Posts

Cybersecurity in the White Space

/in

Cybersecurity White Space

A recent online post pointed out that the white space in the FedEx logo, between the “E” and “x”, creates an arrow. 

FedEx Logo

Once you see the arrow, you cannot miss it. You will see it every time you look at the logo.

The subtle, almost subliminal, arrow symbolizes a sense of forward motion and subconsciously reinforces the FedEx brand message of on-time delivery.

The power of the logo is not just the name, it is in the symbolism. The same is true for your cybersecurity.

The power of your cybersecurity is not just in the overt actions, success is in the white space.

Focus

Our cybersecurity efforts often focus on the concrete measures we can take to protect ourselves and prevent attacks. We deploy hardware, install software, and configure settings to both passively and actively protect our systems, data, and people. These actions are tangible and visible. 

Cybersecurity White Space

Equally important, if not more so, are the less visible cybersecurity efforts– your cybersecurity white space. Ask yourself these questions:

  • Is cybersecurity awareness a deliberate part of your culture?
    • Do you educate your team on their role in cybersecurity?
    • Do employees and contractors understand which behaviors help security and which can harm it?
    • Does your team understand how to recognize, report, and respond to security risks and attacks?
  • Do you have policies and procedures in place that set expectations for maintaining appropriate cybersecurity?
    • Do these policies and procedures include guidance and limits on human behaviors and actions that can pose or elevate risks?
    • Do you have consequences for negligent or deliberate non-compliance?
  • Do you understand the risks should a cyber attacker gain access to your systems?
    • Do you understand the protections you need in place to limit attacker access to identities and sensitive information?
    • Can you isolate attacks and prevent them from spreading across your environment?
  • Do you have plans in place to not only restore damaged or lost data, but to recover your business from a successful cyber attack?
    • Do you have cyber insurance?
    • Do you have clear action plans for how your business will respond to a successful cyber attack?
    • Will you be able to run your business while you recover your systems and data (and/or while computers are held as evidence)?
    • Do you have plans and resources in place to:
      • Comply with state and regulatory reporting requirements?
      • Communicate effectively with customers, vendors, and partners?
      • Manage your legal and financial liability?

Model for Success

Successful cybersecurity includes the visible and the white space. Our Security CPR model and managed security services include all three best-practice pillars:

  • Communication and education
    • Security awareness focused on human behaviors, risk recognition, and responding to suspicious acts.
    • Policies and procedures that guide and protect your business in line with compliance requirements.
  • Prevention and protection
    • Expertise, tools, and services to prevent cyberattacks and protect your business, data, and team.
    • Compliance assessment and management services to benchmark and certify to appropriate industry and regulatory standards.
  • Recovery and response
    • Business continuity services to keep your business running during forensic investigations and data/system recovery and restoration efforts.
    • Data restoration and disaster recovery plans and resources to return your business to normal operations as quickly and effectively as possible.
    • Cyber insurance brokerage partnerships to ensure your business is properly covered within your budget.

Call to Action

If you have not done so recently, now is a great time to step back and assess your IT services and solutions. Our Cloud Advisors are ready to help and assist with any questions or concerns. Start with a complimentary Rapid Security Assessment, contact us, or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Improve Your IT Atmosphere

/in

AtmosphereFor those of us who have played video games over the years, even though we are not hard-core gamers, the experience has changed. The technology has certainly advanced over time. More importantly, the user experience – the IT atmosphere – has improved.

Back in the day, video game sound provided basic contextual clues to guide your gameplay. Listen to a few seconds of the Atari Combat game soundtrack from 1977. With only 8 bits to work with, and speakers that could only play one note at a time, the beeps and buzzes react to player actions and provide a basic context for the game. 

Now listen to a minute of the Gusty Garden Galaxy Theme from Super Mario Galaxy from 2007. Even without seeing the game in action, you can hear and feel the motion of the game. The more than 80-piece orchestra does more than reflect player actions, it creates an atmosphere and sets a mood.

IT Atmosphere

The same evolution is true for your IT services. Historically, your IT services were there to help you complete tasks – send messages, write documents, and create spreadsheets. Today, your IT services should create a rich atmosphere that empowers your team and enables your business

From simple tools to feature-rich, integrated productivity suites, you and your team have access to features that save time and effort, foster collaboration, and save money.

