Posts

Streamlining Security for SMBs

Security, Privacy, & ComplianceStreamlining security is a more balanced message about why and how to protect your business. Over the past year, we have covered the on-going, and increasing, threats to small businesses.  We often highlight the scope and severity of the risk.  Hopefully this information, along with cost-effective solutions, prompts you to act. At times, we may appear to be fear-mongering.

Sound business practices, not fear, should be your motivation to protect against cyber attacks.

The market is awash with security solutions. These range from single-protection products to complex advanced security monitoring and response services.  The number of options, and competing claims, is overwhelming.

Our Recommendation: Focus protections on the most common, and most damaging, types of attacks.

1. Focus on Risks

We know that:

  • More than 80% of cyber attacks start with, or involve email via phishing and other social engineering tactics
  • Ransomware is the most common type of attack
  • Business email compromise (BEC) is the most costly type of attack
  • Attacks via DNS and web content are becoming more of a risk

As such, small and midsize businesses should focus on preventing these types of attacks. Plan to limit your security approach and spending to prevention and recovery from these risks.

2. Use our CPR model as a guide

Communication and Education

Make sure your team knows how to spot an attack and what to do if they suspect an attack.  They should know the risks and steps you are taking to protect your business.

Periodically sharing articles or updates may be sufficient.  Subscribing to a security awareness training service is an affordable way to provide this education. Your cyber insurance policy may require this service.

Protect and Prevent

To protect your business from the greatest risks, put the following solutions in place:

  • Multi-Factor Authentication (MFA)
  • Encrypt data at rest, including on servers, desktops, and laptops
  • Use advanced threat protection (ATP) on all email accounts for inbound messages
  • Ensure your endpoint protection (local anti-virus) is a next-gen solution
  • Use DNS/Web protection to prevent harmful downloads

Specific to business email compromise attacks and ensuring your legitimate emails are not flagged as dangerous, ensure your domain configuration include the following protocols and services:

  • An accurate and complete Sender Policy Framework (SPF) record
  • DomainKey Identified Mail (DKIM) for all sources of email (including marketing tools)
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC)

Respond and Recover

Even with protections in place, cyber attacks can be successful.  Ensure that you can return to operations quickly, even as a full recovery may take time. Your ability to recover and respond should include:

  • Backup/Recover data stored in the cloud (Microsoft 365, Google Workspace, etc.), as well as on local servers, desktops, and laptops
  • Continuity services so you can run images of key servers, desktops, and laptops if they are damaged by an attack

Note that continuity services also protects you from the impact of hardware issues, theft, and other losses.

Start with an Assessment

For a limited time, our Rapid Security Assessment is free of charge. Complete a 3 minute survey and receive a detailed report benchmarking your basic security services with respect to the most common cyber attacks against small and midsize enterprises.  

To learn more, please join us on May 17th at 3:00 PM ET for Streamlining Security, our May 3T@3 Webcast or schedule a no-obligation call with one of our cloud advisors.


Business Email Compromise – The Costliest Type of Cybercrime

Email, Communications, & MobilityWhile the massive number and scale of ransomware attacks get the most media attention, Business Email Compromise (“BEC”) attacks are the costliest type of cybercrime. In a BEC attack, the criminal impersonates you and convinces somebody who trusts you to send money. While successful attacks often begin with unauthorized access to your email account, savvy criminals use email and domain impersonation techniques. They trick others into thinking that you are asking for, or instructing them to complete, a money transfer.

As we noted in this recent post, real estate agents and brokers are prime targets of Business Email Compromise attacks because they regularly discuss transferring large amounts of money with their clients. As noted in this recent article from the Associated Press, however, BEC attacks are hitting a wide range of small businesses, nonprofits, and schools.

Business Email Compromise attacks succeed when cyber criminals are able to collate enough information about you to gain access to your account or impersonate you.  Here is how they do it:

  • Given that you use your email address to log into many systems, a third party breach can provide attackers with your email address and enough information to calculate your password.
  • Third party breaches often provide hackers with enough personally identifiable information (PII) about you to launch a successful phishing attack that captures your username and password.
  • Scanning social media posts can also provide hackers with enough PII to successfully phish for your identity.
  • Malware, known as an Advanced Persistent Threat (APT), that makes it past your endpoint protections can gather usernames, passwords, and other information while running undetected on your computer.

Protect Your Identity

To keep your email account secure, you need to protect your identity.

  • Understand the risks and follow practical advice for safe online hygiene. Use unique, complex passwords across systems; avoid oversharing personal information; and learn to recognize phishing and impersonation attacks.
  • Use “Next-Gen” endpoint protections to prevent zero-day attacks, APTs, and more traditional forms malware.  These solutions use heuristics, AI, and behavioral analysis of files to identify an attack. They can also “roll back” changes to stop an attack.

