Cumulus Global Awarded Cybersecurity Trademark: Security CPR®

/in , ,

The Security CPR® Model and Services Focus on Cybersecurity Needs of Small and Midsize Businesses

Westborough, MA, October 20, 2025 – Cumulus Global proudly shares that the our Security CPR® model and services received a Trademark (Registration Number 7,966,747) from the United States Patent and Trademark Office. The trademark recognizes our unique expertise and leadership. Security CPR® includes our cybersecurity risk management technical consulting; training and education; and services covering threat analysis, prevention and deterrence, remediation, and governance.

“We are excited and proud that our Security CPR® model and services received this recognition,” stated Cumulus Global CEO Allen Falcon. “Security CPR® defines and delivers cybersecurity solutions that small businesses can rely upon, understand, and afford.”

Most small businesses struggle to meet current cybersecurity demands. Without expertise or the resources of larger organizations, small businesses still need to follow state and federal laws, industry regulations and standards, and contractual obligations. Security CPR® encompasses three core components of an effective cybersecurity program.

  • Communication and Education
  • Prevention and Protection
  • Recovery and Response

“As a model and a set of services, Security CPR® adapts to your specific business needs,” notes Falcon. “We tune your cybersecurity services to match your requirements, risks, business operations, and budget.”

As part of our commitment to helping small businesses protect themselves from cybersecurity threats, we recently launched our Cybersecurity Landing Zone. The zone collates blog posts, web events, eBooks, and other resources to help small business owners navigate the ever-changing cybersecurity landscape.

To assess, plan, and improve your cybersecurity, book a free, no obligation meeting with one of our Cloud Advisors.

About Cumulus Global

Nationally recognized as a leader, Cumulus Global delivers productive, secure, and affordable managed cloud services to small and midsize businesses, governments, and K-12 schools. Translating business objectives into technology needs and priorities, we design, deploy, manage, and support services that help our clients thrive and grow.

{URGENT}: Windows 10 Support ENDS on Oct. 14th. Extended Security Updates Available

/in ,

Windows 11

ACT NOW!  Support for Windows 10 officially ends on October 14, 2025. After this date, Microsoft will no longer provide software updates and technical assistance. If you are not upgrading to Windows 11, you must purchase Windows 10 Extended Security Updates to continue receiving critical and important security updates.

Without these extended security updates, continuing to use Windows 10 dramatically increases your exposure to significant risks. Your systems become prime targets for cyberattacks, ransomware, and data breaches. You risk costly downtime, loss of sensitive information, and severe compliance issues. 

Proactive planning and action are not just recommended, they are critical for your business continuity and security.

Know Your Windows 10 Options

We agree with Microsoft’s recommendation to upgrade all eligible systems to Windows 11. We also understand you may have budget constraints or compatibility issues with older software.

You can check if your PCs will run Windows 11 using Microsoft’s PC Health Check app. If your PC will not run Windows 11, you have options other than buying new devices.

Windows 10 Extended Security Updates (ESU): 

Microsoft has release pricing for ESU licenses.  The license are available as a one-time purchase for each year. You do not need to commit to multiple years up-front, you can purchase the licenses annually if needed.  The pricing is as follows:

  • Year 1 – from October 2025 to October 2026 – $61 each
  • Year 2 – from October 2026 to October 2027 – $122 each
  • Year 3 – from October 2027 to October 2028 – $244 each

Important Notes:

  • Not all systems are eligible to install the updates. To be eligible to install updates from the ESU program, devices must be running Windows 10, version 22H2. For more information on prerequisites and enabling ESU in commercial environments, see Enable Extended Security Updates (ESU).
  • ESU Program updates do NOT include: New features; Customer-requested non-security updates; Design change requests; or General support.
  • The Windows 10 ESU only includes support for the license activation, installation, and possible regressions of the ESU itself for organizations with a support plan in place.

Keep in mind, the Windows 10 Extended Security Update program serves as a temporary bridge and does not address underlying hardware or software compatibility issues related to upgrading to Windows 11.

