Posts

Why Not Prevent AI Data Breaches?

/in ,

Data Loss PreventionTo state the obvious, AI data breaches and leaks will damage your business. Even sharing sensitive or protected information internally will cause problems.

Less obvious is the fact that you have already shared information that should not be shared. You should expect that private, sensitive, and protected information in Google Workspace or Microsoft 365 has been shared inappropriately to people within your company, outside your company, and/or publicly.

Not obvious to most is the fact that integrated AI tools, like Google Gemini and Microsoft Copilot, will find, use, and share any information the tool can access.

Just because an employee or a customer has never reported seeing something they shouldn’t have does not mean they have not done so. Nor does it mean they will not see something that should be secure in the future.

The Problem

The problem we face: the myths we believe when it comes to our own information security and the risk of AI data breaches.

Myth 1 – Oversharing Does Not Happen

What do we mean by oversharing?  Oversharing is when somebody gives access to information (files or folders) that unintentionally gives others access to the information, directly or indirectly.  

Most often, this happens when sharing a file or folder by link in an email or chat. You are prompted by the system to grant access. Typically the prompt is to give view access to “Anyone with the link” or “Anyone within your company.” This one-click option is easier than finding the file and editing the permissions.

The risk of course is that “anyone with the link” can be anybody — inside or outside – to whom the message is forwarded or added to a reply.

And “anyone within your company” means just that. They may not see it if they never search for it or for something similar.

Myth 2 – Security Breaches Require a Deliberate Act

We want to believe that our employees would never intentionally breach security or leak sensitive information. When we equate intentional acts with deliberate acts, we forget that many user actions can, and will, intentionally share information beyond what is appropriate.

With email, we diligently warn people that clicking the wrong link is damaging and to remain vigilant. We are not nearly as diligent when it comes to files and folders. Most of us assume that the permissions set on files and folders will keep us safe.

Myth 3 – Google Workspace and Microsoft 365 are Secure

Like most myths, this myth is partially true. Both Google and Microsoft aggressively secure their cloud services and have a “shared responsibility” security architecture.

Microsoft and Google secure the services they provide to ensure only authorized users can access the services. They also provide the infrastructure for you to manage user accounts, access, and permissions. You are responsible for the security of your data within Google Workspace and Microsoft 365.

As an example, both services allow you to block external file sharing. If you choose to allow external file sharing and a file is mistakenly shared externally, this is your issue to resolve.

The Reality

When you use Microsoft Copilot and Gemini AI, the tools have access to data according to the access available to each user. If a user has inappropriate access to confidential information, Copilot or Gemini have access as well. 

Since the AI tools will collect, analyze, and integrate multiple relevant sources, the AI tools are more likely to find and use the information.

The Solution

Ensuring that your information is properly protected as you begin using AI tools is not easy. The solution for preventing AI data breaches, however, does not need to be difficult or expensive. 

Data Loss Prevention

Modern Data Loss Prevention (DLP) services give you the ability to 

  • Set policies and rules for handling sensitive and protected information
  • Analyze the content of files and folders against the policies and rules
  • Notify, report, and automatically mitigate any violations

Mitigation can include redacting sensitive information and/or modifying permissions to bring them into compliance.

More robust DLP solutions offer advanced tools to manage access and permissions, such as conditional access, time-limited access, and managed permission overrides.

DLP Options

Both Microsoft 365 and Google Workspace offer DLP features and capabilities. Most of these features are within the Enterprise tier (more expensive) subscriptions.

For small and midsize businesses using Business tier subscriptions, adding an integrated, third-party DLP service will be less expensive than upgrading. 

Third-party services offer robust management portals that are generally easier to learn and use than the built-in features.

Getting Started

First things first, do not panic. Begin by reviewing your current security and permissions policies, procedures, and top-level settings. Also, consider how you and your team are currently using Copilot, Gemini, and other AI tools, and how you expect or plan to use them in the future.

With a high level assessment, you can explore how you want to use DLP and which services will provide the most effective and affordable solutions for your needs.

