Expect an Increase in Cyber Attacks

/in ,

Data Protection & SecurityThe U.S. Cybersecurity & Infrastructure Security Agency, part of the U.S. Department of Homeland Security, is warning businesses to be prepared to defend against cyber attacks originating from Russia. “Every organization—large and small—must be prepared to respond to disruptive cyber activity,” the agency says in its warning.

Our security vendors, analyzing aggregate data, are starting to see a definitive increase in the number and frequency of attacks.

Fortunately, you have a range of tools at your disposal to protect you business:

  • Next-Gen endpoint protection
  • Advanced threat protection
  • Multi-factor authentication
  • Cyber-awareness training
  • DNS/Web protection
  • Third party breach monitoring

These services, paired with recovery and continuity services, can prevent your business from succumbing to an attack. And, if you do fall victim, ensure your business can be back up and running on hours, not days or weeks.

Please contact us if you have any questions or would like a no-obligation review of your security footprint.  You can also schedule a call with one our Cloud Advisors, below.


Cumulus Global Awarded MSP 500 Status for Fourth Consecutive Year

/in ,

For the fourth consecutive year, CRN®, a brand of The Channel Company, has named Cumulus Global to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2022. The list recognizes innovative and forward-thinking services providers throughout North America. The award focuses on service providers who deliver best-of-breed services and solutions that help businesses and their teams achieve tangible business results.

“We are honored and grateful that our peers see our managed cloud services as industry-leading solutions,” stated Cumulus Global CEO Allen Falcon. “The continued recognition confirms our believe that small and midsize business success requires a great team, robust vendor relationships, and creative, innovative, and effective solutions.”

With many customers still recovering from the impact of the ongoing pandemic, MSPs have become a vital part of the success of businesses worldwide. MSPs not only empower organizations to leverage intricate technologies but also help them keep a strict focus on their core business goals without straining their budgets.

“In addition to having to adjust their own business operations to account for the changed conditions during the pandemic, MSPs have also seen increased demand for their managed communications, collaboration and security services,” said Blaine Raddon, CEO of The Channel Company. “The solution providers on our 2022 MSP 500 list deserve credit for their innovative and game-changing approaches to managed services in these unpredictable times, as well as their ability to optimize operational efficiencies and systems without straining IT budgets.”

Cumulus Global, as a Managed Cloud Solution Provider, matches the best aspects of MSP services with a “cloud-first” perspective. Leveraging the economies of cloud computing, Cumulus Global offers robust, secure, productivity and digital transformation services more cost effectively than traditional IT services for small and midsize businesses.

The MSP 500 list is featured in the February 2022 issue of CRN and online at www.CRN.com/msp500.

About Cumulus Global

Cumulus Global is an industry-leading managed cloud service provider with a mission to deliver solutions with tangible value.

What We Do: We translate your business goals and objectives into solutions and services.

How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from co-managed services, on-going support, and client success services that help you adapt as your business changes and grows.

What We Offer: Managed cloud solutions featuring Google, Microsoft, and more than three dozen providers.

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

 

 

Resources for Small Business Owners and Solopreneurs

/in
Read more

Deadline 3/1/22: Microsoft 365 Price Increase

/in

Microsoft 365

On March 1, 2022, the pricing for Microsoft 365 will increase.  Depending on your current subscription and licensing, you will see a Microsoft 365 price increase ranging between 10% and 25%. You can, however, minimize or avoid the increase.

Details

Monthly per user pricing with an annual commitment* will increase as follows:

  • Subscription
  • M365 Business Basic
  • M365 Business Standard
  • M365 Business Premium
  • O365 E1
  • O365 E3
  • M365 E3
  • Current Fee / User / Month
  • $5
  • $12.50
  • $20
  • $8
  • $20
  • $32
  • New Fee / User / Month
  • $6
  • $12.50
  • $22
  • $10
  • $23
  • $36

*Pricing for monthly commitment (no annual commitment) will include a 20% surcharge.

What is the Impact?

Historically, Microsoft 365 and Office 365 subscriptions were sold with an annual commitment.  Within the annual commitment, you could adjust the number of licenses up or down on a monthly basis. Microsoft now classifies these types of subscriptions as “Monthly Subscriptions”.

