Posts

Cyber Protection Solutions for SMBs

Data protection iconAs our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. Your Cyber Protection 

Cyber Protection Needs

We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
    • Ensure you team understands the risk, educate them so they can avoid falling prey, create a culture of security and data privacy.
  • Protect & Prevent
    • Leverage advanced and “next gen” technologies to prevent attacks and to protect your networks, systems, data, and people from attacks.
  • Recover & Respond
    • No system is perfect; make sure you can recover your data and systems, return to normal operations, and respond to the technical, legal, and communication challenges.

Successful Cyber Protection relies on your policies and procedures, technologies, and people working in sync. Across more than a dozen focus areas, you need to balance the level or protection you need with the costs and with the risks of not doing enough. You need to balance external requirements, such as government and industry regulations, with internal priorities.

Your Cyber Protection Solution

To design and implement an affordable, integrated, and effective cyber protection solution for your business, start with a Cyber Protection Assessment (CPA).  A CPA will assess your needs, within the context of your business, and preferred solutions across 15 areas of focus:

  • Written Information Security Plan
  • Patches and Updates
  • Email Encryption
  • Data Destruction
  • Background Checks
  • Written Information Response Plan
  • Antivirus and Intrusion Detection
  • Email and Web Security
  • Account and Identity Management
  • Employee Training
  • Firewalls
  • Backup / Continuity / Disaster Recovery
  • File Encryption
  • Network Access Security
  • Responsible Parties

Using the results of the Cyber Protection Assessment, you can plan and implement your levels of protection in each area to create the balance that is best for your business.

Next Steps and Resources

Your best next step is to contact us and discuss your cyber protection status and needs with one of our Cloud Advisors. Consider using our Cyber Protection Assessment to understand your needs, current protections, gaps, and priorities.

Related Resources:

Evaulating SaaS Backup Solutions

Data protection icon

You have many choices when choosing your SaaS backup solution for Google Workspace (G Suite), Microsoft 365, Salesforce.com, and other cloud services.

When picking your solution, look for the data protection capabilities you need. At a minimum, a SaaS backup solution should offer the following.

Comprehensive Protection

Some SaaS backup solutions only protect email, files, and folders. Look for solutions that offer protection for contacts, shared drives, collaboration and chat tools, and calendars. Solutions with these features are far more effective at maintaining business continuity. And, the cost is often comparable.

Frequent Backups

More frequent backups let you to restore to a more recent point in time, minimizing data loss. Restores are faster and easier with less manual effort to perform restores. Services that backup multiple times per day will provide better results than those that only backup daily.

Access During Outages

Look for and choose a SaaS backup service that lets you export and access your data in the event of an outage. While limited in scope, the ability to use data should Google Workspace or Microsoft 365 be unavailable can help you keep essential work on-track.

Security & Compliance

The SaaS backup service you choose should be secure, with data encrypted at rest and in motion.  Additionally, services that meet SOC1/SSAE-16 and SOC 2 Type II reporting standards will help you meet HIPAA, GDPR, CCPA, SEC, and other regulatory compliance requirements.

Your Next Step:

We recommend you protect all data in Google Workspace or Microsoft 365 with a secure and robust backup/recovery solution.  Protecting your cloud-resident data is no different than protecting data hosted on servers and systems in your office. We can help you make the right choice.

For more information, view and download our eBook, SaaS Protection Buyers Guide.

Learn more about Cumulus Global’s data protection and security solutions, contact us to discuss you needs and options, or schedule a complimentary cloud advisor appointment.

3 Reasons for SaaS Data Protection

Data protection iconSaaS data is not immune to permanent data loss. Microsoft and Google make no guarantees when it comes to restoring deleted data, whether from human error or a malicious act. While Microsoft 365 and Google Workspace (formerly G Suite) may make collaboration more efficient, data protection and management is a shared responsibility. Both Google and Microsoft include some basic recovery capabilities, but they not enough to protect your business.

Here are 3 major reasons to add SaaS data protection to your Microsoft 365 or Google Workspace solution.

1: Data Loss Due to Permanent Deletion

If an employee accidentally deletes a critical spreadsheet from OneDrive or Google Drive, or a deleted folder of important emails passes the retention period in Trash, neither Microsoft nor Google will be able to recover your data.

Even if those files are within your retention period, locating and restoring lost data can cost you more time than you can afford.

2: Data Loss Due to a Ransomware Attack

If your business suffers a ransomware attack, you cannot roll-back your data to a point-in-time before the attack without a backup solution. Your data is likely gone forever.

