(04/30/24) – As both suites evolve, and your business changes, is your choice still the best match for your business? Assessing whether Microsoft 365 or Google Workspace is the best fit for your business needs should either trigger a change or improve how you use your current services.
eBook | Source: Google — This eBook provides you with the foundational skills to write effective, instructional prompts when using Gemini for Google Workspace so that you can be more productive and efficient in your day-to-day tasks.
While on vacation recently, I did something that I did not think has been possible since July 1970. I boarded a commercial airline flight without having to go through security. No ID check. No metal detectors. The gate agent scanned the barcode on my ticket and I walked on board. The experience was, at first, confusing as I went from curb to gate with no security checks. I asked the gate agent why there was no security check; the answer was pragmatic security.
Airport security intends to prevent hijackings. I was traveling in New Zealand, which you know is an island country. The nearest country, Australia, is at least a 3½ hour flight by jet. My plane was a dual engine turboprop with about 70 seats with and a range of 930 miles. It is impossible for the plane to leave the country.
Hijacking a regional flight in New Zealand is pointless, as you cannot escape the country. The security risk is miniscule.
In New Zealand, flights on regional planes do not have (or need) security checks. To board a jet, however, you will board at a “jet gate” having passed through all of the common security and ID checks.
The concept of pragmatic security also applies to IT and cybersecurity. Not every business needs every security measure. We can, and should, scale our IT and cyber security to meet our needs and priorities.
That said, the baseline has changed. In New Zealand, the baseline security for flights is that the customer has a ticket. For smaller businesses, the historical baseline has been “a secure firewall/router, antivirus software, and email filters for spam.”
As we have discussed in other Security Update Series blog posts, we face new security demands from customers, insurance providers, and regulators. As cybersecurity risks increase, so do the solutions we need to implement.
While the answer varies based on your business needs, risks, and priorities, our Security CPR® managed security model and services provide a solid baseline. We are also proponents of understanding risks. As we discussed in this blog post, focusing on the most prevalent risks and the most damaging risks is the best place to start. Designing your security solutions from these two angles provides a solid baseline of protections. Additional measures can be added as needed to meet industry or regulatory requirements.
If you have not done so already, a baseline security assessment is a good place to start. Our Rapid Security Assessment provides a quick review of core security services. And our Cloud Advisors are ready to assist with any questions or concerns.
Contact us or schedule time with one of our Cloud Advisors.
Allen Falcon is the co-founder and CEO of Cumulus Global. Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.
eBook | Source: Cumulus Global — Email services are stepping up protections. Here are 5 best practices that help ensure your emails get delivered and that you are protected from identity and business email compromise cyber attacks.
With continued, rapid change and evolution of the cloud services and capabilities, we hear that we “need” many things. The reality, however, is that many of the “solutions” being hyped are not really needed. Therefore, we will cover three IT solutions that you do need.
Basic protections against malware, ransomware, phishing, and other cyber attacks are no longer enough. Businesses are not pressing for better cybersecurity from suppliers. Cyber insurance carriers are looking for more cybersecurity capabilities to better manage their risks.
We expect most small and midsize businesses to be asked about, or required to deploy, more advanced cybersecurity services and solutions. Fortunately, these can be provided affordably and effectively to smaller businesses.
It is not enough to be able to recover files from backup in the event of a disaster, system failure, or cyberattack. Your business needs to be able to return to operations (RTO) quickly, even if your operations are degraded. The ability to fully recover and return to normal operations (RTNO) is also a new priority.
If your customers are other businesses, you are part of a supply chain. Your customers are under pressure to ensure and demonstrate that their supply chains are secure and reliable. This means your customers want you to demonstrate that you are protected and, if a cyberattack happens, that you can recover quickly. Your business disruption is theirs as well. Your customers want and need assurances.
Continuity solutions for small and midsize businesses are effective and can be cost-effective when properly planned and executed. These can range from system images that run in the cloud in an emergency to using remote desktop/virtual desktop services.
A few years ago, “Bring Your Own Device” (BYOD) was just an experimental strategy. With hybrid and remote work now a part of our norm, BYOD can be an effective means to provide budget-friendly IT services to your team. The challenge is that employee devices being used for company work need to be managed and secured as if they are company-owned.
