roll back” changes to stop an attack.

Secure Your Email Service, and All of Your Services

Even as you protect your identity, you still need to secure your email service through proper data protection and security services.

  • Advanced Threat Protection (ATP) protects your account from phishing attacks, bad links, infected attachments, and other risks. ATP verifies sender information and test links and attachments in a “sandbox”, allowing safe messages to arrive in your inbox.
  • Two-Factor Authentication (2FA), or Multi-Factor Authentication (MFA), can prevent access to your accounts if your username and password are compromised.
  • Ensure that all of your information is encrypted at-rest and in-motion. Your email service should use Transport Layer Security (TLS) to encrypt messages between sending and receiving services.  Encrypt files on your local disk, on any file servers, and in the cloud.

Prevent Email and Domain Impersonation

As noted in a recent blog post, you can use three (3) different levels of email security to prevent email and domain impersonation.

  • Sender Policy Framework (SPF): Authenticates addresses you use to send email.
  • DomainKeys Identified Email (DKIM): Digitally signs messages to ensure emails are not altered en-route.
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC): Authenticates email origin and instructs recipients how to process bad messages. A DMARC service will track and report any potential issues.

These protocols and a DMARC monitoring service offer the best protection against BEC and impersonation attacks. They also help improve the deliverability of your email. Our ebook, Email Security: Good, Better, Best, dives deeper into this topic.

For a limited time, our Rapid Security Assessment is free of charge. Complete a 3 minute survey and receive a detailed report benchmarking your basic security services with respect to the most common cyber attacks against small and midsize enterprises.  

 

Security Trends Will Impact Small Businesses

/in

Security, Privacy, & ComplianceSpeaking at a recent CRN-hosted security summit for midsize enterprises, Paul Furtado, Gartner’s Vice President of Midsize Enterprise Security stated, “The only thing harder than defending yourself against a cyberattack is telling your executives and your partners why you didn’t do enough to protect yourself.”  His comments reflect current security trends from our historic “Trust but Verify” security model to one that is “Never Trust; Always Verify” — also known as Zero Trust.

Expectations are changing and our tolerance for breaches is dropping.  More than 56% of successful attacks exploit known vulnerabilities with patches available for more than 90 days.  Frankly, many of us are failing at the fundamentals of IT security and this needs to change.

While smaller in size, SMBs remain prime targets of cyber attacks.  With “Ransomware as a Service” readily available, finding and attacking vulnerable small businesses is inexpensive and effective.  SMBs are more likely to have fewer security protections; SMBs are less likely to be able to recover from an attack and more likely to pay ransoms.

Here are 7 security trends that warrant our attention and action:

1 Zero Day Exploits

As the name implies, Zero-Day  Exploits take advantage of newly discovered security holes before our tools and systems can be updated to prevent an attack.

Next Gen solutions are needed to protect from attacks on devices, in the flow of email, and in web traffic.

2 Insider Threats

Insider risk refers to every account that has access into an organization’s environment such as service accounts, custom integrations, and API accounts. Insider threats, meanwhile, are the small percentage of insiders actually doing something that will cause a security incident, intentionally or not.  For example, the increased use of QR codes allows attackers to create malicious QR codes that install keyloggers and screen grabbers to steal identities and multi-factor authentication tokens.

We need Security Awareness Training to help individuals understand the risks and build safe habits.

3 Regulatory Changes

As noted, security expectations are changing.  State and federal laws are changing. Passed by the Senate this year, the Strengthening American Cybersecurity Act will require businesses to report significant cyber events within 72 hours and ransomware payments within 24 hours. These requirements lay on top of other federal regulations, multiple states’ privacy laws (CCPA, MA PII, etc.), and industry regulations (PCI-DSS, etc.).

With cyber insurance and cyber response services in place, small businesses are more likely to avoid fines, losses, and legal actions.

4 IoT

Internet of Things devices, and similar automation technologies are popular and often lack basic security features.

As IoT-based solutions move into smaller businesses, we need to secure and monitor devices and the networks on which they run.

5 Supply Chain

Bad actors know that attacks on supply chains can be more effective than attacking an intended target.

If your smaller business is in the supply chain of a larger company, expect security to become an issue.  They are likely to request — or demand – additional security measures as a condition of your business relationship.  And, be ready to demonstrate (prove) that you actually do what you claim on the security checklist.