Cumulus Global can assist with real-time assessments of your file and folder security to provide a benchmark and a baseline for planning and decisions. From there, we can help implement, configure, and manage your DLP services

Why Cumulus Global?

At Cumulus Global, our priority is ensuring that you have productive, secure, and affordable managed cloud services. We work to ensure that you do not overspend on services and to focus your IT dollars on the capabilities and services you need.

Let us know how we can help, or schedule a meeting with a Cloud Advisor.

We will help you adapt while keeping your IT services secure and cost-effective.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management.

AI in Google Workspace – Drive

/in ,

AI in Workspace: DriveGoogle Workspace is a comprehensive and secure platform that empowers organizations to be more productive, collaborative, and creative. This series explores the power of AI built within Google Workspace across each of the workspace apps. In this post, we cover AI in Drive.

AI in Drive 

Gemini in Drive helps you quickly find answers and insights from across your files. Catch up with summaries of long documents, query project folders, and automatically classify your most sensitive content.

Features you should know when using the Gemini Drive

The Gemini Side Panel is available when you are looking Drive. In general, you can:

  • Specifically direct Gemini to analyze a particular folder by typing “@” followed by the folder name in your prompt (e.g., “Summarize files in @Marketing Reports”).
  • Explicitly select a folder as a source for Gemini to focus on when you ask a question or request a summary.
  • Use Gemini’s ability to understand folder content is currently focused on non-media file types like text documents, PDFs, spreadsheets, and presentations.
  • Use or modify “nudges”, or suggested prompts, which are provided based on your content in Drive.
Q&A for Understanding Folder Content
  • Gemini can analyze the files within a folder (including documents, PDFs, spreadsheets, and presentations) and provide a concise summary of the main points or themes. This allows you to quickly understand the content of a folder without opening each file individually.
  • Gemini can answer specific questions about the information contained within a folder. Gemini can synthesize information from multiple files in the folder to provide an answer. For instance, you could ask, “What are the main risks identified in the documents within the ‘Q3 Planning’ folder?”
  • Find specific pieces of information or quick facts related to a project or topic by analyzing the files within a designated folder.
  • Identify the overarching theme or topic of the content within a folder.
AI Classification
  • Automatically identify, classify, and protect your organization’s sensitive content with precision and scale.
PDF File Support
  • Get the gist of a long document with Gemini’s help, summarizing it, or ask Gemini complex questions about any PDF in your Drive.

File and Folder Management

  • You can instruct it to “Create a new folder” or “Create a new folder named ‘Meeting Minutes’.
  • Use Gemini to create new Google Docs, Sheets, and Slides within your Drive. Specify the name, for example, “Create a new Google Doc titled ‘Project Proposal Draft’.

We Will Help

At Cumulus Global, our priority is ensuring that you have productive, secure, and affordable managed cloud services. We work to ensure that you get the most value from the IT and cloud services you need and want, without overspending, to best support your business objectives.

Unsure of where to start? Check out our IT Assessment or schedule a meeting with a Cloud Advisor.

We will help you adapt while keeping your IT services secure and cost-effective.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.

AI in Google Workspace – Gmail

/in ,

AI in Workspace: GmailGoogle Workspace is a comprehensive and secure platform that empowers organizations to be more productive, collaborative, and creative. This series explores the power of AI built within Google Workspace across each of the workspace apps. In this post, we cover AI in Gmail.

AI in Gmail

AI in Gmail lives in the Gemini Side Panel.  Gemini in Gmail is your productivity partner that can help draft, reply, sift through, and summarize your emails to save you time at your desk or on the go.

