Cybersecurity Fatigue: Is Your Business at Risk?

/in , ,

Security fatigue is real. You’ve felt it, and so have we. Cyber criminals know this, and they are waiting to capitalize on it. When we let security fatigue guide our decisions and allow our guard to drop, we become much more likely to fall victim to a cyberattack.

Over the past few weeks, we have assisted multiple companies that fell victim to such attacks. These events reflect a recent surge in cyberattacks, serving as a harsh reminder that we must remain vigilant.

Common Elements

Each of these recent cases shared three common elements:

  1. An employee clicked on a malicious link and shared account information.
  2. The company opted not to deploy recommended security measures.
  3. Neither the business or IT leaders had a plan for how to respond to an emergency.

These elements demonstrate critical failures at every phase of a cybersecurity event.

Prior to The Event

Even as small businesses, we are more vulnerable to cyberattacks than we may expect. A basic suite of cybersecurity services is no longer optional, it is essential for defending and protecting against attacks.

In each of the cases we recently handled, simple and effective baseline tools were not in place. Decisions made to avoid the incremental cost of added protections left these businesses exposed.

Consequently, each company is now paying a much larger price, ranging from several days of downtime and lost productivity to potential fines and litigation.Connect with a Cloud Advisor

The Event

Human action triggered all three of these recent events. While it is easy to claim that the individuals involved should have known better, the reality is that even knowledgeable people succumb to these tricks when they are tired or distracted.

How many times have you replied to or acted on an email that you skimmed or quickly read without focusing on the content? We are all busy, and an email often feels like just another task to check off.

When you combine a false sense of security with a momentary lack of attention, it is very easy to click the wrong link, enter credentials into a fake site, or share private information.

Technology is vital for protection, but your people must also understand the risks. They should be able to identify suspect interactions and know exactly what to do when faced with a suspicious email, text, call, or web page.

After The Event

In every recent event we have handled, the business and IT leaders were unsure how to proceed. Given the urgency and stress of the moment, none of them referred to an existing Information Security Plan because they did not have an incident response checklist or strategy in place.

We tend to focus on recovery, such as getting systems back online and restoring data. While this is an urgent and tangible response, it is only one part of the equation.

Your cyber insurance carrier may need to verify your security measures, conduct a forensics analysis, or direct your recovery efforts. You likely have legal, industry, or contractual reporting requirements, and you may even need law enforcement to investigate.

Response and recovery from a cyberattack requires having the technology in place to get your systems, apps, and data back in operation as well as having resources in place to get you through the legal, regulatory, contractual, marketing, and customer relationship challenges you will face.

How We Help: Security CPR

Your security profile should match your business. The nature of your company, its size, your industry and markets, and your locations should all dictate your security requirements. Your leadership team should guide your security strategy and spending.

Our Security CPRⓇ model and services provide the framework for creating the right security profile for your business:

  • Communicate and Educate: Ensure you and your team are knowledgeable, aware, and prepared, and that you have appropriate policies and procedures in place.
  • Prevent and Protect: Implement the right mix of security solutions to stop cyberattacks and defend against active threats.
  • Recover and Respond: Build the necessary services for business continuity, resilience, and a quick return to operations, including resources to assist with the insurance, regulatory, legal, and communication aspects of a response to an incident.
About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.

6 Decisions for Productive, Secure, Affordable AI

/in ,

(02/17/26) – Allowing AI to happen through individual experimentation and unstructured projects creates security risks, leads to unpredictable costs, and increases your chance of failure. If you want AI to be an effective tool for your business, you need to actively lead and manage your AI efforts.

Read more

Prevent AI Data Leaks with the Right Tools

/in , ,

As leaders of small and midsize organizations, we need to operate efficiently and effectively within a range of security constraints. Laws, regulations, industry standards, and contractual obligations set expectations and, in most cases, impose requirements on how we manage and run our business and IT. Now, artificial intelligence (AI) adds a new layer of security challenges.

AI is most effective when it has access to a broad range of relevant information. However, that access must be carefully limited to authorized users, creating a delicate balancing act.

AI data leaks occur when AI tools and systems expose information to unauthorized users or share it inappropriately. These leaks can happen internally or externally, and may be accidental or intentional.

