Posts

Cyber Protection Solutions for SMBs

Data protection iconAs our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. Your Cyber Protection 

Cyber Protection Needs

We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
    • Ensure you team understands the risk, educate them so they can avoid falling prey, create a culture of security and data privacy.
  • Protect & Prevent
    • Leverage advanced and “next gen” technologies to prevent attacks and to protect your networks, systems, data, and people from attacks.
  • Recover & Respond
    • No system is perfect; make sure you can recover your data and systems, return to normal operations, and respond to the technical, legal, and communication challenges.

Successful Cyber Protection relies on your policies and procedures, technologies, and people working in sync. Across more than a dozen focus areas, you need to balance the level or protection you need with the costs and with the risks of not doing enough. You need to balance external requirements, such as government and industry regulations, with internal priorities.

Your Cyber Protection Solution

To design and implement an affordable, integrated, and effective cyber protection solution for your business, start with a Cyber Protection Assessment (CPA).  A CPA will assess your needs, within the context of your business, and preferred solutions across 15 areas of focus:

  • Written Information Security Plan
  • Patches and Updates
  • Email Encryption
  • Data Destruction
  • Background Checks
  • Written Information Response Plan
  • Antivirus and Intrusion Detection
  • Email and Web Security
  • Account and Identity Management
  • Employee Training
  • Firewalls
  • Backup / Continuity / Disaster Recovery
  • File Encryption
  • Network Access Security
  • Responsible Parties

Using the results of the Cyber Protection Assessment, you can plan and implement your levels of protection in each area to create the balance that is best for your business.

Next Steps and Resources

Your best next step is to contact us and discuss your cyber protection status and needs with one of our Cloud Advisors. Consider using our Cyber Protection Assessment to understand your needs, current protections, gaps, and priorities.

Related Resources:

4 More Protections for Your Business

Data protection iconIn our last blog post, we identified 3 must-have protections for any business using Google Workspace or Microsoft 365.

  • Backup/Recovery
  • Advanced Threat Protection
  • Multi-Factor Authentication

In combination, these protections help prevent successful attacks and give you the ability to recover should an attack be successful.

Here are 4 more protections for your business

Putting these protections in place improves your ability to prevent attacks, and your ability to survive.

1 Next-Gen Endpoint Protection

Basic anti-virus protection is not enough. Scanning files for known or similar patterns will not protect you from modern malware or ransomware.

Next-Gen Endpoint Protection solutions use advanced heuristics, behavior analysis, and machine learning to assess threats in real-time.  These solutions identify attacks, prevent them from running, and roll-back damaging activity.

2 DNS and Web Protection

Cyber attacks are not all breaches. Attackers can use DNS to block your use of the Internet or to impersonate you and your business. Both types of attacks hurt your business and your reputation.

Between 15% and 20% of malware is downloaded without your knowledge from websites. This malware is often hidden in third party content on websites your trust.

DNS protection creates a protective barrier that prevents others using your DNS service against you. Web Protection blocks dangerous web sites and prevents malware downloads to your devices.

3 Employee Communication and Education

Ignorance is not bliss. Employees who know are less likely to make a mistake and trigger an attack or breach. You want your team to understand:

  • The danger of cyber attacks and how to avoid them
  • The likely damage form cyber attacks
  • What to look for
  • What not to do

Employee communication and education is key to creating an aware and resilient team. Combined with testing and guidance, a communication and education program reinforces positive behaviors with on-going guidance and support.

4 Business Continuity for On-Premise Systems

Most small and midsize businesses still have some on-premise systems. The connectivity and integration across systems creates an increased risk for damage and loss. Even with backup/recovery in place, restoring systems, databases, applications, and data can take days. You want, and need, to be back in business quickly — in minutes or hours.

Business Continuity/Disaster Recovery (BCDR) solutions enable you to resume operations within minutes using images of your systems running in cloud data centers. With BCDR in place, your business runs smoothly while you recover your on-premise systems.

Failing to protect your data and systems is a failure to protect your business.  Contact us for a free assessment of your data and business protection needs.