Features you should know when using the Gemini Side Panel in Gmail

The Gemini Side Panel is available when you are looking at your inbox and when you have opened an email or email thread. From the inbox, or at any time, you can:

  • Find specific messages or information in your inbox
  • Identify trends and topics
Draft Emails and Respond
  • Summarize an email thread. You can ask for a more or less detailed summary than the initial response
  • Draft an email based on keywords and the context of your inbox
  • Edit emails to polish your tone or change the length of your message
  • Ask Gemini to suggest a response to the email
Access Calendars and Events
  • Create events using your natural language requests
  • Search for calendar events by dates, participants, or subject
  • Request details about specific upcoming events
Access Files and Drive
  • Search Drive for documents related to the topic of an email thread
  • Use the “@” prompt to search for and add specific documents to your query

The “One-Click” features you should know when working in an email message

  • When viewing, the “Summarize this email” link gets you an instant summary of the message and thread
  • When composing a new email message, the “Write an email for me” link prompts you for information and drafts your message

We Will Help

At Cumulus Global, our priority is ensuring that you have productive, secure, and affordable managed cloud services. We work to ensure that you get the most value from the IT and cloud services you need and want, without overspending, to best support your business objectives.

Unsure of where to start? Check out our IT Assessment or schedule a meeting with a Cloud Advisor.

We will help you adapt while keeping your IT services secure and cost-effective.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.

Service Update: Updated Service Plans and SLA Effective July 1, 2025

/in

Managed Cloud Services by Cumulus Global

Service Plans and SLA Updates take effect July 1, 2025.

Overview of Changes

Effective July 1, 2025, Cumulus Global is updating our Service Plan options and our Service Level Agreement (SLA).  The objectives of these Service Plans and SLA updates are to:

  • Clarify differences between our Service Plans and our Managed Cloud Services
  • Create new Service Plan options that better meet client needs and budgets
  • Update out-of-plan service expectations
Service Plans vs Managed Cloud Services

Our Service Plans remain consistent with traditional IT services.  Through these plans, we offer unlimited, remote, admin of the cloud and IT services we provide. Our focus is on helping your internal or other IT resources best configure, manage, and support these services. Our Service Plans do not include active monitoring and management. They also exclude cyber attack recovery services.

Our Managed Cloud Services add unlimited, remote, co-management of your cloud and, optionally, other IT services bundled with security, admin, and management tools.  Our Managed Cloud Services let you partially or completely hand-off responsibility for monitoring, managing, and supporting your IT services to us.

Service Plan Changes

We now have four Service Plan options, you can select the Service Plan that best meets your needs and budget:

  • Self Service: We include this free Service Plan option with the cloud services we provide. Self Service provides subscription and license administration and assistance with hardware warranty service claims.
  • Limited Service: Our economy plan provides assistance with basic user account management — adds, changes, and deletes — and user-license assignments. We will also help escalate vendor support requests when applicable. This ultra low-cost plan is designed for clients wanting assistance with user account and license management that do not yet need or want our Admin or Premium services.
  • Admin Service: Our most popular plan provides unlimited, remote assistance for the IT resources responsible for administration, management, security, and support of your cloud-based and other IT services.  We bring expertise and experience to help the helpers with back-end and end-user issues.
  • Premium Service: Our top level service adds Tier-2 end user support to our Admin Service offering.

Our current Basic Service plan is discontinued as of July 1, 2025, for new and monthly/flex clients. To remain on a free plan, you may opt-out of moving to our Limited Service plan.

For clients with annual or multi-year commitments, your Basic Service plan ends at your first renewal after July 1, 2025.  We may, at our option, move you to our Limited Service plan at no cost through the end of your current commitment.

Out-of-Plan Services

We have updated the minimum and incremental times on which hourly and prepaid hour services are tracked and billed.

The new SLA clarifies that our Service Plans and Managed Cloud Services do not cover any cyber attack recovery services. The SLA outlines rates and surcharges for these services.

More Information

About Cumulus Global

Managed Cloud Services for Small and Midsize Businesses, Governments, and Schools

Cumulus Global (www.cumulusglobal.com) is an industry-leading managed cloud service provider with a mission to deliver solutions with tangible value.

  • What We Do: We translate your business goals and objectives into solutions and services.
  • How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from co-managed services, ongoing support, and client success services that help you adapt as your business changes and grows.
  • What We Offer: Managed cloud solutions featuring Google, Microsoft and over three dozen providers.

