Posts

Gemini, Copilot, or ChatGPT? What You Want to Know

/in , ,

Earlier this month, we surveyed our clients about the AI services they use regularly. The results show that a majority of respondents prioritize the AI services included within their existing productivity suites.

Of more than 50 respondents:

  • 57% use Gemini for Google Workspace (including the Gemini App, Gems, and NotebookLM)
  • 55% use Microsoft Copilot
  • 51% use stand-alone AI services, such as ChatGPT, Claude, and/or Grok
  • 12% use Gemini Enterprise

While stand-alone service adoption is slightly lower, many companies officially use more than one solution:

  • 33% use Gemini AI and at least one stand-alone service.
  • 33% use Microsoft Copilot and at least one stand-alone service.

As you evaluate your AI needs, consider these strategic factors:

Secure Your Baseline

Maintain control and security over your data before you begin your AI journey. You need to ensure that individuals using AI cannot access information beyond their specific responsibilities. Additionally, you also want to confirm that your data is not used to train or populate learning models beyond your internal systems.

This data governance is critical for maintaining compliance with regulatory, industry, and contractual requirements for data protection.

Understanding how each AI tool or service integrates with your identity, access, and security services helps you select solutions that will protect your business.

Start Simple

Before diving into multiple new solutions, explore and take advantage of the AI services embedded in your current IT systems and applications.

Microsoft Copilot and Gemini for Google Workspace each offer a robust suite of services. You may not need to make additional investments in other tools. Additionally, both platforms integrate directly with your email, documents, spreadsheets, and meetings, as well as other applications within your suite.

Leveraging these services lets you avoid the cost and complexity of third party integrations. For example, both Gemini and Copilot provide excellent transcription and note-taking services for Google Meet and Microsoft Teams meetings, respectively.

Dive DeepConnect with a Cloud Advisor

Before adding third party AI services and tools, make sure to explore and pilot the capabilities already at your fingertips.

For instance, Gemini AI for Google Workspace includes:

  • The Gemini App (gemini.google.com): Provides prompt response using public information and secure access to your content in Google Workspace. It also supports advanced image creation and manipulation, Deep Research tools, and short video creation.
  • Gems: Customized Gen AI chat agents with defined personas and objectives
  • Scheduled Actions: Automation for repetitive AI actions
  • NotebookLM: creates private, secure learning models using your data and select public information.

Define Use Cases

As part of your exploration, identify use cases where AI integration provides tangible benefits.

For each use case, define the opportunity, workflows, process changes, and desired outcomes.

These use cases provide you with a framework to test AI services and solutions, and they will help you identify the individuals and teams that will be impacted by AI adoption. These people will require training and should participate in your AI pilot projects.

Be Selective

If you cannot address use cases with your integrated and embedded AI services, focus your search on AI tools and services appropriate for your use cases.

Before selecting a tool, vet its ability to integrate with your existing applications, systems, and security. Keep in mind that every additional application introduces administrative overhead and security constraints.

Balance the added effort and costs against the potential outcomes to ensure that the tool delivers true value to your business.

Help is Here

Visit our AI Landing Zone for a range of resources to help you plan, manage, and secure your AI services.

Our Cloud Advisors can also provide the guidance and assistance you need to plan and execute your AI strategy. Send us an email or book a brief introductory call. We are here to help.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with productive, security, and secure managed cloud services. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped hundreds of organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience and effective change management.

Prevent AI Data Leaks with the Right Tools

/in , ,

As leaders of small and midsize organizations, we need to operate efficiently and effectively within a range of security constraints. Laws, regulations, industry standards, and contractual obligations set expectations and, in most cases, impose requirements on how we manage and run our business and IT. Now, artificial intelligence (AI) adds a new layer of security challenges.

AI is most effective when it has access to a broad range of relevant information. However, that access must be carefully limited to authorized users, creating a delicate balancing act.

AI data leaks occur when AI tools and systems expose information to unauthorized users or share it inappropriately. These leaks can happen internally or externally, and may be accidental or intentional.

Preventing AI data leaks requires actively governing permissions and access, along with choosing AI tools that align with your security and privacy requirements.

Setup AI Data Governance

The days of “set and forget” permissions are over. At the macro level, AI data governance requires actively managing access controls and permissions settings.

Begin by reviewing and auditing your current access controls and permissions settings. It is common for users to rely on default sharing settings or to adjust permissions for convenience, often extending access inappropriately. While people may not actively search for and find private information, AI will.