Employees need to allow you to install security tools, such as endpoint protection and remote management agents, as well as backup/recovery and continuity tools. This can be a difficult task, as employees worry about the privacy of their information on their personal devices.
Securing BYOD can be a mix of policies, procedures, technology, and compensation. Secure BYOD can also be attained by separating the device from the business apps and data. Remote Desktop/Virtual Desktop Infrastructure solutions allow any device to access and use a secure and private environment – network, systems, applications, and data – without commingling personal and business apps and data.
The first step is to assess your current business resilience and continuity capabilities. Completing our free Rapid Security Assessment will provide a quick review along with recommendations specific to your business and needs.
Next, please contact us or schedule time with one of our Cloud Advisors. Without obligation, we are happy to discuss your business’s operational IT needs and how you may increase your capabilities and save money.
Finally, stay tuned, as our next blog post will cover three IT Solutions you can do without.
Allen Falcon is the co-founder and CEO of Cumulus Global. Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.
(03/26/24) – Increased governmental and industry regulations, a maturing cybersecurity industry, and supply chain best-practices are driving requirements for advanced security services and business continuity solutions.
As the cybersecurity landscape continues to change, we see an evolving trend of new security demands being placed on small and midsize businesses. In this first post in our Security Update Series, which covers the evolving cybersecurity landscape for small and midsize businesses, we take a look at the drivers behind the new security demands on your business.
As is typical, the demands and security requirements are coming from three directions:
Each of these three sources is increasing its expectations for your security practices and systems.
As of November 2023, 12 states have enacted comprehensive data privacy laws, and 5 states have tailored information privacy laws. Other states have existing laws with similar protections that differ in implementation and enforcement. In 2023, 12 states introduced and are considering new privacy legislation. The vast majority of these laws may be enforced based on the location of the victim of a data breach. If you have customers in multiple states, you face a patchwork of legal requirements and potential liabilities. State rules extend beyond federal regulations, such as HIPAA, Sarbanes/Oxley, and SEC regulations, that may apply to your business.
Most businesses must also comply with industry regulations. If you accept credit cards, for example, you must comply with the Payment Card Industry Data Security Standard (PCI-DSS). These industry regulations often require additional policies and protections beyond federal and state regulations.
Insurance carriers and underwriters base their calculations of risk through in-depth analysis of claims history and broader trends. Cyber insurance, being relatively new, does not have the same claims history as other business liabilities. As such, insurers continue to learn and adapt. Part of this learning is that cyber insurance claims are larger than previously predicted, basic security solutions often fail to provide sufficient protection, and a company’s ability to recover may be as important as its protections.
Furthermore, insurers are actively holding customers accountable for the statements made on applications, questionnaires, and audits. In 2022, Travelers Property Casualty Company of America sued International Control Services Inc. (ICS) in the U.S. District Court for the Central District of Illinois (Case No. 22-cv-2145). ICS stated that multi-factor authentication (MFA) was in place. The forensics investigation following a ransomware attack determined that MFA was not in place. Travelers claimed and maintained that the misrepresentation “materially affected the acceptance of the risk and/or the hazard assumed by Travelers.” The parties settled with cancellation of the payout, leaving ICS uncovered for any costs or damages.
While some insurers attempted to mandate specific security solutions or products, most insurers are now looking to verify a much broader range of security infrastructure. Beyond endpoint protection and MFA, insurers are using their growing understanding to set broader expectations. Security activities such as internal and external penetration testing, collection and analysis of security and activity logs, and the availability of business continuity solutions are starting to appear on cyberinsurance applications. Many insurers are also starting to request third-party validation and benchmarking against security frameworks, making streamlining security for SMBs even more important.
If you provide products or services to businesses, you are in their supply chain. Governmental and industry regulations applicable to your customers will create new requirements for your business. The supply chain effect is not new. Organizations bound by HIPAA demand require a Business Associate Agreement (BAA) from suppliers. Sarbanes/Oxley, SEC regulations, and others include requirements that businesses must validate levels of compliance from suppliers and vendors. The same is becoming a reality for cybersecurity. As businesses develop their cybersecurity programs, they want and need to ensure their supply chain is equally secure. Cyberinsurance, industry regulations, and government regulations are starting to require this level of diligence.