6 Data Mining

Data mining enables attackers to not only go after your business, but your vendors and customers as well.  Imagine attackers telling your customers their private data will be released if you do not pay the ransom.  Even more common, imagine your customers receiving emails “from” (impersonating) you instructing them to send money.

We need to start protecting unregulated data in the same ways we protect regulated data.  Encryption, for example, does not prevent a breach but ensures the data cannot be used.

7 Ransomware

It would be nice to think we are past the ransomware pandemic, but we are not.  Over 80% of ransomware attacks are on small and mid-size businesses. Because attacks have moved beyond encryption to data exfiltration, attackers are likely to understand your business and set ransoms that are steep, but payable (often 1% to 1.5% of annual revenue).  Businesses hit by ransomware average more than 20 days of significant business disruption. On average, they permanently lose more than 35% of their data.

A response and recovery plan that includes business continuity ensures that you can keep your business running while you recover from and respond to an attack.

Your Next Step

Please contact us to evaluate your security footprint and needs, and discuss possible next steps, or schedule a no-obligation introductory call with one of our Cloud Advisors.

Real Estate Cyber Security

/in

Cyber Attacks on Real Estate Agents and Brokers Victimize Clients

As cyber attacks on real estate agents and brokers increase, clients are paying the price.

Security, Privacy, & ComplianceMost of the country is facing high demand for housing with extraordinarily low supply.  This creates a highly competitive sellers’ market in which buyers compete to have offers accepted. The urgency and need to move fast makes real estate agents, and their clients, prime targets for cyber crime. As noted in a recent bulletin from CRES Insurance, brokers and agents need to protect themselves and their businesses from cyber attacks, which can include adding cyber insurance for real estate organizations.

The Scenario of Cyber Security for the Real Estate Industry

Imagine being a real estate agent and receiving a call from client excited that their offer was accepted and confirming that they have wired the deposit, only to realize that their offer was not accepted.  They share the email with you with the instructions.  The email looks like is from you, your assistant, or your firm.  The message uses words and phrasing that you and others at your firm regularly use.  Without close inspection, the message appears to be legitimate.

Your email domain and/or your identity has been successfully impersonated. Your client has lost thousands of dollars. Your reputation is damaged. You may be facing legal action. All reasons to pursue proper data protection and security services to prevent real estate cyber attacks.

Real Estate Cyber Attacks

This form of attack, a Business Email Compromise (BEC), is on the rise and real estate agents and brokers are the target.  Attackers compile information about you, and how you work, from public sources and social media.  In some cases, you may be an unknowing victim of an advanced persistent attack. In these attacks, hackers install software the sits quietly on your computer, tracking your activity, and sending information back to the attacker’s servers. The attackers then use this information to impersonate you and/or your business.

Once an attacker can impersonate you or your business, your clients become the financial victims. You face a loss of clients and reputation, and potential legal action.

Real Estate Cyber Security Solutions

Like any business, agents and brokers need to ensure their systems are safe and secure with proper real estate cyber security best practices.  They should also take steps, specifically, to prevent domain and email impersonation. Here are three cyber security steps you can take to protect your real estate business from attacks.

  • Ensure you and your team understand cyber risks and how to minimize your risk of attack.
  • Use protective technologies:
    • Next-gen endpoint protection to prevent malware and ransomware on your computers
    • Email advanced threat protection to prevent phishing and other email-based attacks
    • Multi-factor authentication to protect your identity.
  • Configure different email security solutions that prevent domain and email impersonation

Feel free to contact us to discuss your security profile or for a security assessment.

 

 

XChange of Ideas – Trends with Benefits

/in ,

XChange Events

This XChange of Ideas shares trends that can boost your business’ productivity.

We recently spent three packed days at the XChange 2022 Conference. While we attend to improve our service offerings and business, many of the insights will benefit your business as well.

1 Industry Consolidation Awareness 

As with most maturing, dynamic industries, consolidation of vendors is not unusual in technology. Bringing together complimentary technologies and solutions can create synergy and economies of scale.  Currently, we are seeing something a bit different.  Companies that provide the systems we use to run our business are acquiring products and services that we offer to our customers.  By offering solutions we sell, and the solutions we use, our vendors are hoping to provide us with better integration and efficiencies.

The risk, however, is that service providers will focus, or limit, their options to match the “single vendor” efficiency. While you, as the customer, may benefit from the efficiency, these benefits will be fleeting if the solutions do not meet your needs.

