Posts

Gemini, Copilot, or ChatGPT? What You Want to Know

/in , ,

Earlier this month, we surveyed our clients about the AI services they use regularly. The results show that a majority of respondents prioritize the AI services included within their existing productivity suites.

Of more than 50 respondents:

  • 57% use Gemini for Google Workspace (including the Gemini App, Gems, and NotebookLM)
  • 55% use Microsoft Copilot
  • 51% use stand-alone AI services, such as ChatGPT, Claude, and/or Grok
  • 12% use Gemini Enterprise

While stand-alone service adoption is slightly lower, many companies officially use more than one solution:

  • 33% use Gemini AI and at least one stand-alone service.
  • 33% use Microsoft Copilot and at least one stand-alone service.

As you evaluate your AI needs, consider these strategic factors:

Secure Your Baseline

Maintain control and security over your data before you begin your AI journey. You need to ensure that individuals using AI cannot access information beyond their specific responsibilities. Additionally, you also want to confirm that your data is not used to train or populate learning models beyond your internal systems.

This data governance is critical for maintaining compliance with regulatory, industry, and contractual requirements for data protection.

Understanding how each AI tool or service integrates with your identity, access, and security services helps you select solutions that will protect your business.

Start Simple

Before diving into multiple new solutions, explore and take advantage of the AI services embedded in your current IT systems and applications.

Microsoft Copilot and Gemini for Google Workspace each offer a robust suite of services. You may not need to make additional investments in other tools. Additionally, both platforms integrate directly with your email, documents, spreadsheets, and meetings, as well as other applications within your suite.

Leveraging these services lets you avoid the cost and complexity of third party integrations. For example, both Gemini and Copilot provide excellent transcription and note-taking services for Google Meet and Microsoft Teams meetings, respectively.

Dive DeepConnect with a Cloud Advisor

Before adding third party AI services and tools, make sure to explore and pilot the capabilities already at your fingertips.

For instance, Gemini AI for Google Workspace includes:

  • The Gemini App (gemini.google.com): Provides prompt response using public information and secure access to your content in Google Workspace. It also supports advanced image creation and manipulation, Deep Research tools, and short video creation.
  • Gems: Customized Gen AI chat agents with defined personas and objectives
  • Scheduled Actions: Automation for repetitive AI actions
  • NotebookLM: creates private, secure learning models using your data and select public information.

Define Use Cases

As part of your exploration, identify use cases where AI integration provides tangible benefits.

For each use case, define the opportunity, workflows, process changes, and desired outcomes.

These use cases provide you with a framework to test AI services and solutions, and they will help you identify the individuals and teams that will be impacted by AI adoption. These people will require training and should participate in your AI pilot projects.

Be Selective

If you cannot address use cases with your integrated and embedded AI services, focus your search on AI tools and services appropriate for your use cases.

Before selecting a tool, vet its ability to integrate with your existing applications, systems, and security. Keep in mind that every additional application introduces administrative overhead and security constraints.

Balance the added effort and costs against the potential outcomes to ensure that the tool delivers true value to your business.

Help is Here

Visit our AI Landing Zone for a range of resources to help you plan, manage, and secure your AI services.

Our Cloud Advisors can also provide the guidance and assistance you need to plan and execute your AI strategy. Send us an email or book a brief introductory call. We are here to help.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with productive, security, and secure managed cloud services. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped hundreds of organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience and effective change management.

Cybersecurity Fatigue: Is Your Business at Risk?

/in , ,

Security fatigue is real. You’ve felt it, and so have we. Cyber criminals know this, and they are waiting to capitalize on it. When we let security fatigue guide our decisions and allow our guard to drop, we become much more likely to fall victim to a cyberattack.

Over the past few weeks, we have assisted multiple companies that fell victim to such attacks. These events reflect a recent surge in cyberattacks, serving as a harsh reminder that we must remain vigilant.