Going forward, you can choose an “Annual Subscription”. With an “Annual Subscription”, your current license count becomes your minimum purchase commitment for the next 12 months. You may add licenses during the year, but you cannot remove any licenses until your annual renewal.

A “Monthly Subscription” allows you to increase or decrease you licenses monthly.

Annual Subscription pricing will increase as noted in the table, above.  If you are a monthly subscription, you will pay an additional 20% per license.

Minimize the Impact

You can minimize, or completely avoid, the Microsoft 365 Price Increase by assessing your subscription licenses and usage, and:

  • Transition to an Annual Commitment before February 28, 2022.
    • Continue with monthly or annual invoicing
  • Remove past employee accounts by either:
    • Exporting and deleting

Act Now!

Schedule time with one of our Cloud Advisors.  We will assess your current subscription, the impact of your transition, discuss subscription and licensing options, and determine if you qualify for incentive discounts.

 


Deadline 1/31/22: Google Workspace Transition

/in

Google Workspace

The deadline for managing your Google Workspace transition:
Jan. 31, 2022.

As we have noted in past posts and communications, the transition to Google Workspace may significantly impact your subscription fees, with increases that can double or triple your cost.

Limited incentive discounts are available; you must act now!

What Does the Jan. 31, 2022 Deadline Mean?

If you do not manage your transition from G Suite to Google Workspace, Google will automatically change your subscription as early as February 1, 2022.

  • For customers on a month-to-month (“Flex”) subscription, Google will automatically change your subscription from G Suite to Google Workspace beginning February 1, 2022.
  • For customers on a subscription with an annual or multi-year commitment, Google will automatically transition your subscription at your next renewal date.

What is the Impact?

Your G Suite subscription will transition to the Google Workspace subscription that matches your features and utilization.  Google will move all of your licenses to the subscription level that ensures no loss of features or functionality.

Examples:

  • G Suite Basic with one or more users with Additional Storage
    • You will transition to Workspace Business Standard or Business Plus
    • Your fees will go from $6/user/month plus the added storage to $12/user/month or $18/user/month.
  • G Suite Basic and have users with Vault
    • You will transition to Workspace Business Plus
    • Your fees will go from $11/user/month to $18/user/month.
  • G Suite Business users
    • You will transition to Workspace Business Plus to maintain your Vault service
    • Your fees will go from $12 to $18 per user per month.

Minimize the Impact

You can minimize the financial impact by assessing your subscription licenses and usage, and:

  • Mix and match licenses:
    • Within the Business or Enterprise tiers
    • Avoid paying for capabilities not needed or used by everyone.
  • Take advantage of incentive discounts by managing your transition to Google Workspace before the January 31, 2022 deadline:
    • Transition from monthly flex to an annual commitment
    • Transition your existing annual or promotional commitment early
    • Consider a multi-year commitment for greater savings
  • Remove past employee accounts by either:
    • Transitioning them to Archived User Accounts
    • Exporting and deleting

Act Now!

Schedule time with one of our Cloud Advisors.  We will assess your current subscription, the impact of your transition, discuss subscription and licensing options, and determine if you qualify for incentive discounts.

 


Different Types of Email Security Features

/in

Different Types Of Email Security Solutions Can Help Protect your Business

When launched Cumulus Global 15 years ago to provide small and midsize businesses (SMBs) with email security and security solutions. As early adopters, we saw how managed cloud services and solutions made enterprise grade solutions affordable and effective for small businesses.  While much as changed over the past decade and a half, we still face email-based threats.

Email Attacks are Easy

According to Verizon’s 2021 Data Breach Report, email remains one of the most common vectors for attacks. And, phishing attacks are at the top of the list. Email phishing attacks remain prevalent because they are relatively easy. Cyber attackers are able to say one step ahead of our defenses, in large part to the rise in social engineering. With more of our personal information available through social media, attackers can use psychological tactics and personalized messaging to target specific individuals (spear phishing) and business leaders (whaling). In doing so, they garner sensitive information and gain access to systems and data.

Business Email Compromise

Business Email Compromise (BEC) attacks impersonate your email domains or emails for specific users. In most instances, BEC attacks look and feel like legitimate emails from your business. Combined with social engineering tactics and personalize information, they are hard to spot and often successful.  Cyber security attacks can be “internal” that target your employees, or “external” that use your business to defraud your customers and associates.