Evaulating SaaS Backup Solutions

Data protection icon

You have many choices when choosing your SaaS backup solution for Google Workspace (G Suite), Microsoft 365, Salesforce.com, and other cloud services.

When picking your solution, look for the data protection capabilities you need. At a minimum, a SaaS backup solution should offer the following.

Comprehensive Protection

Some SaaS backup solutions only protect email, files, and folders. Look for solutions that offer protection for contacts, shared drives, collaboration and chat tools, and calendars. Solutions with these features are far more effective at maintaining business continuity. And, the cost is often comparable.

Frequent Backups

More frequent backups let you to restore to a more recent point in time, minimizing data loss. Restores are faster and easier with less manual effort to perform restores. Services that backup multiple times per day will provide better results than those that only backup daily.

Access During Outages

Look for and choose a SaaS backup service that lets you export and access your data in the event of an outage. While limited in scope, the ability to use data should Google Workspace or Microsoft 365 be unavailable can help you keep essential work on-track.

Security & Compliance

The SaaS backup service you choose should be secure, with data encrypted at rest and in motion.  Additionally, services that meet SOC1/SSAE-16 and SOC 2 Type II reporting standards will help you meet HIPAA, GDPR, CCPA, SEC, and other regulatory compliance requirements.

Your Next Step:

We recommend you protect all data in Google Workspace or Microsoft 365 with a secure and robust backup/recovery solution.  Protecting your cloud-resident data is no different than protecting data hosted on servers and systems in your office. We can help you make the right choice.

For more information, view and download our eBook, SaaS Protection Buyers Guide.

Learn more about Cumulus Global’s data protection and security solutions, contact us to discuss you needs and options, or schedule a complimentary cloud advisor appointment.

3 Reasons for SaaS Data Protection

Data protection iconSaaS data is not immune to permanent data loss. Microsoft and Google make no guarantees when it comes to restoring deleted data, whether from human error or a malicious act. While Microsoft 365 and Google Workspace (formerly G Suite) may make collaboration more efficient, data protection and management is a shared responsibility. Both Google and Microsoft include some basic recovery capabilities, but they not enough to protect your business.

Here are 3 major reasons to add SaaS data protection to your Microsoft 365 or Google Workspace solution.

1: Data Loss Due to Permanent Deletion

If an employee accidentally deletes a critical spreadsheet from OneDrive or Google Drive, or a deleted folder of important emails passes the retention period in Trash, neither Microsoft nor Google will be able to recover your data.

Even if those files are within your retention period, locating and restoring lost data can cost you more time than you can afford.

2: Data Loss Due to a Ransomware Attack

If your business suffers a ransomware attack, you cannot roll-back your data to a point-in-time before the attack without a backup solution. Your data is likely gone forever.

More than losing valuable business data, you will face potentially crippling costs.  You may choose to pay the ransom (without any guarantee your files will be unlocked). You may work to rebuild your lost data. Either way, you will spend significant money, time, and lost productivity trying to save your business.

3. Time and Money Lost in Recovering Files

Retaining critical user data when employees leave your company is costly without a backup solution in place. The time spent to recover data might be more than what your business can afford. SaaS Data Protection lets you retain past employee data without the need to keep their Microsoft 365 or Google Workspace account active. You save time and money.

Whether you lose data or time, the impact to your bottom line can be significant. To address this challenge, you need a secure solution for this growing reliance on the cloud.

Learn more about Cumulus Global’s data protection and security solutions. To ensure your business continues to run smoothly, schedule a complimentary cloud advisor appointment.

Service Update: Datto SaaS Protection

Service Update: Datto SaaS Protection. The latest Datto SaaS Protection platform is now available to all of our costumers. For more recent customers, you are already on the newest platform.  For our longer term SaaS Protection (aka Backupify) customers, the transition process will begin as early as February 1, 2021. The process will complete before May 31, 2021.

Benefit:

With this move, all Datto SaaS Protection customers will have access to the latest features. These include protection for Microsoft Teams and Google Shared Drives, and the Daily Backup Success Report.