Virtual Desktop Services: 
  • Using virtual desktop services, such as Azure Virtual Desktop, allow you to use your existing PCs to access a robust and secure Windows 11 environment. Virtual desktops work well for hybrid team members and to mitigate the cost of upgrading multiple devices.
  • Connect with one of our Cloud Advisors to explore this option.

Windows 11 Upgrade HelpPlan for Your Windows 11 Transition

Regardless of the strategy you choose, proactive planning is crucial for a smooth and secure transition. Follow these steps to ensure you’re ready:

Assess Your Current IT Environment
  • Use Microsoft’s PC Health Check app to determine which devices can run Windows 11, which can be upgraded, and which require replacement. If you use Windows 10 in embedded systems, check with your vendor.
  • Confirm which of your business-critical applications and tools are compatible with Windows 11. Identify necessary software upgrades or migrations.
Prepare Your Budget
  • Accurately map the cost of upgrading and/or replacing devices. Keep in mind that older systems, even if upgraded now, may soon require replacement.
  • Identify any software upgrade costs.
  • Keep in mind any fees for tech support or professional services. You may need or want help transferring applications and data to new devices or setting up virtual desktops.
Develop Your Transition Plan & Data Strategy
  • Plan your timing and procedures for upgrades, purchases, and migrations. Focus on preventing data loss during migration and consider staging your rollout in phases to minimize disruption.
  • Crucially, ensure all critical data is securely backed up before upgrading or migrating systems. 
  • Remember to allow time to test critical software on Windows 11 before upgrading.
Train Your Team
  • Provide resources and help your team become familiar with the Windows 11 interface and new features.
  • If you are upgrading your business software for compatibility, you may want to provide additional training on new functionalities and capabilities.
  • Stay Informed: Monitor Microsoft’s official updates and announcements. Keep current with regarding Windows 10 end of life and Windows 11 developments.

Cumulus Global Will Help

Plan and Act Now.  As with any major upgrade, we expect demand for PCs, laptops, and technical services will increase as the deadline nears. Waiting may result in delays and missed deadlines. Losing Windows 10 support can result in costly business disruptions.

For assistance, schedule a brief, free call with one of our Cloud Advisors to discuss your assessment, plan, and upgrade needs, priorities, and budget.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.

5 Cyber Threat Trends You Should Know

/in , ,

5 Security Cyber Threats You Should Know

Earlier this week, we shared CrowdStrike’s 2025 Global Threat Report which identified five (5) cyber threat trends that you should know. While cyber-fatigue is real, understanding the threat landscape helps you assess your risks and security posture and make informed decisions on how to prioritize security-related spending and investment.

5 Cyber Threat Trends

Here are the 5 cyber threat trends you should know.

1 China on the Rise

Cyber attacks originating in China – both nation-state and organized crime – jumped 130% over the prior 12 months. At the enterprise-level, China-nexus attackers focus on telecommunication systems. For most businesses, the increase in attacks on unmanaged devices should be of concern. 

Unmanaged devices lack detection and response capabilities that allow attackers to lurk, monitor, and capture credentials for greater access to your systems, applications, and data.

2 Hands-On-Keyboard Attacks are Making a Comeback

The best way for cyber attackers to avoid modern malware protection, such next-gen endpoint protection and managed detection and response (MDR) services, is for the attacker or a surrogate to use the keyboard. These manual, interactive attacks are up 27% over the prior year.

We may imagine hands–on-keyboard attacks as movie-like scenarios of corporate spies posing as custodians sneaking onto computers while avoiding the security guards making their rounds. In reality, the hands-on-attack may be your employee responding to somebody they think is IT support or a vendor helping them solve a problem.

3 Rapid Ransomware Reach

The speed at which cyber attackers can launch ransomware attacks after an initial breach is accelerating. From breach to spread, attacks are up to 32% faster than previously known.

This speed gives cybersecurity systems less time to identify behaviors and patterns that identify the cyber attack, weakening the effectiveness of the protections.