Running an audit tool and resetting permissions can help close these gaps and provide a fresh starting point. Once permissions are properly configured, advanced security tools enable ongoing monitoring to identify new threats as they emerge. These tools can notify users and administrators of potential issues and modify permission changes to reduce risk.

Pick Secure AI Tools

With data access controls and permissions properly secured, the next step is ensuring that the AI tools and systems you use do not put your data at risk.

When selecting AI tools, look for the following attributes:Connect with a Cloud Advisor

1. Adheres to Security Standards

Include security as a critical criteria when selecting your AI tools and systems. Verify that the AI tools you pick adhere to industry and regulatory security standards.

2. Does NOT Train Models Without Permission

Never use an AI tool that trains their models without your permission. These tools effectively absorb anything you input and incorporate it into their models, potentially exposing your data to other users.

3. Does NOT Allow Human Data Review Outside Your Domain

Avoid AI tools and systems that allow humans outside of your organization to see or use data you have entered into the system. Even if these systems are not using your data to train their models, if others can see it, then it is not secure.

4. Does NOT Sell or Use Data for Other Purposes

Choose AI tools and systems that do not sell or use your data for purposes beyond providing the service. Outside of training, some AI tools mine data for sale to others for research, marketing, and other purposes.

The general rule of thumb is: If you pay, your data is private. If the tool is free, so is your data.

However, some paid AI tools still include terms and conditions that allow data collection and usage. Before moving forward with any AI tool or system, always check the fine print.

How We Help

Schedule an intro meeting with one of our Cloud Advisors. Our team can discuss how you can assess your risk, create effective policies, and select tools that deliver productive, secure, and affordable AI solutions. The meeting is free and without obligation.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with productive, security, and secure managed cloud services. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped hundreds of organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience and effective change management.

3 Questions – About Cyber Security

/in

Data Protection & SecurityShare your answers to our 3 Questions and, in exchange, we will

  • Schedule time (no cost / no obligation) with one of our Cloud Advisors to discuss why the questions are important and to review your answers
  • Provide our Rapid Security Assessment at no cost to you.
3 Questions about Cyber Security:

1) How do you protect your user devices?

  • Anti-virus, next-gen endpoint protection, managed event detection and response, other …

2) Do you require that employees multi-factor authentication (MFA) when connecting to online services?

  • For all services, some services, other …

3) Do you perform backups of critical systems and data?

  • weekly, daily, hourly, other …
Why and How:

These 3 Questions about Cyber Security indicate how well you may be protected, and your ability to recover, from the most common and most costly types of Cyber Attacks on small businesses.

Related Resources

About 3 Questions:

3 Questions is a new program we are launching to help small business owners and IT leaders think about the issues facing their businesses in new ways.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Founded in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions, Allen has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.  Having started his first business at age 12, Allen is a serial entrepreneur having started strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

 

2022 SMB IT Security Needs Study Highlights & Contradictions

/in

Security firm Action 1 recently published the results of its 2022 SMB IT Security study after surveying 750 small and midsize businesses.Data Protection & Security

Key Findings and Contradictions of the Action1 SMB Report

It is no secret that perceptions about our security risks differ from reality.  Not surprisingly, some of the 2022 SMB IT security needs survey results contradict one another.

52% vs 65% vs 37%

52% of respondents acknowledge that they lack sufficient skills and technology to effectively protect against cyber attacks. But 65% believe the cost of protection is too high and 37% complain that security controls hurt productivity. Businesses clearly struggle to balance the security they need with the cost and the user experience. Often SMBs are presented with security solutions designed – and priced – for larger organizations. As employees use added security steps for everyday transactions (online banking, etc.), the overhead of security protocols is less intrusive.

63% vs 81% vs 40%

While 63% believe that their SMB faces a lower cyber risk compared to larger companies, 81% of respondents had at least one security incident within the past 12 months. 40% of SMBs had 2 or more incidents. Too many SMBs continue to have a false sense of security. Cyber criminals understand that is easier to hack 10, or even 100, small businesses than it is to successfully attack 1 large enterprise. And with current tools, cyber attacks are inexpensive to launch and manage.

Where the Security Risks Exist

40% vs 39% vs 34%

The most common forms of successful cyber attacks are password attacks (40%), ransomware or other malware (39%), and phishing (34%). Note that these forms of attack are not mutually exclusive.  One form of attack, malware for example, can be used to gather the information needed for a successful password breach.