As a smaller business, your customers may begin with changes to confidentiality and non-disclosure terms in your contracts related to the use of Artificial Intelligence (AI) tools and services. You may be asked to conform to a specific security framework. You may be asked to confirm and attest to a set of security practices. Businesses that do not comply risk litigation and losing customers.
The first step is to not panic. These changes will surface over time.
Start with making sure your basic security services are in place. Complete our Rapid Security Assessment for a quick review of your current, basic security infrastructure. We will also provide recommendations specific to your business and needs.
Our Security CPR® Managed Security services deliver an affordable, effective, security solution that helps you meet current expectations. These services integrate well with our Managed Cloud Services and can be implemented quickly and affordably.
To learn more or to discuss your options in more detail, please contact us or schedule time with one of our Cloud Advisors.
And, continue to follow our blog for Security Update Series posts for more information and ideas.
Allen Falcon is the co-founder and CEO of Cumulus Global. Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.
Google, Yahoo, and other email providers are instituting new policies to block unwanted email from bulk email senders. If you send marketing emails, you need to update your Domain Name Service (DNS) email settings. Failure to do so can result in your emails being blocked from inboxes.
DNS changes to ensure your email deliverability also improves your email security.
In this Coffee & Clouds online event, Cumulus Global CEO Allen Falcon walks you through 6 steps to help ensure email deliverability and security.
Invest 15 minutes to understand how to improve your email security while ensuring your marketing emails reach your audience. Join us live or view the recording on-demand, and the Dunkin’ or Starbucks is on us.
eBook | Source: Cumulus Global — For small and midsize businesses like yours, the information technology and services environment continues to change. Here are seven questions, across a range of topics, to ask your current IT provider to ensure they are actively helping you look forward.
If you are a sole practitioner, a solopreneur, or the owner of smaller businesses, you face unique technology challenges. You, and businesses like yours, are uniquely dependent on your technology. Your computer and phone are critical tools without which your business can screech to a halt. Avoiding IT problems is critical. And yet, you do not have time to be the IT guru. You may not have access to, or the budget for, traditional IT services.
The good news is that you can take steps to avoiding IT problems without overspending.
When we say “stay current”, we do not mean spending hours reading and studying the lasted IT advancements and opportunities. Stay Current means keeping your systems up to date.
Staying current with system and application updates ensures you have the latest system-level security protections in place. It is common for security experts to find “holes” in Windows and applications. Updates fix these risks and reduce the chance of a successful malware, ransomware, or other form of cyber attack.
Security CPR® is our managed security model and service for pragmatic protection for your business.
Many of your peers assume that security will be too expensive. They see the press coverage and read the articles, failing to realize that tech media targets larger businesses. Our Security CPR® managed security model and services focus on balancing risks, protections, and costs to deliver the best value for your business, and smaller business like yours.
Additionally, the model helps you with avoiding IT problems beyond security and compliance. The same solutions help you minimize the risk of hardware problems and software issues while making it easier to recover should something go wrong.
If you are worried that you cannot afford expert IT services, you are not alone. Most sole practitioners and owners of smaller businesses worry about upfront and on-going IT costs. As a result, you may turn to family, friends, or the “guru” in the blue shirt at the store in the mall. Even if your go-to person is in IT,
It is easy to let concerns about cost get in the way of IT services than can truly help you and your business thrive and grow.
A single IT problem can easily cost more, directly and indirectly, than using IT professionals to plan, manage, and support your business. An unexpected failure or cyber attack can disrupt your business for days, resulting in missed deadlines, lost revenue, unexpected costs, and a damaged reputation. Sound planning and active management prevents problems. The right services are key to avoiding IT problems, keeping you operational, and helping you recover should the unexpected happen.
Focus on value.
The right cloud solutions simplify your IT services. Simple reduces the number of things — hardware, software, services — to learn, manage, and support. Matched with the right guidance, management, and support, the right IT services more than pay for themselves.
We build our Essential and Basic Managed Services to meet your needs as a solopreneur or owner of a smaller business. Leverage the cloud; focus on key solutions; Rely on expert guidance, management and support.
Explore how our Managed Cloud Services can help you and your business. Click here to schedule a call with a Cloud Advisor or send us an email. There is no cost and no obligation.
Bill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management.