More than losing valuable business data, you will face potentially crippling costs.  You may choose to pay the ransom (without any guarantee your files will be unlocked). You may work to rebuild your lost data. Either way, you will spend significant money, time, and lost productivity trying to save your business.

3. Time and Money Lost in Recovering Files

Retaining critical user data when employees leave your company is costly without a backup solution in place. The time spent to recover data might be more than what your business can afford. SaaS Data Protection lets you retain past employee data without the need to keep their Microsoft 365 or Google Workspace account active. You save time and money.

Whether you lose data or time, the impact to your bottom line can be significant. To address this challenge, you need a secure solution for this growing reliance on the cloud.

Learn more about Cumulus Global’s data protection and security solutions. To ensure your business continues to run smoothly, schedule a complimentary cloud advisor appointment.

Service Update: Datto SaaS Protection

Service Update: Datto SaaS Protection. The latest Datto SaaS Protection platform is now available to all of our costumers. For more recent customers, you are already on the newest platform.  For our longer term SaaS Protection (aka Backupify) customers, the transition process will begin as early as February 1, 2021. The process will complete before May 31, 2021.

Benefit:

With this move, all Datto SaaS Protection customers will have access to the latest features. These include protection for Microsoft Teams and Google Shared Drives, and the Daily Backup Success Report.

Process:

To ensure a smooth transition, any data on the legacy platform will be archived in one of Datto’s secure Microsoft Azure instances. A fresh backup set will initiate on the new platform. We can assist you in exporting your legacy backup data if you prefer to not have it stored by Datto on Microsoft Azure.

There are some unique aspects of the transition for some of our customers, our Service Team will contact you as needed to discuss your transition.

Please contact us with any questions or concerns.

SaaS Backup – 4 Dangerous Misconceptions

SaaS Backup is just as important, and necessary, as backups for data hosted on in-house servers and systems.

Data protection iconWith more remote work, our reliance on SaaS applications and services such as Microsoft 365 and Google Workspace has become more critical to our success. Easy access to files and folders from anywhere and the integrated collaboration tools keep our teams connected and productive.

Here are 4 common, but dangerous, myths and misconceptions about SaaS applications and services that will put your data and your business at risk.

Myth 1: SaaS Applications do not Require Backup

While SaaS applications protect against data loss in their cloud servers, this does not protect against user error, accidental and malicious deletion, or ransomware attacks. And while accidental deletion of files is by far the most
common form of data loss in SaaS apps, ransomware can be the most damaging. Ransomware is designed to spread across networks and into SaaS applications, impacting many users.

Ransomware isn’t only an on-premises problem. It can and does spread into the cloud, especially when using the OneDrive and/or Drive File Sync clients.

You need a way to quickly revert files, folders, settings, and permissions in the event of an attack.

Myth 2: File Sync is a Backup

While file sync tools like Microsoft OneDrive or Google Drive File Sync do create a second copy of files and folders, they do not replace backup. File sync automatically copies changes to synchronized files. If a file or folder is infected with ransomware, the malware will automatically be copied to all synced versions of that file.

File sync services do offer some restore capabilities via versioning, but they fall short of a true SaaS backup solution.

  • If a file is deleted, older versions of the file are also deleted
  • End users control backup and recovery, so you have no control over coverage or process
  • Large restores are a time-consuming, manual process.

Beyond simply lacking the restore capabilities of a backup solution, file sync and share can introduce ransomware to Microsoft 365 or Google Drive. File sync and backup are not competitive solutions, rather they can and should be used together.

File sync and share tools are for productivity; backup is for data protection and fast restore.

Myth 3: SaaS Applications are Always Available

While SaaS apps are highly reliable, outages do occur. In 2020 alone, Microsoft 365 suffered five significant outages in the space of six weeks. Last year, Google Workspace suffered a global outage, leaving users with no access to for several hours.

Outages and slow restore times are not just an inconvenience. When you cannot access important business data, productivity falls and revenue suffers. Creating backups that are independent of a SaaS provider’s cloud servers is the only way to ensure access to essential files in the event of an extended outage.

Myth 4: Microsoft and Google are Responsible for Backup

Microsoft and Google ensure they will not lose your cloud data. However, they do not take responsibility for restoring data if you lose it. This is why Microsoft recommends third party backups for Microsoft 365 data, having defined the concept of the Shared Responsibility Model.

