(03/17/26) – How you initially respond to a cybersecurity incident will affect your ability to recover, your cyber insurance coverage, your customer relationships, your legal and financial liability, and possibly your survival.
No prevention is perfect. No protection is perfect. You are already a target for cyberattacks, and eventually, one will likely succeed. When that happens, you need to know what comes next.
Understanding the distinction between a cybersecurity event and an incident is critical because they carry different operational and legal implications.
A Cybersecurity Event is an observable change in the status of a network, system, application, or data. You should investigate these events to determine if they qualify as an incident. Not all events become incidents.
A Cybersecurity Incident is a confirmed event, or series of events, that jeopardizes the confidentiality, integrity, or availability of data or systems. It causes harm or disruption and requires an immediate, formal response. Incidents trigger legal, regulatory, and contractual obligations, such as reporting, that must be managed.
Your Next StepsWith this distinction in mind, follow these steps to manage the situation effectively.
Stay calm.
Quick, smart action serves you better than panic.
Notify your IT team and service providers immediately.
Enlist their assistance to secure every impacted or potentially impacted system:
Take a few moments to document everything you know.
Create a clear timeline of the situation:
Your cyber insurance carrier, legal counsel, or law enforcement may need to preserve your systems for forensics.
Restoring systems or recovering data prematurely could destroy evidence and impede criminal investigations. Furthermore, altering systems might provide a reason for your insurance carrier to deny or limit your claim.
Connect with resources that can help you navigate your next steps.
Advise your insurer that you are responding to a cybersecurity event that may be an incident. They will want to know the nature of the event and any actions you have taken. If they determine the event is an incident, they will initiate a response.
Your insurer may: (1) Require you to report the event to law enforcement (FBI or CISA.GOV); (2) Require you to hold systems for forensic analysis; (3) Hire a specialized firm to manage recovery efforts; and/or (4) Direct you to complete other specific actions.
Your insurer may also ask for validation that you follow your security policies and procedures. Depending on your coverage, they may also provide assistance with: (1) Required legal and/or regulatory reporting; (2) Client communications; (3) Client response services (e.g., credit monitoring); and (4) Other response-related services.
Work with counsel knowledgeable in cybersecurity response.
They will help you with: (1) Compliance with state and federal laws and industry regulations; (2) Stakeholder and customer notifications; (3) Contractual obligations; and (4) Interactions with law enforcement.
We recommend opening a report with law enforcement in coordination with your cyber insurance carrier and legal counsel.
Human action triggered all three of these recent events. While it is easy to claim that the individuals involved should have known better, the reality is that even knowledgeable people succumb to these tricks when they are tired or distracted.
How many times have you replied to or acted on an email that you skimmed or quickly read without focusing on the content? We are all busy, and an email often feels like just another task to check off.
When you combine a false sense of security with a momentary lack of attention, it is very easy to click the wrong link, enter credentials into a fake site, or share private information.
Technology is vital for protection, but your people must also understand the risks. They should be able to identify suspect interactions and know exactly what to do when faced with a suspicious email, text, call, or web page.
In every recent event we have handled, the business and IT leaders were unsure how to proceed. Given the urgency and stress of the moment, none of them referred to an existing Information Security Plan because they did not have an incident response checklist or strategy in place.
We tend to focus on recovery, such as getting systems back online and restoring data. While this is an urgent and tangible response, it is only one part of the equation.
Your cyber insurance carrier may need to verify your security measures, conduct a forensics analysis, or direct your recovery efforts. You likely have legal, industry, or contractual reporting requirements, and you may even need law enforcement to investigate.
Response and recovery from a cyberattack requires having the technology in place to get your systems, apps, and data back in operation as well as having resources in place to get you through the legal, regulatory, contractual, marketing, and customer relationship challenges you will face.
Responding to an attack requires a plan before the attack occurs. Our Security CPR® model provides the framework your business needs:
Allen Falcon is the co-founder and CEO of Cumulus Global. Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.
Security fatigue is real. You’ve felt it, and so have we. Cyber criminals know this, and they are waiting to capitalize on it. When we let security fatigue guide our decisions and allow our guard to drop, we become much more likely to fall victim to a cyberattack.
Over the past few weeks, we have assisted multiple companies that fell victim to such attacks. These events reflect a recent surge in cyberattacks, serving as a harsh reminder that we must remain vigilant.
Each of these recent cases shared three common elements:
These elements demonstrate critical failures at every phase of a cybersecurity event.
Even as small businesses, we are more vulnerable to cyberattacks than we may expect. A basic suite of cybersecurity services is no longer optional, it is essential for defending and protecting against attacks.