Secure Your Email Service, and All of Your Services

Even as you protect your identity, you still need to secure your email service.

  • Advanced Threat Protection (ATP) protects your account from phishing attacks, bad links, infected attachments, and other risks. ATP verifies sender information and test links and attachments in a “sandbox”, allowing safe messages to arrive in your inbox.
  • Two-Factor Authentication (2FA), or Multi-Factor Authentication (MFA), can prevent access to your accounts if your username and password are compromised.
  • Ensure that all of your information is encrypted at-rest and in-motion. Your email service should use Transport Layer Security (TLS) to encrypt messages between sending and receiving services.  Encrypt files on your local disk, on any file servers, and in the cloud.

Prevent Email and Domain Impersonation

As noted in this recent blog post, you can use three (3) levels of protection to prevent email and domain impersonation.

  • Sender Policy Framework (SPF): Authenticates addresses you use to send email.
  • DomainKeys Identified Email (DKIM): Digitally signs messages to ensure emails are not altered en-route.
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC): Authenticates email origin and instructs recipients how to process bad messages. A DMARC service will track and report any potential issues.

These protocols and a DMARC monitoring service offer the best protection against BEC and impersonation attacks. They also help improve the deliverability of your email. Our ebook, Email Security: Good, Better, Best, dives deeper into this topic.

For a limited time, our Rapid Security Assessment is free of charge. Complete a 3 minute survey and receive a detailed report benchmarking your basic security services with respect to the most common cyber attacks against small and midsize enterprises.  

 

Security Trends Will Impact Small Businesses

Security, Privacy, & ComplianceSpeaking at a recent CRN-hosted security summit for midsize enterprises, Paul Furtado, Gartner’s Vice President of Midsize Enterprise Security stated, “The only thing harder than defending yourself against a cyberattack is telling your executives and your partners why you didn’t do enough to protect yourself.”  His comments reflect current security trends from our historic “Trust but Verify” security model to one that is “Never Trust; Always Verify” — also known as Zero Trust.

Expectations are changing and our tolerance for breaches is dropping.  More than 56% of successful attacks exploit known vulnerabilities with patches available for more than 90 days.  Frankly, many of us are failing at the fundamentals of IT security and this needs to change.

While smaller in size, SMBs remain prime targets of cyber attacks.  With “Ransomware as a Service” readily available, finding and attacking vulnerable small businesses is inexpensive and effective.  SMBs are more likely to have fewer security protections; SMBs are less likely to be able to recover from an attack and more likely to pay ransoms.

Here are 7 security trends that warrant our attention and action:

1 Zero Day Exploits

As the name implies, Zero-Day  Exploits take advantage of newly discovered security holes before our tools and systems can be updated to prevent an attack.

Next Gen solutions are needed to protect from attacks on devices, in the flow of email, and in web traffic.

2 Insider Threats

Insider risk refers to every account that has access into an organization’s environment such as service accounts, custom integrations, and API accounts. Insider threats, meanwhile, are the small percentage of insiders actually doing something that will cause a security incident, intentionally or not.  For example, the increased use of QR codes allows attackers to create malicious QR codes that install keyloggers and screen grabbers to steal identities and multi-factor authentication tokens.

We need Security Awareness Training to help individuals understand the risks and build safe habits.

3 Regulatory Changes

As noted, security expectations are changing.  State and federal laws are changing. Passed by the Senate this year, the Strengthening American Cybersecurity Act will require businesses to report significant cyber events within 72 hours and ransomware payments within 24 hours. These requirements lay on top of other federal regulations, multiple states’ privacy laws (CCPA, MA PII, etc.), and industry regulations (PCI-DSS, etc.).

With cyber insurance and cyber response services in place, small businesses are more likely to avoid fines, losses, and legal actions.

4 IoT

Internet of Things devices, and similar automation technologies are popular and often lack basic security features.

As IoT-based solutions move into smaller businesses, we need to secure and monitor devices and the networks on which they run.

5 Supply Chain

Bad actors know that attacks on supply chains can be more effective than attacking an intended target.

If your smaller business is in the supply chain of a larger company, expect security to become an issue.  They are likely to request — or demand – additional security measures as a condition of your business relationship.  And, be ready to demonstrate (prove) that you actually do what you claim on the security checklist.

6 Data Mining

Data mining enables attackers to not only go after your business, but your vendors and customers as well.  Imagine attackers telling your customers their private data will be released if you do not pay the ransom.  Even more common, imagine your customers receiving emails “from” (impersonating) you instructing them to send money.

We need to start protecting unregulated data in the same ways we protect regulated data.  Encryption, for example, does not prevent a breach but ensures the data cannot be used.