Email and Domain Impersonation

Preventing email and domain impersonation attacks bypass account level security, including multi-factor authentication. To prevent these attacks, recipients should only accept email that can be authenticated as coming from your domain.

Different Types of Email Security Protection: Good, Better, Best

Currently, you have three levels of email domain security that can protect your business and your identity: Good, Better, and Best.

Good: SPF Sender Policy Framework

SPF verifies emails sent from valid IP addresses, either from your domain or authorized senders. While most small businesses have an SPF record configured, errors cause individual emails, or emails from marketing and CRM systems, to be flagged as spam by the recipient. Cyber attackers can spoof email addresses to give the appearance of a validated sender.

Better: DKIM DomainKeys Identified Mail

DKIM verifies that have been digitally signed by the sending domain, or by services sending email on behalf of the domain. Proper configuration is technical and involves cryptographic key management; errors can lead to fake messages with valid DKIM signatures. Cyber attackers can remove the DKIM signature using sophisticated relay attacks.

Best: DMARC Domain-based Message Authentication, Reporting,
and Conformance

DMARC authenticates email origin by aligning identifiers from SPF and DKIM, and instructs recipients to deliver, quarantine, or reject failed emails by policy. DKIM helps improve email deliverability. Is the best protection against email and domain impersonation attacks, whether they target your employees, vendors, or customers. Reporting enables you to see email sources and manage your policies.

Protect Your Business With Our Email Security Services

While you set up SPF and DKIM with DNS record entries, DMARC is best implemented as a service. Doing so provides you access to settings, reports, and analysis tools. For most small and midsize businesses, the level of protection DMARC provides is worth the minimal cost.

You can learn more with our eBook: Email Security: Good, Better, Best.

To discuss your email security configuration, make an appointment with one of our Cloud Advisors, send us an email, or fill out our contact form.

Technology Solutions for Solopreneurs and VSBs

/in

Technology Solutions for Solopreneurs

Entrepreneurs are a unique breed.  Solo entrepreneurs, solopreneurs, even more so.

If you are a solopreneur, or lead a very small business, you face some unique business and IT challenges. One of these challenges is balancing your business and your personal lives.  To do this, you want and need your technology solutions to save you time and energy.

If you are like most solopreneurs and very small business owners, you are probably

  • Paying for duplicate services
  • Unware of features that can improve your productivity
  • Not taking time to explore ways to work more efficiently
  • Missing security and data protections
  • Not getting the guidance and support you need

At the same time, you most likely lack the time, energy, or expertise to research, select, deploy, and learn the right IT services. As a part of our managed cloud services, we offer technology solutions, tools, and apps for solopreneurs that are tailored to meet your specific business needs.

Managed Services are a Technology Solutions for Small Businesses

Often used by larger businesses, managed services provide your information technologies, support, and services as a comprehensive bundle for a set monthly or annual fee. By definition, managed services are designed to offload your IT responsibilities and place them in the hands of experts. These managed service providers should start with guidance, get your systems up and running, administer your services, and provide you with support.  If they are performing their services well, these technology solutions for small business and solopreneurs should also help you identify features and functions that improve your work processes — make you more efficient.

5 Ways How to Move Towards Managed Services as a Technology Solution

Before moving forward with managed services, we recommend taking a step back and assessing how you want your IT services to help you and your business.

1. Start with A Goal and Objectives

  • Your technology and services need to empower you and enable your business.  Regardless of the devices, applications, and tools they use, your IT should:
    • Be easy to use
    • Save you time
    • Secure your data, and that of your customers
    • Keep your business data private
    • Support any compliance requirements you may have
    • Fit within your budget.

2. Focus on the Benefits

  • Discuss which capabilities will help you work more efficiently, more productively
  • Avoid the technology trap. Instead of thinking, for example, about email, calendars, and file sharing, think about automating appointment scheduling, protections for confidential information, and one-click video conferencing.

3. Define Your Baseline Services

  • Map your benefits to technologies
  • Base your IT decisions on your prioritized needs and wants
  • Define the minimum set communications, collaboration, and security tools to run your business
  • Explore and leverage ways to work more efficiently

4. Add / Enhance as Needed

  • If your business must be compliant with legal or industry regulation, add the technologies and services you need to meet these requirements.
  • If you find ways that technology can improve productivity, determine if the gains are worth the investment.