Common Elements

Each of these recent cases shared three common elements:

  1. An employee clicked on a malicious link and shared account information.
  2. The company opted not to deploy recommended security measures.
  3. Neither the business or IT leaders had a plan for how to respond to an emergency.

These elements demonstrate critical failures at every phase of a cybersecurity event.

Prior to The Event

Even as small businesses, we are more vulnerable to cyberattacks than we may expect. A basic suite of cybersecurity services is no longer optional, it is essential for defending and protecting against attacks.

In each of the cases we recently handled, simple and effective baseline tools were not in place. Decisions made to avoid the incremental cost of added protections left these businesses exposed.

Consequently, each company is now paying a much larger price, ranging from several days of downtime and lost productivity to potential fines and litigation.Connect with a Cloud Advisor

The Event

Human action triggered all three of these recent events. While it is easy to claim that the individuals involved should have known better, the reality is that even knowledgeable people succumb to these tricks when they are tired or distracted.

How many times have you replied to or acted on an email that you skimmed or quickly read without focusing on the content? We are all busy, and an email often feels like just another task to check off.

When you combine a false sense of security with a momentary lack of attention, it is very easy to click the wrong link, enter credentials into a fake site, or share private information.

Technology is vital for protection, but your people must also understand the risks. They should be able to identify suspect interactions and know exactly what to do when faced with a suspicious email, text, call, or web page.

After The Event

In every recent event we have handled, the business and IT leaders were unsure how to proceed. Given the urgency and stress of the moment, none of them referred to an existing Information Security Plan because they did not have an incident response checklist or strategy in place.

We tend to focus on recovery, such as getting systems back online and restoring data. While this is an urgent and tangible response, it is only one part of the equation.

Your cyber insurance carrier may need to verify your security measures, conduct a forensics analysis, or direct your recovery efforts. You likely have legal, industry, or contractual reporting requirements, and you may even need law enforcement to investigate.

Response and recovery from a cyberattack requires having the technology in place to get your systems, apps, and data back in operation as well as having resources in place to get you through the legal, regulatory, contractual, marketing, and customer relationship challenges you will face.

How We Help: Security CPR

Your security profile should match your business. The nature of your company, its size, your industry and markets, and your locations should all dictate your security requirements. Your leadership team should guide your security strategy and spending.

Our Security CPRⓇ model and services provide the framework for creating the right security profile for your business:

  • Communicate and Educate: Ensure you and your team are knowledgeable, aware, and prepared, and that you have appropriate policies and procedures in place.
  • Prevent and Protect: Implement the right mix of security solutions to stop cyberattacks and defend against active threats.
  • Recover and Respond: Build the necessary services for business continuity, resilience, and a quick return to operations, including resources to assist with the insurance, regulatory, legal, and communication aspects of a response to an incident.
About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.

Prevent AI Data Leaks with the Right Tools

/in , ,

As leaders of small and midsize organizations, we need to operate efficiently and effectively within a range of security constraints. Laws, regulations, industry standards, and contractual obligations set expectations and, in most cases, impose requirements on how we manage and run our business and IT. Now, artificial intelligence (AI) adds a new layer of security challenges.

AI is most effective when it has access to a broad range of relevant information. However, that access must be carefully limited to authorized users, creating a delicate balancing act.

AI data leaks occur when AI tools and systems expose information to unauthorized users or share it inappropriately. These leaks can happen internally or externally, and may be accidental or intentional.

Preventing AI data leaks requires actively governing permissions and access, along with choosing AI tools that align with your security and privacy requirements.

Setup AI Data Governance

The days of “set and forget” permissions are over. At the macro level, AI data governance requires actively managing access controls and permissions settings.

Begin by reviewing and auditing your current access controls and permissions settings. It is common for users to rely on default sharing settings or to adjust permissions for convenience, often extending access inappropriately. While people may not actively search for and find private information, AI will.

