Posts

Ensuring Hybrid Work Actually Works

Hybrid Workplace

For most of us and our businesses, hybrid work from home jobs are here to stay.  In reality, it has almost always been with us.  Salespersons, field technicians, and other out-of-office customer-facing roles have been a part of many businesses for decades.  The mix, however, of who works outside the office has changed.  And while many businesses are still working to figure out how many in-office work days are necessary each week, the underlying assumption is that hybrid work models will remain.

The challenge now is to ensure your model for hybrid work actually works for your business. When remote work was the exception, the solutions could be one-offs, or more complicated, because the impact on users was limited.  The extra effort to connect to the office was acceptable.  Remote work is now part of the norm, whether in a hybrid model or full-time. Connecting is now critical — technically and in terms of communication, collaboration, and culture.

Here are 5 Ways to Help Ensure Hybrid Work Actually Works

 

1 Simplify Access and Accessibility

Ensure your team can connect and work easily.  Each added layer, such as VPNs, adds a layer of complexity and creates another opportunity for something to go wrong. Complexity also impedes performance.

Moving services — applications, files, data — into a central cloud service reduces the need for complex connections from remote users to in-house networks and servers.  Microsoft 365 or Google Workspace, for example, can easily replace traditional file servers.  Using a virtual desktop infrastructure (VDI) service with remote desktops simplifies access and accessibility to servers and line-of-business applications that do not yet run in the cloud.

2 Create a Single User Experience

If the user experience is different in-office and remotely, team members on a hybrid schedule must effectively navigate two different systems to connect and work. The result is often confusion. File locations and access to printers and scanners become confusing. Configuring oneDrive or Google Drive desktop applications is challenging if you want them to work on and off your office network.

Creating a single user experience reduces the confusion and eliminates potential roadblocks to productivity.

One of the easiest ways to create a single user experience is to use (VDI) and remote desktops.  Rather than having users work “locally” in the office and “remotely” elsewhere, the VDI environment provides remote desktops usable to everybody regardless of location.  All users connect to the service and work within a secure network.

As an added benefit, VDI narrows the scope of your security envelope. VDI reduces the need to manage end user devices, particularly if you allow Bring Your Own Devices (BYOD).

3 Enable Collaboration

The flow of information is different when we work remotely versus together. And while many are more productive working remotely, effective collaboration takes effort.

On average small businesses use only 10% to 15% of the features and capabilities of Microsoft 365 and Google Workspace. There is a high cost to low adoption.

To foster collaboration, your team must be comfortable using the tools that enable the sharing, communications, and relationships. On-going education of capabilities helps team members learn and use collaboration features. Reviewing and updating workflows and processes can improve collaboration within day-to-day activities.

4 Manage Your Managers

Managing people and leading teams is a skill. Many “doers” struggle when they become managers, given the complexities of coaching, mentoring, managing expectations, and dispute resolution across diverse groups of individuals. Managing teams with remote members is even more challenging. Team dynamics will differ, perception biases related to visibility will exist, and managing will need to be against results and expectations rather than visible activity.

Team leaders and managers need education, training, guidance, and mentoring to succeed.  And this need is greater with hybrid and remote teams. Peruse the Ask a Manager blog archives if you want real life examples of unskilled, and outright bad, managers who can damage your business.

Spend some time, and yes, money, to develop management and leadership skills for those responsible for supervising others.  Include guidance and support for issues unique to remote staff and hybrid and remote teams.

5 Include People Intentionally

Remote work does allow team members to focus on their tasks and manage their time. Meetings still happen and team members can use their commute time for other things.

In-person work still has benefits. Unstructured interactions build relationships and connections that enable ideas and innovations to take hold. Granted, “water cooler” chats can be gossipy or give naysayers a channel.  These conversations also enable many to float and test ideas outside of formal meetings. There is a perceived formality when you ask somebody to meet via video, even if it is to just bounce and discuss ideas. The acts of requesting, scheduling, and joining create a structure that differs from catching somebody at their desk, in the hall, or walking back from lunch.

The solution is to create opportunities for casual communications and to set the expectation that they should occur. To do so, your team members need opportunities to interact not only on work, but work-tangential topics, as a means to build relationships and trust.

For your remote/hybrid workers, inclusion is key.

  • As you prepare for meetings, let remote participants know in advance that you will be seeking their input on various topics. Set the expectation for participation without an element of surprise.
  • Create the habit of asking, “Who else should we ask?” when having unstructured discussions. Include them in real-time via chat or video, or message them for ideas or a time to chat.
  • Actively include remote workers in company events.  Team pizza lunch on Thursday?  Move it to a conference room, invite remote team members, and send remote participants lunch (or a credit to order their favorite).
  • Plan company events so remote team members can participate. Activities, like providing the ingredients and preparing a fancy meal guided by a chef, allow people to share a common experience in a group setting, even though participants are not physically together.