In the Shared Responsibility Model:

  • Microsoft and Google protect your data against:
    • Service interruptions due to hardware or software failure
    • Loss of service due to natural disaster or power outage
  • You must protect your data against:
    • Accidental deletion and damage
    • Hackers, ransomware attacks, other malware
    • Malicious insiders

The Shared Responsibility Model places the onus of data protection squarely on you. Google and Microsoft are responsible for keeping their systems up and running; you are responsible for preserving and securing your data.

To review your data protections, and your ability to recover from accidental or malicious loss, contact us or schedule an appointment with our Cloud Advisors.

9 Cyber Security Tips

Since the start of the COVID-19 pandemic, cyber threats and ransomware attacks have accelerated, exceeding 30,000 attacks per day in the US. Cybersecurity measures have never been more important. The move to remote working environments as well as the vulnerability of global economies in crisis has created an open-season for cybercriminals. No business—big or small—is safe.

Small and medium businesses (SMBs) seemingly have a target on their backs, so strengthening your security posture is essential right now. The good news: There are ways to protect your business against ransomware attacks.

Here are nine tips you that boost your business’ resilience to cyber attacks:

Communicate & Educate

1. Conduct a security risk assessment. Understand potential security threats (e.g., downtime from ransomware) and the impact they may have on your business (lost revenue). Use this information to shape a security strategy that meets your specific needs.

2. Create straightforward cybersecurity policies. Write and distribute a clear set of rules and instructions on cybersecurity practices for employees. This will vary from business to business but may include policies on social media use, bring your own device, authentication requirements, etc.

3. Train your employees. Because cybersecurity threats are constantly evolving, an ongoing training plan should be implemented for all employees. This should include examples of threats, as well as instruction on security best practices, and periodic testing.

Prevent & Protect

4. Protect your network and devices. Implement a password policy that requires strong passwords and monitor your employee accounts for breach intel through dark web monitoring. Deploy firewall, VPN, and next-gen antivirus technologies with advanced threat protection. Ensure your network and endpoints are not vulnerable to attacks. Implement mandatory multi-factor authentication. Ongoing network monitoring is essential, as is encrypting hard drives.

5. Keep software up to date. Be vigilant about patch management. Cyber criminals exploit software vulnerabilities using a variety of tactics to gain access to computers and data. Your IT provider should automate this for your businesses with a remote monitoring and management. Keep your mobile phones up to date as well.

6. Back up your data. Daily (or more frequent) backups are a requirement to recover from data corruption or loss resulting from security breaches. Consider using a data protection tools that take incremental backups of data periodically throughout the day to prevent data loss. Remember that you need to protect your data in the cloud as well as you protect your data on local servers and workstations.

7. Know where your data resides. The more places data exists, the more likely it is that unauthorized individuals will be able to access it. Use data discovery tools to find and appropriately secure data along with business-class Software-as-a-Service (SaaS) applications that allow for corporate control of data. Eliminate redundant and “Shadow IT” services.

8. Control access to computers. Use key cards or similar security measures to control access to facilities. Ensure that employees use strong passwords for laptops and desktops. Give administrative privileges only to trusted staff as needed.

Respond & Recover

9. Enable uptime. Choose a powerful data protection solution that enables “instant recovery” of data and applications. In fact, 92% of managed IT service providers report that companies with business continuity disaster recovery (BCDR) products in place are less likely to experience significant downtime from ransomware and are back up and running quickly. Application downtime can significantly impact a business’ ability to generate revenue. Can your business afford downtime costs that are 23X greater (up by 200% year-over-year) than the average ransom requested in 2019?

The best defense is a good offense. A robust, multi-layered cybersecurity strategy can save your business. Contact us to learn more and for a free Cyber Security Assessment.

COVID-19 Survey: Revenue Losses and Diminishing Cash Reserves

In a national survey of more than 2400 businesses conducted and published by American City Business Journals finds that small and midsize businesses are seeing severe impacts from the COVID-19 pandemic.

The Impacts: Profits, Revenue, Cash, and Survivability

About 69% of respondents have seen revenue decline since the major onset of COVID-19 in March 2020.  Of those seeing revenue decline, close to half see revenue falling by 50% or more year over year.

Additionally, 47% indicate that they have not been profitable and nearly one third report being cash flow negative over the first six months of the pandemic. About 70% of those losing money are losing more than $10,000 per month and 64% will run out of funds within the five months.

About 40% of respondents raised cash through loans or equity investments since March 1, with 91% of these businesses receiving loans from a federal stimulus program, such as the Paycheck Protection Program. These funds were predominantly used to cover payroll and operating expenses as opposed to funding investment or growth.