Running an audit tool and resetting permissions can help close these gaps and provide a fresh starting point. Once permissions are properly configured, advanced security tools enable ongoing monitoring to identify new threats as they emerge. These tools can notify users and administrators of potential issues and modify permission changes to reduce risk.

Pick Secure AI Tools

With data access controls and permissions properly secured, the next step is ensuring that the AI tools and systems you use do not put your data at risk.

When selecting AI tools, look for the following attributes:Connect with a Cloud Advisor

1. Adheres to Security Standards

Include security as a critical criteria when selecting your AI tools and systems. Verify that the AI tools you pick adhere to industry and regulatory security standards.

2. Does NOT Train Models Without Permission

Never use an AI tool that trains their models without your permission. These tools effectively absorb anything you input and incorporate it into their models, potentially exposing your data to other users.

3. Does NOT Allow Human Data Review Outside Your Domain

Avoid AI tools and systems that allow humans outside of your organization to see or use data you have entered into the system. Even if these systems are not using your data to train their models, if others can see it, then it is not secure.

4. Does NOT Sell or Use Data for Other Purposes

Choose AI tools and systems that do not sell or use your data for purposes beyond providing the service. Outside of training, some AI tools mine data for sale to others for research, marketing, and other purposes.

The general rule of thumb is: If you pay, your data is private. If the tool is free, so is your data.

However, some paid AI tools still include terms and conditions that allow data collection and usage. Before moving forward with any AI tool or system, always check the fine print.

How We Help

Schedule an intro meeting with one of our Cloud Advisors. Our team can discuss how you can assess your risk, create effective policies, and select tools that deliver productive, secure, and affordable AI solutions. The meeting is free and without obligation.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with productive, security, and secure managed cloud services. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped hundreds of organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience and effective change management.

Ensure Your Team is Working from Home Safely

/in

(Published 4/21/20)

The rush to get your employees setup and working from home is over; now is the time to take a step back and make sure your team is working effectively and that you are protecting your data and that of your customers.

Here is a simple checklist:

Give Employees Business Software

If you have MS Office licensed through an Office 365 subscription, you have the ability to install each user’s license on multiple computers and devices. Use this licensing to make sure your team does not run into version compatibility issues.  If you have an Office 365 subscription, you can also ensure employees are logged into your domain/tenant and files are automatically backed up to OneDrive or SharePoint file systems.

Give Employees Endpoint Protection

If employees are using home computers for work, the non-work activity on that machine poses a malware and ransomware risk to your business.  Even if your employee has a consumer antivirus tool in place, you should layer next-gen, advanced threat protection.  Solutions like Webroot are designed to coexist with local protections. The solution also gives you control over the security footprint of machines accessing your systems and data.

Give Employees Web Filtering / DNS Protection

Between 20% and 35% of malware attacks originate from infected websites and DNS attacks.  Adding web filtering/DNS protection allows your employees and their families to safely surf without putting your business at risk.

Properly Configure Desktop File Sync Utilities

Whether using Office 365 or G Suite, enabling a desktop sync tool gives your employees seamless access to your cloud-based files. Rather than syncing, configure the agent to serve as a mapping tool. Files cache locally while in use for performance; data remains securely in your cloud; users have easy and familiar access.

Put a Policy in Place

Make sure you have an appropriate policy in place, to protect your employees and your business. We are sharing a simple draft policy you can use and adapt to your needs.

Celebrate Data Privacy Day with a Free Workshop

/in

Privacy RefYou may or may not know that International Data Privacy Day is January 28.  To celebrate, our strategic partner, Privacy Ref, is offering a free 2 hour workshop on Privacy Program Fundamentals.

Join us on January 25, 2017 from 1:00 to 3:00 PM EST for this valuable session.

Topics to be covered include:

  • Defining privacy
  • Foundational privacy concepts
  • Components of a privacy program
  • Privacy frameworks
  • Managing privacy risk
  • Metrics for privacy
  • Training & awareness activities

Please click here to register!