Process:

To ensure a smooth transition, any data on the legacy platform will be archived in one of Datto’s secure Microsoft Azure instances. A fresh backup set will initiate on the new platform. We can assist you in exporting your legacy backup data if you prefer to not have it stored by Datto on Microsoft Azure.

There are some unique aspects of the transition for some of our customers, our Service Team will contact you as needed to discuss your transition.

Please contact us with any questions or concerns.

SaaS Backup – 4 Dangerous Misconceptions

SaaS Backup is just as important, and necessary, as backups for data hosted on in-house servers and systems.

Data protection iconWith more remote work, our reliance on SaaS applications and services such as Microsoft 365 and Google Workspace has become more critical to our success. Easy access to files and folders from anywhere and the integrated collaboration tools keep our teams connected and productive.

Here are 4 common, but dangerous, myths and misconceptions about SaaS applications and services that will put your data and your business at risk.

Myth 1: SaaS Applications do not Require Backup

While SaaS applications protect against data loss in their cloud servers, this does not protect against user error, accidental and malicious deletion, or ransomware attacks. And while accidental deletion of files is by far the most
common form of data loss in SaaS apps, ransomware can be the most damaging. Ransomware is designed to spread across networks and into SaaS applications, impacting many users.

Ransomware isn’t only an on-premises problem. It can and does spread into the cloud, especially when using the OneDrive and/or Drive File Sync clients.

You need a way to quickly revert files, folders, settings, and permissions in the event of an attack.

Myth 2: File Sync is a Backup

While file sync tools like Microsoft OneDrive or Google Drive File Sync do create a second copy of files and folders, they do not replace backup. File sync automatically copies changes to synchronized files. If a file or folder is infected with ransomware, the malware will automatically be copied to all synced versions of that file.

File sync services do offer some restore capabilities via versioning, but they fall short of a true SaaS backup solution.

  • If a file is deleted, older versions of the file are also deleted
  • End users control backup and recovery, so you have no control over coverage or process
  • Large restores are a time-consuming, manual process.

Beyond simply lacking the restore capabilities of a backup solution, file sync and share can introduce ransomware to Microsoft 365 or Google Drive. File sync and backup are not competitive solutions, rather they can and should be used together.

File sync and share tools are for productivity; backup is for data protection and fast restore.

Myth 3: SaaS Applications are Always Available

While SaaS apps are highly reliable, outages do occur. In 2020 alone, Microsoft 365 suffered five significant outages in the space of six weeks. Last year, Google Workspace suffered a global outage, leaving users with no access to for several hours.

Outages and slow restore times are not just an inconvenience. When you cannot access important business data, productivity falls and revenue suffers. Creating backups that are independent of a SaaS provider’s cloud servers is the only way to ensure access to essential files in the event of an extended outage.

Myth 4: Microsoft and Google are Responsible for Backup

Microsoft and Google ensure they will not lose your cloud data. However, they do not take responsibility for restoring data if you lose it. This is why Microsoft recommends third party backups for Microsoft 365 data, having defined the concept of the Shared Responsibility Model.

In the Shared Responsibility Model:

  • Microsoft and Google protect your data against:
    • Service interruptions due to hardware or software failure
    • Loss of service due to natural disaster or power outage
  • You must protect your data against:
    • Accidental deletion and damage
    • Hackers, ransomware attacks, other malware
    • Malicious insiders

The Shared Responsibility Model places the onus of data protection squarely on you. Google and Microsoft are responsible for keeping their systems up and running; you are responsible for preserving and securing your data.

To review your data protections, and your ability to recover from accidental or malicious loss, contact us or schedule an appointment with our Cloud Advisors.

9 Cyber Security Tips

Since the start of the COVID-19 pandemic, cyber threats and ransomware attacks have accelerated, exceeding 30,000 attacks per day in the US. Cybersecurity measures have never been more important. The move to remote working environments as well as the vulnerability of global economies in crisis has created an open-season for cybercriminals. No business—big or small—is safe.

