Email Cybersecurity Risks: 3 Things to Know

/in ,

Email Cybersecurity Risks

As we have shared in the past, cyber attacks constantly change and evolve. We face new attack vectors, or methods, and old methods reappear. Email remains the most common starting place for cyber attacks. These attacks may be direct, or they may be the first step of a larger attack.

Over the last few months, we have seen an increase in new and reappearing email-based cyber attacks. Here are three types of attacks that you may be unaware of, but should protect against.

1 Email Burst Attack.

As the name implies, an Email Burst Attack begins when the attackers send a burst of legitimate-looking, identical emails. To the victim, the attack appears to be a technical issue, as they may receive anywhere from 10 to more than 100 emails within 20 to 90 seconds. The attack continues with a phone call or email impersonating an IT employee or a vendor. The victim is asked to “reset” a password or download software to “fix the problem,” giving the attackers access to credentials and/or the computer.

Email Burst Attacks are difficult to detect and can result in significant breaches and loss.

2 An Old-School Cyber Attack Returns

An email-based cyber attack that uses Google Groups is back after several years in the shadows.  In this attack, the cyber attacker creates a Google Group, directly adds members, and sends emails to the group members. These emails range from basic spam to sophisticated phishing attacks.

The emails look legitimate because the email is from the Google Groups service, a trusted sender. As such, a Google Group attack is difficult to identify and defend against.

3 Visual Risks On The Rise 

Email-based cyber attacks often use images and “calls to actions” that appear to be from a trusted source or brand. 

Attackers will use images of, or from, legitimate websites to mimic the look and feel of stores, banks, and other trusted businesses. To detect these attacks, you need to compare the image and branding with the email header and meta data. This type of scanning is beyond the ability of most email threat protection services.

QR Codes pose a similar risk. In order to validate that a QR Code is safe, you need to scan the image and test the underlying URL. Because QR Codes are not a “link click”, most email scanners cannot validate they are safe.

Protecting Yourself

The newest generation of email threat protection services include the abilities to detect and mitigate these attacks. These services include:

  • Detecting and blocking email burst attacks
  • Letting administrators and users manage graymail, so that Google Group and similar attacks can be identified and blocked
  • Scanning emails using AI-empowered computer vision to verify branding and safely test QR codes.

Cumulus Global offers email threat protection services with these capabilities within our Managed Cloud Services and as a stand-alone service offering.  

Your Next Step

Get more information and assess your email threat protection services, or schedule a no-obligation meeting with one of our Cloud Advisors.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. As COO, Chris overseas our Service Team, providing expert consulting, cloud migration, education, and support services.

Your 2025 IT Checklist – The Next 3 Items

/in ,

IT Checklist

The Next 3 Items on Your 2025 IT Checklist

As we move into 2025, our businesses face a new set of challenges. Political and economic changes, rapidly emerging technologies, and increasing security threats will all demand our attention.  Where we focus, and the decisions we make, will impact our businesses, customers, and employees. Is your 2025 IT Checklist ready to help?

Your information technology services remain critical to your business operations. Pragmatic, thoughtful planning and decisions now, will empower your team and enable your business to address the coming challenges – and opportunities.  Here are the next three of six key areas to explore as you build your IT goals and objectives, and your 2025 IT checklist.

4 Enhance Security Measures and Compliance

Evolving threats and regulatory requirements keep cybersecurity a top priority for businesses. Beyond protection and prevention, focus on resilience. Ensure your business can maintain operations during and after a crisis.

  • Benchmark your security profile against recognized frameworks, like CIS or NIST, as well as industry standards and regulatory requirements. 
  • Conduct regular security assessments and penetration tests to identify vulnerabilities, scope risks, and prioritize solutions 
  • Implement a phased approach to security improvements; start with high-impact, low-cost changes. 
  • Educate employees on security protocols. Emphasize their role in maintaining a secure environment. 
  • Update your security profile, risks, and priorities over time with periodic assessments and penetration testing.

