Cumulus Global Recognized on the 2022 CRN® MSP 500 List

/in ,

2022 CRN MSP 500Company Celebrates 5th Consecutive Year of Recognition as an Industry Leader

For the fifth consecutive year, Cumulus Global proudly shares that CRN®, a brand of The Channel Company®, has named Cumulus Global to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2022. CRN’s annual MSP 500 list identifies leading North American service providers with forward-thinking approaches to managed services. Cumulus Global’s inclusion on the 2022 MSP 500 recognizes the company’s through leadership on managed cloud services and the company’s ability to help its customers increase productivity, simplify IT solutions, secure their business, and maximize their return on investment.

“The continued recognition by CRN as a Pioneer on the 2022 MSP 500 List is an incredible honor,” stated Cumulus Global CEO Allen Falcon. “We appreciate CRN recognizing the differentiation we bring to the market, and our clients, with our managed cloud services offerings.”

Cumulus Global innovates in ways that help small and midsize businesses (SMBs) adapt to changing business conditions. Many SMBs continue recovering from, and adjusting to, the impact of the COVID-19 pandemic. Cumulus Global leverages cloud services that more effectively and efficiently support remote and hybrid work environments. The company’s Security CPR model provides SMBs with an understandable method of assessing security risks, prioritizing needs, and deploying effective, budget-friendly solutions.

“In addition to having to adjust their own business operations to account for the changed conditions during the pandemic, MSPs have also seen increased demand for their managed communications, collaboration and security services,” said Blaine Raddon, CEO of The Channel Company. “The solution providers on our 2022 MSP 500 list deserve credit for their innovative and game-changing approaches to managed services in these unpredictable times, as well as their ability to optimize operational efficiencies and systems without straining IT budgets.”

The economy, markets, supply chains, expectations for work environments, and other business factors remain in flux post-pandemic.  Cumulus Global managed cloud services blend the best aspects of traditional MSP services with a “cloud first” perspective. Leveraging the economies of cloud computing, Cumulus Global offers these robust, secure services at costs below traditional IT services for small and midsize businesses.

The MSP 500 list is featured in the February 2022 issue of CRN and online at www.crn.com/msp500.

About Cumulus Global

Cumulus Global is an industry-leading managed cloud service provider with a mission to deliver solutions with tangible value.

  • What We Do: We translate your business goals and objectives into solutions and services.
  • How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from co-managed services, on-going support, and client success services that help you adapt as your business changes and grows.
  • What We Offer: Managed cloud solutions featuring Google, Microsoft, and more than three dozen providers.
About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers, and end-users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelcompany.com  

Follow The Channel Company: Twitter, LinkedIn, and Facebook.

The Channel Company Contact:

  • Jennifer Hogan
  • The Channel Company
  • jhogan@thechannelcompany.com

Google Workspace Fee Increase Effective April 11, 2023

/in ,

Google WorkspaceOn February 11, 2023, Google provided sixty (60) days notice of a Google Workspace fee increase across most licenses.  For many customers, this increase is coming immediately after increased fees related to the transition from G Suite to Google Workspace.

The Google Workspace Fee Increase in Summary

The Google Workspace fee increase primarily impacts subscriptions on the “Flex Plan”, or month to month service.  Flex Plan fees will increase by 20%. This includes all Google Workspace Business, Enterprise, Front Line Worker, Archived User, and Appsheet licenses. The 20% increase also impacts Google Cloud Identity Premium licenses.

Additionally, the underlying annual commitment plan fees for Google Workspace Enterprise Standard is increasing by 15%.  Enterprise Standard Flex Plan licenses will be charged the 20% increase on top of the 15% increase.

Google Workspace Fee Increase Details

For all Google Workspace Business plans, the per-user fees for Flex Plan subscriptions are increasing by 20%. The per user monthly fees will change as follows:

  • Business Starter: from $6 to $7.20 per user per month
  • Business Standard: from $12 to $14.40 per user per month
  • Business Plus: from $18 to $21.60 per user per month

For all Google Workspace Enterprise plans, the per-user fees for Flex Plan subscriptions are increasing by 20%. There is also an increase in the underlying Annual Commit pricing for Google Workspace Enterprise Standard. The per user monthly fees will change as follows:

  • Enterprise Essentials – Flex Plan: from $10 to $12 per user per month
  • Enterprise Starter – Flex Plan: from $10 to $12 per user per month
  • Enterprise Standard – Annual Commit Plan: from $20 to $23 per user per month
  • Enterprise Standard – Flex Plan: from $20 to $27.60 per user per month
  • Enterprise Plus – Flex Plan: from $30 to $36 per user per month

Similar 20% increases will impact Flex Plan pricing across the following licenses:

  • Google Vault
  • Google Workspace Front Line Worker
  • Google Workspace Archived User (all Business and Enterprise licenses)
  • Cloud Identity Premium
  • Google Workspace Appsheet (all Business and Premium licenses)

Impact on G Suite to Google Workspace Transition

If you are still using G Suite licensing, these changes will be in effect as of April 11, 2023 or as of your transition date if your transition occurs after this date. If you are using G Suite on an Annual Commitment Plan, Google will automatically move you to Google Workspace on your annual (or contract) renewal date.  If you are using G suite on a Flex Plan, Google should provide your with 60 days notice of your automatic transition. Google began automatic (forced) transitions earlier this month and will continue until all customers are moved to Google Workspace.