Small and medium businesses (SMBs) seemingly have a target on their backs, so strengthening your security posture is essential right now. The good news: There are ways to protect your business against ransomware attacks.

Here are nine tips you that boost your business’ resilience to cyber attacks:

Communicate & Educate

1. Conduct a security risk assessment. Understand potential security threats (e.g., downtime from ransomware) and the impact they may have on your business (lost revenue). Use this information to shape a security strategy that meets your specific needs.

2. Create straightforward cybersecurity policies. Write and distribute a clear set of rules and instructions on cybersecurity practices for employees. This will vary from business to business but may include policies on social media use, bring your own device, authentication requirements, etc.

3. Train your employees. Because cybersecurity threats are constantly evolving, an ongoing training plan should be implemented for all employees. This should include examples of threats, as well as instruction on security best practices, and periodic testing.

Prevent & Protect

4. Protect your network and devices. Implement a password policy that requires strong passwords and monitor your employee accounts for breach intel through dark web monitoring. Deploy firewall, VPN, and next-gen antivirus technologies with advanced threat protection. Ensure your network and endpoints are not vulnerable to attacks. Implement mandatory multi-factor authentication. Ongoing network monitoring is essential, as is encrypting hard drives.

5. Keep software up to date. Be vigilant about patch management. Cyber criminals exploit software vulnerabilities using a variety of tactics to gain access to computers and data. Your IT provider should automate this for your businesses with a remote monitoring and management. Keep your mobile phones up to date as well.

6. Back up your data. Daily (or more frequent) backups are a requirement to recover from data corruption or loss resulting from security breaches. Consider using a data protection tools that take incremental backups of data periodically throughout the day to prevent data loss. Remember that you need to protect your data in the cloud as well as you protect your data on local servers and workstations.

7. Know where your data resides. The more places data exists, the more likely it is that unauthorized individuals will be able to access it. Use data discovery tools to find and appropriately secure data along with business-class Software-as-a-Service (SaaS) applications that allow for corporate control of data. Eliminate redundant and “Shadow IT” services.

8. Control access to computers. Use key cards or similar security measures to control access to facilities. Ensure that employees use strong passwords for laptops and desktops. Give administrative privileges only to trusted staff as needed.

Respond & Recover

9. Enable uptime. Choose a powerful data protection solution that enables “instant recovery” of data and applications. In fact, 92% of managed IT service providers report that companies with business continuity disaster recovery (BCDR) products in place are less likely to experience significant downtime from ransomware and are back up and running quickly. Application downtime can significantly impact a business’ ability to generate revenue. Can your business afford downtime costs that are 23X greater (up by 200% year-over-year) than the average ransom requested in 2019?

The best defense is a good offense. A robust, multi-layered cybersecurity strategy can save your business. Contact us to learn more and for a free Cyber Security Assessment.

Prepare Your Business for the Next Normal

(Updated 5/4/20)

With some states and local jurisdictions beginning to loosen or remove stay-at-home and essential business orders and advisories, many small businesses will begin to adjust for the next phase of response and recovery.  For some, this will be a re-opening; for others it will be another shift in how we conduct our business on a day-to-day basis.  Either way, the process will be a minefield of financial, operational, legal, liability, and personnel issues. Before “flipping” the sign from closed to open, plan your return with care and compassion. Both will be needed to keep your employees, customers, and business safe.

Prepare the Groundwork

Guidance on opening is coming from many sources. We recommend a top-down approach, starting at the federal level and working down the your local municipalities and property owners.