We, at Cumulus Global, will continue to offer multiple solutions for nearly all of the services we offer. We commit to this strategy because efficient mediocrity serves nobody well.

2 VDI is Better than O.K.

Acceptance and use of virtual desktop infrastructure (VDI) and remote desktop services is on the rise. Beyond an interim solution, VDI services prove to offer many businesses long term value. We see several reasons for considering a move to VDI, including:

  • Support for hybrid work environments. With employees working in office and remote, a VDI environment provides a single computing environment for your entire business.  Accessing files and applications is the same, regardless of location and end user device.
  • Strategic Savings. VDI services extend the useful life of your existing laptops and desktops.  Since VDI clients are not processing data locally, the demand on processors, memory, and disk space are minimal.  Aging equipment can remain in service without impacting performance.
  • Improved Security.  VDI services run in secure, professionally run data centers. We use Microsoft Azure and Google Cloud Platform for VDI services. VDI provides private, secure networks, with multiple access options to meet your business needs.
  • Business Continuity and Resiliency. The faster you can recover from a disaster or technology failure, the better your business will survive and grow. VDI services remove most of the risks from local disasters and system failures.  As you can access your services from anywhere you are Internet-connected, and from most any end user device, teams can easily relocate and work around localized disruptions.

As disruption of technology supply chains continues, VDI allows you to upgrade your environment without investing in new desktop and laptop devices. You can move forward with your business without worrying about system availability.

To explore if VDI services can help your business, contact us about our security assessments, or schedule an intro call with one of our Cloud Advisors.

XChange of Ideas – Security

/in ,

XChange EventsLooking at what we learned during three packed days at the XChange 2022 Conference, we have much to share.  The XChange conferences help IT service providers, like Cumulus Global, explore emerging trends, challenges, products, and solutions.  While we attend to improve our service offerings and business, many of the insights will benefit your business as well. This XChange of Ideas shares three emerging security trends.

1 Security is Not a Technology

Most small and midsize businesses see themselves as having security because they have some security technologies and systems in place.  Security, however, is not a technology; security is an ecosystem that spans people, processes, and systems, as well as a lifecycle of prevention, response, and recovery. As important, we need to understand that managing our security

Most businesses still lack the basic set of security protections that span the security lifecycle. A solid security foundation should include advanced threat protection, next-gen endpoint protection, DNS security, web protection, multi-factor authentication, and encryption. A solid backup/recovery is also necessary; having a business continuity solution is preferred.

With the dynamic nature of threats and cyber attacks,  many businesses are at higher risk and should be deploying advanced security services. Advanced security services may include managed security incident detection and response (MDR) services, internal application whitelisting, segmentation, and other protections that can detect, halt, and stop the spread of an attack.

2 Cyber Insurance is Not Assurance

Cyber Insurance is more than a good idea, it is a necessity for almost every business.  But cyber insurance is not assurance that you can quickly recover from a cyber attack.

  • Cyber insurance underwriters have you complete a questionnaire or audit about your cyber protections, policies, and procedures. When you submit a claim, most cyber insurers will ask you to demonstrate that the protections were in place, how they were functioning, and that you follow the policies and procedures noted in your application.  If you cannot show that you do what you promise, expect your claim to be denied.
  • Your cyber insurance underwriters may prevent you from starting your systems and data recovery. Recovery typically destroys evidence of the attack, it’s cause, and it’s method of propagation. You may be unable to restore your systems and data for days — or even weeks — while your insurer completes a forensics investigation.

Having the right protections in place, and being able to demonstrate compliance, is a clear expectation to resolve cyber insurance claims.  Having a continuity solution in place that allows you to return to operation in parallel with a forensics investigation should be considered.

3 HIPAA is Not Just For Doctors

HIPAA is the regulatory cornerstone for protecting personal health information (PHI). These regulations control how we store, transmit, and share — procedurally and technically — PHI. Compliance, however, is not just required of healthcare providers, insurers, and others direct access to patient records. Businesses serving healthcare providers — those that sign a Business Associates Agreement — face compliance requirements as well.

HIPAA enforcement is expanding beyond Covered Entities to Business Associates, as is notable on the US Department of Health and Human Services Office of Civil Rights HIPAA “Wall of Shame

If you are not sure that your security services are up to par, contact us about our security assessments, or schedule an intro call with one of our Cloud Advisors.