And yet studies show that, on average, small businesses underutilize the tools they have. Studies show, for example, that small businesses only use 15% of their Microsoft 365 services. Oftentimes, lack of awareness (or education) results in adding other services and tools that duplicate existing features and capabilities.

Making Improvements

Creating an effective IT atmosphere involves more than having tools and services in place. An effective atmosphere is an environment that fosters communication, collaboration, and productivity for individuals and teams.

Know What You Have

Catalog the IT services and capabilities you have in place. Understand how your team is using the services and identify underutilized features and functions. Identify those that could be beneficial. 

Eliminate Duplicity

Remove duplicate and overlapping services from your environment. Ensure your team is using the same tools and resources. Create commonality and encourage sharing of best practices.

Educate, Train, and Support Your Team

Ensure your team is aware and understands how to take full advantage of the capabilities within their current workflows or as part of improved workflows. Guide team learning to align with their roles and responsibilities; keep it timely, relevant, and in digestible chunks. 

Manage Your Shadow IT

Shadow IT, the individual use of non-sanctioned tools, can trigger significant problems for your business. Beyond security and information privacy risks, shadow IT isolates information and people. Listen to why your team is using tools and work to ensure that those capabilities are within your ecosystem. Remove objections to using company systems while enforcing your policies.

Call to Action:

If you have not done so recently, now is a great time to step back and assess your IT services and solutions. Our Cloud Advisors are ready to help and assist with any questions or concerns. Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Pragmatic Security: Balancing Security Measures for Small Businesses

/in

Security vs UsabilityWhile on vacation recently, I did something that I did not think has been possible since July 1970. I boarded a commercial airline flight without having to go through security. No ID check. No metal detectors. The gate agent scanned the barcode on my ticket and I walked on board. The experience was, at first, confusing as I went from curb to gate with no security checks. I asked the gate agent why there was no security check; the answer was pragmatic security.

Pragmatic Security in Action

Airport security intends to prevent hijackings. I was traveling in New Zealand, which you know is an island country.  The nearest country, Australia, is at least a 3½  hour flight by jet. My plane was a dual engine turboprop with about 70 seats with and a range of 930 miles. It is impossible for the plane to leave the country.

Hijacking a regional flight in New Zealand is pointless, as you cannot escape the country. The security risk is miniscule.

In New Zealand, flights on regional planes do not have (or need) security checks. To board a jet, however, you will board at a “jet gate” having passed through all of the common security and ID checks.

Pragmatic Security for Your Small Business

The concept of pragmatic security also applies to IT and cybersecurity. Not every business needs every security measure. We can, and should, scale our IT and cyber security to meet our needs and priorities.

That said, the baseline has changed. In New Zealand, the baseline security for flights is that the customer has a ticket.  For smaller businesses, the historical baseline has been “a secure firewall/router, antivirus software, and email filters for spam.”

As we have discussed in other Security Update Series blog posts, we face new security demands from customers, insurance providers, and regulators. As cybersecurity risks increase, so do the solutions we need to implement.

Pragmatically: How Much Security is Enough?

While the answer varies based on your business needs, risks, and priorities, our Security CPR model provides a solid baseline. We are also proponents of understanding risks. As we discussed in this blog post, focusing on the most prevalent risks and the most damaging risks is the best place to start.  Designing your security solutions from these two angles provides a solid baseline of protections. Additional measures can be added as needed to meet industry or regulatory requirements.

Call to Action:

If you have not done so already, a baseline security assessment is a good place to start. Our Rapid Security Assessment provides a quick review of core security services. And our Cloud Advisors are ready to assist with any questions or concerns.

Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Best Practice – Completing Security Surveys and Questionnaires

/in

Data Protection & Security

In our recent Security Update Series blog post, New Security Demands & Requirements for Small and Midsize Businesses, we discussed three drivers for increased business security. We noted that expectations will often be expressed in security surveys and questionnaires you are asked to complete. Providing incorrect, incomplete, or misleading answers, whether intentional or not, can impact premiums and your available coverage.

To minimize the risks and potential pitfalls, here are five best practices to follow:

1 Know the Process

Before starting your response, have the broker or agent walk you through the process in detail. What role do the security surveys or questionnaires play in the underwriting process? While some carriers only use a single survey, others will ask for follow-up information and/or request evidence supporting your answers.

Understanding the process will guide how you answer questions and the nature and amount of information you provide.

2 Follow the Rule of Absolutes

Following the “Rule of Absolutes,” answering “yes” or “no” to a question means “yes” or “no” everywhere and in every instance. 