  1. Start with the expertise and guidance from the US Centers for Disease Control and Prevention (CDC).  The CDC website  provides guidance for different types of businesses and gathering places that centers on three mitigation strategies:
    • Personal protective measures (e.g., hand-washing, cough etiquette, and face coverings) that persons can use at home or while in community settings
    • Social distancing (e.g., maintaining physical distance between persons in community settings and staying at home)
    • Environmental surface cleaning at home and in community settings, such as schools or workplaces.
  2. Review current laws and regulations under the Families First Coronavirus Recovery Act (FFCRA). This legislation requires almost all employers to provide expanded sick time, medical leave, and family leave pay for employees dealing with illness or childcare issues themselves or within their immediate family unit.  Make sure your return to work plans accommodate these programs and
  3. Second, understand your state’s rules and regulations with with respect to physically opening your business.  Many states are staging how they will allow business to open.  Then, check with local governments where your business is located and where your employees live.  In some states, municipalities and counties are adjusting how they implement state and federal orders and advisories to address local needs and issues.
  4.  Understand your state’s unemployment rules and regulations. In some states, lifting of stay-at-home orders may mean employees are no longer eligible for unemployment even if you keep your business closed or cannot bring everyone back to work. Your team will have differing concerns and levels of comfort; it is important to provide them with timely and accurate communications.
  5. Check with your landlord. Many office and retail complexes are setting up guidelines and rules for how businesses can and will be able to operate in their properties.  Some office complexes, for example, are limiting access to employees only and restricting access to trades and delivery personnel.
  6. Ask your landlord what additional steps they will be taking to clean and sanitize bathrooms, elevators, stair railings, door handles, and other common areas and high touch surfaces.  You and your employees will want and need to know how safe the environment will be when then return to the office or store.

With an understanding of how you can and want to take your next steps, create a Communications Plan.  More than just determined who, when, and how you will share information with employees and other stakeholders, the plan should provide a clear and easy way for employees to get answers to their questions.  As many smaller businesses do not have internal HR resources, you may want to assign a particular manager or executive team to the role.  If you have a contracted HR service or consultant, you will need to coordinate both the process and information. Set clear expectations for how quickly you will answer questions and how answers to common questions will be addressed to the company at large.

Prepare Your Place

As you do your groundwork, begin planning and putting your workplace together for the return of staff.  Social distancing is the current normal. With an expected recurrence of COVID-19 in the fall, social distancing will be part of our lives, and work places, for some time to come. For employees to return, you may be considering:

  • Setting up protocols to ensure that workers who may be ill, or have been exposed, do not enter the workplace and accidentally infect others.
  • Placing dividers between work spaces, or re-configuring your office layout to create separation.
  • Acquiring additional office space, temporarily, to allow more team members to return.
  • Requiring the use of masks or other appropriate personal protective equipment (PPE). Depending on your work environment, this may be full-time or only when employees leave personal work spaces and head to common or communal areas.
  • Cleaning and sanitation of common areas, like kitchens and break rooms, and high touch surfaces.
  • Coordinating disinfection and sanitation efforts with building management and neighboring businesses in leased office spaces.
  • Ensuring availability of cleaning supplies, disinfectants, and sanitizers.
  • Creating a means for employees to express concerns about the work environment and actions of others, without fear of retribution.

For some businesses, the safest course of action will be establishing split shifts or a rotating schedule of employee teams working in the office. Doing so can ease physical separation issues, but we should expect that some employees will need to, or want to, continue working from home.

Prepare Your People

Communications — timely, open, and honest — will be critical for successfully taking the next steps with your business.  For many, personal anxiety and stress will be high as we navigate shifts in our personal and work lives.

Provide your team as much information as possible on what to expect, and how things will move forward, as you go through each upcoming phase of your plans.

As you communicate with your team, keep in mind that employees may be dealing with personal COVID-19 impacts, such as:

  • Death of a family member of close friend
  • Sick or quarantined family member(s)
  • Loss of income by a spouse/partner/family member
  • Supervision of children learning from home
  • Lack of available daycare
  • Anxiety and stress
  • Feeling unable to return to working in the office

Be prepared to deal with the human side of Covid-19, not just the logistics.

  • Anticipate and have answers ready for employees about your requirements and their options
  • Establish a feedback loop and listen to staff issues and concerns
  • Engage your HR staff, service, or consultants to assist with communications, feedback, and responses
  • Update plans and timing as needed to mitigate staff concerns and business conditions

Prepare to Settle In

Set Expectations

As noted, above, experts are telling us to expect local/regional COVID-19 outbreaks throughout the fall and winter. With this expectation, we should plan for future stay-at-home orders and business restrictions. These will likely vary by location, complicating your planning efforts.