As a reminder: When Google automatically transitions your service from G Suite to Google Workspace, Google will select the licensing that maintains your current feature set even if the transition will double or triple your monthly per user fees. Cumulus Global can manage your transition can discuss options to avoid or mitigate these increases. 

Avoid the Fee Increase

You can avoid this fee increase by converting your service from the Flex Plan to an Annual Commitment Plan.

Flex Plan subscriptions are month-to-month. As such, you can adjust the number of licenses up or down, as needed, each month. Your invoices are in arrears and reflect any changes.

Annual Commitment Plan subscriptions, as the name implies, commit you to one year (or multiple years) of service.  During your Commitment Plan term, you may added licenses at a prorated fee through the end of your term.  Any added licenses increase your commitment. You cannot reduce the number licenses (you can reuse them as employees leave and new employees join your business) and you cannot cancel service until your contract renewal date.

Given the fee increase on Flex Plan subscriptions, most small businesses will NOT save money by remaining on the Flex Plan, even if your license count fluctuates over the year.

  • For the Flex Plan to be less expensive, you would need to reduce your license count by more than the equivalent of 20% of your users for a full 12 months.
  • Example 1:
    • A seasonal business that reduces its staff for 6 months each year would need to reduce their license count by more than 40% to save money on the Flex Plan.
  • Example 2:
    • A business that reduces staffing for the 3 primary winter months would need to reduce their number of licenses by more than 70% to save money on the Flex Plan.

Most small businesses do not have staffing changes this large. Please evaluate your projected costs and consider switching to an Annual Commitment Plan.

Call To Action

Contact us or schedule time with one of our Cloud Advisors to discuss your options. We are here to assist you and to ensure you are getting the best value from your Google Workspace services.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Founded in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions, Allen has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.  Having started his first business at age 12, Allen is a serial entrepreneur having started strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

 

3 Questions – About Cyber Security

/in

Data Protection & SecurityShare your answers to our 3 Questions and, in exchange, we will

  • Schedule time (no cost / no obligation) with one of our Cloud Advisors to discuss why the questions are important and to review your answers
  • Provide our Rapid Security Assessment at no cost to you.
3 Questions about Cyber Security:

1) How do you protect your user devices?

  • Anti-virus, next-gen endpoint protection, managed event detection and response, other …

2) Do you require that employees multi-factor authentication (MFA) when connecting to online services?

  • For all services, some services, other …

3) Do you perform backups of critical systems and data?

  • weekly, daily, hourly, other …
Why and How:

These 3 Questions about Cyber Security indicate how well you may be protected, and your ability to recover, from the most common and most costly types of Cyber Attacks on small businesses.

Related Resources

About 3 Questions:

3 Questions is a new program we are launching to help small business owners and IT leaders think about the issues facing their businesses in new ways.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Founded in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions, Allen has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.  Having started his first business at age 12, Allen is a serial entrepreneur having started strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

 

Lessons from the Rackspace Attack

/in
ransomware

Cyber Security Ransomware Email Phishing Encrypted Technology, Digital Information Protected Secured

On December 2, 2022, a ransomware attack on Rackspace disrupted email services for thousands of businesses.  The attack encrypted files throughout Rackspace’s Hosted Exchange environment, one of the largest in the world.  The outage impacts mostly small and midsize businesses (SMBs).  While Hosted Exchange is only 1% of Rackspace revenue, the incident was large enough to warrant a filing with the Securities and Exchange Commission. We can all learn lessons from the Rackspace attack with respect to cybersecurity and response.

Lessons from the Rackspace Attack

1 Incident Response Must Be Quick

In their SEC filing, Rackspace noted that their “… information security team had strong incident response protocols in place that led to the quick containment of the ransomware attack.”  They were able to limit the damage to the Hosted Exchange service, protecting other aspects of the company’s operations and other services.

For SMBs like ours, speed is also necessary. Quickly identifying an attack and isolating effected devices is critical. An infected laptop can spread the infection to servers and through files sync’d into cloud storage (ie, OneDrive, Google Drive, Dropbox). From there, every connected device is vulnerable.