63% vs 43%

Looking at root causes, 63% of SMB IT Security study respondents noted that attacks began with phishing.  Unpatched systems were the starting point for 43% of attacks. These numbers make sense as these attack vectors provide access to information that supports further attacks.

Who is Helping

96% vs 23%

The vast majority of SMBs rely on outside experts for help with their security needs.  93% of respondents use an IT firm for at least some of their IT security needs.  That said, 23% of small businesses are looking to replace their IT service providers in the coming year. While security is not the only trigger for changing providers, it is one consideration.

48% vs 33% vs 29%

SMBs responded that poor system performance (48%), system outages (33%), and long problem resolution times (29%) are the three primary reasons for switching service providers. Each of these issues relate to business interruptions.

2022 SMB Security Study Conclusions

Examining the SMB IT Needs Security Study results, we see three clear conclusions.

  1. Failing to recognize the risks leads business owners to under value security technology and services.  The cost to respond and recover to a single incident dwarfs the cost of reasonable protections.  For SMBs, the average successful cyber attack can disrupt business operations for 18 to 21 days at a total cost to recover exceeding $200,000.
  2. With 50% of employees working remotely, at least part time, individuals and systems are more exposed to attack. Physical security is no longer sufficient. SMBs need a security services designed to protect against the most common and the most costly types of cyber attacks.
  3. As an IT service provider, we must ensure that our services, first and foremost, do no harm.  While security protocols can introduce some inconveniences, our services cannot interfere with performance, availability, or reliability.

Next Steps to Improve Your IT Security

Step back and take a look at your security services and footprint.  Our Rapid Security Assessment is a quick and simple starting point to identify security gaps. You can also schedule a call with one of our Cloud Advisors to review your security and IT services.

 

Debunking 5 Cyber Security Myths for SMBs

/in ,

Data Protection & SecurityAs owners and leaders of small and midsize businesses (SMBs), we have limited resources for IT and cybersecurity.  We should not be surprised, therefore, that SMBs face the biggest threat from ransomware and other cyber attacks.  Beyond the cost and risk of ransomware and encryption attacks, SMBs face business email compromise (BEC) attacks and threats to disclose regulated information.  Recovery costs, fines, and legal actions resulting from a successful attack can destroy your business. And yet, many SMBs remain unaware of the risk and/or lacking reasonable data protections and security.  This post intends to debunk five (5) cyber security myths for SMBs.

1My company is too
small to be a target

While note every attack is successful, one global report states that 86% of SMBs have been hit by ransomware attacks, with 20% attacked more than six times. With fewer resources and less focus on cyber security, SMBs represent an attractive target for attackers.  The increase in remote work and use of remote desktop protocols creates additional opportunities for attackers. Securing and managing these services requires time and attention.

The impact of a successful ransomware attack continues to increase.  According to Verizon’s 2020 Data Breach Investigations Report, the average cost of a successful ransomware attack grew from an average of $34,000 to just under $200,000.

2I cannot afford to protect
against cyber attacks

Cyber attacks are inevitable. Protecting your business does not require expensive solutions.  Your cost for endpoint protection for your devices, advanced threat protection for email, and security awareness training is pennies per day per person.  You can deploy multi-factor authentication (MFA), local disk encryption, and the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) protocols for free. You can deploy cloud-based business continuity and disaster recovery (BCDR) for less than traditional backup/recovery solutions.

3I have backups,
so I am safe

Not all backup solutions are equal.  Many backup/recovery solutions for SMBs run on the same servers and networks as your business systems. Ransomware and other cyber attacks will seek out and encrypt/damage backup servers to render your backups useless.  Your backup/recovery solutions should be segregated from your production network and systems to shield them from attack.  Business Continuity/DR solutions offer the additional ability to bring systems back on line in an alternate cloud data center while you recover your primary systems.

4Technology alone
will save me

As with most security protocols, people are your first line of defense.  As many as 93% of cyber attacks begin with a phishing attack. People click on links, unwittingly downloading malware or sharing usernames and passwords.

Security awareness training should be a standard practice within your business.  The training is a proven way to reduce risk, decrease infections and help desk requests, reduce the chances of a security breach and strengthen the overall security posture.

5Cyber resiliency is
too hard to achieve

Cyber Resilience is the ability to withstand security attacks and land on your feet, no matter what happens. Cyber resilience protects your business, customers, and employees from ransomware, business email compromise, and other potential issues and attacks.