For example, if you answer “yes” to the question, “Do you require multi-factor authentication for user login?”, you are stating that MFA is in place for every possible user login for every system or service. Answering “yes” if this is not the case will be considered a misleading or deceptive response.

The better approach is to answer with commentary that accurately responds to the intended questions without absolutes. Using the above example, provide a list of systems for which MFA is required, optional but recommended, and/or not available. In addition to being a more accurate response, the information will better inform the underwriting risk assessment.

3 Understand the Questions

Not all questions may be clear. Some questions will focus on technology. Others will focus on policies, processes, and procedures. Still others will focus on outcomes.

For example, these three questions:

  1. What security incident and event management (SIEM) system is in place?
  2. Do you have security incident and event management?
  3. Do you monitor, save, and analyze security event logs to identify alerts and conditions that require responsive action?

Question 1 appears to be asking about specific software or tools. The second Question asks about capability; the software tools and operational resources may be implied or assumed with a “yes” answer. Question 3 probes procedures, possibly independent of the supporting technology and/or existence or use of a security operations center (SOC).

If you are not sure how to best answer the questions, consult with the broker or agent for guidance.

4 Pause and Implement

In reviewing the security surveys or questionnaires, you may notice an emphasis on certain aspects of your security systems, solutions, policies, and processes. 

If your answers appear to indicate weakness in these areas, consult with the broker or agent for guidance. You may benefit from pausing the effort until you can update or implement expected services and solutions.

In some cases, indicating that an improvement is in process may be sufficient to move forward.

5 Get Legal Advice

You own and are legally bound by the survey and questionnaire responses you provided. This holds true even if IT providers, vendors, and others have drafted portions of your response.

Before submitting your responses, review the surveys or questionnaires and your responses with qualified legal counsel familiar with cyber security. Understand if answers provided by third parties may create issues or liabilities. Understand any and all commitments expressed and implied in your responses.

What to Do:

The best course of action is to assess and, if appropriate, adjust your security services before you face a survey, questionnaire, or audit. Our Rapid Security Assessment provides a quick review of core security services. Our Cloud Advisors are ready to assist with any questions or concerns.

Contact us or schedule time with one of our Cloud Advisors

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

 

IT Solutions: 3 You Can Live Without

/in

Business Continuity & Protection

With continued, rapid change and evolution of the cloud services and capabilities, we hear that we “need” many things. The reality, however, is that many of the “solutions” being hyped are not really needed. In our recent blog post, we offered three IT solutions you need. But in this blog post, we will share three solutions you can do without.

1 3rd Party Conference Tools

Both Microsoft and Google Workspace, with Teams and Meet, include robust audio and video conferencing services. There was a time when third-party services like Zoom offered unique features. However, capabilities such as transcription, translation, break-out rooms, and Q&A panels are now a part of Teams and Meet.

Notably, some of the advanced features of Teams and Meet, such as streaming, come with upgraded Microsoft 365 and Google Workspace licenses. These upgrades are generally less expensive than third-party services.

2 Physical Desk Phones

While some of us may have an emotional attachment to the physical phone on our desks, for many, these devices feel like clutter. The way we make and receive calls has changed. Our devices should change as well.

Features like hot links, click-to-dial, and voice dialing are available within the apps and browsers on our computers and phones. Smartphone apps let us make and receive business calls without sharing our personal phone numbers and maintaining separation between personal and business text messaging and voicemail.

Headsets and speaker/microphones give us hands-free access to our phone systems at our desks, from our smartphones, and in our cars and trucks.

3 Unsecure Artificial Intelligence

You do not need unsecure AI. Even so, you and your team likely want to use it.

Chances are, you and members of your team may already be using Chat-GPT, AI meeting assistants, and other AI-powered tools.

The challenge is that most public AI tools are not secure. Using them likely violates confidentiality and nondisclosure clauses in contracts. Using them may also put you in violation of HIPAA, PCI, and other data privacy laws and regulations.

Before jumping into AI as a company, and before “Shadow AI” (unvetted tools) gets out of hand, develop an AI strategy and plan. Begin with identifying use cases and understanding how to ensure data security, privacy, and compliance. Pilot solutions and educate/train your team.

Copilot and Gemini AI both offer artificial intelligence tools that integrate with Microsoft 365 and Google Workspace, respectively. These are secure tools that use the permissions capabilities of the ecosystems. 

