Posts

Google Gemini Licensing Explained

/in

Gemini Licensing Explained

Google’s recent announcement that Google Gemini is now a core service within Google Workspace has led to some confusion regarding the distinction between the Gemini App and Gemini for Google Workspace and your Gemini licensing options.

This blog post provides clarity on the products and their pricing.

The Gemini App

The Gemini App runs at gemini.google.com. There are two versions of the Gemini App: Gemini and Gemini Advanced.

Gemini is free and runs as a web app and a Chrome extension. It offers a range of features, including: 

  • Summarization
  • Translation
  • Q&A
  • Brainstorming
  • Writing suggestions

Gemini integrates with other Google apps and is free to use.

Gemini Advanced is a stand-alone paid service, and it is included as a core service in most Google Workspace subscriptions. It offers all of the features of Gemini, plus:

  • Access to a larger language model
  • The ability to create custom models
  • More robust image generation
  • Priority support

If you have Google Workspace, Gemini Advanced is included as a core service at no additional cost. Stand-alone access to Gemini Advanced costs $19.99 per month and requires a Google One account for security.

Gemini for Google Workspace

Gemini for Google Workspace is an add-on to Google Workspace that brings Gemini directly into Gmail, Drive, Docs, Sheets, and Meets.  Integrations into Chat and other Google Workspace apps are expected in the near future.

Pricing depends on your Google Workspace subscription tier. With an annual commitment, Gemini for Google Workspace pricing is as follows:

  • Business Tier: $20/user/month 
  • Enterprise Tier: $30/user/month

You can subscribe on a month-to-month basis for $24 and $36 per user, respectively.

Gemini for Google Workspace for Education has two pricing options with an annual commitment:

  • Gemini Education: $16/user/month
  • Gemini Education Premium: $24/user/month

Your Next Step:

Give Gemini a try. For a limited time, we are offering a Gemini $10 Trial for Google Workspace clients that includes Gemini Advanced, Gemini for Google Workspace, and learning tools.

Google occasionally offers free trials and incentive discounts. Schedule a quick consultation to discuss your specific Gemini licensing options. Our Cloud Advisors will help you navigate offers, options, and pricing.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Preparing for Your Cyber Insurance Renewal

/in

5 Cybersecurity Standards

As you approach your annual cyber insurance renewal, you can take specific steps to ensure you have appropriate coverage and reasonable premiums.

The cyber insurance market has matured greatly over the past two years and continues to evolve rapidly. Insurers have become significantly more savvy regarding risks, protections, recovery costs, and potential liabilities. As a result, carriers are more precise in their underwriting practices.

Reviewing your cybersecurity risks and protections is a wise investment of time and resources. In a recent blog post, for example, we outlined 5 minimum cybersecurity standards that – if in place – can significantly reduce your premiums.

Here is a roadmap:

Review Your Original Application and Security Declarations

When you first applied for cyber insurance, you completed an application and, in most cases, a security survey/questionnaire. If you have not formally asked to complete a new questionnaire, take the initiative to review and update your answers.

As a part of the review, document any changes in your cybersecurity protections. Make note if you added new protections or updated procedures.

If you’ve removed or replaced any cybersecurity tools, specify which ones and the reasons for the change. It’s important to track modifications as your needs and environment evolve.

Reassess your Cybersecurity Protections

Policy renewal is a great time to step back and reassess your cybersecurity. Compare your protections to industry, regulatory, and compliance standards relevant to your business.

Our eBook, Cyber Security Requirements for Cyber Insurance, outlines basic, preferred, and best-practice protections to consider before getting or renewing your policy.

As part of your analysis, consider completing new assessments, such as Penetration Testing and Security Audits of your Microsoft 365 or Google Workspace tenant. These evaluations can offer valuable insights, helping to inform decisions and set priorities for future cybersecurity improvements.

Deploy Additional Protections

Based on your review and assessments, determine if you should modify your cybersecurity protections. As you consider changes, prioritize your choices and efforts. hYou can make low-effort changes, as well as changes that address higher-level, critical risks.

You do not need to address every risk and gap. Instead, focus on demonstrating improvements and prioritizing the most likely and impactful risks for your business.

Put Your Policy Out to Bid

Finally, put your policy out to bid. Avoid simply adding coverage or riders to your general liability business coverage.