7 Ransomware

It would be nice to think we are past the ransomware pandemic, but we are not.  Over 80% of ransomware attacks are on small and mid-size businesses. Because attacks have moved beyond encryption to data exfiltration, attackers are likely to understand your business and set ransoms that are steep, but payable (often 1% to 1.5% of annual revenue).  Businesses hit by ransomware average more than 20 days of significant business disruption. On average, they permanently lose more than 35% of their data.

A response and recovery plan that includes business continuity ensures that you can keep your business running while you recover from and respond to an attack.

Your Next Step

Please contact us to evaluate your security footprint and needs, and discuss possible next steps, or schedule a no-obligation introductory call with one of our Cloud Advisors.

Cyber Attacks on Real Estate Agents and Brokers Victimize Clients

As cyber attacks on real estate agents and brokers increase, clients are paying the price.

Security, Privacy, & ComplianceMost of the country is facing high demand for housing with extraordinarily low supply.  This creates a highly competitive sellers’ market in which buyers compete to have offers accepted. The urgency and need to move fast makes real estate agents, and their clients, prime targets for cyber crime. As noted in a recent bulletin from CRES Insurance, brokers and agents need to protect themselves and their businesses from cyber attacks.

The Scenario

Imagine being a real estate agent and receiving a call from client excited that their offer was accepted and confirming that they have wired the deposit, only to realize that their offer was not accepted.  They share the email with you with the instructions.  The email looks like is from you, your assistant, or your firm.  The message uses words and phrasing that you and others at your firm regularly use.  Without close inspection, the message appears to be legitimate.

Your email domain and/or your identity has been successfully impersonated. Your client has lost thousands of dollars. Your reputation is damaged. You may be facing legal action.

The Attack

This form of attack, a Business Email Compromise (BEC), is on the rise and real estate agents and brokers are the target.  Attackers compile information about you, and how you work, from public sources and social media.  In some cases, you may be an unknowing victim of an advanced persistent attack. In these attacks, hackers install software the sits quietly on your computer, tracking your activity, and sending information back to the attacker’s servers. The attackers then use this information to impersonate you and/or your business.

Once an attacker can impersonate you or your business, your clients become the financial victims. You face a loss of clients and reputation, and potential legal action.

Your Action Plan

Like any business, agents and brokers need to ensure their systems are safe and secure.  They should also take steps, specifically, to prevent domain and email impersonation. Here are steps you can take.

  • Ensure you and your team understand cyber risks and how to minimize your risk of attack.
  • Use protective technologies:
    • Next-gen endpoint protection to prevent malware and ransomware on your computers
    • Email advanced threat protection to prevent phishing and other email-based attacks
    • Multi-factor authentication to protect your identity.
  • Configure email security solutions that prevent domain and email impersonation

Feel free to contact us to discuss your security profile or for a security assessment.

 

 

XChange of Ideas – Security

XChange EventsLooking at what we learned during three packed days at the XChange 2022 Conference, we have much to share.  The XChange conferences help IT service providers, like Cumulus Global, explore emerging trends, challenges, products, and solutions.  While we attend to improve our service offerings and business, many of the insights will benefit your business as well. This XChange of Ideas shares three emerging security trends.

1 Security is Not a Technology

Most small and midsize businesses see themselves as having security because they have some security technologies and systems in place.  Security, however, is not a technology; security is an ecosystem that spans people, processes, and systems, as well as a lifecycle of prevention, response, and recovery. As important, we need to understand that managing our security

Most businesses still lack the basic set of security protections that span the security lifecycle. A solid security foundation should include advanced threat protection, next-gen endpoint protection, DNS security, web protection, multi-factor authentication, and encryption. A solid backup/recovery is also necessary; having a business continuity solution is preferred.

With the dynamic nature of threats and cyber attacks,  many businesses are at higher risk and should be deploying advanced security services. Advanced security services may include managed security incident detection and response (MDR) services, internal application whitelisting, segmentation, and other protections that can detect, halt, and stop the spread of an attack.

2 Cyber Insurance is Not Assurance

Cyber Insurance is more than a good idea, it is a necessity for almost every business.  But cyber insurance is not assurance that you can quickly recover from a cyber attack.

  • Cyber insurance underwriters have you complete a questionnaire or audit about your cyber protections, policies, and procedures. When you submit a claim, most cyber insurers will ask you to demonstrate that the protections were in place, how they were functioning, and that you follow the policies and procedures noted in your application.  If you cannot show that you do what you promise, expect your claim to be denied.
  • Your cyber insurance underwriters may prevent you from starting your systems and data recovery. Recovery typically destroys evidence of the attack, it’s cause, and it’s method of propagation. You may be unable to restore your systems and data for days — or even weeks — while your insurer completes a forensics investigation.

Having the right protections in place, and being able to demonstrate compliance, is a clear expectation to resolve cyber insurance claims.  Having a continuity solution in place that allows you to return to operation in parallel with a forensics investigation should be considered.