What to Do:

Contact us or schedule time with one of our Cloud Advisors. Without obligation, we are happy to discuss your business and IT services. We can also map out opportunities to save money and leverage AI, along with other emerging technologies.

If you are interested in three solutions you need, jump over to this post.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

IT Solutions: 3 You Need

/in

Business Continuity & Protection

With continued, rapid change and evolution of the cloud services and capabilities, we hear that we “need” many things. The reality, however, is that many of the “solutions” being hyped are not really needed. Therefore, we will cover three IT solutions that you do need.

1 Resilience

Basic protections against malware, ransomware, phishing, and other cyber attacks are no longer enough. Businesses are not pressing for better cybersecurity from suppliers. Cyber insurance carriers are looking for more cybersecurity capabilities to better manage their risks.

We expect most small and midsize businesses to be asked about, or required to deploy, more advanced cybersecurity services and solutions. Fortunately, these can be provided affordably and effectively to smaller businesses.

2 Continuity

It is not enough to be able to recover files from backup in the event of a disaster, system failure, or cyberattack. Your business needs to be able to return to operations (RTO) quickly, even if your operations are degraded. The ability to fully recover and return to normal operations (RTNO) is also a new priority.

If your customers are other businesses, you are part of a supply chain. Your customers are under pressure to ensure and demonstrate that their supply chains are secure and reliable. This means your customers want you to demonstrate that you are protected and, if a cyberattack happens, that you can recover quickly. Your business disruption is theirs as well. Your customers want and need assurances.

Continuity solutions for small and midsize businesses are effective and can be cost-effective when properly planned and executed. These can range from system images that run in the cloud in an emergency to using remote desktop/virtual desktop services.

3 Secure BYOD

A few years ago, “Bring Your Own Device” (BYOD) was just an experimental strategy. With hybrid and remote work now a part of our norm, BYOD can be an effective means to provide budget-friendly IT services to your team. The challenge is that employee devices being used for company work need to be managed and secured as if they are company-owned.

Employees need to allow you to install security tools, such as endpoint protection and remote management agents, as well as backup/recovery and continuity tools. This can be a difficult task, as employees worry about the privacy of their information on their personal devices.

Securing BYOD can be a mix of policies, procedures, technology, and compensation. Secure BYOD can also be attained by separating the device from the business apps and data. Remote Desktop/Virtual Desktop Infrastructure solutions allow any device to access and use a secure and private environment –  network, systems, applications, and data – without commingling personal and business apps and data.

What to Do:

The first step is to assess your current business resilience and continuity capabilities. Completing our free Rapid Security Assessment will provide a quick review along with recommendations specific to your business and needs.

Next, please contact us or schedule time with one of our Cloud Advisors. Without obligation, we are happy to discuss your business’s operational IT needs and how you may increase your capabilities and save money.

Finally, stay tuned, as our next blog post will cover three IT Solutions you can do without.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

New Security Demands & Requirements for Small and Midsize Businesses

/in

Security, Privacy, & Compliance

As the cybersecurity landscape continues to change, we see an evolving trend of new security demands being placed on small and midsize businesses. In this first post in our Security Update Series, which covers the evolving cybersecurity landscape for small and midsize businesses, we take a look at the drivers behind the new security demands on your business.

Three Drivers for Business Security

As is typical, the demands and security requirements are coming from three directions:

  • Regulation
  • Cyber Insurance
  • Supply Chain

Each of these three sources is increasing its expectations for your security practices and systems.

1 Regulation

As of November 2023, 12 states have enacted comprehensive data privacy laws, and 5 states have tailored information privacy laws. Other states have existing laws with similar protections that differ in implementation and enforcement. In 2023, 12 states introduced and are considering new privacy legislation. The vast majority of these laws may be enforced based on the location of the victim of a data breach. If you have customers in multiple states, you face a patchwork of legal requirements and potential liabilities. State rules extend beyond federal regulations, such as HIPAA, Sarbanes/Oxley, and SEC regulations, that may apply to your business.

Most businesses must also comply with industry regulations. If you accept credit cards, for example, you must comply with the Payment Card Industry Data Security Standard (PCI-DSS). These industry regulations often require additional policies and protections beyond federal and state regulations.