4 AI for Evil

With the help of AI, certain types of cyber attacks have jumped 220% over the prior year. Cyber attackers are using generative artificial intelligence (Gen AI) technologies to power more-effective attacks.  

Using GenAI, attackers create more realistic fakes – emails, documents, phone calls, and videos – to trigger responses and reactions that enable and facilitate access and breaches.

At the same time, cyber attackers are using security vulnerabilities in the platforms and tools businesses use to build AI agents, just as they use vulnerabilities in web, application, and office productivity platforms.

5 Cloud Attacks Gain Altitude

Cloud intrusions – successful cyber attacks on cloud systems and services – jumped 136% during the first half of 2025 compared to all of 2024. These attacks vector through compromised identities, improper security configurations, API vulnerabilities, lax security and permissions governance.

Steps You Can Take

To ensure your security footprint protects your business appropriately:

  • Conduct IT and Security Assessments that benchmark your security posture.
  • Prioritize your risks based on the nature and size of your business, industry standards and expectations, and regulatory requirements.
  • Level our Security CPR® model and managed services to plan, prioritize, and implement appropriate security and business resilience solutions that:
    • Address your prioritized risks as your budget allows
    • Protect from the most common and the most damaging/costly types of attacks.

We Will Help

Plan Now; Act Soon. Our Cloud Advisors are here to assist. We will:

  • Review your current systems and services and prioritize your risks. 
  • Help you prioritize, plan, and budget for security changes and improvements that may be necessary or preferred
  • Deploy and co-manage your security solutions to keep you protected.

Schedule time with one of our Cloud Advisors now to begin your security review and improvements.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.

2025 CrowdStrike Global Threat Report

/in ,

Whitepaper | Source: CrowdStrike — This report is a deep dive into cyber threat data an analyses for 2024. The report identifies emerging risks and overall trends to consider when evaluating and planning your cybersecurity posture, systems and services, and budget.

Read more

Cybersecurity for Sole Practitioners, Solopreneurs, and VSBs

/in ,

If you are a sole practitioner, a solopreneur working to build a business, or leading a very small business (VSB) of less than 20 people, you face unique IT challenges.  You want and need your IT and productivity systems to be secure. At the same time you are “too small” for most IT service providers.

You can secure and protect your business, affordably, with the right tools and service partner.

In this Coffee & Clouds online event, Cumulus Global CEO Allen Falcon shares a strategy for securing your business without breaking your budget. Using our Security CPR® managed security model and services, Allen shares our approach for protecting against the most common and most damaging cybersecurity risks. He will also cover services you may need for industry and regulatory compliance and those you may want for better cyber insurance coverage.

Invest 15 minutes to understand the approach and how to evaluate your security needs and options.  Join us live or view the recording on-demand, and the Dunkin’ or Starbucks is on us.

Cybersecurity Essentials for Smaller Businesses

/in ,

eBook | Source: Cumulus Global — Cybercriminals target small businesses because we tend to have fewer resources and less robust cybersecurity practices. This eBook provides a strategy, model, & roadmap of affordable, effective cybersecurity essentials for sole practitioners, solopreneurs, & very small businesses.

Read more

Managed Cloud Services Update

/in ,

(03/18/25) – Cumulus Global is updating our Managed Cloud Services to expand protections against cyber attacks. Cybersecurity Enhancements Add Value to your Managed Cloud Services. Changes to our traditional Service Plans give you even more options.

Read more

Microsoft Digital Defense Report 2024

/in ,

Whitepaper | Source: Microsoft — In the last year, the cyber threat landscape continued to become more dangerous and complex. Improved defenses will not be enough. However, improved defense will not be enough. The data, insights, and events in this report represent July 2023 through June 2024 (Microsoft fiscal year 2024), unless otherwise noted.

Read more

US Cybersecurity Policy Shift Increases Risk of Successful Cyber Attacks

/in ,

Data Protection & SecurityThe current United States administration continues to issue and execute dramatic changes in US policies and programs. For businesses, tariffs and their potential impact on the economy and various business sectors gets most of the media attention. Getting less attention, US Cybersecurity Policy changes will have an immediate and potentially devastating impact on many businesses and individuals.  