Preventing AI data leaks requires actively governing permissions and access, along with choosing AI tools that align with your security and privacy requirements.

Setup AI Data Governance

The days of “set and forget” permissions are over. At the macro level, AI data governance requires actively managing access controls and permissions settings.

Begin by reviewing and auditing your current access controls and permissions settings. It is common for users to rely on default sharing settings or to adjust permissions for convenience, often extending access inappropriately. While people may not actively search for and find private information, AI will.

Running an audit tool and resetting permissions can help close these gaps and provide a fresh starting point. Once permissions are properly configured, advanced security tools enable ongoing monitoring to identify new threats as they emerge. These tools can notify users and administrators of potential issues and modify permission changes to reduce risk.

Pick Secure AI Tools

With data access controls and permissions properly secured, the next step is ensuring that the AI tools and systems you use do not put your data at risk.

When selecting AI tools, look for the following attributes:Connect with a Cloud Advisor

1. Adheres to Security Standards

Include security as a critical criteria when selecting your AI tools and systems. Verify that the AI tools you pick adhere to industry and regulatory security standards.

2. Does NOT Train Models Without Permission

Never use an AI tool that trains their models without your permission. These tools effectively absorb anything you input and incorporate it into their models, potentially exposing your data to other users.

3. Does NOT Allow Human Data Review Outside Your Domain

Avoid AI tools and systems that allow humans outside of your organization to see or use data you have entered into the system. Even if these systems are not using your data to train their models, if others can see it, then it is not secure.

4. Does NOT Sell or Use Data for Other Purposes

Choose AI tools and systems that do not sell or use your data for purposes beyond providing the service. Outside of training, some AI tools mine data for sale to others for research, marketing, and other purposes.

The general rule of thumb is: If you pay, your data is private. If the tool is free, so is your data.

However, some paid AI tools still include terms and conditions that allow data collection and usage. Before moving forward with any AI tool or system, always check the fine print.

How We Help

Schedule an intro meeting with one of our Cloud Advisors. Our team can discuss how you can assess your risk, create effective policies, and select tools that deliver productive, secure, and affordable AI solutions. The meeting is free and without obligation.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with productive, security, and secure managed cloud services. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped hundreds of organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience and effective change management.

IT Strategy & Planning: Where You Want IT to Be in 2026

/in ,

(12/16/25) – With significant changes to our productivity tools, the Artificial Intelligence explosion, and increasing expectations for security and compliance, how are your IT strategy and planning adapting for the coming year? Let productivity, security, and affordability drive your IT strategy and plans for 2026.

Read more

Turn AI Prompts Into Business Outcomes

/in , ,

Artificial intelligence (AI) is evolving rapidly, providing you with powerful tools that can transform how your organization operates. By integrating it into your daily workflows, you can make smarter decisions and streamline tasks that once took significant time to complete. Over time, AI will produce measurable results that are easy to track and analyze.

How AI Can Work for You

You get the most value from AI when you apply it to targeted, repeatable processes that address real business needs. For example, regularly analyzing meeting transcripts with AI can uncover actionable insights and identify trends that guide your business strategy.

AI can also assist in creating communications and marketing content that reflect your brand’s voice. Moreover, it can generate structured agendas or talking points for sales conversations, allowing you to emphasize client relationships and highlight your business’s strengths.

By making AI a regular part of your workflows, you can continuously refine outputs and achieve more accurate results over time.

Getting Started with AI

Connect with a Cloud Advisor
For those just starting out with AI, begin with smaller projects. For example, try using AI to automate follow-ups or analyze customer feedback. These use cases will help your team become familiar with AI while still delivering immediate impact. Over time, incorporate AI into more complex processes.

Give your organization the opportunity to explore its full potential without disrupting daily operations.

You should regularly monitor AI outputs to make sure that the technology and uses align with your goals. Tracking data usage also helps you keep information secure and will help maintain trust.

Crafting Effective Prompts

Once you are familiar with AI, you can unlock its full potential by providing clear context and direction. You and your team should know how to craft a prompt that helps AI fully understand your objectives and your voice.

A strong prompt includes the following elements:

  1. Persona: Decide the role you want AI to take on. Defining a persona helps shape the perspective, tone, and level of expertise AI uses in its response.
  2. Backstory: Share context about your business, your customers, and the tone or results you expect.
  3. Task: Be specific about what you want AI to produce. Include your brand voice, target audience, and any formatting preferences.