2 Cyber Insurance

Insurance carriers and underwriters base their calculations of risk through in-depth analysis of claims history and broader trends. Cyber insurance, being relatively new, does not have the same claims history as other business liabilities. As such, insurers continue to learn and adapt. Part of this learning is that cyber insurance claims are larger than previously predicted, basic security solutions often fail to provide sufficient protection, and a company’s ability to recover may be as important as its protections.

Furthermore, insurers are actively holding customers accountable for the statements made on applications, questionnaires, and audits. In 2022, Travelers Property Casualty Company of America sued International Control Services Inc. (ICS) in the U.S. District Court for the Central District of Illinois (Case No. 22-cv-2145). ICS stated that multi-factor authentication (MFA) was in place. The forensics investigation following a ransomware attack determined that MFA was not in place. Travelers claimed and maintained that the misrepresentation “materially affected the acceptance of the risk and/or the hazard assumed by Travelers.” The parties settled with cancellation of the payout, leaving ICS uncovered for any costs or damages.

While some insurers attempted to mandate specific security solutions or products, most insurers are now looking to verify a much broader range of security infrastructure. Beyond endpoint protection and MFA, insurers are using their growing understanding to set broader expectations. Security activities such as internal and external penetration testing, collection and analysis of security and activity logs, and the availability of business continuity solutions are starting to appear on cyberinsurance applications. Many insurers are also starting to request third-party validation and benchmarking against security frameworks, making streamlining security for SMBs even more important.

3 Supply Chain

If you provide products or services to businesses, you are in their supply chain. Governmental and industry regulations applicable to your customers will create new requirements for your business. The supply chain effect is not new. Organizations bound by HIPAA demand require a Business Associate Agreement (BAA) from suppliers. Sarbanes/Oxley, SEC regulations, and others include requirements that businesses must validate levels of compliance from suppliers and vendors. The same is becoming a reality for cybersecurity. As businesses develop their cybersecurity programs, they want and need to ensure their supply chain is equally secure. Cyberinsurance, industry regulations, and government regulations are starting to require this level of diligence.

As a smaller business, your customers may begin with changes to confidentiality and non-disclosure terms in your contracts related to the use of Artificial Intelligence (AI) tools and services. You may be asked to conform to a specific security framework. You may be asked to confirm and attest to a set of security practices. Businesses that do not comply risk litigation and losing customers.

What to Do:

The first step is to not panic. These changes will surface over time.

Start with making sure your basic security services are in place. Complete our Rapid Security Assessment for a quick review of your current, basic security infrastructure. We will also provide recommendations specific to your business and needs.

Our Security CPR Managed Security services deliver an affordable, effective, security solution that helps you meet current expectations. These services integrate well with our Managed Cloud Services and can be implemented quickly and affordably.

To learn more or to discuss your options in more detail, please contact us or schedule time with one of our Cloud Advisors.

And, continue to follow our blog for Security Update Series posts for more information and ideas.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Ensuring Hybrid Work Actually Works

/in

Hybrid Workplace

For most of us and our businesses, hybrid work from home jobs are here to stay.  In reality, it has almost always been with us.  Salespersons, field technicians, and other out-of-office customer-facing roles have been a part of many businesses for decades.  The mix, however, of who works outside the office has changed.  And while many businesses are still working to figure out how many in-office work days are necessary each week, the underlying assumption is that hybrid work models will remain.

The challenge now is to ensure your model for hybrid work actually works for your business. When remote work was the exception, the solutions could be one-offs, or more complicated, because the impact on users was limited.  The extra effort to connect to the office was acceptable.  Remote work is now part of the norm, whether in a hybrid model or full-time. Connecting is now critical — technically and in terms of communication, collaboration, and culture.

Here are 5 Ways to Help Ensure Hybrid Work Actually Works

 

1 Simplify Access and Accessibility

Ensure your team can connect and work easily.  Each added layer, such as VPNs, adds a layer of complexity and creates another opportunity for something to go wrong. Complexity also impedes performance.

Moving services — applications, files, data — into a central cloud service reduces the need for complex connections from remote users to in-house networks and servers.  Microsoft 365 or Google Workspace, for example, can easily replace traditional file servers.  Using a virtual desktop infrastructure (VDI) service with remote desktops simplifies access and accessibility to servers and line-of-business applications that do not yet run in the cloud.

2 Create a Single User Experience

If the user experience is different in-office and remotely, team members on a hybrid schedule must effectively navigate two different systems to connect and work. The result is often confusion. File locations and access to printers and scanners become confusing. Configuring oneDrive or Google Drive desktop applications is challenging if you want them to work on and off your office network.