Remote work will be part of our operations for the foreseeable future. As you plan your next steps, make sure that your team is ideally equipped to continue working from home.

In the scramble to respond to stay-at-home orders, many businesses make necessary technology decisions for the near-term.  Now is the time to step back and take a long-term view. Employees may be working on home computers, using personal software, and working in a less-then-ideal space. Many businesses are also finding employees have signed up for free or consumer IT services to work around limitations, such as difficulty accessing files on company servers.  We still have a responsibility to keep information secure and private, and our employees and businesses safe.

Get Your IT Resources in Place

Settling in means adapting work environments — at the office and in employees’ homes — to our anticipated reality.

  • Improve security and access to company systems and data
    • Move data from on-premise servers to cloud file services to improve access and security; Map drives to cloud-data for compatibility with desktop software
    • Use Remote desktop and VDI solutions to move on-premise applications to the cloud, providing easy, high performance access without distributing data to remote computers
  • Ensure employees have workable use of your phone system (see this post for more info)
  • Reduce the need for remote PC, VPN and other remote access solutions that increase cost, complexity, and delays
  • Eliminate the need for shadow IT services by helping employees use existing capabilities in your productivity suite
  • Provide devices for employees that do not usually work from home
    • Consider rental, lease, and device-as-a-service option to manage costs
  • If unable to provide devices, upgrade home computers:
    • Add memory for performance and ensure the ability to run business applications
    • Deploy licenses of business software, even if employees are using consumer versions of the applications
    • “Next Gen” endpoint protections from viruses, malware, and ransomware
    • Web filtering and DNS security to prevent malware from infected websites
  • Provide employees with helpful accessories, such as noise cancelling headsets for video calls

We are here to help you plan and execute your next steps.  Our free Response and Recovery Assessment will help you with your planning, fully utilize your existing IT Services, and identify budget-friendly solutions to address any unmet needs and priorities. Email us or complete the form on our home page to schedule your assessment.


 

Coronavirus: Prep Instead of Panic

Updated Mar. 23, 2020. (new content in italics)

Coronavirus is in the news with broad localized impact.  The Centers for Disease Control is urging everyone to prepare for a major public outbreak of COVID-19 will strike the United States. Here is a high level update:

  • Extensive “Community Outbreaks” have been identified by the Centers for Disease Control (CDC), with confirmed cases rising at a sharp rate in several areas of the country.
  • Several states, counties, and local governments are issuing lock-down or “shelter-in-place” orders, severely restricting business and personal activities.
  • Many states and local governments restricting meetings and services.
  • School are closing for extended periods of time. Government facilities are closing to the public
  • Employers are restricting travel and meetings
  • Employers are telling employees to work from home
  • Restaurants and bars are restricted to carry-out and delivery only
  • Mandatory quarantines are in place in some areas

What does this mean for us and our businesses?

Experts currently agree that potential for wide-spread outbreaks exists and there is an urgent and critical need to minimize the spread of the virus.  That said, we should expect, and be prepared, to address localized issues.  These can include:

  • Employees being quarantined at home, or while traveling, due to possible exposure or systems.
  • Closing offices to facilitate social distancing
  • School closings, requiring employees to remain home with children.
  • Localized building shutdowns, including government offices, courts, etc.
  • Impact on, or hesitancy to use, public transportation; reduced public transportation schedules
  • Cancellation of conferences, meetings, and events.
  • Hesitancy to travel, or restrictions on travel destinations.

Each of these feels manageable if the inconvenience is only for a limited time. But with quarantines running 14 days (or more) and concerns that the virus might live on surfaces for as long as nine days, these disruptions may create serious challenges.