Next Step: Cumulus Global Can Help Your Business Succeed in a Hybrid Work Environment

Making sure that hybrid work actually works for your business requires intent, planning and action. Even small initiatives and steps to support remote staff and teams, and to foster communication, trust, and collaboration, can have a big impact on your business.

Cumulus Global can help you with plan and deploy technologies and servers that enable and support effective remote workers and teams.  With best-in-class remote desktop/VDI services, expert support for both Microsoft 365 and Google Workspace, and affordable Managed Cloud Services, we will help your business thrive and grow.

Click here to schedule a call with a Cloud Advisor or send us an email. There is no cost and no obligation.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

 

Leadership Thoughts: Noteworthy Blog Posts – Jan ’24

As small business owners and leaders, you carry the responsibility for the direction and success of your business.  And while Cumulus Global provide managed cloud services that help you thrive and grow, we understand your responsibilities are broader than just IT. As a way to share some leadership thoughts, here is a curated list of blog posts from trusted experts that we hope will inform and inspire.

Marketing

Sales

Human Resources

Strategy and Leadership

IT Ideas That Still Hold True

A few of our past blog posts that remain true and relevant today.

Help us keep the ideas flowing. If you have any blog posts that are leadership thoughts you want to share, please let us know.

7 Steps to Build Your 2024 IT Strategic Plan

2024 IT Action PlanIn our 3T@3 Series event in December, we discussed creating your 2024 IT Action Plan. During the session, we walked through a proven process for building a feasible plan for the coming year.

Here is a breakdown of 7 key steps in the process

1 Define Your Business Drivers

Your first step is to assess your business drivers.  What are the conditions, internally and externally, that you expect to impact your business over the coming year?

External drivers are generally beyond your control or influence: changes in the economy, evolving customer needs and priorities, shifts in business conditions in your target markets, and changes to the competitive landscape.

Internal drivers are within your control. What are your goals and objectives? Which are priorities, needs, or wants?  Do you have defined business plans and targets for investment?

Many of your internal drivers may be responding to external drivers.  Identifying these drivers, and their priority, will guide business and technology solutions over the coming year.

2 Review Your IT Lifecycle

Review your hardware and software inventory, and where each item sits in its lifecycle. Document applications or systems due upgrades; catalog servers, infrastructure, and user devices due for replacement.  Use this assessment to schedule necessary expenditures.

Also, consider if now is the time to upgrade or replace older systems with managed cloud-based solutions or services. Doing so can reduce capital expenditures and may provide more scalable resources and services.

3 Define IT Initiatives

Having planned for scheduled hardware and software refreshes, use your priorities list of business drivers to create a finite set of IT initiatives.

Your business drivers should trigger business decisions, actions, and plans. Analyze these plans for how IT services can enable or support the desired actions and outcomes. This strategy and analysis becomes your IT requirements for the coming year.  The priority of your business goals and objectives will set the priority for your IT initiatives.

Your IT initiatives are defined, manageable projects that meet your IT requirements.

4 Benchmark Your Security CPR

Security CPR is our model for pragmatic protection for your business.

  • Communicate & Educate
  • Protect & Prevent
  • Respond & Recover

Your IT initiatives will, without a doubt, interact with your security services.  Take a step back and review your security protocols and systems.

  • Verify that you remain in compliance with legal and industry regulations
  • Validate that your IT initiatives will do no harm, or will enhance your security profile
  • Adjust your security services to changing risks, priorities, and threats

5 Set Clear Priorities

Your budget has limits.  With security considerations in place, prioritize your IT spending. We recommend prioritizing within three distinct categories:

  • Lifecycle Events – Replace and upgrade aging hardware and software
  • Operating Expenses – Ongoing costs for cloud, services, and resources
  • Investments – Your IT initiatives

6 Build Your Budget

Allocate your target budget to each of the categories.  Fund items in each group from highest priority on down.

One key to building the budget is to facilitate some give and take.  Moving budget between categories can be done, carefully, in ways that benefit each aspect of your IT spending.

For example, moving to Remote Desktops in a virtual desktop infrastructure (VDI) cloud can extend the life of desktops and laptops by 2 to 3 years. Delaying system upgrades can be a safe move if your initiatives are working towards replacement.

7 Create Your Schedule

While it is natural to want to get everything done right away and all at once, thoughtful scheduling increases your likelihood of success for your 2024 IT Action Plan.