Multiple reputable news and information sources are reporting that on March 2nd, the current administration ordered the Cybersecurity and Infrastructure Security Agency (CISA) to cease tracking and reporting on Russian threats. This is a tectonic shift in policy as Russia is generally understood to be the largest nation-state sponsor of cyber attacks. This change in focus for CISA will dramatically reduce the availability, reliability, and timeliness of cybersecurity threat intelligence. 

Here is what you need to know, what to expect, and what to do.

What to Know

Here are three things to know about cyber threats, CISA, and nation-state cyber attacks.

1Threat Intelligence

Threat intelligence is the invisible backbone of your cybersecurity protections. As the name implies, threat intelligence is the collection of sharing of information about cybersecurity risks, threats, methods, actors, sources, and sponsors. It also encompasses knowledge of how to prevent, block, and stop attacks; fix hardware and software to close exploits.

Every legitimate cybersecurity product or service relies on threat intelligence to build, maintain, and improve their product or service. Larger and better-funded cybersecurity companies conduct their own research and share their findings.

2CISA: Cybersecurity & Infrastructure Security Agency

CISA is the US federal government agency responsible for collecting, evaluating, and sharing threat intelligence across government and private sectors. The agency also partners with core infrastructure companies, such as Internet Service Providers, to actively prevent, block, and respond to potential and active cyber attacks.

3Nation-State Cyber Attacks

Industry experts estimate that over 40% of cyber attacks originate from, or are sponsored by, hostile nation-states. The Microsoft Digital Defense Report Report 2024 notes that in 2024, 58% of nation-state attacks originated in Russia. These attacks account for up to 25% of all cyber attacks globally.

What to Expect

Expect more cyber attacks and greater challenged to your cyber security profile.

1More Cyber Attacks

Expect an increase in cyber attacks and, more importantly, successful cyber attacks.

With CISA no longer tracking Russian-sourced cyber attacks, expect Russia, Russian-sponsored, and Russian organized crime to increase the frequency, intensity, and scope of the cyber attacks. Knowing that CISA is no longer watching signals a huge opportunity to attack US government entities, businesses, and non-profits with fear of early detection or responsiveness.

2More Successful Attacks

Without fast and accurate threat intelligence, cybersecurity systems and services will take longer to identify threats and attacks.Their response to zero-day (new, immediate) and other cyberattacks will take longer.

Unprotected and under-protected systems will be more vulnerable to successful attacks as the frequency and scope of cyber attacks increase.

3More Challenging Recovery

In addition to sharing information to help block and stop cyber attacks, CISA shares information on how to repair and recover. Without this information, obtaining decrypt keys and other help to undo the damage will be more difficult and will take more time.

What to Do

Use our Security CPR® model to guide your next steps:

Communicate and Educate:

Inform your team to expect an increase in cyber attacks and ask for additional vigilance. Have security awareness training in place to reinforce the message and to occasionally test if your team can recognize phishing and other email-based cyber attacks.

Protect and Prevent:

More than 80% of cyber attacks originate, directly or indirectly, by email. Make sure you have next-generation email threat protection services in place. Beyond header validation and basic sandboxing, your solution now should analyze character sets and fonts, images, QR codes, graymail, and email delivery patterns.

Microsoft estimates that more than 90% of cyber attacks on small and midsize businesses can be stopped with multi-factor authentication (MFA). If you do not have MFA in place for critical systems (preferably ALL systems), do so now.

Restore and Recover:

As the risk of successful attacks increases, ensure that you have the ability to restore damaged and lost data and systems. Verify that you can recover – return to operations – quickly, even as you continue to restore systems and data.  Continuity solutions for critical systems and software will save you time and money.

Your Next Steps

Assess your immediate needs and take appropriate action. Our Cloud Advisors can help you assess your cybersecurity needs and priorities, and can offer budget-friendly, effective solutions.