For more information, schedule a no-obligation introductory meeting with a Cloud Advisor.

AI in Google Workspace – Gemini App

/in ,

AI in Google Workspace - Gemini AppGoogle Workspace is a comprehensive and secure platform that empowers organizations to be more productive, collaborative, and creative. This series explores the power of AI built within Google Workspace across each of the workspace apps. We begin with the Gemini App in Google Workspace.

The Gemini App

The Gemini App is a Large Language Model (LMM) service built to help you get more done in less time. It’s great for brainstorming ideas, researching topics, and improving your writing. Use Gemini to pressure-test your work against target personas, with enterprise-grade data protections. 

Choose from multiple versions specifically designed for advanced reasoning, complex tasks, deep research, and everyday queries.

Three features you should know

Deep Research

Explore complex topics and get findings from different sources across the web in a comprehensive, easy-to-read report that brings hours of research to your fingertips in mere minutes. The reports can also be exported into Google Docs to easily share with your teams, allowing you to dive into industry trends, understand the competitive landscape, or even research customers ahead of a sales meeting.

Gems

Gems are customizable versions of Gemini that help with specialized or repetitive tasks. It’s like having an expert to help craft compelling marketing copy, prepare for job interviews, brainstorm new ideas, and so much more. You can even feed Gems your documents and other information, making them smarter and more tailored to your needs.

Integrations

Gemini seamlessly connects to other Google Workspace apps. Pull schedules from Gmail, PDFs from Drive, and content from Docs into the Gemini app without switching tabs or windows, so you can stay focused and get quality work done faster.

We Will Help

At Cumulus Global, our priority is ensuring that you have productive, secure, and affordable managed cloud services. We work to ensure that you get the most value from the IT and cloud services you need and want, without overspending, to best support your business objectives.

Unsure of where to start? Check out our IT Assessment or schedule a meeting with a Cloud Advisor.

We will help you adapt while keeping your IT services secure and cost-effective.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.

Save or Spend? IT Decisions for Turbulent Times

/in

Radical changes in government policies, along with unpredictable tariffs and trade policies,  create a level of economic uncertainty that impacts our business decisions. Across all aspects of our businesses, including IT services, is it time to save or spend?

Background

Global Economic Policy Uncertainty Index

Global Economic Policy Uncertainty Index through March 2025

US Economic Policy Uncertainty Index

US Economic Policy Uncertainty Index through March 2025

According to Economic Policy Uncertainty*, the Global Economic Policy Uncertainty Index is the highest it’s been since the index was created in January 1997. For the US, and globally, the Index is at or above record highs seen at the onset of the COVID-19 global pandemic.

With this level of uncertainty, we need to reassess our existing strategies and plans. The trends and assumptions used to create long- and near-term plans may no longer hold true. The lack of clear policies that we can use guides further complicates matters. 

Impact on Our Decisions

How does economic uncertainty impact us as small and midsize business owners and leaders?

Downturns

Generally, when we expect an economic downturn, we focus on saving. With the potential of stagnant growth or drops in revenue, we seek ways to reduce costs. With respect to IT services, these savings can be tangible. Delaying equipment replacements and software upgrades is one common example. Savings can also be intangible, or indirect. Increasing automation and streamlining processes to improve productivity can mitigate staffing needs and reduce the need for additional IT resources and services.

Growth

When we expect a period of economic growth, we tend to spend. More specifically, we focus on investments that enable us to take advantage of growth opportunities. For IT, direct spending often looks like investments in new technologies and services. Indirect investments commonly focus on productivity and automation to mitigate staffing needs as your business grows.

Should We Save or Spend?

For your business, and specifically at your information technology and services, should you save or spend?

You should do both! Save and spend.

Save

Most small and midsize businesses overpay for portions of their information technology and services. The most common culprits are duplicate services. Poor license management, shadow IT, and a lack of lifecycle management often contribute to overspending.