3 HIPAA is Not Just For Doctors

HIPAA is the regulatory cornerstone for protecting personal health information (PHI). These regulations control how we store, transmit, and share — procedurally and technically — PHI. Compliance, however, is not just required of healthcare providers, insurers, and others direct access to patient records. Businesses serving healthcare providers — those that sign a Business Associates Agreement — face compliance requirements as well.

HIPAA enforcement is expanding beyond Covered Entities to Business Associates, as is notable on the US Department of Health and Human Services Office of Civil Rights HIPAA “Wall of Shame

If you are not sure that your security services are up to par, contact us about our security assessments, or schedule an intro call with one of our Cloud Advisors.

Expect an Increase in Cyber Attacks

Data Protection & SecurityThe U.S. Cybersecurity & Infrastructure Security Agency, part of the U.S. Department of Homeland Security, is warning businesses to be prepared to defend against cyber attacks originating from Russia. “Every organization—large and small—must be prepared to respond to disruptive cyber activity,” the agency says in its warning.

Our security vendors, analyzing aggregate data, are starting to see a definitive increase in the number and frequency of attacks.

Fortunately, you have a range of tools at your disposal to protect you business:

  • Next-Gen endpoint protection
  • Advanced threat protection
  • Multi-factor authentication
  • Cyber-awareness training
  • DNS/Web protection
  • Third party breach monitoring

These services, paired with recovery and continuity services, can prevent your business from succumbing to an attack. And, if you do fall victim, ensure your business can be back up and running on hours, not days or weeks.

Please contact us if you have any questions or would like a no-obligation review of your security footprint.  You can also schedule a call with one our Cloud Advisors, below.


Technology Solutions for Solopreneurs and VSBs

Entrepreneurs are a unique breed.  Solo entrepreneurs, solopreneurs, even more so.

If you are a solopreneur, or lead a very small business, you face some unique business and IT challenges. One of these challenges is balancing your business and your personal lives.  To do this, you want and need your technology to save you time and energy.

If you are link most solopreneurs and very small business owners, you are probably

  • Paying for duplicate services
  • Unware of features that can improve your productivity
  • Not taking time to explore ways to work more efficiently
  • Missing security and data protections
  • Not getting the guidance and support you need

At the same time, you most likely lack the time, energy, or expertise to research, select, deploy, and learn the right IT services.

Managed Services is an Answer

Often used by larger businesses, managed services provide your information technologies, support, and services as a comprehensive bundle for a set monthly or annual fee. By definition, managed services are designed to offload your IT responsibilities and place them in the hands of experts. These managed service providers should start with guidance, get your systems up and running, administer your services, and provide you with support.  If they are performing their services well, they should also help you identify features and functions that improve your work processes — make you more efficient.

Moving Towards Managed Services

Before moving forward with managed services, we recommend taking a step back and assessing how you want your IT services to help you and your business.

Start with A Goal and Objectives

  • Your technology and services need to empower you and enable your business.  Regardless of the devices, applications, and tools they use, your IT should:
    • Be easy to use
    • Save you time
    • Secure your data, and that of your customers
    • Keep your business data private
    • Support any compliance requirements you may have
    • Fit within your budget.

Focus on the Benefits

  • Discuss which capabilities will help you work more efficiently, more productively
  • Avoid the technology trap. Instead of thinking, for example, about email, calendars, and file sharing, think about automating appointment scheduling, protections for confidential information, and one-click video conferencing.

Define Your Baseline Services

  • Map your benefits to technologies
  • Base your IT decisions on your prioritized needs and wants
  • Define the minimum set communications, collaboration, and security tools to run your business
  • Explore and leverage ways to work more efficiently

Add / Enhance as Needed

  • If your business must be compliant with legal or industry regulation, add the technologies and services you need to meet these requirements.
  • If you find ways that technology can improve productivity, determine if the gains are worth the investment.

Managed Cloud Services

As the name implies, Managed Cloud Services are managed service that, whenever practical, leverage cloud services and solutions. Cumulus Global has the expertise and experience to move your business to managed cloud services. By leveraging cloud solutions, baseline services and foundational security are affordable and can easily be tailored to meet specific business needs.

Learn More

To learn more:


Four Cornerstones for Cloud Security

October is Cyber Security month.  In what seems like a never-ending process, we continue to face new and advancing threats to the integrity of our data, identities, and businesses.  For those of use with small and midsize businesses, we need to ensure our systems and information are secure. At the same time, we want to keep our IT systems simple and manage our budgets.

Strategy

To strike the right balance, we need to assess our current security foundation, identify gaps, and fill in services where needed. Doing so creates a security foundation that covers your basic needs.  From there, you can add services and build the security footprint you need to meet industry expectations and regulatory requirements.

A sound cloud security foundation is built on four cornerstones for cloud security.