For example, you might ask AI to take on the persona of a knowledgeable and approachable communications expert. Then, provide it with the backstory of your company and set a confident, friendly tone aimed at small business owners. Finally, be clear about the task, such as writing a professional announcement in your brand voice. Be sure to include any formatting preferences, like short paragraphs for easy readability.

Using AI Responsibly

In order to adopt AI responsibly, pay careful attention to sensitive business and client information. Selecting AI tools that meet strong standards for privacy, security, and compliance helps you protect this information and maintain trust with your clients and stakeholders. Beyond selecting the right tools, establish clear protocols to guide your team’s use of AI.

Your policies should:

  1. Define safe usage: Clearly outline how AI should be used across your organization. Clear safe usage guidelines prevent misuse and ensures your team can confidently rely on AI.
  2. Ensure compliance with regulations: Establish rules that keep your organization aligned with legal, industry standards, and contractual obligations. These rules should address the protection of sensitive client information, along with adherence to data privacy laws and governance policies.
  3. Encourage creative applications: Support your team in exploring innovative approaches to problem-solving. Creative applications and use cases allow your organization to maximize the benefits of AI while generating tangible results.

AI is a powerful tool that can enhance business processes and strengthen client relationships. When it is used properly, your organization can achieve meaningful and lasting results.

How We Help

You can dive deeper into crafting effective prompts by viewing our November 2025 3T@3 Series session, How To: Better AI Results” and several eBooks and other resources in our Resource Center. Our Cloud Advisors are here to help you plan, execute, and succeed. Book some time and start your journey.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.

How To: Better AI Results

/in ,

(11/18/25) – If what you put into AI is not clear, what you get out will lack clarity. If your use case – your “why” for using AI – is not clear, you will not get the outcomes you want. AI is most effective when you define meaningful use cases and use well-designed prompts.

Read more

Improve Your Gen AI Adoption

/in ,

Generative Artificial Intelligence, or Gen AI, is here to stay. Gen AI has the potential to dramatically help you run your business. And yet, over 90% of AI efforts fail. Adopting Gen AI – putting it to use in real workflows – is not as easy as we are often led to believe.

You can, securely, improve how your business adopts Gen AI and puts it to use.

In this Coffee & Clouds online event, Cumulus Global CEO Allen Falcon shares four (4) pillars for better AI Adoption. Using these pillars, you can formalize your approach to AI services for better results while protecting your budget.  Allen will also share guidance on AI security as it relates to your choice of AI tools and services. 

Invest 15 to 20 minutes to understand how you can be more efficient and effective with your AI service decisions.

Join us live or view the recording on-demand, and the Dunkin’ or Starbucks is on us.

Cumulus Global Awarded Cybersecurity Trademark: Security CPR®

/in , ,

The Security CPR® Model and Services Focus on Cybersecurity Needs of Small and Midsize Businesses

Westborough, MA, October 20, 2025 – Cumulus Global proudly shares that the our Security CPR® model and services received a Trademark (Registration Number 7,966,747) from the United States Patent and Trademark Office. The trademark recognizes our unique expertise and leadership. Security CPR® includes our cybersecurity risk management technical consulting; training and education; and services covering threat analysis, prevention and deterrence, remediation, and governance.

“We are excited and proud that our Security CPR® model and services received this recognition,” stated Cumulus Global CEO Allen Falcon. “Security CPR® defines and delivers cybersecurity solutions that small businesses can rely upon, understand, and afford.”

Most small businesses struggle to meet current cybersecurity demands. Without expertise or the resources of larger organizations, small businesses still need to follow state and federal laws, industry regulations and standards, and contractual obligations. Security CPR® encompasses three core components of an effective cybersecurity program.

  • Communication and Education
  • Prevention and Protection
  • Recovery and Response

“As a model and a set of services, Security CPR® adapts to your specific business needs,” notes Falcon. “We tune your cybersecurity services to match your requirements, risks, business operations, and budget.”

As part of our commitment to helping small businesses protect themselves from cybersecurity threats, we recently launched our Cybersecurity Landing Zone. The zone collates blog posts, web events, eBooks, and other resources to help small business owners navigate the ever-changing cybersecurity landscape.