While some gaps in security will always remain, you can affordably improve your cyber resiliency.

To overcome these 5 small business cyber security myths, review your security footprint, and improve your resilience, please contact us by email, via our website, or by scheduling time directly with one of our Cloud advisors, with any questions or concerns regarding this service update.

Change Management in Cyber Security

/in ,

Security, Privacy, & ComplianceCyber Security Will Change Companies

IT change management is a structured process for evaluating proposed IT system or service changes. This procedure is carried out prior to implementing the requested change on an organization’s network, reducing or eliminating network outages.

At a recent security and risk management summit, Gartner shared their views of how cyber security will change companies.  While Gartner’s predictions focus on larger enterprise, several of their observations will likely hold true for small and midsize businesses (SMBs) when it comes to change management in cyber security processes.

Here are some observations and our view of how they will impact small and midsize businesses.

Impacts of Cyber Security Change Management

Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP.

Privacy regulations will continue to expand as more nations pass legislation establishing privacy requirements.  Within the US, we expect more states to follow California, New York, and Massachusetts with varying levels of regulations. Along with the regulations come the potential for fines and increase civil litigation, making it vital to pursue cyber security change management. In many of the statues, the protection is afforded the customer based on the customer’s location, not the location of the business.

For SMBs, establishing and maintaining a sound change management cyber security footprint is essential. Beyond the cloud infrastructure technology tools, businesses need to educate employees and have the policies and procedures in place. These policies and procedures should define expectations for employees and for how the business will respond to an incident.

By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE (Security service edge) platform.

Protecting access to systems is more challenging as the proliferation of usernames and passwords continue.  As the human element can be the greatest security challenge, Identity and Access Management (IAM) solutions will become the norm.

For SMBs, Single Sign-On (SSO), centralized identity/password vaults, and other tools are available and are, generally affordable.  Many SMBs current hesitate given the incremental cost per user per month. As the cost and risk of missing becomes greater, we expect SMBs will see value of Identity and Access Management solutions. These solutions will become the norm within a cyber security strategy, not an add-on.

By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.

With increased concern and scrutiny from customers, consumers, and regulators, businesses are under increasing pressure to monitor and protect against third-party cyber security risks.  This trend will impact SMBs in two ways.

  1. Given the prevalent use of business email addresses as identities for third party applications and services, SMBs will monitor for reported breaches. Third party breaches give cyber criminals an attack vector.
  2. Larger enterprises will see businesses in their supply chains as potential security risks. They will increasing include cyber security requirement in vendor authorization process and in contracts.

SMBs need to be ready to meet the security and risk management demands — people, process, and technology — of their customers.

By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.

As businesses adapted to the COVID-19 pandemic, the inability of most businesses to respond to large scale disruptions exposed flaws in traditional business continuity planning. The pandemic put a spotlight on the need for business resiliency and continuity plans for businesses that had not yet considered continuity to be a priority.  The level of planning to address the threats from cybercrime will need to be the same as the planning for other disasters and business disruptions.

For SMBs, leveraging cloud solutions will remain the most cost-effective business continuity option.  Moving systems and applications into cloud services increases security, adds redundancy, provides geographic diversity, and provides better remote access than on-premise systems.  SMBs are at greatest risk from local or regional issues. Managed cloud services … even if only a “lift and shift” of existing servers and applications … will be accepted as a cost-effective way to improve cyber security processes, security and resiliency.

Final Thoughts on Change Management in Cyber Security

We expect small and midsize businesses will need to expand and change their cyber security footprint and processes. They will need to improve resiliency.  Appropriate solutions such as cyber insurance and breach response are available and are affordable.  Businesses can meet their security, resiliency, continuity, and operational needs effectively and affordably. The inherit advantages of cloud services and solutions make this possible.

To evaluate your requirements and readiness for better security and resilience against cyber attacks and other business disruptions, contact us for a consultation, or book some time with a Cloud Advisor.  The consultation is free and without obligation.


4 Pillars of Cloud Security: The Most Important Strategies to Know

/in

Learn about the four pillars of cloud security that can help you reduce risk, increase agility, and run more efficiently: (C/I/A), external threat protection, data loss protection, and compliance.

While Cyber Security month comes and goes, the four pillars of cloud security remain integral to long term business success.  In what seems like a never-ending process, we continue to face new and advancing cyber security threats to the integrity of our data, identities, and businesses.  For those of use with small and midsize businesses, we need to ensure our systems and information are secure. At the same time, we want to keep our IT systems simple and manage our budgets.