Change in Focus

With the stark financial impacts, most smaller businesses are changing their focus. Rather than looking forward one to three years, most SMBs are focuses on the current and next quarter. The shift from strategic to tactical is a direct response to the many unknowns of the pandemic, the near-term economy, business sector and market impacts, and government recovery and stimulus plans.

The near-term focus makes sense as we look to minimize costs, conserve cash, and ensure profits and our sustainability.

Where IT Services Can Help

Leveraging the right IT services can help you prepare and react to changes as you navigate the on-going unknowns.  Here are 5 ideas to consider.

Audit your IT services for redundant services.
  • Most businesses find they are paying for multiple services with redundant or overlapping capabilities.
  • In many instances, we see businesses paying for third party services that are available for no additional cost in their productivity suites.
  • Eliminating duplication will require some change of habits, but can dramatically reduce on-going IT costs.
Audit your communication tools.
  • Are you paying for, and not using your available communication tools?
  • Chat, video, and collaboration tools are standard in Microsoft 365 and G Suite, and can reduce or eliminate the need for expensive voice, teleconference, video conference, and online meeting solutions.
  • A modest investment in training/education can help minimize communication costs.
Replace file servers with file services.
  • Most businesses using Microsoft 365 or G Suite are storing files in these systems; these same businesses still run on-premise or hosted file servers.
  • OneDrive, SharePoint, My Drive, and Shared Drives make it easy to save, share, and manage files.  The OneDrive and Drive File Stream clients connect your end user applications to your cloud file services.
  • Moving files from servers to cloud services eliminates the need for physical services, monthly MSP monitoring fees, backup/recovery costs, anti-virus costs, and more.
  • If your staff need to access your on-premise services remotely, you may also be able to reduce or eliminate expenses related to VPN and other remote access services.
  • While you will still want and need to protect cloud-resident files, your cost to store, share, and manage files will be lower.
Move applications and systems from on-premise to cloud
  • You can lower you monthly operating costs and give you the ability to scale your resources and costs up and down as needed on a monthly basis.
  • Make it easier to reduce your physical footprint for potential savings on rent and utilities.
  • Scale your services up and down as needed to avoid unnecessary costs and capital expenditures.
Execute a service and data governance strategy
  • Scale services up and down as needed to manage costs
  • Ensure data is secure, managed, and protected
  • Leverage data archiving services to minimize active account costs

To explore your options and best next moves, contact us for a complimentary Cloud Advisor session.


 

SBA Re-Opens Disaster Loan and Grant Program

(Published 6/17/2020)

The Small Business Administration (sba.gov) announced earlier this week that small businesses can again apply for relief via the Economic Injury Disaster Loan (EIDL) program.  This includes applications for fee, up to 10,000 advances, regardless of the loan’s approval.

The interest rate is fixed at 3.75 percent and terms run from 2 to 30 years based on each borrower’s cash flow and ability to make payments. You can defer an EIDL for a year and can use the funds for “debts, payroll, accounts payable, and other bills that cannot be paid due to the impact of the disaster and that are not already covered by a Paycheck Protection Program loan,” the SBA wrote in a news release.

You can request an advance of $1,000 per employee, up to a combined $10,000. This advance will not have to be repaid, and small businesses may receive an advance even if they are not approved for a loan. If you have received a Paycheck Protection Program (PPP) loan, the amount that can be forgiven will be reduced by the amount of your EIDL advance.

Some agricultural businesses are now also eligible as a result of the latest round of funds appropriated by Congress in response to the COVID-19 pandemic.

Unlike PPP loans, you must apply directly through the SBA, and not through a lender. Click here to learn more or here to apply.

Resources for Opening Safely

(Published 5/21/20)

As part of our commitment to collate and share COVID-19 response and recovery information , we have compiled resource list to help you safely and appropriately open your physical locations.

General Guidance

Worker Safety and Accommodations

Unemployment Insurance

Families First Coronavirus Response Act (FFRCA)

Cleaning and Disinfecting

Social Distancing

Screening / Monitoring Employee Health

Business Travel Limitations

Protective Equipment


For more COVID-19 related assistance, please contact us.


 

SBA Clarifies “Good-Faith” Certification for PPP Loans

(Published 5/13/20)

The US Small Business Administration, today, published and update to the PPP Frequently Asked Questions (PDF) to clarify confusion regarding loan audits and the “Good Faith” certification of need signed as part of the loan application process and form. The SBA added Question 46 as, “How will SBA review borrowers’ required good-faith certification concerning the necessity of their loan request?”

