Posts

Best Practices

Cyber Protection: Time for New Best Practices

Best PracticesAccording to a recent survey* of IT service providers, ransomware attack downtime costs 23 times more than requested ransom. The average ransom for small and midsize businesses (SMBs) victims jumped 37% to $5,900 from 2018 to 2019.  The average cost of ransomware downtime jumped from $46,800 to $141,000, and increase of more than 200%.

To add to your concerns, SMBs fall victim to cyber crime and ransomware attacks even when they have traditional antivirus, email/spam, ad/pop-up blockers, and endpoint protection in place.  67% of IT service providers report their SMB customers fall victim to phishing emails; 30% report that most customers still rely on weak passwords and access management.

Traditional cyber security solutions are no match for many cyber attackers. We need a new approach to ransomware, with business continuity at the core.

Using business continuity as a guiding principle drives new best practices for preventing and responding to cyber security attacks. With a business continuity mindset, you focus on what is needed to keep the business running, and how quickly you can “return to operations”.  When we discuss business continuity, we understand that we need to take steps to prevent disruption, mitigate the scope of potential disruptions, respond effectively when disruptions happen, and have the systems and processes in place to recover quickly.

For over a year, we have promoted and refined our CPR model:

Communicate and Educate: Involve everybody in the solution by educating your team on the risks, how to spot and report fraudulent content, and how their behavior can prevent or help an attack.

Protect and Prevent: Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Our data, our businesses, no longer sit comfortably hidden in a computer room behind a firewall.

Respond and Recover: No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, put in place the forensics, legal, public relations, and customer service resources you will likely need in a cyber attack emergency.

Time for Action

Here are 10 Actions you can initiate today to improve your cyber protection:

  1. Ensure your computing environment is protected across multiple attack vectors: Identity, Endpoints, User Data, Cloud Apps, and Infrastructure.
  2. Deploy multi-factor authentication, advanced threat protection, next-gen endpoint protection, and DNS/web protection across your ecosystem for a comprehensive baseline or protection.
  3. Encrypt your data at rest and in transit.
  4. Educate your team on the risk and how their actions can impact the business.
  5. Actively manage your cloud and “as-a-Service” subscriptions, standardize on-boarding and off-boarding of staff and contractors based on role, application needs, and appropriate access to data.
  6. Understand how your team uses your business and unauthorized (“shadow IT”) applications and services.  Reign in shadow IT by ensuring your business systems provide staff with the necessary capabilities.
  7. Test your staff’s behavior related to cyber attacks and follow up with additional coaching and guidance. Discipline and, if needed, terminate those who are unwilling or unable to adapt to the current realities of behavior and risk.
  8. Upgrade from data backup/recovery to a business continuity solution that will get you up and running in minutes or hours, instead of days, should an attack get past your defenses.
  9. Arrange in advance for the legal, forensic, PR, communications, and customer service resources you need to respond to an attack with a potential or actual data breach.  Prepaid breach response services give you nearly instant access, reducing your risks and liability while bundling in baseline cyber insurance coverage.
  10. Get cyber insurance, either a baseline policy bundled with Breach Response services and/or a fully underwritten policy from your business insurance provider.

Please contact us for more information about your cyber protection, available assessments, and solutions. We are happy to schedule a free, no obligation Cloud Advisor Session.

* Global State of the Channel Ransomware Report. Datto, Inc. Oct. 2019.


 

What You Don’t Know Can’t Help You

I expect you have heard the old saying:

“What you don’t know won’t hurt you.” — Anonymous

In the cloud-y world of IT services and solutions, the lesson is better expressed as:

“What you don’t know, can’t help you!” — Allen Falcon

For a long time, small and midsize businesses (SMBs) moved to the cloud to replace existing services with more efficient, secure, and accessible cloud services. This was good for a while, but the landscape has and will continue to change. Now, when we talk to SMBs like yours about current IT services and the cloud, we talk about your business objectives and priorities. We talk about your growth opportunities, challenges to overcome, and how we can help you and your business succeed.