Interested in ensuring your business is protected?  Explore our Privacy Solutions, including our Privacy Assessment and Planning and our Privacy Training services.

 

4 Lessons from the Q4 Data Breach Review

/in

Last week, our strategic partner Privacy Ref held their quarterly review of recent data breaches.  In his presentation, Ben Siegel, CIPM, identified 4 lessons learned from recent data breaches, including: Google Android; Hillary Tentler, CPA; Folsom State Prison; and the Internal Revenue Service.

#1: Unauthorized Mobile Apps Create Risk

Issue: Users can download apps from sites other than the Google Play store. These apps are not “vetted” and gain access to tokens used to control users’ accounts.

Lesson: As the threat is outside of Google’s control, you need to put systems in place to prevent unauthorized apps from access your company’s data via mobile devices.

#2: Local Data is At Risk, Too

Issue: In the burglary of an accountant’s home, three hard drives were stolen and only one was recovered during the arrest.

Lesson: Physical devices, when stolen, can result in a serious data breach; While moving 100% cloud is more secure, it may not be a practical option for your business yet. You should ensure any local data is encrypted and subject to regular backup.

#3: Internal Breaches are Still a Breach

Issue: A file including names, social security numbers, and other sensitive data was saved to a shared location accessible to anybody in the organization.

Lesson: You can protect yourself from internal breaches with solutions that use defined business rules to automatically enforce permission restrictions based on the content of your files.

#4: It is Too Easy to Email Protected Information

Issue: Employees were sending emails with personally identifiable information (PII) clearly visible, in violation of regulatory requirements.

Lesson: You should not rely on people to do the right thing all of the time — mistakes happen and can be damaging and costly. System exist that scan and encrypt emails automatically if they contain sensitive or protected information.

Do you need a privacy assessment or a privacy plan review? Are you ready to better protect your data — on premise and/or in the cloud?

Contact us to discuss your needs.

 

Third Party Apps: The Overlooked Data Risk

/in ,

risks of third-party apps It is easy to overlook the risks of third-party apps. You see a cool app and install it on your phone. You see the prompt asking you for permissions. It is not clear what the app wants to access or why, but you want the app. You click “Grant” or “Allow” and away you go. Some third party now has access to your contacts, you schedule, and maybe even your files. Whether mobile apps, browser extensions, or freemium apps, your user community is installing apps and tools and granting access to your data. And while most apps are harmless and well-behaved, one rogue app can be a disaster.

The Hidden Dangers of Third-Party Apps

Not every app, and not every app provider, is trustworthy.  And since most apps need access to some of your data in order to function, permissions should not be granted without some forethought. Preventing individual users from installing apps and granting permissions, however, is nearly impossible. Most small and midsize organizations have neither the money or resources to micromanage browsers and mobile devices — especially in our BYOD world.

Using third-party apps can come with certain risks, and it’s important to be aware of them before installing and using such applications. Here are some common risks associated with third-party apps:

  1. Security and Malware: Third-party apps may pose security risks as they are not subject to the same level of scrutiny and oversight as apps available on official app stores. Some third-party apps may contain malware, spyware, or other malicious code that can compromise your device’s security and steal personal information.
  2. Data Privacy: Third-party apps may collect and misuse your personal data without your knowledge or consent. These apps may access sensitive information stored on your device, track your online activities, or share your data with third parties for targeted advertising or other purposes. This makes a good case for implementing proper data protection and security measures.
  3. Compatibility and Reliability: Third-party apps may not be as reliable or compatible with your device as apps provided by trusted sources. They may crash frequently, have compatibility issues with your operating system or other apps, or cause other technical problems.
  4. Lack of Updates and Support: Third-party apps may not receive regular updates or support from developers. This can lead to compatibility issues with new operating system versions or security vulnerabilities that go unpatched, leaving your device exposed to potential threats due to outdated technology.
  5. Inadequate User Reviews and Ratings: Unlike official app stores that have stricter review processes, third-party app sources often lack reliable user reviews and ratings. This makes it challenging to assess the quality, safety, and overall user experience of these apps.
  6. Legal and Copyright Issues: Some third-party apps may infringe upon intellectual property rights, such as copyrighted content or trademarks. Installing and using such apps could potentially lead to legal repercussions.