To assess, plan, and improve your cybersecurity, book a free, no obligation meeting with one of our Cloud Advisors.

About Cumulus Global

Nationally recognized as a leader, Cumulus Global delivers productive, secure, and affordable managed cloud services to small and midsize businesses, governments, and K-12 schools. Translating business objectives into technology needs and priorities, we design, deploy, manage, and support services that help our clients thrive and grow.

A 5-Step Strategy for Responsible AI

/in , ,

5-Step Strategy for Responsible AI

AI is changing how our businesses operate and compete. As we rely more on AI, having strong governance is essential to ensure our AI tools are used securely, ethically, and responsibly. Our use of AI should align with your company’s values and regulatory standards.

By setting clear policies and accountability, you can reduce risks like data breaches, ethical issues, and noncompliance. Strong governance also prevents unauthorized AI use, making sure that every AI activity supports your business goals.

1 Create Comprehensive AI Use Policies

Unauthorized AI use, or Shadow AI, creates serious risks for your business. To manage Shadow AI and other risks, you need visibility, control, and guidance for your team. A well-crafted AI Usage Policy reduces the chance of mistakes or misuse and helps you responsibly manage AI usage.

Your AI usage policies should:

  • Define allowed and unallowed use of AI as a tool/resource
  • Outline principles for ethical and appropriate use
  • Specify security guidelines to ensure data protection and compliance with regulations, industry standards, and contractual obligations

Your policies should also clearly state:

  • How your team should handle your company data
  • How your team should handle and protect third party data
  • Which AI tools are approved
  • When and how team members may use external AI resources

2 Implement and Monitor Controls

Implementing access controls and monitoring systems helps you identify when AI tools are being used outside approved channels.

Create processes for:

  • Your team to request access to AI tools and services
  • Evaluating requested tools for applicable use cases, usability, security, and cost
  • Deploying new AI tools and services, including education and training

Periodically audit your environment to spot unauthorized applications before they create problems. 

Work with your team to move to authorized AI tools that provide the same capabilities or review and select a solution you can secure and support.

3 Ensure Legal and Regulatory Compliance

Compliance is a key aspect of responsible AI use. Your AI practices need to follow data privacy laws, industry regulations, and contractual obligations. 

Begin by identifying and reviewing relevant laws, industry standards, and contractual obligations related to data privacy. Identify any specific conditions or requirements related to the use of AI services.

You want to be able to demonstrate and document your compliance. Review the security compliance certifications and practices of your AI services and tools. Collect the necessary information, including how your AI tools collect, store, and use data. 

Regular audits will help catch potential issues, particularly with Shadow AI. 

Stay current with evolving legislation to ensure that your AI practices remain compliant over time.

4 Prioritize Ethical AI Practices

Ethical AI builds trust and protects your reputation. When you prioritize ethics, you show that your business values integrity and fairness, strengthening relationships with clients and stakeholders.

  • Regularly review your AI models and the data they use to remove bias and ensure transparency in decision-making. In addition to bias detection and mitigation, AI training should include diverse data sources and that results are not skewed by inherent biases.
  • Make sure your AI is fair, explainable, and accountable, so your team and clients can trust its outcomes. AI tools should articulate results and decisions in human-understandable terms. People need to be able to understand the rationale behind the AI results.
  • Ensure you have human judgement and intervention at every stage of your AI journey. Clear lines of responsibility provide accountability. Human review prevents over-use of AI, particularly in decision-making. Encourage feedback from employees, clients, and other stakeholders.

5 Train and Support Your Team

Your AI strategy will only succeed if your team knows how to use AI safely and effectively. When your team is confident in using AI, you maximize its benefits while minimizing risks.

Provide training and support that covers technical skills, applicability to relevant use cases, and ethical considerations. 

Support strategies include:

  • Offering training sessions and user guides.
  • Providing a dedicated support team for questions.
  • Offering ongoing learning opportunities as AI evolves.

How We Help

Using AI securely and ethically requires careful planning and ongoing effort. Our Cloud Advisors can help you identify use cases, select tools and services, endure data security and government, and help your team get the most from your AI investments.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management.