Scheduling starts with actions: the what, when, how, and how of your IT initiatives. Smart scheduling will also include consideration of dependencies and resource availability.

Going one step further, review your business cycle limitations. Avoid scheduling projects, particularly critical paths, that conflict with more intense periods within your business cycle. You may have a busy season, or need to be careful not to impact your quarterly close and reporting. Whatever demands your business cycle creates, adjust your planning and schedule around them.

How Cumulus Global Can Help You

We focus on helping clients get the most value from their current IT services and new, cloud forward solutions.  As you build your 2024 IT Action Plan, we can help. With a history of strategic IT consulting services, we can help you build your plan, review plans you have drafted, or simply discuss options.

Click here to schedule a call with a Cloud Advisor or send us an email. There is no cost and no obligation.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

 

Google Upgrade Prevents SPAM and Defines Email Best Practices for 2024

Google email sender guidelines updates coming in 2024: how to prepare

Google constantly works to enhance security and reduce the prevalence of spam in Google Workspace and Gmail inboxes. AI-powered defenses successfully filter out almost 15 billion undesired emails each day. Google stops over 99.9% of spam, phishing, and malware threats. Still, as spamming techniques evolve, threats to user security persist.  Google will deploy new rules for bulk email senders. These Google email sender guidelines and rules prevent SPAM using email best practices that we should all follow.

Improving Security with Google Email Validation

Starting in February 2024, Google will implement new criteria for bulk senders (i.e., accounts that send more than 5,000 messages to Gmail users in a single day). These new email sender guidelines and requirements focus on email validation, and the evaluation of an email address’s legitimacy. 

New Email Requirements for Bulk Senders:

  • Authenticate Email: Bulk senders must strongly authenticate their emails. This protects against the exploitation of loopholes by malicious actors and allows users to trust the source behind the emails they receive.
  • Enable Easy Unsubscribe: Bulk senders will be required to provide recipients with an easy, one-click option to unsubscribe from commercial emails. These unsubscription requests must also be processed within a time period of two days.
  • Send Wanted Emails: Google will set a clear spam rate threshold to protect Gmail users from receiving an abundance of unwanted emails. Notably, this measure is an industry first. 

This Change Impacts You 

If email is part of your marketing program, even if you are not a bulk sender, these rules impact you. While Google is enforcing these rules for bulk senders, following these rules improves your email results. By improving your email reputation, and reducing the risk of impersonation, your emails are more likely to land in the inbox rather than the junk or spam folder. 

Things to Consider to be Ready for The Bulk Sender Changes Happening in February 2024

1 Make sure your Domain Name Service (DNS) email settings and protocols are correct and complete.

2  Preferably, use an email marketing platform instead of your Google Workspace account for large group and bulk marketing emails.

  • Email marketing platforms give you the ability for easy un-subscribe and will provide the necessary features to comply with the anti-spam and data privacy laws and regulations.
  • Google limits the number of recipients per email and the number of emails you can send per day. Google may suspend your account if you exceed these limits.

Your Next Steps to Prepare for New Google Email Sender Guidelines

Contact us or click here to schedule a call with a Cloud Advisor  to review your DNS protocol settings and our Managed DNS Services.

For more details about Google policies that impact emails received by, and sent from, Google Workspace, review Google’s Email Sender Guidelines.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Manage Storage in Google Workspace and Understand Limits

Google Workspace

Updated January 3, 2003: Clarification on length of grace periods.

With the move to pooled storage across all subscriptions, Google no longer supports legacy options for additional storage for Google Workspace. As such, many individuals and businesses find themselves approaching or exceeding the pooled Google Workspace storage limit for their accounts.

What Happens Next After Reaching The Google Workspace Storage Limit

If you reach or exceed your pooled storage limit, Google gives you a grace period to either reduce the amount of storage used, or to add more pooled storage by changing your subscription.  After the grace period, your account becomes “read-only.” This change impacts your services including being unable to upload files or create new Google Docs, Sheets, Slides, or Forms.

Your grace period is:

  • 14 days if you do not have legacy Additional Storage license(s).
  • 60 days if you have legacy Additional Storage license(s).

You Have Options

You need to either add more Google Workspace storage, or you and your team need to free up storage.

Add More Storage

You have three options for adding more storage.

1 Upgrade.  The easiest way to add storage capacity, and Google’s recommended solution, is to upgrade to the next subscription tier, from Business Starter to Standard; from Business Standard to Plus; from Business Plus to Enterprise Standard.

2 Add Licenses. As an alternative, you can opt to add one or more additional licenses to increase the storage pool.  Both of these solutions will incrementally increase your cost.