Now is a great time to assess your IT services, for example:

  • Identify areas where you can standardize and consolidate
  • Examine on/off boarding to ensure you remove unused licenses and services
  • Work to eliminate shadow IT services
  • Monitor consumption-based services for saving opportunities
  • Explore using cloud services, such as VDI / Remote Desktops to extend the life of laptops and desktop
Spend

The economy is changing and may require you to adapt to new market realities. These changes may also create unexpected opportunities. 

You want (and need!) to be ready. Investing now can help ensure you are ready to exploit new opportunities, adapt to changing market conditions, and leverage future growth opportunities.

Tactically, look for opportunities with quick returns. One-time expenditures can provide long-term value. 

  • User Training and Support: Help your team get more value out of current IT services; improve productivity and job satisfaction.
  • Migrate more to Cloud Services:
    • Expand support for hybrid, remote, and flexible work patterns
    • Improve security and meet security requirements more cost-effectively
    • Replace fixed capital expenditures with variable operating expenses you can scale based on need and usage

Strategically, explore opportunities to invest in technologies and services that will enable your business to grow.

  • AI-Powered Solutions: Look for ways to improve marketing, sales, customer service, or internal team productivity.
  • Replace or Upgrade: How well are your key systems servicing your business? Could you benefit from better customer relationship management, marketing and sales tools, financial systems, or reporting?

We Will Help

At Cumulus Global, our priority is ensuring that you have productive, secure, and affordable managed cloud services. We work to ensure that you do not overspend on services and to focus your IT dollars on the capabilities and services you need.

Our IT Assessment may be a good place to start. Let us know or schedule a meeting with a Cloud Advisor.

We will help you adapt while keeping your IT services secure and cost-effective.

* Economic Policy Uncertainty is a non-profit research collaboration from Northwestern University Kellogg School of Management, Stanford University, and the Hoover Institution

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.

Inc. Names Cumulus Global to the 2025 Inc. Regionals Northeast List

/in ,

2025 Inc. Regionals: NortheastCompanies on the Inc. Regionals: Northeast list added $6.7 billion to the Northeast US economy

Westborough, MA – April 1, 2025 – Cumulus Global proudly announces Inc.’s recognition Cumulus Global at No. 152 on its 2025 Inc Regionals: Northeast list. The company’s inclusion on the fifth annual listing of the fastest growing private companies in the Northeast follows Cumulus Global’s prior recognition in the Inc. Power Partner and Inc. 500/5000 lists.

“We greatly appreciate the recognition of our continued growth and contribution to the regional economy,” noted Allen Falcon, CEO. “Our growth reflects the commitment of our team to deliver productive, secure, and affordable managed cloud services to small and midsize businesses, local governments, and K12 school systems.”

2025 Inc. Regionals Northeast

An extension of the national Inc. 5000 list, the Regionals offer a unique look at the most successful companies within the Northeast economy’s most dynamic segment–its independent small businesses.The companies on this list show a remarkable rate of growth across all industries in the Northeast. Between 2021 and 2023, these 154 private companies had a median growth rate of 100 percent; by 2023, they’d also added 9,114 jobs and $6.7 billion to the region’s economy.

“The honorees on this year’s Inc. Regionals list are true trailblazers driving economic growth in their respective regions, industries, and beyond. This list celebrates their achievements and tells the stories of remarkable companies that are fueling growth and adding jobs in local economies throughout the country,” said Bonny Ghosh, editorial director at Inc.

Complete results of the 2025 Inc Regionals: Northeast including company profiles, can be found at https://www.inc.com/regionals/northeast as of April 1. You can sort the list by by industry, metro area, and other criteria.

About Cumulus Global

Cumulus Global helps small and midsize organizations thrive and grow with productive, secure, and affordable managed cloud services

  • What We Do: We translate your business goals and objectives into solutions and services.
  • How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from co-managed services, on-going support, and client success services. We help you adapt as your business changes and grows.
  • What We Offer: Managed cloud solutions featuring Google, Microsoft, and more than three dozen providers.