1 Basic C/I/A

Ensure the confidentiality, integrity, and availability (C/I/A) of information you create, receive, maintain, or transmit.

This cornerstone establishes your basic security infrastructure that protects against attacks and prevents breaches across your IT systems.  It also creates your ability to respond to issues and recover, key to ensuring business continuity and resilience.

2 External Threat Protection

Identify and protect against reasonably anticipated threats.

This cornerstone focuses on the attacks and threats from outside your business. From phishing, ransomware, and business email compromise, to DNS and advanced persistent threats, the focus is on protecting your data, applications, systems,  and people from harm.

3 Data Loss Protection

Identify and protect against reasonably anticipated uses and disclosures.

Data breaches and data loss result from configuration issues, application errors, and individual actions. Permission errors, inappropriate sharing, and other actions are often accidental, resulting from a lack of understanding of policies and/or how systems work. They can, however, result from intentional acts of misconduct. Solutions that set this cornerstone protect against these internal risks and threats.

4 Compliance

Ensure workforce and business compliance.

Nearly all businesses must meet basic legal requirements to protect sensitive information. Most businesses must also adhere to industry and additional legal requirements.  This cornerstone encompasses the policies and procedures that ensure your team, and your business meet your compliance requirements. IT also includes the tools and methods to enforce policies and report on compliance.

Tactics

To ensure your cornerstones are set and your security foundation is place, conduct a security footprint assessment.  For each cornerstone, identity the services you have in place and those that may be needed. The assessment should cover the “CPRs” of security:

  • Communication/Education
  • Protect / Prevent
  • Respond / Recover

For more information, send us an email or complete our contact form.

More Than 40% of SMBs Face Dark Web Risks

We offer a monitoring service for dark web risks.  In August, we received a alerts for more than 40% of the companies we monitor.

Threats from information mining and third party breaches continue to pose a risk.  The level of risk varies based on the source, scope, and nature of the breach.

Direct and Indirect Threats

Third party breaches pose direct and indirect threats. A direct threat, as the name implies, represented a compromised identity with direct access to your system.  Indirect threats are breaches with information that enables more advanced attacks against your systems and user identities.

Direct threats, while less common, represent a breach of usernames and passwords for your system.  The source of direct threats may not be your systems. Hackers with access to valid email addresses and similar passwords will try permutations and patterns to gain access.  While they may then use the compromised credentials themselves, they may also put them up for sale or lease on the Dark Web.

Indirect Threats take many forms.  Identities with similar passwords are sold to hackers that will use them to gain access.  Personal identifying information is valuable to hackers looking to create effective spoofing and phishing attacks.  Repetitive breaches identify targets more easily compromised and/or more likely to respond to a phishing attack with personal information.

Threat Sources

Sources for Dark Web threats vary.  Most common is a third party breach, for example the LinkedIn breach in 2018.  Given that many people use their work email address as an identity for LinkedIn, along with identical or similar passwords, the breach gave hackers a means to test access to core businesses services.  Simple testing of leaked passwords, permutations, and common patterns provides access to core businesses systems, including accounts on Microsoft, Google, Salesforce, and others.

Growing in frequency, hackers grab personally identifying information matched to known email addresses.  While first and last names may not appear to create much risk, cyber criminals can use PII to create sophisticated spoofing and phishing attacks.  Your zip code, home address, job title, role in your company, and who you work with and for can all be used to create more effective attacks.  When matched to data from social media accounts — where you shop, foods you like, answers to “survey” questions that mirror security prompts — criminals can refine their attacks and sell your data for more.

Protecting Yourself and Your Business

More than 70% of people use the same or similar passwords across systems.  When employees use work email addresses for other services, the nature of their passwords creates risks when any of these third party systems experiences a breach. Compromised third-party passwords reduce the effort required for cyber criminals to compromise other accounts. LinkedIn, Egnyte, Dropbox and other reputable services have all experienced breaches over the past few years.

An additional risk from third-party systems is the risk of personally identifying information, or PII.  With a valid email address and leaked or breach PII, cyber attackers have access to information that allows them to personalize phishing emails and other attacks.

Monitoring the Dark Web for these third party breaches, and responding appropriately, helps protect your employees and your business.

 

5 Ways to Improve Work from Home

Networks and Connectivity

The Covid-19 pandemic proved that work from home and remote work was viable and productive for more employees than previously believed or acknowledged.  Necessity is a great motivator. Our businesses, employees, and customers responded, adapted, moved forward.  In the process, we have identified new benefits and pitfalls with remote work. Looking forward, our emergence from the COVID-19 pandemic is not a clear as hoped or predicted. The virus is here to stay and the impact on our lives is yet to be fully understood.  Our normal is not necessary “new”, but continues to evolve.

While we cannot predict the full extent of the shift, remote work, hybrid work, and work from home will be the norm. 