Creating a single user experience reduces the confusion and eliminates potential roadblocks to productivity.

One of the easiest ways to create a single user experience is to use (VDI) and remote desktops.  Rather than having users work “locally” in the office and “remotely” elsewhere, the VDI environment provides remote desktops usable to everybody regardless of location.  All users connect to the service and work within a secure network.

As an added benefit, VDI narrows the scope of your security envelope. VDI reduces the need to manage end user devices, particularly if you allow Bring Your Own Devices (BYOD).

3 Enable Collaboration

The flow of information is different when we work remotely versus together. And while many are more productive working remotely, effective collaboration takes effort.

On average small businesses use only 10% to 15% of the features and capabilities of Microsoft 365 and Google Workspace. There is a high cost to low adoption.

To foster collaboration, your team must be comfortable using the tools that enable the sharing, communications, and relationships. On-going education of capabilities helps team members learn and use collaboration features. Reviewing and updating workflows and processes can improve collaboration within day-to-day activities.

4 Manage Your Managers

Managing people and leading teams is a skill. Many “doers” struggle when they become managers, given the complexities of coaching, mentoring, managing expectations, and dispute resolution across diverse groups of individuals. Managing teams with remote members is even more challenging. Team dynamics will differ, perception biases related to visibility will exist, and managing will need to be against results and expectations rather than visible activity.

Team leaders and managers need education, training, guidance, and mentoring to succeed.  And this need is greater with hybrid and remote teams. Peruse the Ask a Manager blog archives if you want real life examples of unskilled, and outright bad, managers who can damage your business.

Spend some time, and yes, money, to develop management and leadership skills for those responsible for supervising others.  Include guidance and support for issues unique to remote staff and hybrid and remote teams.

5 Include People Intentionally

Remote work does allow team members to focus on their tasks and manage their time. Meetings still happen and team members can use their commute time for other things.

In-person work still has benefits. Unstructured interactions build relationships and connections that enable ideas and innovations to take hold. Granted, “water cooler” chats can be gossipy or give naysayers a channel.  These conversations also enable many to float and test ideas outside of formal meetings. There is a perceived formality when you ask somebody to meet via video, even if it is to just bounce and discuss ideas. The acts of requesting, scheduling, and joining create a structure that differs from catching somebody at their desk, in the hall, or walking back from lunch.

The solution is to create opportunities for casual communications and to set the expectation that they should occur. To do so, your team members need opportunities to interact not only on work, but work-tangential topics, as a means to build relationships and trust.

For your remote/hybrid workers, inclusion is key.

  • As you prepare for meetings, let remote participants know in advance that you will be seeking their input on various topics. Set the expectation for participation without an element of surprise.
  • Create the habit of asking, “Who else should we ask?” when having unstructured discussions. Include them in real-time via chat or video, or message them for ideas or a time to chat.
  • Actively include remote workers in company events.  Team pizza lunch on Thursday?  Move it to a conference room, invite remote team members, and send remote participants lunch (or a credit to order their favorite).
  • Plan company events so remote team members can participate. Activities, like providing the ingredients and preparing a fancy meal guided by a chef, allow people to share a common experience in a group setting, even though participants are not physically together.

Next Step: Cumulus Global Can Help Your Business Succeed in a Hybrid Work Environment

Making sure that hybrid work actually works for your business requires intent, planning and action. Even small initiatives and steps to support remote staff and teams, and to foster communication, trust, and collaboration, can have a big impact on your business.

Cumulus Global can help you with plan and deploy technologies and servers that enable and support effective remote workers and teams.  With best-in-class remote desktop/VDI services, expert support for both Microsoft 365 and Google Workspace, and affordable Managed Cloud Services, we will help your business thrive and grow.

Click here to schedule a call with a Cloud Advisor or send us an email. There is no cost and no obligation.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

 

7 Steps to Build Your 2024 IT Strategic Plan

/in

2024 IT Action PlanIn our 3T@3 Series event in December, we discussed creating your 2024 IT Action Plan. During the session, we walked through a proven process for building a feasible plan for the coming year.

Here is a breakdown of 7 key steps in the process

1 Define Your Business Drivers

Your first step is to assess your business drivers.  What are the conditions, internally and externally, that you expect to impact your business over the coming year?