Four Strategies for Cloud Security

To strike the right balance, we need to assess our current security foundation, identify gaps, and fill in services where needed. Doing so creates a security foundation that covers your basic needs.  From there, with the four pillars of cloud security in place, you can add services and build the security footprint you need to meet industry expectations and regulatory requirements.

A sound cloud security foundation is built on four pillars of cloud security.

1. Basic C/I/A

Ensure the confidentiality, integrity, and availability (C/I/A) of information you create, receive, maintain, or transmit.

This first pillar of cloud security establishes your basic security infrastructure that protects against attacks and prevents breaches across your IT systems.  It also creates your ability to respond to issues and recover, key to ensuring business continuity and resilience.

2. External Threat Protection

Identify and protect against reasonably anticipated threats.

This pillar of cloud security focuses on the attacks and threats from outside your business. From phishing, ransomware, and business email compromise, to DNS and advanced persistent threats, the focus is on protecting your data, applications, systems,  and people from harm.

3. Data Loss Protection

Identify and protect against reasonably anticipated uses and disclosures.

Data breaches and data loss result from configuration issues, application errors, and individual actions. Permission errors, inappropriate sharing, and other actions are often accidental, resulting from a lack of understanding of policies and/or how systems work. They can, however, result from intentional acts of misconduct. Proper data protection and security solutions will help protect against these internal risks and threats.

4. Compliance

Ensure workforce and business compliance.

Nearly all businesses must meet basic legal requirements to protect sensitive information. Most businesses must also adhere to industry and additional legal requirements.  This cornerstone encompasses the policies and procedures that ensure your team, and your business meet your compliance requirements. IT also includes the tools and methods to enforce policies and report on compliance.

Tactics for Implementing the Four Pillars of Cloud Security

To ensure your cornerstones are set and your cloud security foundation is place, conduct a security footprint assessment.  For each pillar of cloud security, identity the services you have in place and those that may be needed. The assessment should cover the “CPRs” of security:

  • Communication/Education
  • Protect / Prevent
  • Respond / Recover

For more information about our Security CPR® managed security services, send us an email or complete our contact form.

Data Breaches are Still a Thing

/in

As we speak with small and midsize business executives, we sometimes hear that cyber attacks and the risk of data breaches are no longer seen as a threat serious enough to warrant attention and spending.  We understand this hesitancy. Even with the level of media visibility, the prevalence of security solutions and a weariness of the constant focus on security can lead to the conclusion that we can let our guard down.

The reality, however, is that the rate of cyber attacks jumped about 600% in 2020.  More businesses are getting attacked and more attacks are successful.

A List of Breaches

For perspective, in the last 4 weeks, the cyber security experts at ID Agent have published data on these major breaches. Many are likely to be familiar to you or represent a major government entity.

  • Metropolitan Police Department of the District of Columbia
  • Pennsylvania Department of Health
  • The Resort Municipality of Whistler
  • CNA Financial
  • OfficeDepot
  • Personal Touch Holding Corp
  • Facebook
  • Hobby Lobby
  • Illinois Office of the Attorney General
  • Wyoming Department of Health
  • Eversource Energy
  • California State Controller
  • LinkedIn
  • The New York Foundling
  • University of Maryland Baltimore
  • CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC)

The Case for Concern

The list, above, is only a sample and only represents larger breaches.  Cyber attacks hit small and midsize businesses on a daily basis. Even so, we often view protection and recovery services as insurance.  We do not want to pay for coverage; we hope we never need to use it; and we do not see the value until we are a victim.

A Model for Success

Cyber security differs from insurance. We can reduce the risk of successful attacks with foresight, planning, and protections. Our Security CPR® Managed Security model and services balance awareness, prevention, and response.

Communicate and Educate

Involve everybody in the solution. Communicate the risks and your commitment to protecting the business and your employees. Educate your team on the risks, how to spot and report attacks, and how their behavior can prevent or help an attack.

Protect and Prevent

Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Use “next gen” solutions that analyze behaviors and that can learn as risks evolve.

Respond and Recovery

No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, we recommend that you put in place the forensics, legal, public relations, and customer service resources you will need in a cyber attack emergency.

Want to learn more?  Want to assess your cyber security protections and risks? We can help.  Email us or complete our contact form to schedule a complimentary meeting with one of our Cloud Advisors.