For more information, schedule a no-obligation introductory meeting with a Cloud Advisor.

More about Inc. and the Inc. Regionals 

Inc., the leading media brand and playbook for the entrepreneurs and business leaders shaping our future, publishes the most prestigious ranking of the fastest-growing private companies in the Northeast (Pennsylvania, New York, Vermont, New Hampshire, Maine, Massachusetts, Connecticut, Rhode Island, and New Jersey).  

Methodology 

The 2025 Inc. Regionals ranks businesses according to percentage revenue growth over two years. To qualify, companies must meet these criteria:

  • Founded and generating revenue by March 31, 2021
  • U.S.-based, privately held, for-profit, and independent – not subsidiaries or divisions of other companies – as of December 31, 2023. (Since then, a number of companies on the list may have gone public or been acquired)
  • Exceed the minimum revenues required for 2021 at $100,000 and for 2023 is $1 million

As always, Inc. reserves the right to decline applicants for subjective reasons.   

About Inc.

Inc. is the leading media brand and playbook for the entrepreneurs and business leaders shaping our future. Through its journalism, Inc. aims to inform, educate, and elevate the profile of its community: the risk-takers, the innovators, and the ultra-driven go-getters who are creating the future of business. Inc. is published by Mansueto Ventures LLC, along with fellow leading business publication Fast Company. For more information, visit www.inc.com.

Microsoft or Google Calling? Call Your Trusted Advisors

/in

Ringing PhoneYou work with an IT service provider that learns your business, priorities, and IT needs. They work to address your needs and priorities within your budget and in alignment with your business goals and objectives. When economic conditions shift, the vendors with whom your IT service provider partners – Google, Microsoft, and others – get nervous and begin calling you directly, bypassing your trusted advisors.

Since February, we have seen and received reports that our customers, and those of other Microsoft partners, are receiving unsolicited calls, emails, and calendar invites from “Microsoft” about their accounts, licensing, and renewals. These unsolicited contacts are NOT Microsoft “solutions consultants” or “international suppliers” as they might claim. They are Microsoft telemarketing contractors tasked with convincing you to upgrade and expand your Microsoft licensing.

Why is This a Problem?

The contractors doing the outreach do not know your business, nor do they know the extent of your relationship with us, or your Microsoft partner.

  • Their suggestions are often incorrect.
    • They are not aware of how you are using your Microsoft 365 services and the needs of your business.
    • They are not aware of other services you are using, such as backup/recovery and third party security services.
    • Many of their recommendations will duplicate services and costs.
  • The communications and tactics are often aggressive.
    • They may state that they have reviewed or audited your account and you need to upgrade. They may also claim that you need to do an audit, giving you the impression that you are out of compliance.
    • They may attempt to refer you to specific vendors for assessments and services. These often duplicate services you already have or that can be provided more cost-effectively by us or your current Microsoft partner.
  • Customers and Microsoft partners report that the calls and meetings are often just high-pressure sales pitches to buy more seats – a waste of time.

What To Do

If you receive a call or email that you suspect is from a Microsoft “Solutions Consultant” or “International Suppliers”, verify that this is the case. Ask if they are a Microsoft employee or contractor and where they are based. Note that their email address will start with a “v-”, indicating they are a vendor – even though the domain remains “microsoft.com”.

If you do not want to engage, let them know as much and instruct them to contact Cumulus Global, or your partner. We, or your partner, will be happy to screen the call and advise you if the offer is worth considering.

Do you want to engage? Insist that Cumulus Global, or your Microsoft partner, is invited and participates in the meeting. We can provide context to the “consultant” and guidance to you.

Microsoft is not the only vendor that may bypass your IT service provider and contact you directly. It is always best to loop-in your IT service provider.

Your Next Step

At Cumulus Global, our priority is ensuring that you have productive, secure, and affordably managed cloud services. We work to ensure that you do not overspend on services and to focus your IT dollars on the capabilities and services you need.