External drivers are generally beyond your control or influence: changes in the economy, evolving customer needs and priorities, shifts in business conditions in your target markets, and changes to the competitive landscape.

Internal drivers are within your control. What are your goals and objectives? Which are priorities, needs, or wants?  Do you have defined business plans and targets for investment?

Many of your internal drivers may be responding to external drivers.  Identifying these drivers, and their priority, will guide business and technology solutions over the coming year.

2 Review Your IT Lifecycle

Review your hardware and software inventory, and where each item sits in its lifecycle. Document applications or systems due upgrades; catalog servers, infrastructure, and user devices due for replacement.  Use this assessment to schedule necessary expenditures.

Also, consider if now is the time to upgrade or replace older systems with managed cloud-based solutions or services. Doing so can reduce capital expenditures and may provide more scalable resources and services.

3 Define IT Initiatives

Having planned for scheduled hardware and software refreshes, use your priorities list of business drivers to create a finite set of IT initiatives.

Your business drivers should trigger business decisions, actions, and plans. Analyze these plans for how IT services can enable or support the desired actions and outcomes. This strategy and analysis becomes your IT requirements for the coming year.  The priority of your business goals and objectives will set the priority for your IT initiatives.

Your IT initiatives are defined, manageable projects that meet your IT requirements.

4 Benchmark Your Security CPR

Security CPR is our model for pragmatic protection for your business.

  • Communicate & Educate
  • Protect & Prevent
  • Respond & Recover

Your IT initiatives will, without a doubt, interact with your security services.  Take a step back and review your security protocols and systems.

  • Verify that you remain in compliance with legal and industry regulations
  • Validate that your IT initiatives will do no harm, or will enhance your security profile
  • Adjust your security services to changing risks, priorities, and threats

5 Set Clear Priorities

Your budget has limits.  With security considerations in place, prioritize your IT spending. We recommend prioritizing within three distinct categories:

  • Lifecycle Events – Replace and upgrade aging hardware and software
  • Operating Expenses – Ongoing costs for cloud, services, and resources
  • Investments – Your IT initiatives

6 Build Your Budget

Allocate your target budget to each of the categories.  Fund items in each group from highest priority on down.

One key to building the budget is to facilitate some give and take.  Moving budget between categories can be done, carefully, in ways that benefit each aspect of your IT spending.

For example, moving to Remote Desktops in a virtual desktop infrastructure (VDI) cloud can extend the life of desktops and laptops by 2 to 3 years. Delaying system upgrades can be a safe move if your initiatives are working towards replacement.

7 Create Your Schedule

While it is natural to want to get everything done right away and all at once, thoughtful scheduling increases your likelihood of success for your 2024 IT Action Plan.

Scheduling starts with actions: the what, when, how, and how of your IT initiatives. Smart scheduling will also include consideration of dependencies and resource availability.

Going one step further, review your business cycle limitations. Avoid scheduling projects, particularly critical paths, that conflict with more intense periods within your business cycle. You may have a busy season, or need to be careful not to impact your quarterly close and reporting. Whatever demands your business cycle creates, adjust your planning and schedule around them.

How Cumulus Global Can Help You

We focus on helping clients get the most value from their current IT services and new, cloud forward solutions.  As you build your 2024 IT Action Plan, we can help. With a history of strategic IT consulting services, we can help you build your plan, review plans you have drafted, or simply discuss options.

Click here to schedule a call with a Cloud Advisor or send us an email. There is no cost and no obligation.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

 

3 Secrets to Avoiding IT Problems

/in

Problem and SolutionIf you are a sole practitioner, a solopreneur, or the owner of smaller businesses, you face unique technology challenges. You, and businesses like yours, are uniquely dependent on your technology.  Your computer and phone are critical tools without which your business can screech to a halt.  Avoiding IT problems is critical. And yet, you do not have time to be the IT guru. You may not have access to, or the budget for, traditional IT services.

The good news is that you can take steps to avoiding IT problems without overspending.

1 Stay Current

When we say “stay current”, we do not mean spending hours reading and studying the lasted IT advancements and opportunities.  Stay Current means keeping your systems up to date.

  • Make sure you regularly apply Windows (or MacOS) updates.
  • Windows Update should also inform you of firmware updates from your laptop manufacturer.
  • If you are not running cloud-based software that updates automatically, make sure your desktop applications are up to date as well.