5. Managed Cloud Services

As the name implies, Managed Cloud Services are managed service that, whenever practical, leverage cloud services and solutions. Cumulus Global has the expertise and experience to move your business to managed cloud services. By leveraging cloud solutions, baseline services and foundational security are affordable and can easily be tailored to meet specific business needs.

Learn More About Our Technology Solutions, Tools, and Apps for Solopreneurs and Small Business

To learn more about our IT solutions that are tailored to meet your specific business needs, get in touch or view our additional resources below.


Google Workspace Transition Update

/in

Google WorkspaceWhen Google announced the transition from G Suite to Google Workspace in October 2020, the deadline for transitioning was left open. This is no longer the case.

The deadline for transitioning to Google Workspace from G Suite is January 31, 2022.

As we have noted in past posts and communications, the transition to Google Workspace may significantly impact your subscription fees, with increases that can double or triple your cost. You may qualify for incentive discounts by transitioning before the end of the year.

What Does the Jan. 31, 2022 Deadline Mean?

If you do not manage your transition from G Suite to Google Workspace, Google will automatically change your subscription as early as February 1, 2022.

  • For customers on a month-to-month (“Flex”) subscription, Google will automatically change your subscription from G Suite to Google Workspace beginning February 1, 2022.
  • For customers on a subscription with an annual or multi-year commitment, Google will automatically transition your subscription at your next renewal date.

What is the Financial Impact?

Your G Suite subscription will transition to the Google Workspace subscription that matches your features and utilization.  Here are some examples:

  • G Suite Basic subscribers that also have Google Vault will change to Google Workspace Business Plus; subscription fees will increase from $11/user/month ($6 + $5) to $18/per/user/month.
  • G Suite Basic subscribers that use extra storage will change to Google Workspace Business Standard or Business Plus, based on their storage requirements; fees will increase from $6/user/month to $12 or $18 per user per month.
  • G Suite Business subscribers will change to Google Workspace Business Plus in order to maintain their Vault service; fees will increase from $12 to $18 per user per month.
  • G Suite Business subscribers using advanced security and mobile device management features included in the Google Workspace Enterprise tier licenses will most likely transition to Google Workspace Enterprise Standard; fees will increase form $12 to $20 per user per month.
  • Any G Suite Basic or Business subscription with more than 300 users will change to Google Workspace Enterprise Standard or Plus; fees will increase from $6 or $12 per user per month to $20 or $30 per user per month.
  • G Suite Enterprise subscriptions using certain security, mobile device management, and data loss prevention features will change to Google Workspace Enterprise Plus; fees will increase from $25 to $30 per user per month.

While you can mix and match licenses as needed within the Business and Enterprise tiers, our understanding is that automatic change to Google Workspace will place all users on the same license.

Next Step?

Your next step is to schedule time with one of our Cloud Advisors.  We will assess your current subscription, the impact of your transition, discuss subscription and licensing options, and determine if you qualify for incentive discounts.

 


4 Pillars of Cloud Security: The Most Important Strategies to Know

/in

Learn about the four pillars of cloud security that can help you reduce risk, increase agility, and run more efficiently: (C/I/A), external threat protection, data loss protection, and compliance.

While Cyber Security month comes and goes, the four pillars of cloud security remain integral to long term business success.  In what seems like a never-ending process, we continue to face new and advancing cyber security threats to the integrity of our data, identities, and businesses.  For those of use with small and midsize businesses, we need to ensure our systems and information are secure. At the same time, we want to keep our IT systems simple and manage our budgets.

Four Strategies for Cloud Security

To strike the right balance, we need to assess our current security foundation, identify gaps, and fill in services where needed. Doing so creates a security foundation that covers your basic needs.  From there, with the four pillars of cloud security in place, you can add services and build the security footprint you need to meet industry expectations and regulatory requirements.

A sound cloud security foundation is built on four pillars of cloud security.

1. Basic C/I/A

Ensure the confidentiality, integrity, and availability (C/I/A) of information you create, receive, maintain, or transmit.

This first pillar of cloud security establishes your basic security infrastructure that protects against attacks and prevents breaches across your IT systems.  It also creates your ability to respond to issues and recover, key to ensuring business continuity and resilience.

2. External Threat Protection

Identify and protect against reasonably anticipated threats.