Question to Ask and Consider

  • Have we communicated a policy to employees that “Safe is better than Sorry”
    • Do employees know to stay home and avoid meetings if they are not feeling well?
    • Should your business alter or halt normal operations?
    • Should you close your facilities to some or all employees?
  • Can your employees easily and efficiently work remotely?
    • Does this include employees who normally work at the office?
    • What materials, documents, or services might they need?
    • Will functions, such as customer service, function properly with remote users?
    • For employees that don’t normally work at home:
      • Do they have sufficient Internet bandwidth?
      • Do they have the software needed to use your VoIP phone service?
      • Do they have an appropriate device (personal or company-provided)?
      • If using personal devices, do they have the necessary software and versions?
    • Can you extend business phone service to workers at home? If so, are you comfortable
      getting this setup?
  • Do you have the ability to replace travel and on-site meetings with video conferencing?
    • Are enough of your conference rooms equipped for conferencing?
    • Is your team comfortable using the equipment and services?
    • For employees who do not normally work remotely or use audio/video conferencing:
      • Do they have access to audio/video conferencing services from their devices?
      • Do they understand how to use the services from their computers or phones?
      • Are they comfortable with using these services?
  • What functions can be scaled back or delayed with minimal impact to operations, cash flow, customer service, etc.?
  • Which functions are critical to your business continuity?
  • Will supply chain issues disrupt your business?
  • How might the evolving economic fallout impact your business?

Steps to Take

As you consider and answer the above questions, and others, you can better understand how to prepare.  For some, enabling more remote work may be as simple as a temporary cloud file service or migrating files from on-premise file servers to cloud file services.  Other businesses might consider ensuring team members have suitable computers at home or company laptops available if needed. Now might be the time to add Teams Meeting or Hangout Meet hardware and services to your conference rooms and huddle areas. And some businesses may want to expand remote access to business systems or relocate applications to cloud servers.

The good news is that you are not alone.  As you monitor events, assess your risks, and plan, we are here to help.

Please:

  • Join our Open Office Hours on Wednesday March 18, 2020 at 2:00 pm ET.
  • Contact us and take advantage of our expertise and, if appropriate, our services.

We are in this together.

Thank you,

 

 

Allen Falcon, CEO and Pragmatic Evangelist

Risk and Reward – Protecting the Value of Your Business

Business ContinuitySeveral weeks ago, in a town not far from our headquarters, a massive fire destroyed a building housing six small businesses.  Our local business journal followed up a few weeks after the disaster with a poll asking business owners how prepared they are for a major disaster.

  • Fewer than 50% of responding business owners feel that they are fully insured, have an emergency plan, and could be up and running in a few days.
  • 39% feel that it could take a month or so, but they could eventually reopen
  • 17% felt they would be out of business or would required state and local aid to survive

While not a scientific sampling, the results are alarming.  Alarming for a few reasons:

  • Even with insurance, it can take days or weeks to get authorization so you can move forward with your emergency plan.  Securing a new location and replacing fixtures, inventory, etc. takes time, as does recovering computer systems and data.
  • More than 50% of businesses closed for 7 days due to a disaster fail within 6 months of reopening.  While many businesses might re-open in a month, the future will be challenging.

Your Risks are Yours

A major fire in a block of retail and service businesses creates specific challenges, as do storms and floods.  Many more businesses, however, experience disasters equal or greater in scope even if they do not have the same level of physical damage. Some examples we have seen.

  • A distributor of customized office supplies lost all electronic business records for the past three years when they where hit by ransomware. The attack corrupted their on-site backup servers as well as their main file and database servers.
  • A news publisher lost all of their physical servers, firewalls, and networking equipment when a sprinkler head failed in their small equipment room.
  • A small plastics manufacturer lost the ability to use their process control systems when embedded Windows workstations were corrupted by a malware attack.

In each of these examples, businesses with customer commitments, production schedules, and deadlines were idled for days. For some, full recovery can take months.  Beyond the hard cost of recovering systems and data, these businesses suffered from soft cost losses.  Missed customer commitments, delayed invoicing and collections, and the time employees spent on the recovery effort all have lasting impacts on your business.

Business Continuity is a not just a good idea, it is a responsibility. 