Staying current with system and application updates ensures you have the latest system-level security protections in place. It is common for security experts to find “holes” in Windows and applications. Updates fix these risks and reduce the chance of a successful malware, ransomware, or other form of cyber attack.

2 Security CPR

Security CPR is our model for pragmatic protection for your business.

  • Communicate & Educate:
    • Know that even your business is a target;
    • Understand the current nature of cybersecurity risks; and
    • Learn how your behavior can prevent or enable attacks.
  • Protect & Prevent:
    • Deploy security solutions focused on stopping the most common type, and the most damaging, cyber attacks on small businesses.
      • Email advanced threat protection and next-gen endpoint protection, for example, protect you from attacks steal your identity and passwords.
      • Proper DNS configuration can stop cyber attackers from impersonating you or your business.
    • Include low-cost and no-cost solutions like multi-factor authentication (MFA) and local disk encryption to prevent access should an account get compromised.
    • Ensure you meet industry and legal security and privacy regulations and requirements; several states are imposing regulations above and beyond more familiar requirements (PCI, HIPAA, etc.).
  • Respond & Recover:
    • No protection or prevention is perfect.
    • Use affordable services that not only recover your data, but let you continue operating while you recovery.
    • Be prepared to address the customer service, legal, and financial aspects of a successful cyber attack. Cyber Insurance is a key component.

Many of your peers assume that security will be too expensive. They see the press coverage and read the articles, failing to realize that tech media targets larger businesses.  Our Security CPR model focuses on balancing risks, protections, and costs to deliver the best value for your business, and smaller business like yours.

Additionally, the model helps you with avoiding IT problems beyond security and compliance. The same solutions help you minimize the risk of hardware problems and software issues while making it easier to recover should something go wrong.

3 Partner with a Pro

If you are worried that you cannot afford expert IT services, you are not alone.  Most sole practitioners and owners of smaller businesses worry about upfront and on-going IT costs. As a result, you may turn to family, friends, or the “guru” in the blue shirt at the store in the mall. Even if your go-to person is in IT,

  • Do they focus on your needs as a small business?
  • Are they available when needed?
  • Do they plan ahead, or only offer guidance when it is time to make a purchase or after a problem?
  • Are they helping you get the most out of the features and capabilities of your IT services?

It is easy to let concerns about cost get in the way of IT services than can truly help you and your business thrive and grow.

A single IT problem can easily cost more, directly and indirectly, than using IT professionals to plan, manage, and support your business. An unexpected failure or cyber attack can disrupt your business for days, resulting in missed deadlines, lost revenue, unexpected costs, and a damaged reputation. Sound planning and active management prevents problems. The right services are key to avoiding IT problems, keeping you operational, and helping you recover should the unexpected happen.

Focus on value.

The right cloud solutions simplify your IT services. Simple reduces the number of things — hardware, software, services — to learn, manage, and support. Matched with the right guidance, management, and support, the right IT services more than pay for themselves.

How Cumulus Global Can Help You Avoid IT Problems

We build our Essential and Basic Managed Services to meet your needs as a solopreneur or owner of a smaller business. Leverage the cloud; focus on key solutions; Rely on expert guidance, management and support.

Explore how our Managed Cloud Services can help you and your business. Click here to schedule a call with a Cloud Advisor or send us an email. There is no cost and no obligation.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

 

library

Improve Your Email Deliverability and Security in Five Steps

/in

eBook | Source: Cumulus Global — Email services are stepping up protections. Here are 5 best practices that help ensure your emails get delivered and that you are protected from identity and business email compromise cyber attacks.

Read more

Webcasts

Be Prepared for New Cybersecurity Requirements

/in

(03/26/24) – Increased governmental and industry regulations, a maturing cybersecurity industry, and supply chain best-practices are driving requirements for advanced security services and business continuity solutions.

Read more

Using VDI to Improve Hybrid Work

/in

(02/27/24) – Supporting hybrid workers comes with additional security, BYOD, access, performance, and budget challenges. Virtual Desktop Infrastructure (VDI) & remote desktop services improve security, access, and performance without damaging your budget.

Read more

SaaSOps: What, Why, How

/in

(11/21/2023) – Even small and midsize businesses like yours are using multiple cloud and IT services. More than Google Workspace or Microsoft 365, your cloud portfolio likely includes applications and services for accounting, customer relationship management, marketing, and security. Automating common admin and management tasks saves time and money, and improves security.

Read more