 

The Cost of Downtime Explained in 7 Ways

/in

A recent survey found that 40% of small and midsize businesses (SMBs) experiences 8 or more hours of downtime due to a severe security breach within the past year. According to the National Cyber Security Alliance, 60% of SMBs who experience a significant data breach go out of business within six months. The highest cost of an unplanned outage is more than $17,000 per minute. The average cost per minute of an unplanned outage is nearly $9,000 per incident. These statistics are sobering. For many SMBs, however, the risks still feel foreign and not something that warrants action. To protect your business requires some knowledge and good advice, intent, action, small investments.

It is easier to rely on myths such as, “We are not a target for cyber attackers”, “We can run on pen and paper until we recover”, and “Our customers will understand” than it is to assess your risks and take action. Nevertheless, the risks are real and the number of SMBs hurt by downtime continues to rise.

The cost of downtime can vary depending on the size of the organization, the industry, and the nature of the downtime. Downtime can be caused by various factors such as power outages, network failures, software issues, or hardware failures. In today’s world, it’s essential to streamline security if you’re a SMB, and understand the consequences downtime can have on your business.

Here are seven ways downtime can damage your business:

1. Monetary Cost

Downtime leads to lost sales and lost productivity impacting top-line revenue and your bottom line. These costs hit your pocket in addition to the cost of recovery and returning to normal operations. If you need to calculate the average cost of downtime, our specialists can help.

2. Customer Trust

When you are unable to serve your customers, they lose faith in your business. While downtime for natural disasters is understandable, today’s customers have little tolerance for disruptions due to cyber attacks and breaches. Lost trust means lost customers.

3. Brand Damage

Your brand identity and reputation drives customer loyalty and growth. Service disruptions from technology failures or breaches sends a message that your business may be poorly managed and is unreliable. These messages lead to loss of goodwill and create negative impressions of your business in the minds of your customers.

4. Employee Morale 

Disasters due to data loss or breaches means employees need to perform double duties. Employees spend time on recovery while working to keep the business operational. It often requires additional work hours. Recovery can be stressful and demoralizing.

5. Business Value 

Businesses that suffer data breaches and service disruptions are perceived as poorly managed. With the potential financial liability, public companies can see stock prices fall. All companies can suffer a loss of business value.

6. Legal Action

Downtime creates the risk of legal action. This is particularly true for downtime that is perceived as preventable. System failures, data loss, security breaches, and other incidents can put your business in breach of contract. You may also be in violation of state and federal regulations, making proper data protection and security vital.

7. Compliance Fines & Penalties 

As information privacy and security regulations expand, data loss and breaches create the real potential for fines and penalties related to regulatory compliance, privacy, and data retention requirements.

These risks carry the potential for lasting damage. Whether by increased financial burdens or winning back customers, the impact of downtime extends well beyond getting yourself up and running again.

Is your business worth protecting?

Protecting your business will not break the bank. We offer practical, affordable cloud infrastructure solutions that help you and your team understand the risks, prevent problems from happening, and continue operating in the event something bad does happen.

If your business is worth protecting, contact us for a complimentary Cloud Advisor session to discuss how we can improve your business’ resiliency.

 

Cyber Protection: Time for New Best Practices to Safeguard Your Business in the Digital Age

/in

Cyber ProtectionAccording to a recent survey* of IT service providers, ransomware attack downtime costs 23 times more than requested ransom. The average ransom for small and midsize businesses (SMBs) victims jumped 37% to $5,900 from 2018 to 2019.  And lastly, the average cost of ransomware downtime jumped from $46,800 to $141,000, an increase of more than 200%. This underscored the importance of having cyber protection protocols in place in an increasingly digital age.

To add to your cyber security concerns, SMBs fall victim to cyber crime and ransomware attacks even when they have traditional antivirus, email/spam, ad/pop-up blockers, and endpoint protection in place.  67% of IT service providers report their SMB customers fall victim to phishing emails; 30% report that most customers still rely on weak passwords and access management.

The Need for a New Approach to Cyber Protection

Traditional cyber security solutions are no match for many cyber attackers. We need a new modernized approach to ransomware, with business continuity at the core.

Using business continuity as a guiding principle drives new best practices for preventing and responding to cyber security attacks. With a business continuity mindset, you focus on what is needed to keep the business running, and how quickly you can “return to operations”.  When we discuss business continuity, we understand that we need to take steps to prevent disruption, mitigate the scope of potential disruptions, respond effectively when disruptions happen, and have the systems and processes in place to recover quickly.