Today’s cloud services reflect your need for business results.

Cloud services, like Microsoft 365 Business, include a range of additional apps new to Office and, in most cases, unique to the cloud.  These apps give you access to value-add tools designed to help your business, such as:

  • Outlook Customer Manager: A simple contact manager and CRM tool that integrates with your existing inbox, calendar, and contacts
  • Bookings: An app that allows customers to easily self-schedule appointments from available time slots
  • Listings: A marketing app to build online pages and presence on Facebook, Google, and other platforms
  • MileIQ: Automated mileage tracking app for expense reports and/or tax filings
  • Connections: An easy-to-use app for simple email marketing tasks and campaigns
  • Flow: Automate processes, work flows, and approvals

These apps are joined by low-cost add-on services that let you to consolidate and simplify your IT environment — and save money.  For example, in Microsoft 365, adding PSTN conferencing gives you a standard telephone bridge for any Skype for Business or Teams conference call.  You can replace paid conferencing and web meeting services like WebEx, Zoom, and GoToMeeting with a tool that truly integrates with Outlook, your inbox, and your calendar.  At a cost of only $4 per user per month, and the ability to limit your purchase to users with a defined need, you can dramatically lower the cost of audio and video conferencing while providing a better experience for organizers and attendees.

Clearly, Microsoft 365 is not simply “Office in the Cloud.”  The value-add apps, low cost add-on services, and more than a half dozen additional security features in Microsoft 365 create a more robust ecosystem for productivity, efficiency, and growth.

The Challenge is Adoption.

Adding value only happens when your team is aware of, and knows how to use, the broad range of capabilities in services like Microsoft 365.  Getting your team from Point A to Point B, and then Point C, takes effort.

Here are some ideas to help you empower your team and enable your business:

  • Don’t Overwhelm:
    • Presenting too many capabilities, or too much training, all at once can overwhelm your team. Instead of understanding how they can do their jobs more efficiently, they may feel lost.
    • Not knowing where to start leads to paralysis.
  • Start with the Familiar:
    • Even the traditional Office applications (Word, Excel, etc.) have features that are unique to the Microsoft 365 versions and ecosystem.
    • Refresh your team’s knowledge of the apps they already use and know, adding these incremental productivity features into the mix.
  • Focus on Capabilities Specific to each Role:
    • Not every person needs every app or feature.
    • Focus on matching specific features, apps, and capabilities to the people on your team that will benefit the most.
    • Lessons and learning should be relevant to each team member’s job.
  • Provide Continuous Learning for Continuous Improvement:
    • Make learning an on-going activity that happens in small, manageable events.
    • 3 to 5 minutes per day, less than 20 minutes per week, can provide team members with ideas and insight they can put to immediate use.
  • Create a Culture of Learning:
    • Incent participation to set clear expectations and establish value for the learning process.
    • Monitor team member participation and progress.
    • Provide feedback and encouragement, particularly to the “leaders” and “laggers”.
    • Encourage team members to share their knowledge with peers.

Getting more value from your existing IT and cloud solutions starts when your team understands what is there for them, and how to use it to their advantage.  Improving adoption improves results, and need not be a major cost or time commitment.


Cumulus Global offers a self-paced, video learning system that tailors content to roles within your organization.  For more information, contact us for a brief call with one of our Cloud Advisors.


 

Pending Storm; Pending Doom

A quick scan of the weather headlines late on Thursday afternoon: a “Nor’easter” storm going through rapid escalation, know as “Bombogenisis”, looks ready to hit New England tomorrow with rain, snow and hurricane force wind gusts. Now it is Sunday, and many small and midsize businesses along the northeastern coast are wondering when, or if, they will be able to reopen. The impact of disasters is increasing. We can argue about climate change versus weather. We can discuss our aging infrastructure. We can debate whether to plan for disaster causes or effects. If we do not, however, make our businesses more resilient, the quantity and severity of disruptions will continue to grow.

The coming storm should not foretell coming doom.