3 Add 10 TB of Storage. You can add Additional Storage to Google Workspace subscriptions with pooled storage. The added storage comes in blocks for 10 TB at a cost of $300 per month.  This option is generally too expensive for most small and midsize businesses.

Which option is more cost-effective depends on your current subscription, your number of users, and the amount of storage you want to add.

Free Up Storage

We can recommend several techniques for freeing up storage, each with advantages and disadvantages.

1 Review and remove large or unnecessary files.  Ask each user to go through their “My Drive”. Your Administrator should review your Shared Drives. Be careful not to remove files that may be needed.

2 Review and remove duplicate files. Encourage each user to delete files that have been copied to a Shared Drive, or for which they have multiple copies that are no longer needed.

3 Remove and reduce large emails. Instruct and help users work to through their historical email and delete emails with larger attachments. Verify that the files were saved to My Drive or a Shared Drive. Be careful that the content of the email is no longer needed as well to avoid losing information you might need later on.

4 Move files to other storage. Using Google Cloud you have other storage options. These storage options work well for static needs, such as archiving projects and media (image, audio, video) libraries. Accessing Google Cloud storage requires

5 Move files to local storage. While counter to a Cloud Forward approach, you can move files to local storage. If you  do download the files to local storage before deleting, remember to make sure you protect those files with a backup/recovery solution.

We Can Help with Google Workspace Storage

Our team of small and midsize business cloud experts can and will help you chart your best path forward.  Let us help you assess the effort and cost for your options, and choose the best solution for you and your business. Schedule a call with a Cloud Advisor or send us an email.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

3 Secrets to Avoiding IT Problems

Problem and SolutionIf you are a sole practitioner, a solopreneur, or the owner of smaller businesses, you face unique technology challenges. You, and businesses like yours, are uniquely dependent on your technology.  Your computer and phone are critical tools without which your business can screech to a halt.  Avoiding IT problems is critical. And yet, you do not have time to be the IT guru. You may not have access to, or the budget for, traditional IT services.

The good news is that you can take steps to avoiding IT problems without overspending.

1 Stay Current

When we say “stay current”, we do not mean spending hours reading and studying the lasted IT advancements and opportunities.  Stay Current means keeping your systems up to date.

  • Make sure you regularly apply Windows (or MacOS) updates.
  • Windows Update should also inform you of firmware updates from your laptop manufacturer.
  • If you are not running cloud-based software that updates automatically, make sure your desktop applications are up to date as well.

Staying current with system and application updates ensures you have the latest system-level security protections in place. It is common for security experts to find “holes” in Windows and applications. Updates fix these risks and reduce the chance of a successful malware, ransomware, or other form of cyber attack.

2 Security CPR

Security CPR is our model for pragmatic protection for your business.

  • Communicate & Educate:
    • Know that even your business is a target;
    • Understand the current nature of cybersecurity risks; and
    • Learn how your behavior can prevent or enable attacks.
  • Protect & Prevent:
    • Deploy security solutions focused on stopping the most common type, and the most damaging, cyber attacks on small businesses.
      • Email advanced threat protection and next-gen endpoint protection, for example, protect you from attacks steal your identity and passwords.
      • Proper DNS configuration can stop cyber attackers from impersonating you or your business.
    • Include low-cost and no-cost solutions like multi-factor authentication (MFA) and local disk encryption to prevent access should an account get compromised.
    • Ensure you meet industry and legal security and privacy regulations and requirements; several states are imposing regulations above and beyond more familiar requirements (PCI, HIPAA, etc.).
  • Respond & Recover:
    • No protection or prevention is perfect.
    • Use affordable services that not only recover your data, but let you continue operating while you recovery.
    • Be prepared to address the customer service, legal, and financial aspects of a successful cyber attack. Cyber Insurance is a key component.

Many of your peers assume that security will be too expensive. They see the press coverage and read the articles, failing to realize that tech media targets larger businesses.  Our Security CPR model focuses on balancing risks, protections, and costs to deliver the best value for your business, and smaller business like yours.

Additionally, the model helps you with avoiding IT problems beyond security and compliance. The same solutions help you minimize the risk of hardware problems and software issues while making it easier to recover should something go wrong.

3 Partner with a Pro

If you are worried that you cannot afford expert IT services, you are not alone.  Most sole practitioners and owners of smaller businesses worry about upfront and on-going IT costs. As a result, you may turn to family, friends, or the “guru” in the blue shirt at the store in the mall. Even if your go-to person is in IT,

  • Do they focus on your needs as a small business?
  • Are they available when needed?
  • Do they plan ahead, or only offer guidance when it is time to make a purchase or after a problem?
  • Are they helping you get the most out of the features and capabilities of your IT services?

