Posts

3 Secrets to Avoiding IT Problems

/in

Problem and SolutionIf you are a sole practitioner, a solopreneur, or the owner of smaller businesses, you face unique technology challenges. You, and businesses like yours, are uniquely dependent on your technology.  Your computer and phone are critical tools without which your business can screech to a halt.  Avoiding IT problems is critical. And yet, you do not have time to be the IT guru. You may not have access to, or the budget for, traditional IT services.

The good news is that you can take steps to avoiding IT problems without overspending.

1 Stay Current

When we say “stay current”, we do not mean spending hours reading and studying the lasted IT advancements and opportunities.  Stay Current means keeping your systems up to date.

  • Make sure you regularly apply Windows (or MacOS) updates.
  • Windows Update should also inform you of firmware updates from your laptop manufacturer.
  • If you are not running cloud-based software that updates automatically, make sure your desktop applications are up to date as well.

Staying current with system and application updates ensures you have the latest system-level security protections in place. It is common for security experts to find “holes” in Windows and applications. Updates fix these risks and reduce the chance of a successful malware, ransomware, or other form of cyber attack.

2 Security CPR

Security CPR is our model for pragmatic protection for your business.

  • Communicate & Educate:
    • Know that even your business is a target;
    • Understand the current nature of cybersecurity risks; and
    • Learn how your behavior can prevent or enable attacks.
  • Protect & Prevent:
    • Deploy security solutions focused on stopping the most common type, and the most damaging, cyber attacks on small businesses.
      • Email advanced threat protection and next-gen endpoint protection, for example, protect you from attacks steal your identity and passwords.
      • Proper DNS configuration can stop cyber attackers from impersonating you or your business.
    • Include low-cost and no-cost solutions like multi-factor authentication (MFA) and local disk encryption to prevent access should an account get compromised.
    • Ensure you meet industry and legal security and privacy regulations and requirements; several states are imposing regulations above and beyond more familiar requirements (PCI, HIPAA, etc.).
  • Respond & Recover:
    • No protection or prevention is perfect.
    • Use affordable services that not only recover your data, but let you continue operating while you recovery.
    • Be prepared to address the customer service, legal, and financial aspects of a successful cyber attack. Cyber Insurance is a key component.

Many of your peers assume that security will be too expensive. They see the press coverage and read the articles, failing to realize that tech media targets larger businesses.  Our Security CPR model focuses on balancing risks, protections, and costs to deliver the best value for your business, and smaller business like yours.

Additionally, the model helps you with avoiding IT problems beyond security and compliance. The same solutions help you minimize the risk of hardware problems and software issues while making it easier to recover should something go wrong.

3 Partner with a Pro

If you are worried that you cannot afford expert IT services, you are not alone.  Most sole practitioners and owners of smaller businesses worry about upfront and on-going IT costs. As a result, you may turn to family, friends, or the “guru” in the blue shirt at the store in the mall. Even if your go-to person is in IT,

  • Do they focus on your needs as a small business?
  • Are they available when needed?
  • Do they plan ahead, or only offer guidance when it is time to make a purchase or after a problem?
  • Are they helping you get the most out of the features and capabilities of your IT services?

It is easy to let concerns about cost get in the way of IT services than can truly help you and your business thrive and grow.

A single IT problem can easily cost more, directly and indirectly, than using IT professionals to plan, manage, and support your business. An unexpected failure or cyber attack can disrupt your business for days, resulting in missed deadlines, lost revenue, unexpected costs, and a damaged reputation. Sound planning and active management prevents problems. The right services are key to avoiding IT problems, keeping you operational, and helping you recover should the unexpected happen.

Focus on value.

The right cloud solutions simplify your IT services. Simple reduces the number of things — hardware, software, services — to learn, manage, and support. Matched with the right guidance, management, and support, the right IT services more than pay for themselves.

How Cumulus Global Can Help You Avoid IT Problems

We build our Essential and Basic Managed Services to meet your needs as a solopreneur or owner of a smaller business. Leverage the cloud; focus on key solutions; Rely on expert guidance, management and support.

Explore how our Managed Cloud Services can help you and your business. Click here to schedule a call with a Cloud Advisor or send us an email. There is no cost and no obligation.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

 

The #1 Security Solution that Costs You Nothing: Multi-Factor Authentication

/in

Security KeyWe have all seen and heard the warnings about the ever increasing number of cyber attacks against small business.  More than crypto-ware, small and midsize businesses are targets of other forms for ransomware, impersonation, crypto-mining, and business email compromise attacks. The threats are real, as are the operational and financial risks to your business. Multi-Factor Authentication, or MFA, is an effective, “no cost” solution.