Cyber insurance is a specialized coverage, and the industry has become more adept at evaluating risks and potential liabilities.  Partner with a broker who specializes in Cyber Insurance to market your coverage to multiple, specialty carriers. This will help you find the best balance between coverage and price.

Your Next Steps

If you are ready to move forward, here are four steps you can take today:

  1. Schedule time with one of our Cloud Advisors.
  2. Ask your Cloud Advisor about discounted and free Security Assessments.
  3. Evaluate options and deploy additional protections, if needed and appropriate.
  4. Shop your policy for the best plan and price with our partner, DataStream.

As always, our Cloud Advisors are ready to help. Contact us or schedule time for a quick online consultation.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Understanding the Google Class Action Lawsuit Notice

/in ,

Google WorkspaceBeginning on September 23, 2024, Google Workspace administrators began receiving notices from Google Operations related to a class action lawsuit filed against Google in 2020. This Service Alert blog post summarizes the information and discusses next steps as they relate to users with Google Workspace accounts.

Background

In July 2020, a class action lawsuit was filed against Google LLC, alleging unauthorized data access. The case, titled Rodriguez et al. v. Google LLC, is being heard in the United States District Court for the Northern District of California. The plaintiffs, comprising four Google account holders, claim that Google unlawfully accessed their devices and data. The access was via non-Google mobile apps, even when the “Web & App Activity” (WAA) and “supplemental Web & App Activity” (sWAA) settings were turned off or “paused.”

This lawsuit has significant implications for Google account holders using non-Google mobile apps while signed into their Google Workspace accounts between July 1, 2016, and September 23, 2024. Despite Google’s denial of the allegations and no court ruling yet on the merits of the case, the lawsuit has proceeded with class certification. 

The notice received by Google Workspace administrators is part of the initial efforts to distribute notices to potentially affected users.

Key Allegations and Legal Claims

The plaintiffs in this lawsuit assert three primary legal claims against Google:

Invasion of Privacy:

  • The plaintiffs allege that Google unlawfully accessed their mobile devices to collect, save, and use data concerning their activity on non-Google apps.
  • These apps incorporate certain Google software code into the apps while WAA and/or sWAA were turned off or “paused.”

Intrusion Upon Seclusion:

  • Similar to the invasion of privacy allegation, This claim focuses on unauthorized intrusions into private activities.

Violation of the Comprehensive Computer Data Access and Fraud Act (CCDAFA):

  • Plaintiffs contend that Google violated this act by unlawfully accessing and using their data.

The plaintiffs are seeking monetary damages and changes to Google’s practices. Google denies any wrongdoing and maintains that it did not violate any laws.

Class Certification

The court has certified four classes to assert claims for damages based on specific criteria. The two classes covering invasion of privacy and intrusion upon seclusion apply only to non-managed user accounts.

The court defined Google Workspace accounts as “Enterprise” accounts.  For these users, the court defined two classes for claims under the CDAFA.

The classes cover:

  • Usage in the period from July 1, 2016, to September 23, 2024
  • Users with their WAA and/or sWAA settings turned off
  • A non-Google-branded mobile app transmitted activity to Google via the Firebase SDK and/or Google Mobile Ads SDK.

Class 1: From an Android device 

Class 2: From a non-Android device

The Role of Workspace Administrators

Workspace administrators play a crucial role in managing the implications of this Google class action lawsuit for their end users. The Court ordered Google to notify all relevant end users who may be class members. 

Workspace administrators must ensure that they comply with their obligations under the Google Workspace Terms of Service. Per sections 3 and 7, which pertain to legal notices and updates, Workspace administrators must forward messages to end users with accounts during the period of the claim. 

Google will send Administrators lists of end user email addresses. Administrators should forward class notification emails to these users. 

Per the Court Order, Administrators must:

  1. Be prepared to receive and distribute the notices; and
  2. Distribute notices appropriately, maintaining the confidentiality and security of the information as stipulated by the court.

Email Notices and What They Mean for End Users

The court-appointed Class Notice Administrator, Epiq, began sending email notices to all eligible end users as of September 23, 2025. These notices inform users of their status in relation to the class action, specifying whether they are included in the classes for damages or for seeking changes to Google’s practices.

The email notices will provide critical information, including a contact number and additional resources for users to determine their eligibility and understand the implications of the lawsuit. 

End users should read these notices carefully and follow the instructions provided to ensure they stay informed about their rights and any potential compensation.