By taking advantage of proven cloud services, most small and midsize businesses can protect themselves from disruption. Many businesses in coastal areas of New England may be without power and other utilities for 2 to 4 days. Businesses with no continuity plan are down and out. Given that about 50% of businesses shut down for a week will fail within six months, “down and out” can be fatal. If you rely on VPN or remote desktop to on-premise systems, you are still at risk — no power means no on-premise networks or servers.

Businesses with key systems in the cloud, however, can be up and running if employees have power and Internet access.

So what are your next steps?

First, measure the impact on your business of a disruption lasting one day, three days, and five days?  As you do, consider the full cost of recovery, including post-disaster productivity loss as your work to recover lost data and time while keeping things moving forward.

Second, consider the value of keeping your business running rather than having to recover and regroup. Beyond the dollars and cents, understand the value to your customers, to your reputation.

Third, contact us for a complimentary Cloud Advisor Session to discuss your cloud and continuity strategies.

SMB Cloud Tipping Point

Moving Cloud Gets Real

SMB Cloud Tipping PointCloud Computing is reaching a tipping point for small and midsize enterprises (SMEs) as the number and value of cloud-based applications and systems surpasses those running on site. Beyond email, SMBs use Software-as-a-Service solutions for customer relationship management, operations, finance, customer service, and vendor/supply chain management. SMBs want better integration between SaaS solutions and custom-built solutions to further enhance operations, marketing, sales, and the bottom line. Over the next few years, bots, machine learning/AI, and business intelligence will become the norm for SMBs as well as larger enterprises.

SMBs are moving core systems, infrastructure, and services to the cloud.

If all you have left on premise are your Active Directory services, some of your file and print servers/services, and a few business applications, moving your remaining IT services to the cloud makes sense. You can provide the same applications, data, and services without maintaining the physical infrastructure while enabling better integration of systems, processes, and information.

3 Strategies

You have three basic strategies to choose from when moving apps and systems to the cloud:

  • Beautify
    • Also referred to as “lift and load”, this strategy works best when you have (1) a custom-built application; (2) a customized system that cannot migrate to the vendor’s SaaS offering; and/or (3) a solution you do not want to further modify or rebuild as a cloud app.
    • In this scenario, we create cloud-based networks and servers to host and run your existing systems “as-is” with remote, secure access.
    • This option is an effective interim step to a more complete cloud solution.
  • Buy
    • In this scenario, you “buy” a SaaS solution from your current software vendor or move from your existing system to a new SaaS solution.
    • Your ability to “buy” depends on the capabilities of the SaaS solution(s) versus your current system usage and needs. For example, many businesses find that the SaaS version of Quickbooks lacks features and reports that they need an use.
  • Build
    • As the name implies, build means you are replacing an app or system with a new, cloud-based solution.
    • With the current evolution in bots, machine learning, artificial intelligence, and tools, many of your existing processes can be automated by cloud-native services with little or no traditional programming.
    • No-code and low-code solutions are the wave of the future.

Next Steps

Which strategy, or combination of strategies, is best for your business depends on several factors, starting with business goals, objectives, and priorities. Current capabilities, needed features/functions, competitive positioning, internal culture, cost, and value all come into play. When you properly plan and execute your cloud migration, you should see tangible and intangible benefits.


Contact us to discuss the possibilities and opportunities for your business.


 

Office 365

The Curse and Blessing of Office 365 Licensing

Office 365If you ask IT pros about Office 365 licensing, they are likely to roll their eyes.

If you ask which license is right for you, the conversation will likely start with a heavy sigh. Microsoft has 6 primary Office 365 license options for business, several add-ons, a number of special-purpose licenses, and over a dozen stand-alone and value-add products.

The Curse is Confusion

Between the number of options and the frantic rate of new features and updates, we are not surprised when companies complain that picking the “right license” is confusing. You end up bouncing between tabs and browsers, comparing feature lists that never seem to have enough detail. You struggle to find which add-ons work with each license type. You may not even know where to look for specialty licenses that can save you money. And with the rapid growth of features and functions, you wonder if the web pages you scour for information reflect the latest updates and options.