Along with the warnings, you are likely, almost certain, to receive pitches, promos, and offers for a never-ending array of security tools and services.  Like other small and midsize businesses, you lack the bottomless budget. You cannot do it all; you need to prioritize your spending on security products and services with the biggest bang for the buck.  “No Cost” solutions are, of course, the best option when they work.

Protect versus Prevent With Free Multi-Factor Authentication

Some security solutions protect your and your systems, other prevent access and actions.  The difference is important.

Protection solutions help stop attacks from happening.  Services like advanced threat protection and next-gen endpoint protection stop phishing, infecting attachments, and dangerous link attacks by blocking the attack from reaching you or your team.

Prevention solutions stop attackers from successfully accessing your systems and data.  These solutions work after a cyber-attacker has figured out, or purchased, your identity.

In reality, you need both types of solutions. Protection solutions provide the broad shield against targeted and broad scale attacks. Since no protection is perfect, prevention solutions stop the attackers before they can get in and do damage.

“No Cost” Prevention: MFA

The good news is that you can deploy the most effective prevention solution, Multi-Factor Authentication, at “no cost.” We put “no cost” in quotes because, while the basic solution is free, you will need to spend some time setting it up and educating your team.

Multi-Factor Authentication is an authentication method that requires the user to provide two or more verification factors to gain access or entry to a system, application, or other online account or resource.  Most of the applications and systems you use, including Google Workspace and Microsoft 365, include MFA as security feature and option.

These integrated MFA services often provide the second level of verification via SMS message, single-use link, and/or an authenticator app on your smart phone. In general, using an authenticator app is considered more secure than SMS message or single-use link.

As reported by Microsoft in 2019, MFA can block more than 99.9% of account compromise attacks.  If a cyber attacker has your username and password, MFA is the best way to prevent them from getting in and doing harm.

Overcoming Objections with a Free MFA

When putting MFA in place, you may get some pushback or hesitation from your team.

  • MFA does add extra steps when logging in, an inconvenience for your team.
  • As you likely run several apps and systems, your team will need to setup multiple entries in one, or more, authenticator apps.
  • Your team may need to create and save “backup access codes” in case of system or access issues.

While your team may object to the inconvenience, the added effort is reasonable given the level of prevention.

You Can Do More with a Free Multi-Factor Solution

If the number of accounts, passwords, and MFA services is too much, you have options. While they come with a price tag, single sign-on (SSO) and identity and access management (IAM) services can minimize the inconvenience.  Most small and midsize businesses do not see the value given the cost, but it remains an option.

We Can Help

Configuring and managing MFA is part of our Basic, Business, and Premium Managed Cloud Services. We can also help you put MFA in place for your current IT services. For more information, click here to schedule a call with a Cloud Advisor or send us an email.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Cyber Protection Solutions for SMBs

/in

Data protection iconAs our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. Your Cyber Protection 

Cyber Protection Needs

We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
    • Ensure you team understands the risk, educate them so they can avoid falling prey, create a culture of security and data privacy.
  • Protect & Prevent
    • Leverage advanced and “next gen” technologies to prevent attacks and to protect your networks, systems, data, and people from attacks.
  • Recover & Respond
    • No system is perfect; make sure you can recover your data and systems, return to normal operations, and respond to the technical, legal, and communication challenges.

Successful Cyber Protection relies on your policies and procedures, technologies, and people working in sync. Across more than a dozen focus areas, you need to balance the level or protection you need with the costs and with the risks of not doing enough. You need to balance external requirements, such as government and industry regulations, with internal priorities.

Your Cyber Protection Solution

To design and implement an affordable, integrated, and effective cyber protection solution for your business, start with a Cyber Protection Assessment (CPA).  A CPA will assess your needs, within the context of your business, and preferred solutions across 15 areas of focus:

  • Written Information Security Plan
  • Patches and Updates
  • Email Encryption
  • Data Destruction
  • Background Checks
  • Written Information Response Plan
  • Antivirus and Intrusion Detection
  • Email and Web Security
  • Account and Identity Management
  • Employee Training
  • Firewalls
  • Backup / Continuity / Disaster Recovery
  • File Encryption
  • Network Access Security
  • Responsible Parties

Using the results of the Cyber Protection Assessment, you can plan and implement your levels of protection in each area to create the balance that is best for your business.

Next Steps and Resources

Your best next step is to contact us and discuss your cyber protection status and needs with one of our Cloud Advisors. Consider using our Cyber Protection Assessment to understand your needs, current protections, gaps, and priorities.

Related Resources:

4 More Protections for Your Business

/in

Data protection iconIn our last blog post, we identified 3 must-have protections for any business using Google Workspace or Microsoft 365.

  • Backup/Recovery
  • Advanced Threat Protection
  • Multi-Factor Authentication

In combination, these protections help prevent successful attacks and give you the ability to recover should an attack be successful.