Stay Informed

To stay informed, you may want to periodically visit the dedicated website www.GoogleWebAppActivityLawsuit.com. You can also call the contact number (855-822-8821) for additional information and updates about the lawsuit.

Your Next Steps

Given the court order, we recommend that Google Workspace administrators use Google Groups to create a distribution list. Your list should include current employees and the personal email addresses for past employees who worked between July 1, 2016 and September 24, 2024.

If you are a client or have a Google Workspace subscription and have questions, please contact us to connect with one of our Cloud Advisors.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Prevent Your Email From Being Pushed Aside or Blocked

/in

With the ever-present nuisance of spam and threats of cyber attacks, email services continue to add features and protections. Some of these will prevent your email from being delivered, and others will prevent your message from being seen. 

Here are 3 actions you need to take so your messages arrive and are seen.

1 Ensure Your Emails Validate Properly

Yahoo, Google, and other email services now require validation for emails. Initially targeting volume marketers, the validation checks can prevent your emails from reaching their destination. To ensure your emails reach your recipients, you must have DomainKey Identified Mail (DKIM) and Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocols in place.

Our eBook, Improve Your Email and Deliverability and Security in Five Steps, provides five steps you can take to ensure that your business and marketing emails reach your intended recipients. These steps also help protect you from costly and damaging email identity and business email compromise cyber attacks.

2 Use a Marketing Email Service

Google, Microsoft, and other email services limit the number of emails you can send individually and as an organization. Additionally, these email services lack the controls required by the CAN-SPAM Act and other regulations. 

Marketing email services include the necessary controls, including address publishing, unsubscribe links, and email preferences. They also provide tools for managing contacts, lists, and content.

Using a marketing email service enables you to send bulk emails without being flagged as a spammer. You can protect and maintain your email reputation by using the services to manage your email marketing and response campaigns.

3 Include AI Trigger Words In Your Content

Microsoft Outlook includes a Focus Inbox, while Google Workspace offers Priority Inbox. With iOS 18, Apple will auto-filter email into four segmented inboxes: Primary, Transactions, Updates, and Promotions.

With artificial intelligence (AI), the content of your email determines whether it lands in the primary inbox that people check most, or a secondary folder that may go unnoticed. Messages will be prioritized when they include phrases with:

  • Contextual Relevance: Phrases that indicate important actionable content
  • User Behavior: Messages that are typically opened and acted upon more frequently
  • NLP Recognition: Phrases commonly used in critical communications, as they signal priority
  • Transactional Nature: Content commonly used in transactional messages

In addition to identifying these emails for the focus, priority, or primary inbox views, the AI engines will prioritize messages to ensure recipients see them first.

AI trigger words and phrases should be included but need not be the focus of your message: Sample AI trigger words and phrases include:

Registration Confirmed Preview Meeting Invite
Exclusive Invitation Important Update X Day Left
New Feature Subscription Details Action Required
Invitation Enclosed Event Registration Priority Access
Add to Calendar Event Details

Using AI trigger words will improve the visibility of your emails. Expect that preferred phrases will evolve and change over time.

Your Next Steps

Our Cloud Advisors are ready to help you review your email service configuration. Contact us or schedule time with one of our Cloud Advisors to learn more.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

ALERT: Threatening Emails are Spiking

/in

ALERT

In the last 72 hours, our clients have reported an alarming increase in threatening emails. These emails contain enough personal information to legitimately trigger worry, fear, and in some cases, panic. 

This post covers three types of threatening messages and how to respond.

The Attacks

This type of attack is known as a “Exposure Threat” or “Fear of Exposure” attack. Attackers threaten to release embarrassing or sensitive information about you or your business. They may share bits of information or make claims that imply or confirm that they really do have some information. 

Here are three common forms of the threat:

1 “We Know Where You Live”

The email arrives in your inbox from what looks like a “legitimate” Gmail, Yahoo!, or other email service. The subject line contains your name or that of a family member. The message includes your full address and a valid phone number. In some cases, this threat may also include a picture of your home or office. 

Most often, this type of email does not include any explicit threat or demand.

The implication “we know where you live” is intended to instill fear. The goal is to make you more likely to respond and cooperate with future threats. 

2“We Know What You Did”

This form of attack claims to have documents, images, or video of you doing something embarrassing or illegal. The attacker will claim to have access to your email account, or all of your contacts, and will threaten to share the information if you fail to pay a ransom.