The Blessing is Customization

You can escape the confusion. And, in doing so, you can customize your Office 365 licensing plan to best meet your needs. With “too many options”, you can mix and match licenses to the needs of your users. You can tailor the feature sets for groups of users and lower your average cost per user at the same time. You can decide when to rely on built-in features or third party solutions to meet specific business requirements. You can decide which users get add-ons and which do not.

The Key is Understanding

The good news: with guidance and understanding of the Office 365 and Microsoft 365 licensing structures, you can plan and implement subscriptions that meet your organization’s needs at the most affordable cost. By looking beyond Microsoft-only options to select third party tools, you can mix in lower cost licenses without sacrificing compliance, threat protection, telephony, and needed features. You can map out a strategy that enables hybrid computing and services and capabilities move to the cloud over time. You can integrate your cloud an on-premise environments into a seamless service.

The better news: you do not need to gbecome an expert.  Our Cloud Advisors, backed by experts from Microsoft, are ready to assess your needs, explore alternatives, and design solutions options. You gain understanding and select the option that best fits with your needs, priorities, and budget.

Your Next Step is ….

If you haven’t settled on a Office 365 or G Suite as your cloud suite, or if you think you should change from one to the other, your next step is our Which Cloud Analysis.  You complete a comprehensive survey and we provide a formal report that assesses your needs and environment and provides specific recommendations. We will also schedule a Cloud Advisor Session to review and discuss our findings and recommendations.

If you have decided, or currently use, Office 365, contact us to schedule a Cloud Advisor Session to review your environment and needs.  We will help you assess, plan, and implement a solution that delivers the value you want and need.


 

Cyber Attack

3 More Reasons You Are an Easy Cybercrime Target

Cyber AttackLast week, we gave you three reasons why you, as a small or midsize business, are a viable and desirable target for cyber criminals.

If those reasons don’t give you enough reason to act, here are three (3) more reasons SMBs, and you, a target for cyber criminals…

SMB data is increasingly networked

  • All of your systems — databases, email, documents, marketing, point-of-sale, and more — are likely running on a single network.
  • Access to one of your systems can lead to access to others. Target’s POS system was hacked using a security flow in the HVAC monitoring system running on the same network.
  • Moving data and systems into secure cloud solutions, and segregating network traffic minimizes the cross-over risk.

SMBs are using consumer products for business data

  • Consumer grade services are often more affordable, but often lack the security and data protection features of the higher-priced, business versions.
  • Separate work and home and use solutions designed for business, and, make sure to configure the security and privacy setting accordingly.

SMBs are often lax when it comes to security

  • Many small businesses operate in an environment of trust; people know and trust one another. This trust can be exploited by a disgruntled employee or an outsider.
  • Keep user identity management and passwords private and secure; Manage administrator and “super user” passwords so that they are unique, complex, and secure.
  • Keep servers and systems with sensitive data/access secure; enforce screen locking and passwords.
  • Educate your staff on security risks and behaviors.

 

Taking cyber security seriously is the first and best step in protecting your business, employees, and customers. Protection need not be overly complex; nor must reasonable protection be a budget busting expense. Reasonable measures balance cost and security.


Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.


 

 

 

Cyber Attack

3 Reasons You Are an Easy Cybercrime Target

Cyber AttackAs we’ve mentioned before, more small and midsize businesses (SMBs) are falling victim to cybercrime.  According to HP’s Cyber Security and Your Business report, Cybercrime costs SMBs 4.2 times more per employee than larger businesses, and 60% of SMBs that experience a data breach are out of business in six months.

Why are SMBs, and you, a target for cyber criminals?

SMBs spend less on security while larger businesses are increasing their security protections.

  • Your business is an easier target because you are more likely to lack basic protections. In effect, you may attract cyber criminals because you are an easier target.
  • Budget for, and implement, reasonable protections covering user identities, access controls, user permissions, data loss prevention, and employee awareness and training.