5 Streamlining IT Infrastructure for Efficiency 

As your IT environment becomes more complex, inefficiencies and costs will escalate. Simplify your IT systems and services to reduce redundancies and enhance productivity.

  • Identify and eliminate duplicate services to reduce license, admin, and support costs.
  • Focus on removing apps and tools that duplicate capabilities in your Google Workspace or Microsoft 365 services.
  • Identify and eliminate shadow IT services to lower costs and prevent data loss.
  • Address mismatched systems that may hinder productivity. Lack of integration between cloud and local applications, for example, requires extra time and effort to store, share, and secure files and information.

6 Prepare for the Future: Trends and Innovations

Stay ahead of technology trends to ensure your business remains competitive. 

  • Keep an eye on innovations in areas like cloud computing, artificial intelligence (AI), communications, and cybersecurity.
  • Invest some time to regularly assess how these trends might benefit your business – strategically or tactically.  
  • Invest in employee education and training so they can adapt quickly to technology and business changes. 
  • Prioritize building a flexible IT infrastructure and services that will adapt and incorporate future innovations. Ensure your business remains resilient and agile in an ever-evolving digital landscape.
  • Foster a forward-thinking culture. Anticipate challenges and capitalize on new or different opportunities.

Next Steps

For help with any part of your 2025 IT checklist, or to tap into our expert guidance, book a complementary  intro  call with our Cloud Advisors.  Ask for an IT Assessment Referral Code and request your IT assessment

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Google Workspace Security Feature Matrix

/in ,

eBook | Source: Cumulus Global — This eBook provides a summary of the security features across Google Workspace subscriptions. Using the included matrices, you can select the subscription that best meets your needs and compare the detailed capabilities of security features against third party options.

Read more

Google Workspace: Gemini AI Features and Pricing Changes

/in , ,

Updated January 22, 2025, at 2:00 pm et: See the easier to read chart and text that is in bold italics.

Google Premier PartnerOn January 15, 2025, Google announced a major shift for Google Workspace. Going forward, all Google Workspace licenses will include Gemini AI features and functions. Specific capabilities will vary by license type.  

While customers will no longer need to pay as much as $30 per user per month for these capabilities, the cost for most Google Workspace subscriptions will increase by about 17%. This increase affects all subscriptions, even those opting not to use the newly embedded Gemini AI features.

For new customers purchasing directly from Google, the price increase took effect immediately.

For existing customers, Cumulus Global customers, and those working with other Google partners, the price increase takes effect on March 17, 2025.

  • If you have a Flexible Plan subscription, you will see the increase as of March 17, 2025.
  • If you have an Annual Plan subscription, or a multi-year agreement, you will see the increase at their next subscription renewal. You will not be charged for the additional Gemini AI functionality until this renewal (see below).

Product Update Highlights:

The product highlights, and caveats are as follows:

  • The Gemini App (gemini.google.com) remains
  • Gemini for Google Workspace is replaced by the embedded features based on your subscription.
  • All versions of Google Workspace will now include Gemini AI features. 
  • Google is deploying the Gemini AI features to existing customers in phases between January and March, 2026
    • The Gemini AI features will be enabled, by default, for all users
    • Enterprise Tier subscriptions can manage and disable Gemini AI features
    • Business Tier subscriptions must request access to Gemini AI admin controls

Pricing and AI Features Matrix

The following table summarizes the price increases and Gemini AI features for both the Google Workspace Business and Enterprise tiers with Annual Plan Pricing. Flexible Plan prices increase similarly, reflecting a 20% upcharge.

Google Workspace: New Pricing and Gemini AI Features

Note that your pricing for Archived Users, Vault, Pooled Storage, Voice, and other products will not change at this time.

Billing Changes

Google has indicated that it will cease billing for Gemini for Google Workspace licenses as of the end of January 2025.

As these services are billed in arrears, expect to see Gemini for Google Workspaces included on February 2025 invoices that cover January 2025.