This is an explicit form of extortion.

The attackers are betting that the fear of exposure will cause you to pay the demand and prevent you from reporting the attack.

3“We Have Your Information”

This form of attack threatens to disclose sensitive information about you, your business, or your customers. The threat is the damage a data breach causes. This can include serious and costly legal, regulatory, or contractual issues. The attackers may share a sample that “proves” they have the information on hand.

This attack typically includes a specific threat and an extortion demand.

The preview information shared by the attackers may be from sensitive files, but it may also be available from other sources. This form of attack warrants some investigation.

How to Respond: Do NOT Panic!

First and foremost, do NOT panic. The success of these attacks is dependent upon your fear and your reaction. If you receive an email that is like one of these cases or similar, how you respond can make a difference.

No Specific Threat

  • If the email does not contain a specific threat or demand, your best response is to mark and report the email as spam. Doing so should direct future emails directly to your spam or junk folder.
  • You can take the extra step of reporting the message as abuse to the email server. Here are links to report email abuse for Gmail, Sky/Yahoo!, and Xfinity/Comcast.

With a Specific Threat

  • If the email contains a specific threat, you can and should report the message as spam/junk. We recommend your report this to your IT service provider. Your IT team should investigate the possible risks and take appropriate preventative and responsive measures.
  • Extortion is a crime. While many local law enforcement departments do not have the expertise to investigate cyber crimes, most state police organizations have cyber crime units. You can also report the attack directly to the Internet Crime Complaint Center (IC3). The IC3 will route your report to the FBI and other relevant agencies. Depending on the nature of the attack, the response may range from acknowledgement of the report to a full criminal investigation.
  • If the email includes a threat to show up at your home or business if you do not respond or comply. we strongly recommend reporting the threat to law enforcement.

Possible Data Breach

  • If the threat indicates that the attacker has, or can, access sensitive data, promptly take additional steps to protect yourself and your business.
  • If the attack references personal information, placing locks on your credit reports is always a good step. If the threat mentions (or indicates) a source, such as your bank or investment accounts, report the incident directly to that institution or business. Discuss protections they can put in place on your behalf.
  • If the attack references information from your business, promptly investigate the possible breach. This may involve scanning systems for malware and advanced threats, analyzing logs for unauthorized access, and verifying compliance with security measures. The level of your investigation should match the level of risk. Your IT service provider can help you assess the situation and determine the best course of action.

Your Next Steps

You can protect yourself and your business from these attacks, and other cyber attacks before they happen. Our Security CPR™ model provides a guide.

  • Communicate and Educate: Learn about, and help your team understand, the risks, nature, and impact of cyber attacks. Communicate the need for vigilance and how their behaviors can enable or prevent a successful attack.
  • Protect and Prevent: Put cybersecurity policies, procedures, systems, and services in place commensurate with your business’s risks, needs, priorities, and budget. This includes advanced threat protection for email and strong settings for your SPF, DKIM, and DMARC protocols in your DNS record. 
  • Respond and Recover: Ensure that you have systems, processes, and services in place to respond and recover should an attack be successful. Beyond restoring data and systems, have resources available to address the legal, regulatory, and customer service issues that often arise. Ideally, have solutions in place that allow you to keep your business running while you respond and recover.

For help assessing your current cybersecurity protections, please send an email or schedule time with one of our Cloud Advisors to discuss our cybersecurity assessments and solutions.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

5 Cybersecurity Standards for Small and Midsize Businesses

/in

5 Cybersecurity StandardsAs small and midsize business leaders, we understand the need to comply with regulatory and industry requirements. We also want and need our IT services to support our business priorities and fit within our budget. So how much cybersecurity is enough? Our cyber insurance partner, Datastream, analyzed policies and coverages for nearly 8 million businesses across dozens of industries globally. The most common cyber attacks exploit weak credentials, human behavior, and out-of-date software to gain access to your systems and data. From there, they can not only launch ransomware attacks, they can initiate business email compromise and other costly and damaging attacks. The result: Datastream identified a bare minimum set of 5 cybersecurity standards

The 5 Minimum Cybersecurity Standards

To address the most common and costly forms of cyber attacks, implement these 5 cybersecurity standards.