For over a year, we have promoted and refined our Security CPR® managed security services and model to help ensure appropriate data protection and security.

Implementing Security CPR® Managed Security Services Can Help Combat Cyber Threats

Communicate and Educate: Involve everybody in the solution by educating your team on the risks, how to spot and report fraudulent content, and how their behavior can prevent or help an attack.

Protect and Prevent: Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Our data, our businesses, no longer sit comfortably hidden in a computer room behind a firewall.

Respond and Recover: No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, put in place the forensics, legal, public relations, and customer service resources you will likely need in a cyber attack emergency.

Here are 10 Actions you can initiate today to improve your cyber protection:

  1. Ensure your computing environment is protected across multiple attack vectors: Identity, Endpoints, User Data, Cloud Apps, and Infrastructure.
  2. Deploy multi-factor authentication, advanced threat protection, next-gen endpoint protection, and DNS/web protection across your ecosystem for a comprehensive baseline or protection.
  3. Encrypt your data at rest and in transit.
  4. Educate your team on the risk and how their actions can impact the business.
  5. Actively manage your cloud and “as-a-Service” subscriptions, standardize on-boarding and off-boarding of staff and contractors based on role, application needs, and appropriate access to data.
  6. Understand how your team uses your business and unauthorized (“shadow IT”) applications and services.  Reign in shadow IT by ensuring your business systems provide staff with the necessary capabilities.
  7. Test your staff’s behavior related to cyber attacks and follow up with additional coaching and guidance. Discipline and, if needed, terminate those who are unwilling or unable to adapt to the current realities of behavior and risk.
  8. Upgrade from data backup/recovery to a business continuity solution that will get you up and running in minutes or hours, instead of days, should an attack get past your defenses.
  9. Arrange in advance for the legal, forensic, PR, communications, and customer service resources you need to respond to an attack with a potential or actual data breach.  Prepaid breach response services give you nearly instant access, reducing your risks and liability while bundling in baseline cyber insurance coverage.
  10. Get cyber insurance, either a baseline policy bundled with Breach Response services and/or a fully underwritten policy from your business insurance provider.

Please contact us for more information about your cyber protection, available assessments, and solutions. We are happy to schedule a free, no obligation Cloud Advisor Session.

* Global State of the Channel Ransomware Report. Datto, Inc. Oct. 2019.

 

Webcasts

Cloud Cover: Strategies for Small Businesses

/in ,

(04/18/2023) – As small businesses, we can do more with the cloud then Microsoft 365 and Google Workspace. But if we want to take advantage of the benefits of managed cloud services, we need better cloud strategies.

Read more

Cyber Security: 3 Questions and Shared Responsibility

/in ,

(03/21/2023) – The cloud’s Shared Responsibility Model places most of the security and data protection burden on you. Our webcast explores 3 key questions and the shared responsibility model to help you plan, deploy, and manage effective, and cost-effective, security..

Read more

Hybrid IT for SMBs

/in ,

(02/21/2023) – A sound Hybrid IT strategy creates better collaboration, cost efficiencies, security, and resiliency. Review your hybrid business strategy and supporting IT services. Address your business, technology, security, and cost challenges.

Read more

Security CPR®

/in ,

(01/24/2022) – Cybersecurity requires policies, procedures, supporting technologies, and a culture of awareness. This webcast is a deep dive into our Security CPR® model for preventing and surviving cyber attacks.

Read more

Email Security and Reliability

/in

(8/17/2021) – A deep dive look at email security and reliability, with a focus on how DMARC prevents business email compromises, spoofing, and phishing attacks. In addition to protecting you from inbound attacks, DMARC protects your domain’s reputation and helps ensure reliable email deliverability.

Read more

Email Security and Compliance

/in

(7/20/2021) – An updated look at email security and compliance. Summarizing risks and trends, we dive into a tiered approach to ensuring your business, data, employees, and reputation are protected.  We also discuss emerging compliance requirements and steps you can take to ensure you operate within regulatory, industry, and policy expectations.

Read more

Small Business Guide to Cyber Threats, Security, and Response

/in

(6/15/2021) – A practical guide to cyber threats and security. We will share data that quantifies the most prevalent types of risks and will outline practical, reasonable, and affordable steps you can take to both protect your business and, should an attack succeed, respond and recover.

Read more