If you have an existing single or multi-year agreement that includes Google Workspace and Gemini for Google Workspace, expect the Gemini for Google Workspace line item to be removed once service for January 2025 has been invoiced. If you prepaid for the year, you may be eligible for a credit or a refund.

We will update this blog post, and communicate with affected customers as we are able to confirm how these issues will be resolved.

Managing Gemini AI within Google Workspace

Admins with appropriate permissions can manage Gemini AI features. Users have limited ability to control AI options.

Admins

Admins have the following options to control AI settings:

  • Manage access to Gemini features in Workspace services (Enterprise editions only at this time)
  • Turn access to the Gemini app (gemini.google.com) on or off. (Note: this has no effect on other AI features in Google Workspace services.)
  • Turn NotebookLM on or off as an additional service.
  • Turn access to Google Vids on or off.
  • Control whether users can let Google AI take notes in meetings.
  • You can turn Google Workspace smart features on or off.
Users

Users can control the following AI options:

  • Smart features in Google products

Cumulus Global clients should contact our Service Team for assistance. If you are self-service with Google direct, or have licensing through another Google partner, schedule a call with one of our Cloud Advisors.

Time Sensitive Opportunities

If you have considered upgrading your Google Workspace subscription to a higher tier, we recommend doing so before March 15, 2025. 

  • We can upgrade your service with a one-year commitment. You still get the newly embedded Gemini AI features while locking in the current subscription price. We can also explore incentives for multi-year commitments.

If you are on a Flexible Plan, consider moving to an Annual Plan. 

  • While the Flexible Plan allows your monthly cost to directly reflect the number of active accounts, the vast majority of small businesses save money with an Annual Plan. 
  • Most businesses do not see the number of account removals needed to overcome the 20% surcharge on top of the price increase. 
  • Please schedule time with a Cloud Advisor to calculate which plan is best for you and your business. 
About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Be Ready for 3 Things in 2025

/in ,

Be Ready for 3 Things in 2025As we head into the new year, we face an uncertain business landscape. Politics, the economy, and technology advances create new tech-related challenges and opportunities. As you make your plans, be ready for these 3 things in 2025.

Windows 10 End of Life

Windows 10 reaches its end-of-life on October 14, 2025. As of this date, Microsoft will stop releasing new features, free security updates, and support.  You must decide when and how you will transition to Windows 11. 

Staying on Windows 10 without subscribing to the Extended Security Updates (ESU) program exposes your systems to increased vulnerabilities, potentially impacting compliance with cybersecurity regulations.

While many devices currently running Windows 10 can support Windows 11, older machines may struggle with performance due to inadequate resources. You should expect to invest in some new hardware or upgrade existing components, such as memory, to ensure smooth operation. Given the anticipated surge in demand for new devices, early planning and procurement can mitigate potential cost hikes and supply chain delays.

More Info:

AI in 2025: From Hype to Practical Applications

The realm of artificial intelligence (AI) is poised to transition from theoretical enthusiasm to practical implementation. 2025 is the time to focus on AI’s tangible benefits, such as enhancing employee productivity and streamlining customer interactions. Rather than replacing human labor, use AI as a tool for augmenting capabilities and achieving efficiency gains.

Security remains a critical consideration as AI becomes more integrated into your business processes. Protecting your sensitive data and ensuring your compliance with regulatory standards is paramount, especially when using AI tools within Microsoft 365 or Google Workspace. 

Assess the cost-effectiveness of AI investments, ensuring they provide a clear return on investment without duplicating existing capabilities. As AI tools continue to evolve, balance cost, security, and practicality to leverage AI effectively.

Resources:

Heightened Security and Evolving Threat Landscape

In an era where cybersecurity threats are ever-evolving, small businesses like yours should adopt a robust security framework to safeguard your operations. A comprehensive approach—encompassing communication, prevention, and recovery—is critical as new threats emerge. With incidents like business email compromise posing significant financial risks, maintaining a strong security posture is non-negotiable.