Business need to continue to assess, plan, and adapt.  Here are 5 ways we can improve work from home and hybrid remote/in-office work environments.

1 Device-as-a-Service

Device-as-a-Service, particularly remote desktop and virtual desktop infrastructure solutions, have clear benefits for new office norms. You can:

  • Provide a secure access to applications and systems with consistency regardless of where your employees are working
  • Better manage the computing environment, separating your business’ computing from the local device
  • Use existing, older laptops and desktops, thereby reducing hardware upgrade costs driven by operating system and application upgrades
  • Leverage Chromebooks as end user devices, lowering your total cost of ownership

2 Pick a Video Conferencing Service

Picking a standard video conferencing service lets you manage how you communicate internally and with customers. The right choice can also save you hundreds of dollars per year per employee while giving you and your team the features and functions they need to manage meetings and work efficiently.  By selecting a preferred service, you can invest the time and effort to integrate the service with your productivity and collaboration suites. An small investment in teaching employees how to fully use the solution also pays dividends.

3 Improve Employees’ Internet

You would never allow your Internet service to slow down work at the office. You should not allow home Internet speeds to slow down your remote employees. Reimbursing employees for increasing their Internet speeds improves productivity and morale. Providing employees with better WiFi routers and access points ensures their connections are available and reliable. Note: a few states require employers to reimburse home Internet services based on the percentage used for work.

4 Secure Your Remote Workers

Unless you provide the equipment and services, you cannot control your employees’ home networks and systems. At the same time, you want and need to secure your applications, data, and network. To do so:

  • Use multi-factor authentication (MFA) or two-factor authentication (2FA) whenever possible to control network, system, and application access.  MFA and 2FA are the simplest means of preventing hackers from using compromised user identities or credentials.
  • Upgrade home computers with additional, advanced threat protection services.  Many of the next-gen solutions offer greater protection from modern attacks and are designed to work with existing anti-virus solutions that may be installed on the device. Some of these solutions also provide tools for remote support.
  • Consider using physical security keys that provide authentication codes without the need for a smartphone or other device.

5[/av_dropcap1 Protect Your Remote Resources

Whether using a company provided laptop or a personal computer, problems at home are disruptive and take longer to diagnose and repair than in-office problems. While Device-as-a Service solutions separate the risk from the physical device, employees using their local machines are at risk.  At a minimum, ensure that you are backing up and can recover applications and data on remote laptops and desktops. If an employee performs critical or time-sensitive tasks, consider a continuity solution that enable the employee to return to work within minutes rather than hours.

[av_hr class='custom' icon_select='no' icon='ue808' font='entypo-fontello' position='center' shadow='no-shadow' height='50' custom_border='av-border-thin' custom_width='50px' custom_margin_top='30px' custom_margin_bottom='30px' custom_border_color='#7bb0e7' custom_icon_color='' id='' custom_class='' template_class='' av_uid='av-2zlcpx' sc_version='1.0' admin_preview_bg='']

Whether work from home, remote work, or hybrid work will be strategic or tactical for your business, you can improve the security and employee experience with minimal cost.  We are here to help you assess, plan, and update your IT services to best meet your needs — and budget.  Contact us for an initial consultation.

 

need to continue to assess, plan, and adapt.  Here are 5 ways we can improve work from home and hybrid remote/in-office work environments.

[av_dropcap1]1 Device-as-a-Service

Device-as-a-Service, particularly remote desktop and virtual desktop infrastructure solutions, have clear benefits for new office norms. You can:

  • Provide a secure access to applications and systems with consistency regardless of where your employees are working
  • Better manage the computing environment, separating your business’ computing from the local device
  • Use existing, older laptops and desktops, thereby reducing hardware upgrade costs driven by operating system and application upgrades
  • Leverage Chromebooks as end user devices, lowering your total cost of ownership

2 Pick a Video Conferencing Service

Picking a standard video conferencing service lets you manage how you communicate internally and with customers. The right choice can also save you hundreds of dollars per year per employee while giving you and your team the features and functions they need to manage meetings and work efficiently.  By selecting a preferred service, you can invest the time and effort to integrate the service with your productivity and collaboration suites. A small investment in teaching employees how to fully use the solution also pays dividends.

3 Improve Employees’ Internet

You would never allow your Internet service to slow down work at the office. You should not allow home Internet speeds to slow down your remote employees. Reimbursing employees for increasing their Internet speeds improves productivity and morale. Providing employees with better WiFi routers and access points ensures their connections are available and reliable. Note: a few states require employers to reimburse home Internet services based on the percentage used for work.