To minimize the risks associated with third-party apps, consider the following precautions

The Best Ways to Safeguard Your Device and Data from Third-Party Risks

Fortunately, for those of us running Google Apps and other cloud services, we have affordable solutions for monitoring and managing third party app access to your data.

Our Recommendation to Shield Your Device from Potential Harm

If you are running Google Apps, we generally recommend BetterCloud Enterprise as our preferred solution for several reasons:

  • The Domain Health and Insight Center provides you with activity reports, alerts, and advanced reporting
  • Bettercloud includes a robust suite of Google Apps admin tools that are not available in the Google Apps Admin Console, including bulk actions, dynamic groups, and a user deprovisioning wizard
  • BetterCloud monitors and lets you manage third party app access to any data within Google Apps, and provides a trust rating to help you determine which applications pose a risk
  • BetterCloud monitors activity in Drive against business rules to ensure compliance with data privacy policies and regulations. BetterCloud will proactively modify permissions and send alerts to prevent accidental or intentional violations.

Additional Ways to Guard Against the Pitfalls of Third-Party Apps

  • Only download apps from trusted sources, such as official app stores or reputable websites.
  • Read reviews and ratings from other users before installing an app.
  • Check the permissions requested by the app and ensure they are necessary for its functionality.
  • Keep your device’s operating system and security software up to date.
  • Use reputable antivirus software to scan apps before installation.
  • Be cautious when granting excessive permissions or sharing sensitive information with apps.
  • Regularly review and remove any unused or suspicious apps from your device.

How Cumulus Can Help Protect You From Third-Party App Risks

While there is a minimum fee for BetterCloud Enterprise, you can try BetterCloud for free for up to 30 days.  If you like what you see, we will waive the setup fees.  If not, you can keep running the Domain Health and Insight Center for free.

 

A Better Cloud Admin Solution

/in ,

BetterCloud Logo
With over 200 new features add yearly, the capability of Google Apps is growing in features and capabilities. Across our customer base, we see adoption and use of these features by individuals and teams growing as well.

You want and need to understand how Google Apps is being used, and working, for your business. With more collaboration and data in the cloud, you want to ensure that documents are properly shared, with appropriate privacy and protections. At the same time, we want to keep administration simple and efficient.

We have a solution:

BetterCloud recently release a new tiered service designed to solve each of these issues, and you can try it for free.

BetterCloud Basic is a Domain Health Center for your Google Apps domain, letting you monitor activity, define alerts, and analyze usage.

BetterCloud Pro is a robust suite of administration and management tools for Google Apps that simply admin tasks with an expanded set of controls that save you time and effort.

BetterCloud Enterprise adds auditing, discovery, compliance, and data loss prevention features, giving you the ability to monitor, manage, and mitigate data permissions and exposures in real time.

 

You can try BetterCloud for free, and without obligation.  Here’s our offer:

We will …

  • Install BetterCloud Basic for free in your Google Apps domain
  • Activate a no-obligation, 30 day trial of the BetterCloud Enterprise and Pro Features
  • Over the course of the free trial, we will highlight and demonstrate key features, including running a basic data security audit report for your review

At the end of the the trial, you decide if the cost/benefit of BetterCloud Pro or Enterprise is appropriate for your domain, and we will keep you subscribed. If not, you can keep using BetterCloud Basic for free.

To keep it simple, you can request the trial with two clicks.  Click here* to open a request email, then click Send.  Our team will promptly respond and activate your free trial.

*If you purchased Google Apps directly from Google, or another partner, we can still provide the trial. We also offer license discounts and other incentives for moving your account over to us. Contact us if you are interested in the savings and/or our services.