In each of the cases we recently handled, simple and effective baseline tools were not in place. Decisions made to avoid the incremental cost of added protections left these businesses exposed.
Consequently, each company is now paying a much larger price, ranging from several days of downtime and lost productivity to potential fines and litigation.
Human action triggered all three of these recent events. While it is easy to claim that the individuals involved should have known better, the reality is that even knowledgeable people succumb to these tricks when they are tired or distracted.
How many times have you replied to or acted on an email that you skimmed or quickly read without focusing on the content? We are all busy, and an email often feels like just another task to check off.
When you combine a false sense of security with a momentary lack of attention, it is very easy to click the wrong link, enter credentials into a fake site, or share private information.
Technology is vital for protection, but your people must also understand the risks. They should be able to identify suspect interactions and know exactly what to do when faced with a suspicious email, text, call, or web page.
In every recent event we have handled, the business and IT leaders were unsure how to proceed. Given the urgency and stress of the moment, none of them referred to an existing Information Security Plan because they did not have an incident response checklist or strategy in place.
We tend to focus on recovery, such as getting systems back online and restoring data. While this is an urgent and tangible response, it is only one part of the equation.
Your cyber insurance carrier may need to verify your security measures, conduct a forensics analysis, or direct your recovery efforts. You likely have legal, industry, or contractual reporting requirements, and you may even need law enforcement to investigate.
Response and recovery from a cyberattack requires having the technology in place to get your systems, apps, and data back in operation as well as having resources in place to get you through the legal, regulatory, contractual, marketing, and customer relationship challenges you will face.
Your security profile should match your business. The nature of your company, its size, your industry and markets, and your locations should all dictate your security requirements. Your leadership team should guide your security strategy and spending.
Our Security CPRⓇ model and services provide the framework for creating the right security profile for your business:
Allen Falcon is the co-founder and CEO of Cumulus Global. Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.
The Security CPR® Model and Services Focus on Cybersecurity Needs of Small and Midsize BusinessesWestborough, MA, October 20, 2025 – Cumulus Global proudly shares that the our Security CPR® model and services received a Trademark (Registration Number 7,966,747) from the United States Patent and Trademark Office. The trademark recognizes our unique expertise and leadership. Security CPR® includes our cybersecurity risk management technical consulting; training and education; and services covering threat analysis, prevention and deterrence, remediation, and governance.
“We are excited and proud that our Security CPR® model and services received this recognition,” stated Cumulus Global CEO Allen Falcon. “Security CPR® defines and delivers cybersecurity solutions that small businesses can rely upon, understand, and afford.”
Most small businesses struggle to meet current cybersecurity demands. Without expertise or the resources of larger organizations, small businesses still need to follow state and federal laws, industry regulations and standards, and contractual obligations. Security CPR® encompasses three core components of an effective cybersecurity program.
“As a model and a set of services, Security CPR® adapts to your specific business needs,” notes Falcon. “We tune your cybersecurity services to match your requirements, risks, business operations, and budget.”
As part of our commitment to helping small businesses protect themselves from cybersecurity threats, we recently launched our Cybersecurity Landing Zone. The zone collates blog posts, web events, eBooks, and other resources to help small business owners navigate the ever-changing cybersecurity landscape.
To assess, plan, and improve your cybersecurity, book a free, no obligation meeting with one of our Cloud Advisors.
Nationally recognized as a leader, Cumulus Global delivers productive, secure, and affordable managed cloud services to small and midsize businesses, governments, and K-12 schools. Translating business objectives into technology needs and priorities, we design, deploy, manage, and support services that help our clients thrive and grow.
ACT NOW! Support for Windows 10 officially ends on October 14, 2025. After this date, Microsoft will no longer provide software updates and technical assistance. If you are not upgrading to Windows 11, you must purchase Windows 10 Extended Security Updates to continue receiving critical and important security updates.
Without these extended security updates, continuing to use Windows 10 dramatically increases your exposure to significant risks. Your systems become prime targets for cyberattacks, ransomware, and data breaches. You risk costly downtime, loss of sensitive information, and severe compliance issues.
Proactive planning and action are not just recommended, they are critical for your business continuity and security.
We agree with Microsoft’s recommendation to upgrade all eligible systems to Windows 11. We also understand you may have budget constraints or compatibility issues with older software.
You can check if your PCs will run Windows 11 using Microsoft’s PC Health Check app. If your PC will not run Windows 11, you have options other than buying new devices.
Microsoft has release pricing for ESU licenses. The license are available as a one-time purchase for each year. You do not need to commit to multiple years up-front, you can purchase the licenses annually if needed. The pricing is as follows:
Important Notes:
Keep in mind, the Windows 10 Extended Security Update program serves as a temporary bridge and does not address underlying hardware or software compatibility issues related to upgrading to Windows 11.