It is easy to let concerns about cost get in the way of IT services than can truly help you and your business thrive and grow.

A single IT problem can easily cost more, directly and indirectly, than using IT professionals to plan, manage, and support your business. An unexpected failure or cyber attack can disrupt your business for days, resulting in missed deadlines, lost revenue, unexpected costs, and a damaged reputation. Sound planning and active management prevents problems. The right services are key to avoiding IT problems, keeping you operational, and helping you recover should the unexpected happen.

Focus on value.

The right cloud solutions simplify your IT services. Simple reduces the number of things — hardware, software, services — to learn, manage, and support. Matched with the right guidance, management, and support, the right IT services more than pay for themselves.

How Cumulus Global Can Help You Avoid IT Problems

We build our Essential and Basic Managed Services to meet your needs as a solopreneur or owner of a smaller business. Leverage the cloud; focus on key solutions; Rely on expert guidance, management and support.

Explore how our Managed Cloud Services can help you and your business. Click here to schedule a call with a Cloud Advisor or send us an email. There is no cost and no obligation.

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management. 

 

The #1 Security Solution that Costs You Nothing: Multi-Factor Authentication

Security KeyWe have all seen and heard the warnings about the ever increasing number of cyber attacks against small business.  More than crypto-ware, small and midsize businesses are targets of other forms for ransomware, impersonation, crypto-mining, and business email compromise attacks. The threats are real, as are the operational and financial risks to your business. Multi-Factor Authentication, or MFA, is an effective, “no cost” solution.

Along with the warnings, you are likely, almost certain, to receive pitches, promos, and offers for a never-ending array of security tools and services.  Like other small and midsize businesses, you lack the bottomless budget. You cannot do it all; you need to prioritize your spending on security products and services with the biggest bang for the buck.  “No Cost” solutions are, of course, the best option when they work.

Protect versus Prevent With Free Multi-Factor Authentication

Some security solutions protect your and your systems, other prevent access and actions.  The difference is important.

Protection solutions help stop attacks from happening.  Services like advanced threat protection and next-gen endpoint protection stop phishing, infecting attachments, and dangerous link attacks by blocking the attack from reaching you or your team.

Prevention solutions stop attackers from successfully accessing your systems and data.  These solutions work after a cyber-attacker has figured out, or purchased, your identity.

In reality, you need both types of solutions. Protection solutions provide the broad shield against targeted and broad scale attacks. Since no protection is perfect, prevention solutions stop the attackers before they can get in and do damage.

“No Cost” Prevention: MFA

The good news is that you can deploy the most effective prevention solution, Multi-Factor Authentication, at “no cost.” We put “no cost” in quotes because, while the basic solution is free, you will need to spend some time setting it up and educating your team.

Multi-Factor Authentication is an authentication method that requires the user to provide two or more verification factors to gain access or entry to a system, application, or other online account or resource.  Most of the applications and systems you use, including Google Workspace and Microsoft 365, include MFA as security feature and option.

These integrated MFA services often provide the second level of verification via SMS message, single-use link, and/or an authenticator app on your smart phone. In general, using an authenticator app is considered more secure than SMS message or single-use link.

As reported by Microsoft in 2019, MFA can block more than 99.9% of account compromise attacks.  If a cyber attacker has your username and password, MFA is the best way to prevent them from getting in and doing harm.

Overcoming Objections with a Free MFA

When putting MFA in place, you may get some pushback or hesitation from your team.

  • MFA does add extra steps when logging in, an inconvenience for your team.
  • As you likely run several apps and systems, your team will need to setup multiple entries in one, or more, authenticator apps.
  • Your team may need to create and save “backup access codes” in case of system or access issues.

While your team may object to the inconvenience, the added effort is reasonable given the level of prevention.

You Can Do More with a Free Multi-Factor Solution

If the number of accounts, passwords, and MFA services is too much, you have options. While they come with a price tag, single sign-on (SSO) and identity and access management (IAM) services can minimize the inconvenience.  Most small and midsize businesses do not see the value given the cost, but it remains an option.

We Can Help

Configuring and managing MFA is part of our Basic, Business, and Premium Managed Cloud Services. We can also help you put MFA in place for your current IT services. For more information, click here to schedule a call with a Cloud Advisor or send us an email.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Upgrade Coming to Spaces in Google Chat: From Conversation Topics to in-line Threading

upgrade from conversation topics to in-line threading in spaces

A Google Chat upgrade is rolling out as of September 30, 2023. Google will be upgrading the format of all spaces organized by conversation topic to in-line threaded spaces in batches. The changes take place over the course of several months. Upgrades for each space may take a few minutes to complete. In some cases, it may take up to 12 hours to complete. The space will be unavailable to users during the upgrade.