If your needs or priorities change, let us know or schedule a meeting with a Cloud Advisor. We will help you adapt while keeping your IT services secure and cost-effective.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management.

The 3 Most Common Cloud Admin Oversights

/in

Cloud AdminIf you use Google Workspace or Microsoft 365, managing your services requires time and effort. Failing to do so can lead to wasted money and security risks. Here are the three most common cloud admin oversights we encounter.

1 – Data and Account Retention Policies

Every business has some degree of employee turnover. Whether you are hiring replacements, reducing staff, or growing, having data and account retention policies will guide how you handle user accounts and data when an employee leaves. Without such policies, we tend to keep accounts active “in case we need some of their files or emails,” long after the need has passed. 

Data and account retention policies can be both effective and simple. Here are some key elements for simple data and account retention policies: 

  • Determine how long you need to keep an employee’s data accessible for legal or regulatory reasons. The length will depend on your business and the user’s job function.

Outside of legal and regulatory requirements, think about:

  • When should you transfer emails, files, or other content to another person.
  • How long to keep an account active in the system.
  • How long to keep an archive or the user’s account in the system.
  • How long to keep a copy of the user’s data in your backup/recovery system.
  • If you choose to export the data, how long to keep the export.
  • When to delete the account after it becomes inactive, allowing you to reuse the license.

Since archive and backup/recovery solutions allow you to restore data to a different user, they offer a more cost-effective option than keeping an account active and licensed. They also help meet your legal retention requirements without the expense of an active user license.

2 – License Management

Sometimes we overlook simple actions that can save us time and money. Both Microsoft and Google allow you to add users at any time during your annual contract term. These additions become part of your contracted commitment, which you cannot reduce until renewal.

Too often, when a new employee or contractor joins the team, we immediately add a license and set them up to work. By not checking for available licenses or user accounts that can be deleted, we miss opportunities to reuse existing licenses. Consequently, we end up paying more without any added benefit.

If you have data and account retention policies, you can safely determine if and when to remove a former employee’s account. This allows you to reuse licenses and avoid incremental costs.

While the process may take a few minutes, it is simple and effective in saving money. We have seen businesses with seasonal employee turnover accumulate 25% to 50% more licenses than they actually need.

3 – On-Boarding / Off-Boarding

Small and midsize businesses may not see the need for formal on/off-boarding processes. However, not having them in place can lead to wasted time and potential security risks. Simple, efficient checklists can save you time, effort, and money

On-Boarding

The key to efficient on-boarding is knowing which applications, tools, and data the new employee should be able to access and use.

Create a simple checklist of applications, tools, and file shares. When on-boarding a new employee, determine what access is needed and check off each item as it is provided. This ensures new staff members only gain access to the resources they need.

Creating standard checklists for specific departments and jobs ensures consistent access and permissions across teams.

As a best practice, create security groups for departments and/or job functions to which you assign permissions are access rights. When on-boarding, adding new employees to the appropriate groups streamlines the process and saves time.

Off-Boarding

One of the most common mistakes made during employee departures is leaving accounts active with continued access to systems and data. This poses a security risk and can create confusion for remaining staff.

Having data and account retention policies helps ensure that past employee accounts, also known as “ghost accounts,” are removed from your systems. Creating off-boarding checklists helps ensure that application and data access gets transferred, as appropriate, to other users. Using security groups further simplifies the off-boarding process.

Your Next Step

With time-saving best practice, cloud admin services, Cumulus Global co-manages and remotely administers your IT services to save you time and money, improve productivity, enhance security, and protect your business.

Contact us about our Managed Cloud Services or schedule a no-obligation meeting with a Cloud Advisor today.

Contact us or schedule a no-obligation meeting with a Cloud Advisor today.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

US Cybersecurity Policy Shift Increases Risk of Successful Cyber Attacks

/in ,

Data Protection & SecurityThe current United States administration continues to issue and execute dramatic changes in US policies and programs. For businesses, tariffs and their potential impact on the economy and various business sectors gets most of the media attention. Getting less attention, US Cybersecurity Policy changes will have an immediate and potentially devastating impact on many businesses and individuals.  