This pillar of cloud security focuses on the attacks and threats from outside your business. From phishing, ransomware, and business email compromise, to DNS and advanced persistent threats, the focus is on protecting your data, applications, systems,  and people from harm.

3. Data Loss Protection

Identify and protect against reasonably anticipated uses and disclosures.

Data breaches and data loss result from configuration issues, application errors, and individual actions. Permission errors, inappropriate sharing, and other actions are often accidental, resulting from a lack of understanding of policies and/or how systems work. They can, however, result from intentional acts of misconduct. Proper data protection and security solutions will help protect against these internal risks and threats.

4. Compliance

Ensure workforce and business compliance.

Nearly all businesses must meet basic legal requirements to protect sensitive information. Most businesses must also adhere to industry and additional legal requirements.  This cornerstone encompasses the policies and procedures that ensure your team, and your business meet your compliance requirements. IT also includes the tools and methods to enforce policies and report on compliance.

Tactics for Implementing the Four Pillars of Cloud Security

To ensure your cornerstones are set and your cloud security foundation is place, conduct a security footprint assessment.  For each pillar of cloud security, identity the services you have in place and those that may be needed. The assessment should cover the “CPRs” of security:

  • Communication/Education
  • Protect / Prevent
  • Respond / Recover

For more information, send us an email or complete our contact form.

Dark Web Security Risks and Dangers

/in

Dark Web Risks: Threats to Be Aware of, and How to Protect Yourself and Your Business

We offer a monitoring service for dark web risks.  In August, we received alerts for more than 40% of the companies we monitor about dark web risks and danger.

Threats from information mining and third party breaches continue to pose a risk.  The level of risk varies based on the source, scope, and nature of the breach. Learn about the dark web threats to be aware of, and learn what strategies you can implement to protect yourself, as well as your business.

Direct and Indirect Security Threats from the Dark Web

Third party breaches from the dark web pose direct and indirect security threats. A direct threat, as the name implies, represented a compromised identity with direct access to your system.  Indirect threats are breaches with information that enables more advanced attacks against your systems and user identities.

Direct threats, while less common, represent a breach of usernames and passwords for your system.  The source of direct threats may not be your systems. Hackers with access to valid email addresses and similar passwords will try permutations and patterns to gain access.  While they may then use the compromised credentials themselves, they may also put them up for sale or lease on the Dark Web.

Indirect Threats take many forms, and are a big risk on the dark web.  Identities with similar passwords are sold to hackers that will use them to gain access.  Personal identifying information is valuable to hackers looking to create effective spoofing and phishing attacks.  Repetitive breaches identify targets more easily compromised and/or more likely to respond to a phishing attack with personal information.

Dark Web Dangers and Threat Sources

Sources for Dark Web security threats vary.  Most common is a third party breach, for example the LinkedIn breach in 2018.  Given that many people use their work email address as an identity for LinkedIn, along with identical or similar passwords, the breach gave hackers a means to test access to core businesses services.  Simple testing of leaked passwords, permutations, and common patterns provides access to core businesses systems, including accounts on Microsoft, Google cloud, Salesforce, and others.

Growing in frequency, hackers grab personally identifying information matched to known email addresses.  While first and last names may not appear to create much risk, cyber criminals can use PII to create sophisticated spoofing and phishing attacks.  Your zip code, home address, job title, role in your company, and who you work with and for can all be used to create more effective attacks.  When matched to data from social media accounts — where you shop, foods you like, answers to “survey” questions that mirror security prompts — criminals can refine their attacks and sell your data for more on the dark web. This is why data protection services are highly recommended in todays environment.

Protecting Yourself and Your Business from the Dark Web

More than 70% of people use the same or similar passwords across systems, which is a huge dark web danger. When employees use work email addresses for other services, the nature of their passwords creates risks when any of these third party systems experiences a breach. Compromised third-party passwords reduce the effort required for cyber criminals to compromise other accounts. LinkedIn, Egnyte, Dropbox and other reputable services have all experienced breaches over the past few years.

An additional risk from third-party systems is the risk of personally identifying information, or PII.  With a valid email address and leaked or breach PII, cyber attackers have access to information that allows them to personalize phishing emails and other attacks.

Monitoring the Dark Web for these third party breaches, and responding appropriately, helps protect your employees and your business.