1 Multi-Factor Authentication (MFA)

MFA requires a secondary physical authentication when logging in. Whether by text, authenticator app, one-time passwords, or magic links, MFA can prevent attackers from using compromised credentials. According to studies by Microsoft, more than 90% of cyber attacks can be blocked if MFA is in place.

While the minimum standard is coverage for email access and remote network connections, we recommend using MFA for access to any and all critical systems, applications, and data.

2 Encryption

Do you encrypt all sensitive information at rest, including backups?

Most of our systems and applications encrypt data in transit (in motion). Encrypting data at rest, regardless of where it resides, prevents your data from being easily accessed and used in a cyber attack. Encryption should be in place on workstations and personal computers, not just on servers and in cloud-based services.

Just as important, backups should be encrypted. Unencrypted backups provide cyber attackers with easy access to data. Backups should also be stored off-site or in the cloud using immutable storage. This strategy prevents corruption of backup sets in the event of a ransomware attack. 

3 Data Recovery

In the last 6 months, has your company tested its ability to recover all business-critical data and systems within 10 days or less, from offline or cloud backups that are no more than a week old? 

Backing up data and systems is easy. Recovery is hard. Knowing that you can reliably restore your data and systems demonstrates your level of protection and how well you have reduced risks. Documenting this will impact your cyber insurance premiums.

While the 10-day recovery window is a minimum expectation, it may not be sufficient for your business. We recommend analyzing your business needs and setting goals to return to operations in a way that minimizes the impact of any disruption.

4 Automated Hardening Policies

Do you implement automated hardening policies?

Hardening systems is the process of limiting the attack surface of your systems, applications, and data. Hardening tactics include:

  • Removing unused applications and accounts
  • Disabling unnecessary services, ports, protocols, and features
  • Limiting administrative permissions and access
  • Logging appropriate activities, errors, and warnings

The process of configuring and managing hardened systems is easiest to manage with a remote monitoring and management (RMM) system in place.

5 Patches and Updates

Do you apply critical patches and updates to key IT systems and applications within two months?

Updates and patches to operating systems are familiar and comfortable. We regularly receive and apply updates to our smartphones, laptops, and desktops, most often as part of a default, automated process. We may not, however, be as diligent with our business systems and applications.

Updates and patches to databases, applications, and other software often require validation and may require changes to settings and integrations. Regularly reviewing updates and patches, and having a process in place to verify and apply updates, ensures that your systems have current security fixes and features.

Your Next Steps

Having these five cybersecurity standards in place represents a no-nonsense minimum that protects your business and can improve your cybersecurity coverage and premiums.

Our eBook, Cyber Security Requirements for Cyber Insurance, dives deeper to define basic, preferred, and best practices. You can, and should, scale your cybersecurity to meet your business’s specific risks, priorities, and budget.

We offer multiple assessments to help you understand and benchmark your current cybersecurity.

  • Rapid Security Assessment
  • Cyber Insurance Risk Assessment 

These assessments are free with a Referral Code. Contact us or schedule time with one of our Cloud Advisors to learn more and obtain your code.

Help us keep the ideas flowing. If you have any blog posts that are leadership thoughts you want to share, please let us know.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Cumulus Global Offers Free IT Asset Disposal with Managed Cloud Services

/in ,

Managed Cloud Services by Cumulus Global

Cumulus Global Offers Free IT Asset Disposal with Managed Cloud Services

The company adds IT asset disposal and  lifecycle management to the Basic and Business tiers of its Managed Cloud Service offerings.

Cumulus Global proudly announces the addition of IT lifecycle management services to our Managed Cloud Service offerings. Available at the Basic, Business, and Enterprise levels, these services include asset tracking, access to low-cost extended warranties and accidental damage coverage, and free IT asset disposal services. 

“Properly disposing of IT assets and used electronics is necessary but not easy,” stated Cumulus Global CEO Allen Falcon. “Finding a reputable firm, disposal fees, handling fees, and shipping becomes expensive for most smaller organizations.”

The program, included in the company’s Managed Cloud Service offerings at no additional costs offers two levels of service.  For smaller quantities, customers box and inventory the items and receive prepaid US Postal Service shipping labels.  For larger quantities, a disposal team will come on site to box and ship the items.

“We are meeting an important and growing need for our clients,” noted Falcon. “Our service simplifies the process and saves money. It is a win-win for our clients and the environment.”