Here are 4 more protections for your business

Putting these protections in place improves your ability to prevent attacks, and your ability to survive.

1 Next-Gen Endpoint Protection

Basic anti-virus protection is not enough. Scanning files for known or similar patterns will not protect you from modern malware or ransomware.

Next-Gen Endpoint Protection solutions use advanced heuristics, behavior analysis, and machine learning to assess threats in real-time.  These solutions identify attacks, prevent them from running, and roll-back damaging activity.

2 DNS and Web Protection

Cyber attacks are not all breaches. Attackers can use DNS to block your use of the Internet or to impersonate you and your business. Both types of attacks hurt your business and your reputation.

Between 15% and 20% of malware is downloaded without your knowledge from websites. This malware is often hidden in third party content on websites your trust.

DNS protection creates a protective barrier that prevents others using your DNS service against you. Web Protection blocks dangerous web sites and prevents malware downloads to your devices.

3 Employee Communication and Education

Ignorance is not bliss. Employees who know are less likely to make a mistake and trigger an attack or breach. You want your team to understand:

  • The danger of cyber attacks and how to avoid them
  • The likely damage form cyber attacks
  • What to look for
  • What not to do

Employee communication and education is key to creating an aware and resilient team. Combined with testing and guidance, a communication and education program reinforces positive behaviors with on-going guidance and support.

4 Business Continuity for On-Premise Systems

Most small and midsize businesses still have some on-premise systems. The connectivity and integration across systems creates an increased risk for damage and loss. Even with backup/recovery in place, restoring systems, databases, applications, and data can take days. You want, and need, to be back in business quickly — in minutes or hours.

Business Continuity/Disaster Recovery (BCDR) solutions enable you to resume operations within minutes using images of your systems running in cloud data centers. With BCDR in place, your business runs smoothly while you recover your on-premise systems.

Failing to protect your data and systems is a failure to protect your business.  Contact us for a free assessment of your data and business protection needs.

3 Must-Have Protections for Microsoft 365 and Google Workspace

/in

Data protection iconMicrosoft 365 and Google Workspace protect your data using a shared responsibility model.  They provide redundancy and backup to ensure your service is performing, available, reliable, and secure.  You are responsible for controlling access, managing permission, and protecting your data from loss.

Here  are 3 Must-Have Protections for your Microsoft or Google Cloud Services

 

1Backup Protection for your Data

Data in the cloud is just like data stored on local servers and workstations. Information in in Microsoft 365 or Google Workspace can be lost due to accidents or malicious acts.

  • User action — overwrites and deletes — can destroy content and files, whether accidental or deliberate.
  • Malware and ransomware corrupt files that sync to OneDrive, SharePoint, and Google Drive, can damage or delete your files.
  • Integrated third party apps can damage or delete information.

You need, and want, the ability to restore files, emails, contacts, and other information. A secure backup/recovery solution protects your data, and your business.

2Advanced Threat Protection

Cyber attacks come in many forms. The most common and most effective attacks still use email. Cyber criminals use behavior science and advanced phishing techniques to access your systems, collect personal information, steal data, and ransom your business.

Advanced Threat Protection (“ATP”) is more than “spam and virus protection.” ATP uses machine learning, advanced analytics and heuristics, and behavior analysis to identify and prevent cyber attacks from reaching your inbox. Methods like sandboxing safely test links and attachments before delivery.

Even an educated and aware team can and will fall prey to attacks. Prevention is key.

3  Multi-Factor Authentication

Your team members are human. While they may understand and respect the need for robust and unique passwords, human nature always tries to balance convenience.  Studies show that 70% of us will use the same, or substantially similar, passwords across systems. A hack or breach in a third-party tool poses a significant risk to your employees’ work identities.

A compromised identity does not enable access when you have additional authentication steps. Authenticator apps, dynamic security codes, and security tags/fobs each add physical verification to your digital access.

With cyber attacks on the rise, better protection is worth the minor inconvenience of multi factor authentication. Multi factor authentication delivers one of the best protections against breaches and unauthorized access.

Failing to protect your data in Google Workspace or Microsoft 365 is a failure to protect your business.  Contact us for a free assessment of your data and business protection needs.

Webcasts

Streamlining Security

/in

(5/17/2022) – While small businesses are more vulnerable and more frequent targets of cyber attacks, constant fear-mongering and hype does not help. Sound business practices, not fear, should be your motivation to protect against cyber attacks.

Read more

Next Normal: IT Efficiency

/in

(02/23/2021) – COVID-19 and the events of the past 10 months have, and continue, to change the way we run our businesses. Are the IT choices made during the crisis the best for your business in the long term?

Read more

library

15 Best Practices for Cyber Protection

/in

eBook | Source: Cumulus Global 

Read more