To summarize the impact

  • PPP loans under $2 million will not be audited.
  • Affiliated PPP loans will be consolidated for audit purposes.
  • The term “current economic uncertainty which makes the PPP loan request necessary to support the ongoing operations” was not clearly defined. Audits will most likely be based on individual facts and circumstances for each borrower.
  • Borrowers and affiliated borrowers with loans in excess of $2 million should be prepared to support their need of a PPP loan with documentation.

The full content of the question and answer is quoted as follows:

Question: How will SBA review borrowers’ required good-faith certification concerning the necessity of their loan request?

Answer: When submitting a PPP application, all borrowers must certify in good faith that “[c]urrent economic uncertainty makes this loan request necessary to support the ongoing operations of the Applicant.” SBA, in consultation with the Department of the Treasury, has determined that the following safe harbor will apply to SBA’s review of PPP loans with respect to this issue: Any borrower that, together with its affiliates, received PPP loans with an original principal amount of less than $2 million will be deemed to have made the required certification concerning the necessity of the loan request in good faith.

SBA has determined that this safe harbor is appropriate because borrowers with loans below this threshold are generally less likely to have had access to adequate sources of liquidity in the current economic environment than borrowers that obtained larger loans. This safe harbor will also promote economic certainty as PPP borrowers with more limited resources endeavor to retain and rehire employees. In addition, given the large volume of PPP loans, this approach will enable SBA to conserve its finite audit resources and focus its reviews on larger loans, where the compliance effort may yield higher returns.

Importantly, borrowers with loans greater than $2 million that do not satisfy this safe harbor may still have an adequate basis for making the required good-faith certification, based on their individual circumstances in light of the language of the certification and SBA guidance. SBA has previously stated that all PPP loans in excess of $2 million, and other PPP loans as appropriate, will be subject to review by SBA for compliance with program requirements set forth in the PPP Interim Final Rules and in the Borrower Application Form. If SBA determines in the course of its review that a borrower lacked an adequate basis for the required certification concerning the necessity of the loan request, SBA will seek repayment of the outstanding PPP loan balance and will inform the lender that the borrower is not eligible for loan forgiveness. If the borrower repays the loan after receiving notification from SBA, SBA will not pursue administrative enforcement or referrals to other agencies based on its determination with respect to the certification concerning necessity of the loan request. SBA’s determination concerning the certification regarding the necessity of the loan request will not affect SBA’s loan guarantee.

Webcasts

Next Normal: IT Efficiency

3T@3 Webcast Series: Tuesday, Feb 23rd at 3:00 PM

COVID-19 and the events of the past 10 months have, and continue, to change the way we run our businesses.  While some of these changes are temporary, many will become part of our next normal. For many of us, these changes came in a scramble to work from home. With respect to IT, this has many businesses using new, often redundant apps and systems.

Are the IT choices made during the crisis the best for your business in the long term?

This month’s 3T@3 Webcast, is the first in our “Next Normal” series looking at how we adapt, prepare, and respond to economic, social, and business changes.  We start the series exploring “IT Efficiency.”  We see where many small businesses signed on to services in order to adapt to mandatory closures, reduced office capacity, and parents’ need to be present for children learning remotely. Many of these service duplicate features in other systems, resulting in excess cost and lost productivity.  Join Cumulus Global CEO Allen Falcon to identify how you may streamline your IT services, reduce costs, and improve efficiencies.

Watch the recording on-demand



Data Protection & Security

library

15 Best Practices for Cyber Protection

eBook Source: Cumulus Global

As our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
  • Protect & Prevent
  • Recover & Respond

Policies and procedures, technologies, and people are all part of the equation, as is cyber insurance for financial protection. Deciding where and how to invest is a value proposition balancing costs, benefits, and the risks of inaction. 

In this eBook, we look at 15 Best Practices for Cyber Protection. We rank solutions from “bad” to “best”. Your business may not need the “best” solution for every area; you can match services and costs to your risks and needs. 

These best practices improve your protection, mitigate liabilities, and facilitate affordable cyber insurance coverage.

Please confirm you information below to view and download the eBook.



SaaS Protection Buyer’s Guide

eBook Source: Cumulus Global

Microsoft, Google, and other cloud providers backup their infrastructure. They ensure that their services are running and accessible. You, however, are responsible for managing, securing, and protecting your data.

This eBook guides you through common myths about cloud services, why SaaS protection is important, and selecting your SaaS protection solution.

Please confirm you information below to view and download the eBook.