Contact us or schedule a no-obligation meeting with a Cloud Advisor today.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Debunking Cyber Insurance Myths

/in ,

Cyber Insurance Risk Assessment

Your business faces an ever-increasing array of cyber threats. Beyond protections, cyber insurance is an essential component of a robust risk management strategy. Therefore, understanding cyber insurance realities is necessary for you to make sound security and business decisions. In this post, we focus on debunking common cyber insurance myths.

1MYTH: Cyber Insurance Policies Offer the Same Level of Protection

In reality, policies vary significantly with respect to coverages and services. Opting for bundled policies generally results in coverage gaps, as most general liability policies treat cyber coverage as an add-on.These gaps leave your businesses vulnerable to liabilities and losses.

Standalone cyber insurance policies, provided by financially strong carriers, offer comprehensive protection tailored to the specific needs of your business. They address unique risks associated with cyber threats given your industry, business size, and other risk factors. Standalone policies also often include coverage of forensics, temporary resources, and other recovery needs. Dedicated coverage helps you respond more effectively to a cyber incident.

2MYTH: Your IT Security Measures Dictate Your Premiums.

While robust security practices can positively impact premiums, broader industry trends and company-specific factors play a more significant role in determining pricing.

Industry-wide loss ratios have a substantial impact on insurance costs. Peer group averages impact premiums as well. Insurers assess the risk profile of businesses within sectors. As insurers issue more policies and analyze claims, insurers refine actuarial, incorporating additional factors and risks.

3MYTH: Cyber Insurance Policies do Not Pay Out

Many businesses hesitate to buy standalone cyber insurance policies out of fear that their policy will not pay out in the event of a claim. Reputable cyber insurers with strong financials rarely deny claims with a valid cause..

Inaccurate, or fraudulent, applications are the most frequent reasons for claim denials or reductions. 

Your application must accurately reflect your cyber insurance risk profile. The information you provide on your cyber insurance application should reflect a thorough review process. Cybersecurity tools offer verification of your security profile.

4MYTH: Cyber Insurance is All You Need

Many businesses, including yours, may need additional layers of protection for specific cyber risks. These additional coverages may not be available within a traditional cyberinsurance policy.

Cyber warranties offer additional layers of protection by covering these specific elements of cyber risk. Combining cyber warranties with cyber insurance creates a more comprehensive safety net. This approach bolsters your overall security strategy and ensures appropriate coverage.

5MYTH: Robust Cybersecurity Measures Eliminate the Need for Cyber Insurance

Investing in strong cybersecurity defenses provides crucial protection for your business. No security profile or system, however, will stop every cyber attack, data breach, or data loss incident. Cyber threats continually evolve. Even the most secure systems fall victim to sophisticated attacks.

Cyber insurance serves as your financial safety net. Beyond covering direct financial losses, better policies help you recover from incidents that slip through the cracks of your security measures. These resources include forensics, data recovery, customer relations, legal expenses, and more. Cyber insurance protects you financially if and when a cyber attack gets past your defenses.

6MYTH: Obtaining Cyber Insurance is Complicated and Time-Consuming

The thought of obtaining cyber insurance deters many businesses from seeking the coverage they need. Horror stories of complex applications, surveys, and audits create anxiety and fear of the process. 

Unfortunately, this myth can come true. Businesses that apply through general insurance agents and fail to leverage knowledgeable IT resources often run into issues during the underwriting process.

Cumulus Global partners with cyber insurance specialists that offer streamlined application processes and non-committal quotes. Our partners work with more than two dozen carriers, ensuring you have options to choose the policies that meet your business needs and budget. Non-biased policy reviews help you understand your coverages and make informed decisions.

Related Information

Cyber Security Requirements for Cyber Insurance (eBook)

5 Questions for Lower SMB Cyber Insurance Premiums (Coffee & Clouds)

Security CPR® (Cloud Burst)

Security CPR® Managed Security Services (Service Overview)

Your Next Step 

Avoid falling prey to cyber insurance myths. Contact us and let us introduce you to our cyber insurance partners.

We can provide you with a Cyber Insurance Risk Assessment and help you assess your cybersecurity profile.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management.