Most users’ spaces will be upgraded during non-peak hours on weekends to try and ensure minimal disruption. Upgrades for all customers are expected to be finished by March 31, 2024. If you have a preferred month during which you would like the upgrade to happen, fill out this form by September 28, 2023.

Spaces organized by conversation topic have messages and replies grouped together in the main chat window. In-line threaded spaces, on the other hand, allow direct replies to any message, and allow creating a separate in-line thread, which is a sub-conversation that appears in a separate pane in the UX to a sub-conversation where smaller groups of people can continue a conversation on a specific topic. 

Before the Spaces Google Chat Upgrade

  • A few weeks before the Google Chat upgrade begins, users will see a banner in spaces that are organized by conversation topic. The banner will notify users of the upcoming upgrade. It will also have a link to a Google Help Center article which will have more details about the upgrade.

Who’s Impacted

This update to spaces in Google chat will impact admins and end users.

During the Transition From Spaces Organized by Topic to in-line Threading in Google Chat

  • When users attempt to open a space while it is being upgraded, they will see and error message.  The message will state the ‘Space is temporarily not available. We are updating this space to an inline threaded space.’
  • If users are viewing a space when the upgrade starts, most features will become unavailable until the upgrade completes, including sending and receiving messages in that space.
  • Search in Google Vault for Chat messages will still function, but results may contain duplicated messages from spaces that are being upgraded.
  • Chat APIs/Chat Apps that are trying to access a space during the upgrade will not work and will receive errors when trying to update space content.

After the Google Chat Upgrade To in-line Threading

  • Messages sent before the Google Chat upgrade will be retained. They will be arranged chronologically, instead of by topic. There will also be a separator titled “Begin New Topic” to indicate every time a new topic was started.
  • In some cases, when people have responded on older topics, the new chronological order takes precedence. Messages may not appear next to the original topic, but rather by the time they were sent. When this occurs, the new response will quote the last corresponding message.
  • Users will see a separator between the last message sent before the upgrade. They will also see  a notification in the space indicating that the space has been upgraded to use in-line replies.
  • The upgraded spaces will have their conversation history turned on by default. This will match the existing history behavior of spaces organized by conversation topic, which always have history on. Depending on organization-level history controls, space history settings may be changed by space managers. New messages sent after the upgrade will respect applicable organization-level history controls configured by administrators.
  • Users might need to close and reopen Chat in order to get access to the upgraded spaces.
  • Messages sent after the upgrade will have the same experience as the existing in-line threaded spaces.

No Action Required During the Spaces Upgrade in Google Chat

You can learn more about in-line threaded spaces, and you can always contact us with your questions at info@cumulusglobal.com.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

AI and Privacy Issues: Data Leaks and Breaches

We recently posted about the AI warning we received from a partner about the use of AI tools and protecting their confidential information. Beyond the specifics of the warning, we quickly saw a much broader context. Using AI tools, if not managed carefully, will result in unauthorized data disclosures, breaches, or leaks. These disclosures may easily violate laws, regulations, industry standards, and contractual obligations. Before exposing your business to unnecessary liabilities, understand how your AI tools and services manage, and ensure, data privacy.

Scope of the AI and Privacy Problem

To gain a better sense of the issue, we decided to look into the data privacy practices of meeting assistants.  Meeting assistants are one of the most commonly used AI tools for small and midsize businesses.  Traditional meeting assistant tools transcribe discussions. Newer versions use AI engines to capture action items, summarize discussion points, and analyze the attitudes and sentiments of participants. We reviewed the terms of service, privacy policies, and FAQs for several services.

Here are some excerpts from our findings (company and service names redacted):

AI Terms of Service

Do not use the service if you need to keep protected or confidential information private:

You hereby represent and warrant to [Company] that your User Content … (ii) will not infringe on any third party’s copyright, patent, trademark, trade secret or other proprietary right or rights of publicity, personality or privacy; (iii) will not violate any law, statute, ordinance, or regulation (including without limitation those governing export control, consumer protection, unfair competition, anti-discrimination, false advertising, anti-spam or privacy);

The [Company] is not liable if you use their services:

… the user understands and accepts the risks involved with the use of AI or similar technologies and agrees to indemnify and hold [Company] harmless for any claims, damages, or losses resulting from such usage.

Allowing an AI engine to analyze your information, or allowing a service to use your information to train their AI-based services, is a disclosure:

When you post or otherwise share User Content on or through our Services, you understand and agree that your User Content … may be visible to others

AI Privacy Policies

Using AI tools has inherent risks:

By utilizing [Company]’s services, the user understands and accepts the risks involved with the use of AI or similar technologies and agrees to indemnify and hold [Company] harmless for any claims, damages, or losses resulting from such usage.