SMBs do not have in-house security expertise.

  • Keeping up with risks and trends is time consuming above and beyond ensuring that your security measures are updated and working on a day-to-day basis.
  • Leverage technology and your IT partners for automated solutions and expertise, as well as on-going management of your security and privacy solutions.

SMBS are moving into the cloud.

  • Using cloud applications and storage makes sense. But, your data is no longer behind a physical or logical “firewall”.  Protecting your data means protecting the cloud systems and services you use.
  • Always select business-grade services over consumer services. Implement all security features, including 2 Factor Authentication. And, when possible, integrate access to cloud services into a single system for managing user identities. And, do not forget to train, and periodically remind, your staff how their awareness and actions can allow or prevent an attack.

 

Start the new year off right with a review of your IT security and data privacy policies, procedures, and systems.  Doing so is an affordable way to protect your business, your employees, and your customers from cyber crime. The cost of prevention is miniscule compared to the cost of a breach.


Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.


 

Myth Busting

Myth Busting Monday: Skype and Skype for Business are the Same

Office365-Logo-and-textSkype and Skype for Business carry similar names and are sometimes confused as one and the same thing.  Both let you communicate for free between computers and hold online meetings. But that is where the similarities end.

Skype and Skype for Business are Very Different Services

Skype is a free consumer service designed for communicating with a small number of people. You can buy credits to make calls to traditional phone lines and mobile devices.

Skype for Business is a secure communication and collaboration service designed to boost productivity by letting people connect in the way that is best for them — chat, voice, video, etc.  Skype for business is more than a chat and calling app, your team can give presentations and attend meetings from anywhere with an Internet connection.

Skype for Business lets you run online meetings with up to 250 attendees, gives your enterprise security, lets you manage your employee accounts, and integrates with your Office apps and Office 365. The integration with Office 365 also includes:

  • Presence – See if somebody is available or busy at anytime
  • Instant IM – Start an IM session by double-clicking a contact name
  • Share – During meetings, share your desktop or a specific application
  • Include – Invite people outside your company to meetings with a full-feature web conferencing experience
  • See – Integrate video through webcams on any call or conference

With Skype for Business, you can skip the expensive web conferencing services, along with the hardware, software, and administration required for on-premise communication servers. You simply manage access, settings, and security.


This is the seventh of a multi-part series designed to help companies better asses the opportunity and value of cloud-based solutions. Contact us to schedule a free, no-obligation Cloud Advisor session to discuss your priorities and plans.


Myth Busting

Myth Busting Monday: Cloud Lacks Security

Office365-Logo-and-textSecurity is still the biggest fear across SMBs considering the cloud.  IT leaders and C-level execs worry about spies, cyberthieves, governments, and vendors access their company’s data. This fear is unfounded.

You are the Sole Owner of Your Data; You Manage and Control Privacy and Access.

Like most reputable and trustworthy cloud providers, Microsoft runs the Office 365 based on several key principles:

  • Microsoft never mines your data for any reason other than to provide you with the Office 365 services
  • Microsoft’s staff does not have access to your data
  • If you leave Office 365, you can always take your data with you
  • You control the security and privacy settings; you determine who has access to what
  • Auditing and supervision prevent your admins from unauthorized access to your data

Beyond the core security and privacy capabilities of Microsoft Office 365, we offer additional configuration, tools, and services to ensure compliance with privacy regulations and/or your internal policies.

Fear not the lesser known security of the cloud. Learn, trust, and go.


This is the sixth of a multi-part series designed to help companies better asses the opportunity and value of cloud-based solutions. Contact us to schedule a free, no-obligation Cloud Advisor session to discuss your priorities and plans.


Fast Fact

Fast Fact Friday: SMB IT in the Cloud

fastfacts2According to a survey of 1,500 SMB IT leaders by BetterCloud in the spring of 2015 …

49% of SMBs expect to run 100% of their IT in the cloud by 2020.


Are you moving to the cloud? Is your roadmap in line with your business goals? Contact us for a no-obligation Cloud Advisor session.