4 Secure Your Remote Workers

Unless you provide the equipment and services, you cannot control your employees’ home networks and systems. At the same time, you want and need to secure your applications, data, and network. To do so:

  • Use multi-factor authentication (MFA) or two-factor authentication (2FA) whenever possible to control network, system, and application access.  MFA and 2FA are the simplest means of preventing hackers from using compromised user identities or credentials.
  • Upgrade home computers with additional, advanced threat protection services.  Many of the next-gen solutions offer greater protection from modern attacks and are designed to work with existing anti-virus solutions that may be installed on the device. Some of these solutions also provide tools for remote support.
  • Consider using physical security keys that provide authentication codes without the need for a smartphone or other device.

5[/av_dropcap1 Protect Your Remote Resources

Whether using a company laptop or a personal computer, problems at home are disruptive and take longer to diagnose and repair than in-office problems. While Device-as-a Service solutions separate the risk from the physical device, employees using their local machines are at risk.  At a minimum, ensure that you are backing up and can recover applications and data on remote laptops and desktops. If an employee performs critical or time-sensitive tasks, consider a continuity solution that enables the employee to return to work within minutes rather than hours.

Whether work from home, remote work, or hybrid work will be strategic or tactical for your business, you can improve the security and employee experience with minimal cost.  We are here to help you assess, plan, and update your IT services to best meet your needs — and budget.  Contact us for an initial consultation.

 

Webcasts

Streamlining Security

3T@3 Webcast Series: Tuesday, May 17 at 3:00 PM ET

The on-going coverage and hype about the threats of risks of cyber attacks continues. While small businesses are more vulnerable and more frequent targets, the constant fear-mongering does not help. We become immune to the message. 

Streamlining Security: Sound business practices, not fear, should be your motivation to protect against cyber attacks.

In our May 3T@3 Webcast, Cumulus Global CEO Allen Falcon will identify the most common and most costly cyberattacks facing small businesses. He will then outline concrete, affordable actions and solutions to protect against these types of threats.

View the Recording On-Demand:


Spring Cleaning Your Files

3T@3 Webcast Series: Tuesday, April 19 at 3:00 PM ET

Have you counted the number of places where you store your files? How often do you need to search more than one service or location to find what you need? You are not alone! In an era of virtually unlimited and nearly free storage, we fail to keep things organized. The clutter makes it more difficult to find what we need, collaborate with colleagues, and save what we must.

Using the file services you already have will increase productivity, protect your information, and save you money.

In our April 3T@3 Webcast, Cumulus Global CEO Allen Falcon looks at how small and midsize organizations can most effectively use cloud file services to improve productivity, enhance security and privacy, and lower costs. With an understanding of personal file services – OneDrive and My Drive – and domain file services – Shared Drives and Sharepoint, businesses can build a file service that organizes and protects files in ways that make them easier to find, share, and use. With an eye on best practices, Allen will compare types of file services, define the role and use of desktop file service clients, and discuss ways to eliminate costly, redundant services. He will also share some Quick Tips that your staff can use to make it easier to work as a team.

View the Recording On-Demand:



Beyond Backup

3T@3 Webcast Series: Tuesday, March 15 at 3:00 PM ET

We all know that we need to backup our data and our systems. The vast majority of us have backup solutions in place. Most of us will be able to restore our data or recover from a disaster. Only a few of us will be able to do so with minimum disruption to our businesses and our lives.

Being able to restore data is not an option. The real measure of success is how quickly you can get back to work.

In our March 3T@3 Webcast, Cumulus Global CEO Allen Falcon looks at evolving business needs for data protection and business continuity. He will discuss the difference between “mean time to recovery” (MTTR) and “Return to Normal Operations” (RTO) and how these measures impact your business. He will also map out how restore, recovery, and continuity solutions offer different value propositions for you and your business and how to look at total cost and impact when selecting your solution.  

View the Recording On-Demand:



Business Continuity & Protection

Peak Productivity

3T@3 Webcast Series: Tuesday, February 22nd at 3:00 PM ET

We all have our jobs to do. We want to do well. We want to succeed. We want and need peak productivity. 

While “hacks” are trendy, productivity is boosted when we understand how to best use the tools we have.

In our February 3T@3 Webcast, Cumulus Global CEO Allen Falcon takes a look at features and tools that can save you steps, simplify your day, and boost your productivity. Whether you run Microsoft 365 or Google Workspace, learn how to get more done, more efficiently.

View the Recording On-Demand:



Managed Cloud Services

Keep IT Simple

3T@3 Webcast Series: Tuesday, January 25th at 3:00 PM ET

For small and midsize businesses, particularly solopreneurs and very small businesses, information technology is a double edged sword. Solid IT services are critical to your success, but they consume your time and budget.

Using managed services ensures you have effective and affordable services and frees up time and money to focus on your core business activities.

In our January 3T@3 Webcast, our CEO, Allen Falcon, provides an IT roadmap for solopreneurs and very small businesses (those with fewer than 5 to 10 people). The roadmap is designed to ensure you have the communication, collaboration, and security features and functions you need, along with the services and support to prevent IT headaches and disruptions to your business. Allen will also walk through a value analysis, looking at the hard, soft, and opportunity cost and savings of well-managed IT services.