The addition of lifecycle management services is part of the Cumulus Global’s commitment to increasing value for clients.  These IT asset disposal and lifecycle management services complement the existing security, support, data protection, and co-management components of the company’s Managed Cloud Services.  Organizations interested in learning more can schedule an introductory call with a Cumulus Global Cloud Advisor.

About Cumulus Global

Managed Cloud Services for Small and Midsize Businesses, Governments, and Schools

Cumulus Global (www.cumulusglobal.com) is an industry-leading managed cloud service provider with a mission to deliver solutions with tangible value.

  • What We Do: We translate your business goals and objectives into solutions and services.
  • How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from co-managed services, ongoing support, and client success services that help you adapt as your business changes and grows.
  • What We Offer: Managed cloud solutions featuring Google, Microsoft, and more than three dozen providers.

For more information, schedule a no-obligation introductory meeting with a Cloud Advisor.

Cybersecurity in the Whitespace

/in

Cybersecurity White Space

A recent online post pointed out that the whitespace in the FedEx logo, between the “E” and “x”, creates an arrow. 

FedEx Logo

Once you see the arrow, you cannot miss it. You will see it every time you look at the logo.

The subtle, almost subliminal, arrow symbolizes a sense of forward motion and subconsciously reinforces the FedEx brand message of on-time delivery.

The power of the logo is not just the name, it is in the symbolism. The same is true for your cybersecurity.

The power of your cybersecurity is not just in the overt actions, success is in the whitespace.

Focus

Our cybersecurity efforts often focus on the concrete measures we can take to protect ourselves and prevent attacks. We deploy hardware, install software, and configure settings to both passively and actively protect our systems, data, and people. These actions are tangible and visible. 

Cybersecurity Whitespace

Equally important, if not more so, are the less visible cybersecurity efforts– your cybersecurity whitespace. Ask yourself these questions:

  • Is cybersecurity awareness a deliberate part of your culture?
    • Do you educate your team on their role in cybersecurity?
    • Do employees and contractors understand which behaviors help security and which can harm it?
    • Does your team understand how to recognize, report, and respond to security risks and attacks?
  • Do you have policies and procedures in place that set expectations for maintaining appropriate cybersecurity?
    • Do these policies and procedures include guidance and limits on human behaviors and actions that can pose or elevate risks?
    • Do you have consequences for negligent or deliberate non-compliance?
  • Do you understand the risks should a cyber attacker gain access to your systems?
    • Do you understand the protections you need in place to limit attacker access to identities and sensitive information?
    • Can you isolate attacks and prevent them from spreading across your environment?
  • Do you have plans in place to not only restore damaged or lost data, but to recover your business from a successful cyber attack?
    • Do you have cyber insurance?
    • Do you have clear action plans for how your business will respond to a successful cyber attack?
    • Will you be able to run your business while you recover your systems and data (and/or while computers are held as evidence)?
    • Do you have plans and resources in place to:
      • Comply with state and regulatory reporting requirements?
      • Communicate effectively with customers, vendors, and partners?
      • Manage your legal and financial liability?

Model for Success

Successful cybersecurity includes the visible and the whitespace. Our Security CPR™ model and managed security services include all three best-practice pillars:

  • Communication and education
    • Security awareness focused on human behaviors, risk recognition, and responding to suspicious acts.
    • Policies and procedures that guide and protect your business in line with compliance requirements.
  • Prevention and protection
    • Expertise, tools, and services to prevent cyberattacks and protect your business, data, and team.
    • Compliance assessment and management services to benchmark and certify to appropriate industry and regulatory standards.
  • Recovery and response
    • Business continuity services to keep your business running during forensic investigations and data/system recovery and restoration efforts.
    • Data restoration and disaster recovery plans and resources to return your business to normal operations as quickly and effectively as possible.
    • Cyber insurance brokerage partnerships to ensure your business is properly covered within your budget.

Call to Action

If you have not done so recently, now is a great time to step back and assess your IT services and solutions. Our Cloud Advisors are ready to help and assist with any questions or concerns. Start with a complimentary Rapid Security Assessment, contact us, or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Improve Your IT Atmosphere

/in

AtmosphereFor those of us who have played video games over the years, even though we are not hard-core gamers, the experience has changed. The technology has certainly advanced over time. More importantly, the user experience – the IT atmosphere – has improved.