For smaller businesses, Resilience becomes a key focus of your cybersecurity strategy. Ensuring your operational continuity, even during cyber incidents, is crucial for minimizing disruptions. Resilience is not only protecting data but also enabling swift recovery and business continuity. 

As cyber insurance requirements become more stringent, Compliance with evolving security benchmarks and standards will increase coverage and lower premiums. The savings is a bonus to improved protections against potential threats. Penetration testing, or Pen Testing, can be an affordable way to benchmark and track your security profile against relevant industry and regulatory standards.

Dive Deep

Your Next Steps

If you are interested in planning your Windows 10 to Windows 11 upgrade, your use of AI, or your security improvements, book a free, no-obligation session with one of our Cloud Advisors. Or, send us a quick note and let us know how we can help.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

* Discount RSA offer requests must be received prior to 3:00 PM EST on Dec. 31, 2024.

Pen Test Primer: Security for Small Businesses

/in ,

eBook | Source: Cumulus Global — This eBook presents an introduction to Penetration Testing and discusses how small and midsize businesses can use Pen Testing effectively and affordably as part of a robust cybersecurity program.

Read more

Business Email Compromise: The Second Costliest Crime

/in ,

Originally Posted December 9, 2024.  Updated to add a link to a related article published by the Washington Post.

Cyberattacks, specifically Business Email Compromise attacks are back in the national news. This feature story on CNN.com covers the risk, nature, and impact of Business Email Compromise attacks on a national level.

Back in March of 2022, we blogged about Real Estate Cyber Security and the rapid increase in Business Email Compromise (BEC) attacks. We followed up in April of 2022, with a post Business Email Compromise – The Costliest Type of Cybercrime. The post explained how BEC attacks work and how you can prevent them.

Related Update: The latest housing scam: Using AI to impersonate your agent or lender, Washington Post, December 14, 2024.

Are YOU safe from Business Email Compromise Attacks?

A $2.9 Billion Problem

With 2023 adjusted losses exceeding $2.9 Billion, the FBI’s 2023 Internet Crime Report identifies BEC attacks as the second-costliest type of crime. In a recent survey by CertifID, more than half of the 650 homebuyers and sellers were not fully aware of these types of fraud risks.

While the victims in the CNN article believe the compromise was from the title company, these breaches often initiate with the real estate agent or brokerage. The fragmented system of real estate franchisors, franchises, brokers/groups, and agents, gaps in cybersecurity awareness and protections are common. Real estate is a rich target for these BEC attacks. Large dollar amount transactions and low security-vigilance among agents, buyers, and sellers attracts cyber attacks.

Your Business Email Compromise Risk

The scope of BEC attacks spans businesses of all sizes.  Your small business is a target because you are less likely to have adequate cybersecurity protections in place.  As a small business, you are also less likely to have procedural checks and balances in place. Your chance of identifying and thwarting a BEC attack is lower.

Business Email Compromise attacks may target payments you make, or those your customers make to you. In either case, a successful BEC can destroy your reputation, expose you to litigation and liability, and cost you tens of thousands of dollars.

Your Next Step

Your best next step is to evaluate how well you are protected from BEC attacks.  Use Referral Code 24RSA50 to request savings of at least 50% off our Rapid Security Assessment*. You can also schedule a brief, free call with one of our Cloud Advisors to discuss your cybersecurity risk and protections.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

* Discount RSA offer requests must be received prior to 3:00 PM EST on Dec. 31, 2024.

FBI 2023 Internet Crime Report

/in ,

Whitepaper | Source: FBI — This annual report covers the trends, prevalence, and financial losses across the many forms of cyber attacks placing your business at risk. Understanding your risks is the first step to protection you, your business, and your customers.

Read more

IT Safety for Sole Practitioners, Startups, and Smaller Businesses

/in ,

(11/19/24) – Your computer, and your IT services, are your business lifeline. Manage, protect, and secure them to protect your business. Here are affordable solutions to protect you and your business.

Read more