As business owners, our employees, vendors, and customers count on us.  While people can empathize with the impact of a fire, there is less understanding for businesses that fall victim to cyber crime.  Malware, phishing, ransomware and other attacks are generally preventable when your team is alert and aware of the risks and when you put reasonable identity, data, and system protections in place. And since no protection is perfect, you need to be able to recover quickly enough for your business to continue operating smoothly.

Here is some food for thought:

  • Know Your RTO:  Understand how quickly your business needs to Return to Operational.  Maybe you can work on paper for a few days. Maybe you need to be up and running in a few hours because you are at a standstill until systems are back online. Your RTO goal will guide your decisions on what protection and recovery/continuity services are the right match for your needs and budget.
  • Assess Your Risk: Understand the different disaster scenarios and how they may impact your business.  Think about physical issues, such as loss of power and catastrophic system failures, as well as other disruptions, such as cyber attacks and potential actions by a disgruntled employee.
  • Watch Your Flank: Asses how different types of threats could impact your business.  We are beyond hiding our computers behind firewalls. We still have physical threats, but we also have threats focused on networks, user identities, access control, third party services, and data sources and services. Each threat vector needs a plan for protection, response, and recovery.
  • Factor in Humanity: We used to talk about balancing security with ease of use.  Today, the humanity equation is different as most IT disasters take advantage of human factors like our fundamental desire be helpful when asked. In many ways, your team is your best defense. They need to understand the risks, the methods of manipulation, and the signs that something is not quite “right”.  Your team needs to understand the value of inconveniences like multi-factor authentication and enhanced privacy and access controls — that these protect them as well as the company.

Your next step.

Contact us.  It is time for a serious conversation about protecting the value of your business.  A basic assessment of your business continuity profile will identify risks and gaps. From there, we can discuss improvements and their business value so you can make informed decisions that balance your risks, needs, and budget.  Business Continuity solutions — from disaster prevention through recovery — do not need to bust your budget.   For most business, changes in security settings on existing systems paired with modest, incremental services provide the protection and recover-ability you need.

Webcasts

Next Normal: IT Efficiency

3T@3 Webcast Series: Tuesday, Feb 23rd at 3:00 PM

COVID-19 and the events of the past 10 months have, and continue, to change the way we run our businesses.  While some of these changes are temporary, many will become part of our next normal. For many of us, these changes came in a scramble to work from home. With respect to IT, this has many businesses using new, often redundant apps and systems.

Are the IT choices made during the crisis the best for your business in the long term?

This month’s 3T@3 Webcast, is the first in our “Next Normal” series looking at how we adapt, prepare, and respond to economic, social, and business changes.  We start the series exploring “IT Efficiency.”  We see where many small businesses signed on to services in order to adapt to mandatory closures, reduced office capacity, and parents’ need to be present for children learning remotely. Many of these service duplicate features in other systems, resulting in excess cost and lost productivity.  Join Cumulus Global CEO Allen Falcon to identify how you may streamline your IT services, reduce costs, and improve efficiencies.

Watch the recording on-demand



Data Protection & Security

library

15 Best Practices for Cyber Protection

eBook Source: Cumulus Global

As our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
  • Protect & Prevent
  • Recover & Respond

Policies and procedures, technologies, and people are all part of the equation, as is cyber insurance for financial protection. Deciding where and how to invest is a value proposition balancing costs, benefits, and the risks of inaction. 

In this eBook, we look at 15 Best Practices for Cyber Protection. We rank solutions from “bad” to “best”. Your business may not need the “best” solution for every area; you can match services and costs to your risks and needs. 

These best practices improve your protection, mitigate liabilities, and facilitate affordable cyber insurance coverage.

Please confirm you information below to view and download the eBook.



SaaS Protection Buyer’s Guide

eBook Source: Cumulus Global

Microsoft, Google, and other cloud providers backup their infrastructure. They ensure that their services are running and accessible. You, however, are responsible for managing, securing, and protecting your data.

This eBook guides you through common myths about cloud services, why SaaS protection is important, and selecting your SaaS protection solution.

Please confirm you information below to view and download the eBook.