Please join us, and bring your questions, for this informative session.

View the Recording On-Demand:



Managed Cloud Services

2022 is Here; What’s Next?

3T@3 Webcast Series: Tuesday, December 14th at 3:00 PM ET

It was not all that long ago that we thought the COVID-19 pandemic would be winding down and we would be returning to normal.  And while the shape and direction of COVID-19 pandemic is different now, the impacts are still very real and significant.

COVID-19 triggered fundamental changes in the economy, markets, and society that alter the way we need to operate our businesses and work as individuals.

In our December 3T@3 Webcast, our CEO, Allen Falcon, will cover the societal, economic, and market forces at play and how small and midsize businesses can adapt. From the “great resignation” and a broad labor shortage, to supply chain disruption and the shift to remote/hybrid work and office, Allen will explore ways small and midsize businesses can better leverage technologies and resources to respond to these challenges. And, to help your business survive and thrive.

View the Recording On-Demand:



Managed Cloud Services

Four Cornerstones for Cloud Security

3T@3 Webcast Series: Tuesday, November 16th at 3:00 PM ET

As Cyber Security month has come and gone and we still face increasing security challenges when protecting our businesses, customers, and employees. The rate of attacks against small and midsize enterprises continues to increase, as does the sophistication of these attacks. Beyond regulatory compliance and insurance risk, these attacks disrupt operations and put your operations, cash flow, and reputation at-risk. The good news: you can create a sound security foundation without breaking the bank.

Four security cornerstones create a solid foundation for your cloud security

In this month’s 3T@3 Webcast, our CEO, Allen Falcon, defines and details the four cornerstones for cloud security. He will delve deeper and walk through a road map for using the four cornerstones across your IT services and your organization.  With this road map, you will be able to:

  • Assess your security footprint
  • Identify security gaps
  • Prioritize changes and security services

Please join us, and bring your questions, for this informative session.

View the Recording On-Demand:



Managed Cloud Services

Cloud File Services

3T@3 Webcast Series: Tuesday, October 19th at 3:00 PM ET

As we continue to adapt to post-COVID realities, our businesses face new market pressures as well as new needs and expectations for how our teams will work and collaborate. Remote work is here to stay; Cyber security remains a challenge; Business continuity plans are necessary; Budgets must be respected.

Moving To A Cloud File Service Is A Strategic Approach For Access, Security, And Resilience

In this month’s 3T@3 Webcast, our CEO, Allen Falcon, dives into the what, why, and how of managed cloud file services. Allen will discuss:

  • When cloud file services are a viable replacement of on-premise file services
  • Providing native access to desktops, laptops, and mobile devices
  • Security and privacy
  • Backup/recovery
  • Data loss prevention

Allen will also discuss migration strategies and ensuring consistent services for in-office and remote users.

View the Recording On-Demand:



Managed Cloud Services

Small Business Guide to Cyber Threats, Security, and Response

3T@3 Webcast Series: Tuesday, Jun 15th at 3:00 PM

The recent ransomware attack on Colonial Pipeline sent shockwaves through the gasoline supply chain. And while some panicked and tried to stockpile gasoline, others saw this major cyber attack as evidence that “I am not the target”. Over 50% of small businesses think they are too small for a cyber attack.

With 43% of cyber attacks targeting small businesses, the number of breaches in small businesses jumped 424% in 2020.

In this month’s 3T@3 Webcast, we provide a practical guide to cyber threats and security. No fear mongering, no hyperbole. We will share data that quantifies your level or risk and the most prevalent types of risks and will outline practical, reasonable, and affordable steps you can take to both protect your business and, should an attack succeed, respond and recover.

This session will save you time and money today, and might just save your business in the future.

Watch the recording on-demand



Data Protection & Security

Productivity Suites: Google and Microsoft Revisited

3T@3 Webcast Series: Tuesday, May 18th at 3:00 PM

Cloud productivity suites, particularly Google Workspace and Microsoft 365, have evolved from leading edge concepts, to mainstream solutions. Along the way, both services have evolved with multiple iterations of branding, features, and subscription options, adapting to the growing use and needs of businesses adopting the solutions.

Which productivity suite is right for your business, today?

In this month’s 3T@3 Webcast, we take a fresh look at Google Workspace and Microsoft 365 and how each might best serve your business. Rather than a feature-by-feature comparison, we take a strategic look at positioning, architecture, services, subscription options, and integrations. Our objective with this session is to help you assess which suite best supports your business goals and priorities, best enables productivity, and best empowers your team to succeed.

Whether you are in the cloud or getting ready to move, join Cumulus Global CEO Allen Falcon and gain a better view of your future.

Watch the recording on-demand



Data Protection & Security