Plan for Your Windows 11 Transition
Regardless of the strategy you choose, proactive planning is crucial for a smooth and secure transition. Follow these steps to ensure you’re ready:
Plan and Act Now. As with any major upgrade, we expect demand for PCs, laptops, and technical services will increase as the deadline nears. Waiting may result in delays and missed deadlines. Losing Windows 10 support can result in costly business disruptions.
For assistance, schedule a brief, free call with one of our Cloud Advisors to discuss your assessment, plan, and upgrade needs, priorities, and budget.
Allen Falcon is the co-founder and CEO of Cumulus Global. Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.
Earlier this week, we shared CrowdStrike’s 2025 Global Threat Report which identified five (5) cyber threat trends that you should know. While cyber-fatigue is real, understanding the threat landscape helps you assess your risks and security posture and make informed decisions on how to prioritize security-related spending and investment.
Here are the 5 cyber threat trends you should know.
Cyber attacks originating in China – both nation-state and organized crime – jumped 130% over the prior 12 months. At the enterprise-level, China-nexus attackers focus on telecommunication systems. For most businesses, the increase in attacks on unmanaged devices should be of concern.
Unmanaged devices lack detection and response capabilities that allow attackers to lurk, monitor, and capture credentials for greater access to your systems, applications, and data.
The best way for cyber attackers to avoid modern malware protection, such next-gen endpoint protection and managed detection and response (MDR) services, is for the attacker or a surrogate to use the keyboard. These manual, interactive attacks are up 27% over the prior year.
We may imagine hands–on-keyboard attacks as movie-like scenarios of corporate spies posing as custodians sneaking onto computers while avoiding the security guards making their rounds. In reality, the hands-on-attack may be your employee responding to somebody they think is IT support or a vendor helping them solve a problem.
The speed at which cyber attackers can launch ransomware attacks after an initial breach is accelerating. From breach to spread, attacks are up to 32% faster than previously known.
This speed gives cybersecurity systems less time to identify behaviors and patterns that identify the cyber attack, weakening the effectiveness of the protections.
With the help of AI, certain types of cyber attacks have jumped 220% over the prior year. Cyber attackers are using generative artificial intelligence (Gen AI) technologies to power more-effective attacks.
Using GenAI, attackers create more realistic fakes – emails, documents, phone calls, and videos – to trigger responses and reactions that enable and facilitate access and breaches.
At the same time, cyber attackers are using security vulnerabilities in the platforms and tools businesses use to build AI agents, just as they use vulnerabilities in web, application, and office productivity platforms.
Cloud intrusions – successful cyber attacks on cloud systems and services – jumped 136% during the first half of 2025 compared to all of 2024. These attacks vector through compromised identities, improper security configurations, API vulnerabilities, lax security and permissions governance.
To ensure your security footprint protects your business appropriately:
Plan Now; Act Soon. Our Cloud Advisors are here to assist. We will:
Schedule time with one of our Cloud Advisors now to begin your security review and improvements.
Allen Falcon is the co-founder and CEO of Cumulus Global. Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.
Whitepaper | Source: CrowdStrike — This report is a deep dive into cyber threat data an analyses for 2024. The report identifies emerging risks and overall trends to consider when evaluating and planning your cybersecurity posture, systems and services, and budget.
If you are a sole practitioner, a solopreneur working to build a business, or leading a very small business (VSB) of less than 20 people, you face unique IT challenges. You want and need your IT and productivity systems to be secure. At the same time you are “too small” for most IT service providers.
You can secure and protect your business, affordably, with the right tools and service partner.
In this Coffee & Clouds online event, Cumulus Global CEO Allen Falcon shares a strategy for securing your business without breaking your budget. Using our Security CPR® managed security model and services, Allen shares our approach for protecting against the most common and most damaging cybersecurity risks. He will also cover services you may need for industry and regulatory compliance and those you may want for better cyber insurance coverage.
Invest 15 minutes to understand the approach and how to evaluate your security needs and options. Join us live or view the recording on-demand, and the Dunkin’ or Starbucks is on us.
eBook | Source: Cumulus Global — Cybercriminals target small businesses because we tend to have fewer resources and less robust cybersecurity practices. This eBook provides a strategy, model, & roadmap of affordable, effective cybersecurity essentials for sole practitioners, solopreneurs, & very small businesses.
(03/18/25) – Cumulus Global is updating our Managed Cloud Services to expand protections against cyber attacks. Cybersecurity Enhancements Add Value to your Managed Cloud Services. Changes to our traditional Service Plans give you even more options.