Back in the day, video game sound provided basic contextual clues to guide your gameplay. Listen to a few seconds of the Atari Combat game soundtrack from 1977. With only 8 bits to work with, and speakers that could only play one note at a time, the beeps and buzzes react to player actions and provide a basic context for the game. 

Now listen to a minute of the Gusty Garden Galaxy Theme from Super Mario Galaxy from 2007. Even without seeing the game in action, you can hear and feel the motion of the game. The more than 80-piece orchestra does more than reflect player actions, it creates an atmosphere and sets a mood.

IT Atmosphere

The same evolution is true for your IT services. Historically, your IT services were there to help you complete tasks – send messages, write documents, and create spreadsheets. Today, your IT services should create a rich atmosphere that empowers your team and enables your business

From simple tools to feature-rich, integrated productivity suites, you and your team have access to features that save time and effort, foster collaboration, and save money.

And yet studies show that, on average, small businesses underutilize the tools they have. Studies show, for example, that small businesses only use 15% of their Microsoft 365 services. Oftentimes, lack of awareness (or education) results in adding other services and tools that duplicate existing features and capabilities.

Making Improvements

Creating an effective IT atmosphere involves more than having tools and services in place. An effective atmosphere is an environment that fosters communication, collaboration, and productivity for individuals and teams.

Know What You Have

Catalog the IT services and capabilities you have in place. Understand how your team is using the services and identify underutilized features and functions. Identify those that could be beneficial. 

Eliminate Duplicity

Remove duplicate and overlapping services from your environment. Ensure your team is using the same tools and resources. Create commonality and encourage sharing of best practices.

Educate, Train, and Support Your Team

Ensure your team is aware and understands how to take full advantage of the capabilities within their current workflows or as part of improved workflows. Guide team learning to align with their roles and responsibilities; keep it timely, relevant, and in digestible chunks. 

Manage Your Shadow IT

Shadow IT, the individual use of non-sanctioned tools, can trigger significant problems for your business. Beyond security and information privacy risks, shadow IT isolates information and people. Listen to why your team is using tools and work to ensure that those capabilities are within your ecosystem. Remove objections to using company systems while enforcing your policies.

Call to Action:

If you have not done so recently, now is a great time to step back and assess your IT services and solutions. Our Cloud Advisors are ready to help and assist with any questions or concerns. Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Pragmatic Security: Balancing Security Measures for Small Businesses

/in

Security vs UsabilityWhile on vacation recently, I did something that I did not think has been possible since July 1970. I boarded a commercial airline flight without having to go through security. No ID check. No metal detectors. The gate agent scanned the barcode on my ticket and I walked on board. The experience was, at first, confusing as I went from curb to gate with no security checks. I asked the gate agent why there was no security check; the answer was pragmatic security.

Pragmatic Security in Action

Airport security intends to prevent hijackings. I was traveling in New Zealand, which you know is an island country.  The nearest country, Australia, is at least a 3½  hour flight by jet. My plane was a dual engine turboprop with about 70 seats with and a range of 930 miles. It is impossible for the plane to leave the country.

Hijacking a regional flight in New Zealand is pointless, as you cannot escape the country. The security risk is miniscule.

In New Zealand, flights on regional planes do not have (or need) security checks. To board a jet, however, you will board at a “jet gate” having passed through all of the common security and ID checks.

Pragmatic Security for Your Small Business

The concept of pragmatic security also applies to IT and cybersecurity. Not every business needs every security measure. We can, and should, scale our IT and cyber security to meet our needs and priorities.

That said, the baseline has changed. In New Zealand, the baseline security for flights is that the customer has a ticket.  For smaller businesses, the historical baseline has been “a secure firewall/router, antivirus software, and email filters for spam.”

As we have discussed in other Security Update Series blog posts, we face new security demands from customers, insurance providers, and regulators. As cybersecurity risks increase, so do the solutions we need to implement.

Pragmatically: How Much Security is Enough?

While the answer varies based on your business needs, risks, and priorities, our Security CPR model provides a solid baseline. We are also proponents of understanding risks. As we discussed in this blog post, focusing on the most prevalent risks and the most damaging risks is the best place to start.  Designing your security solutions from these two angles provides a solid baseline of protections. Additional measures can be added as needed to meet industry or regulatory requirements.

Call to Action:

If you have not done so already, a baseline security assessment is a good place to start. Our Rapid Security Assessment provides a quick review of core security services. And our Cloud Advisors are ready to assist with any questions or concerns.

Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.