Some tools have service options, at added costs, to ensure data privacy:

… customers that want their data to be strictly segregated (for example, customers dealing with PHI) can choose the [service] option to exercise complete control over their compute and data infrastructure, ensuring that their data is separated per their compliance requirements.

Some services explicitly tell you that sharing confidential information violates their privacy policy:

You may also post or otherwise share only Content that is nonconfidential and that you have all necessary rights to disclose.

The Risks and Challenges with AI

With justifiable concerns about data protection and privacy, we have been trained to think about data leaks and breaches in terms of cyber attacks. We also look at “insider threats,” which are often human errors such as accidentally sharing files externally or putting confidential information in an unsecured email.

The use of meeting assistants and other AI-powered productivity tools creates a new category of risk.  In order to learn and improve, AI tools need to train using information. The easiest way to provide information to train an AI tool is to capture information provided by the users.  The users get their results; the AI tool trains, learns, and improves.

While this works for the AI tool or service provider, it creates a data breach platform for the users unless the tool has specific policies and services to ensure compliance with data privacy laws and regulations. 

Using an unsecured AI meeting assistant creates an incidental, if unintentional, breach. 

Some examples of incidental breaches caused by unsecure AI meeting assistants:

  • Two doctors discuss a patient consult, disclosing personal health information (PHI) to third parties in violation of HIPAA
  • You discuss project details with one of your clients, disclosing confidential intellectual property in violation of your contract
  • Your financial advisor discusses your financial holdings and accounts with you, disclosing personally identifiable financial information in violation of industry regulations and standards

Protect Yourself and Your Business from AI and Privacy Issues

From our review of several AI meeting assistant services, very few will keep your information private. Those that do will charge additional fees.

When you get on a video meeting or conference call, ask the host if their meeting assistant is secure. If not, or if they are unsure, ask them to turn it off.

More generally, take a step back and plan your approach to AI.

  • Consider how and when you want to use AI in your business
  • Make sure you and your team understand your contractual and regulatory responsibilities with respect to information privacy
  • Assess the AI tools and services you plan to use:
    • Understand their data privacy commitments
    • Match privacy policies and commitments against your business and legal requirements
    • Opt-in to agreements that ensure data privacy, even if it requires paying for the service,

With an understanding of your requirements and AI services, AI can add value to your business without introducing significant avoidable risk.

We Can Help

To discuss your technology service needs and plans, click here to schedule a call with a Cloud Advisor or send us an email.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Our First AI Warning: Why Using AI Services Can Breach Your Contracts

We recently received our first AI Warning. This was not a a general warning such as, “anything built for good can be use for evil” or “AI can replace you.” We received a direct warning about specific uses of artificial intelligence services and our contracts. The warning we received applies to you as well.

Some Background About this AI Warning

Cumulus Global is known for our professional services, including our ability to successfully manage cloud migrations from a variety of local environments. We often provide these services to other technology firms that need our expertise and experience to solve specific client needs. We have standing partnership agreements with several of these firms.

The AI Warning came from one of our partners.

The AI Warning

The warning we received centered on our potential use of AI services and the implication for confidential information belonging to our partner and their clients. The warning stated that providing this data to any AI system or tool is a likely violation of our contract, confidentiality, and non-disclosure agreements.

Specifically:

  • Providing confidential information to any AI system or tool is an authorized disclosure unless we have a contractual agreement in place with the AI vendor that ensures all data remains private and confidential.
  • The use of any confidential information for feeding or training AI system or tool is considered an authorized disclosure. Even if the AI system or tool is private the confidential information will be used outside the scope of any project, work, or need.

In addition to clearly defining limits on the use of their data with AI services, the warning included the company’s intent to pursue any and all contractual and legal methods to prevent, or in response to, disclosures.

Bigger Context

While this AI warning was specific to one business relationship, we see a bigger context. The current flood of AI services is exciting, and the potential uses and benefits are great. If we want to engage, however, we need to be careful. Whether we are deliberately training an AI system or creating prompts and providing feedback to refine answers, we are placing information in the hands of others. Unless we take explicit steps to ensure privacy with AI tools, our expectation must be that the information we provide will be used train the AI service, effectively placing the information in the public domain.

We must also recognize that the generative nature of AI increases the risk of improper disclosure. While we may not intend to disclose information, AI engines can recognize and correlate information. In other words, AI services can piece together data to create and share  information that should be private.

Your Action Plan to Prevent AI Issues

Take a step back and plan your approach to AI.