Multiple reputable news and information sources are reporting that on March 2nd, the current administration ordered the Cybersecurity and Infrastructure Security Agency (CISA) to cease tracking and reporting on Russian threats. This is a tectonic shift in policy as Russia is generally understood to be the largest nation-state sponsor of cyber attacks. This change in focus for CISA will dramatically reduce the availability, reliability, and timeliness of cybersecurity threat intelligence. 

Here is what you need to know, what to expect, and what to do.

What to Know

Here are three things to know about cyber threats, CISA, and nation-state cyber attacks.

1Threat Intelligence

Threat intelligence is the invisible backbone of your cybersecurity protections. As the name implies, threat intelligence is the collection of sharing of information about cybersecurity risks, threats, methods, actors, sources, and sponsors. It also encompasses knowledge of how to prevent, block, and stop attacks; fix hardware and software to close exploits.

Every legitimate cybersecurity product or service relies on threat intelligence to build, maintain, and improve their product or service. Larger and better-funded cybersecurity companies conduct their own research and share their findings.

2CISA: Cybersecurity & Infrastructure Security Agency

CISA is the US federal government agency responsible for collecting, evaluating, and sharing threat intelligence across government and private sectors. The agency also partners with core infrastructure companies, such as Internet Service Providers, to actively prevent, block, and respond to potential and active cyber attacks.

3Nation-State Cyber Attacks

Industry experts estimate that over 40% of cyber attacks originate from, or are sponsored by, hostile nation-states. The Microsoft Digital Defense Report Report 2024 notes that in 2024, 58% of nation-state attacks originated in Russia. These attacks account for up to 25% of all cyber attacks globally.

What to Expect

Expect more cyber attacks and greater challenged to your cyber security profile.

1More Cyber Attacks

Expect an increase in cyber attacks and, more importantly, successful cyber attacks.

With CISA no longer tracking Russian-sourced cyber attacks, expect Russia, Russian-sponsored, and Russian organized crime to increase the frequency, intensity, and scope of the cyber attacks. Knowing that CISA is no longer watching signals a huge opportunity to attack US government entities, businesses, and non-profits with fear of early detection or responsiveness.

2More Successful Attacks

Without fast and accurate threat intelligence, cybersecurity systems and services will take longer to identify threats and attacks.Their response to zero-day (new, immediate) and other cyberattacks will take longer.

Unprotected and under-protected systems will be more vulnerable to successful attacks as the frequency and scope of cyber attacks increase.

3More Challenging Recovery

In addition to sharing information to help block and stop cyber attacks, CISA shares information on how to repair and recover. Without this information, obtaining decrypt keys and other help to undo the damage will be more difficult and will take more time.

What to Do

Use our Security CPR® model to guide your next steps:

Communicate and Educate:

Inform your team to expect an increase in cyber attacks and ask for additional vigilance. Have security awareness training in place to reinforce the message and to occasionally test if your team can recognize phishing and other email-based cyber attacks.

Protect and Prevent:

More than 80% of cyber attacks originate, directly or indirectly, by email. Make sure you have next-generation email threat protection services in place. Beyond header validation and basic sandboxing, your solution now should analyze character sets and fonts, images, QR codes, graymail, and email delivery patterns.

Microsoft estimates that more than 90% of cyber attacks on small and midsize businesses can be stopped with multi-factor authentication (MFA). If you do not have MFA in place for critical systems (preferably ALL systems), do so now.

Restore and Recover:

As the risk of successful attacks increases, ensure that you have the ability to restore damaged and lost data and systems. Verify that you can recover – return to operations – quickly, even as you continue to restore systems and data.  Continuity solutions for critical systems and software will save you time and money.

Your Next Steps

Assess your immediate needs and take appropriate action. Our Cloud Advisors can help you assess your cybersecurity needs and priorities, and can offer budget-friendly, effective solutions.

Contact us or schedule a no-obligation meeting with a Cloud Advisor today.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.