{URGENT}: Windows 10 Support ENDS on Oct. 14th. Extended Security Updates Available

/in ,

Windows 11

ACT NOW!  Support for Windows 10 officially ends on October 14, 2025. After this date, Microsoft will no longer provide software updates and technical assistance. If you are not upgrading to Windows 11, you must purchase Windows 10 Extended Security Updates to continue receiving critical and important security updates.

Without these extended security updates, continuing to use Windows 10 dramatically increases your exposure to significant risks. Your systems become prime targets for cyberattacks, ransomware, and data breaches. You risk costly downtime, loss of sensitive information, and severe compliance issues. 

Proactive planning and action are not just recommended, they are critical for your business continuity and security.

Know Your Windows 10 Options

We agree with Microsoft’s recommendation to upgrade all eligible systems to Windows 11. We also understand you may have budget constraints or compatibility issues with older software.

You can check if your PCs will run Windows 11 using Microsoft’s PC Health Check app. If your PC will not run Windows 11, you have options other than buying new devices.

Windows 10 Extended Security Updates (ESU): 

Microsoft has release pricing for ESU licenses.  The license are available as a one-time purchase for each year. You do not need to commit to multiple years up-front, you can purchase the licenses annually if needed.  The pricing is as follows:

  • Year 1 – from October 2025 to October 2026 – $61 each
  • Year 2 – from October 2026 to October 2027 – $122 each
  • Year 3 – from October 2027 to October 2028 – $244 each

Important Notes:

  • Not all systems are eligible to install the updates. To be eligible to install updates from the ESU program, devices must be running Windows 10, version 22H2. For more information on prerequisites and enabling ESU in commercial environments, see Enable Extended Security Updates (ESU).
  • ESU Program updates do NOT include: New features; Customer-requested non-security updates; Design change requests; or General support.
  • The Windows 10 ESU only includes support for the license activation, installation, and possible regressions of the ESU itself for organizations with a support plan in place.

Keep in mind, the Windows 10 Extended Security Update program serves as a temporary bridge and does not address underlying hardware or software compatibility issues related to upgrading to Windows 11.

Virtual Desktop Services: 
  • Using virtual desktop services, such as Azure Virtual Desktop, allow you to use your existing PCs to access a robust and secure Windows 11 environment. Virtual desktops work well for hybrid team members and to mitigate the cost of upgrading multiple devices.
  • Connect with one of our Cloud Advisors to explore this option.

Windows 11 Upgrade HelpPlan for Your Windows 11 Transition

Regardless of the strategy you choose, proactive planning is crucial for a smooth and secure transition. Follow these steps to ensure you’re ready:

Assess Your Current IT Environment
  • Use Microsoft’s PC Health Check app to determine which devices can run Windows 11, which can be upgraded, and which require replacement. If you use Windows 10 in embedded systems, check with your vendor.
  • Confirm which of your business-critical applications and tools are compatible with Windows 11. Identify necessary software upgrades or migrations.
Prepare Your Budget
  • Accurately map the cost of upgrading and/or replacing devices. Keep in mind that older systems, even if upgraded now, may soon require replacement.
  • Identify any software upgrade costs.
  • Keep in mind any fees for tech support or professional services. You may need or want help transferring applications and data to new devices or setting up virtual desktops.
Develop Your Transition Plan & Data Strategy
  • Plan your timing and procedures for upgrades, purchases, and migrations. Focus on preventing data loss during migration and consider staging your rollout in phases to minimize disruption.
  • Crucially, ensure all critical data is securely backed up before upgrading or migrating systems. 
  • Remember to allow time to test critical software on Windows 11 before upgrading.
Train Your Team
  • Provide resources and help your team become familiar with the Windows 11 interface and new features.
  • If you are upgrading your business software for compatibility, you may want to provide additional training on new functionalities and capabilities.
  • Stay Informed: Monitor Microsoft’s official updates and announcements. Keep current with regarding Windows 10 end of life and Windows 11 developments.

Cumulus Global Will Help

Plan and Act Now.  As with any major upgrade, we expect demand for PCs, laptops, and technical services will increase as the deadline nears. Waiting may result in delays and missed deadlines. Losing Windows 10 support can result in costly business disruptions.

For assistance, schedule a brief, free call with one of our Cloud Advisors to discuss your assessment, plan, and upgrade needs, priorities, and budget.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.