  • Consider how and when you want to use AI in your business
  • Make sure you, and your team, understand your contractual and regulatory responsibilities with respect to information privacy
  • Assess the AI tools and services you plan to use;
    • Understand their data privacy commitments
    • Match privacy polices and commitments against your business and legal requirements
    • Opt-in to agreements, even if it requires paying for the service, that ensure data privacy

With an understanding of your requirements and AI services, AI can add value to your business without introducing significant avoidable risk.

We Can Help

To discuss your technology service needs and plans, click here to schedule a call with a Cloud Advisor or send us an email.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Webcasts

Rethinking Google and Microsoft

(04/30/24) – As both suites evolve, and your business changes, is your choice still the best match for your business? Assessing whether Microsoft 365 or Google Workspace is the best fit for your business needs should either trigger a change or improve how you use your current services.

Be Prepared for New Cybersecurity Requirements

(03/26/24) – Increased governmental and industry regulations, a maturing cybersecurity industry, and supply chain best-practices are driving requirements for advanced security services and business continuity solutions.

Using VDI to Improve Hybrid Work

(02/27/24) – Supporting hybrid workers comes with additional security, BYOD, access, performance, and budget challenges. Virtual Desktop Infrastructure (VDI) & remote desktop services improve security, access, and performance without damaging your budget.

Select Your Managed Cloud Services

(01/16/24) – The right managed cloud services can significantly impact your team’s productivity. You can ensure your systems are secure, you team is productive, and that you are protected against cyber attacks and other disruptions. Just as important, you can protect your budget.

Your 2024 IT Action Plan

(12/19/2023) – When planning for the upcoming year, we often forget to consider the role our technology and services can play in supporting our business goals and objectives. Align your IT plans to best support your business goals.

Your Transition to Google Workspace

Map your transition to Google Workspace: Understand the changes in features/functions and the cost impact for your business.

library

7 Questions to Ask Your IT Provider

eBook | Source: Cumulus Global — For small and midsize businesses like yours, the information technology and services environment continues to change. Here are seven questions, across a range of topics, to ask your current IT provider to ensure they are actively helping you look forward.

5 Things Your IT Provider Should be Telling You

eBook | Source: Cumulus Global — Beyond Microsoft 365 and Google Workspace, SMBs use cloud services differently than larger organizations. Understanding these differences, we identify strategies to guide your plans and decisions for getting the most value from your current systems and new, managed, cloud services.

2023 OpenText Cybersecurity Email Threat Report

eBook | Source: OpenText Security — Attackers persistently adapted their email-based techniques throughout 2022, introducing more nuances into their methods. This eBook shares current information about Phishing, Business Email Compromise, Cryptocurrency Scams; and the Top Malware Threats. The report provides examples of attacks as a learning tool for understanding attacks, how to prevent them, and how to respond.

Cloud Strategies for Small and Midsize Businesses

eBook | Source: Cumulus Global — Beyond Microsoft 365 and Google Workspace, SMBs use cloud services differently than larger organizations. Understanding these differences, we identify strategies to guide your plans and decisions for getting the most value from your current systems and new, managed, cloud services.

Understanding Third Party Breach Alerts

eBook | Source: Cumulus Global —
Third party breach alerts inform you of third party data breaches that may pose risks to your business. This eBook looks at the information provided in third party breach alerts
and, using examples, discusses how to interpret and use the information provided.

A Cyber Insurance Primer (Slide Deck)

Slide Deck | Source: Cumulus Global —
Cyber Insurance is a tool, not a solution. This deck is from our June 2022 3T@3 Webcast: A Cyber Insurance Primer and discusses the what and why of cyber insurance and how it fits into your cyber security and incident response plans.

Email Security: Good, Better, Best

eBook | Source: Cumulus Global —
Cyber attacks by email have skyrocketed over the last decade. Email and domain impersonation attacks, fueled by successful phishing attacks, bypass account-centric security. This eBook discusses how to protect your business and domain from Business Email Compromises and impersonation attacks.

IT Services for Solopreneurs and VSBs

eBook | Source: Cumulus Global —
IT Services pose unique challenges for Solo entrepreneurs, aka “solopreneurs”, and very small businesses (VSBs). More than having IT services that are “good enough”, solopreneurs and VSBs need technology to save them time, effort, and money.

The Transition to Google Workspace

Slide Deck | Source: Cumulus Global —
For many businesses, the transition comes with a significant increase in subscription fees. This deck, with notes, from our Coffee & Clouds Series webcast covers …

State of Security for Small and Midsize Businesses

eBook | Source: Microsoft —
This eBook identifies key findings in studies and surveys covering security for small and midsize businesses, and provides set of recommendations to ensure …