2 Recovery is Not a Sure Thing

Rackspace is NOT recovering customers’ Hosted Exchange service. The company is moving these customers to Microsoft 365.

Paying the ransom is not always possible. Paying a ransom does not guarantee that your get your data back.

3 Recovery is Difficult

As of December 12, 2022 — a full 10 days after the attack, Rackspace disclosed that about two thirds of its customers have been transitioned to Microsoft 365. Nearly one third of customers remain without email service. Rackspace is effectively abandoning its Hosted Exchange service.

The logistics of identifying recoverable data and understanding interdependencies is complex. Managing data restoration across multiple devices, systems, and data sets is challenging. Some data will be lost. Understanding which data, and how much data, has been lost is challenging.

4 Recovery is Big and Slow

Rackspace has hired staff and contracted with many Microsoft Fast Track service providers.  Even so, call wait times are still averaging about 30 minutes.  Rackspace is setting expectations, repeatedly telling customers that data recover will “necessarily take significant time”.

Starting with a clean system gets your systems up and running. How effectively can your run your business without your data?  Data recovery takes time, even from backups. While emails may be relatively easy to live without, what is the impact if your accounting system is unavailable for days or weeks?

5 Recovery needs Expertise

While Rackspace is a leading technology firm, they have hired outside firms to investigate the attack and remediate the incident.

Most IT firms servicing SMBs do not have the expertise or staff to respond to a cyber attack. Expertise and resources will be needed for investigations and forensics, data recovery, systems restoration, communications, regulatory reporting and compliance, and customer service.

6 Recovery is Expensive

Rackspace is actively promoting that it maintains sufficient cybersecurity insurance to cover the costs of the incident. Their SEC filing, however, does not indicate if or how they plan to compensate customer for their losses.

You will spend money … lots of money … beyond the cost of getting your data back, your systems restores, and your business back up and running. Regulatory filings, communication, legal services, and litigation can be a crushing burden that threatens. More than half of SMBs fail within six months of a significant cyber attack.

Steps You Can Take

Looking at the lessons from the Rackspace Attack informs how we should think about protecting our businesses and ensuring we can return to normal operations quickly and efficiently. Here are resources for you to learn more.

Earlier this year, we blogged about how Streamlining Security for SMBs can protect you from the most common and the most expensive types of cyber attacks without breaking your budget.  We held a webinar on the same subject.

Our Security CPR model outlines the three critical aspects of cyber security communication/education, protection/prevention, and recovery/response.  Our eBook, 15 Best Practices for Cyber Protection, dives into the model.

To discuss your security footprint, risks, and options, contact us by email, via our website, or by scheduling time directly with one of our Cloud Advisors.

Service Update: Microsoft 365 Fees Increase on January 1, 2023

/in ,

Cumulus Global 15 Years of ServiceService Update: Microsoft 365 Fees Increase on January 1, 2023.

As previously announced by Microsoft, Microsoft 365 Fees Increase on January 1, 2023.  In addition to increased fees for specific licenses, Microsoft is changing the structure of annual agreements and adding a 20% surcharge for month-to-month licensing.

Why Now?

Microsoft has been working towards these changes for more than a year. They company pushed back the deadline several times as the change coincided with major changes to Microsoft’s partner program. Microsoft has notified customers and partners that all subscriptions will be on the new pricing as of January 1, 2023.

For our customers, Cumulus Global has delayed the impact and fee increases for as long as possible.  We are communicating with our customers individually to address the final deadline.

New Terms and Conditions

With the pricing changes, Microsoft is also changing some of the terms and conditions for the services.  Historically, Microsoft has not enforced commitments on annual agreements; customer were free to change user counts and even cancel without penalty. Going forward, Microsoft will enforce annual subscriptions and terms as firm commitments. Customers may change or cancel within three (3) days of starting an annual term. Customer commit to the number of licenses for the full year. Microsoft is offering a three year commitment option as well, which secures pricing for that period.

If you need or want the flexibility of increasing and decreasing user counts at any time, you will need to opt for month-to-month licenses.  Monthly licensing lacks the commitment but includes a 20% surcharge over fees for an annual commitment.

License Pricing Changes

The following are the fee changes for annual licensing. All fees are listed as per user per month.

  • Microsoft 365 Business Basic
    • Annual: From $5 to $6
    • Monthly: $7.20
  • Microsoft 365 Business Premium
    • Annual: From $20 to $22
    • Monthly:  $26.40
  • Office 365 E1
    • Annual: From $8 to $10
    • Monthly: $12
  • Office 365 E3
    • Annual: From $20 to $23
    • Monthly: $27.6
  • Office 365 E5
    • Annual: From $35 to $38
    • Monthly: $45.60
  • Microsoft 365 E3
    • Annual: From $32 to $36
    • Monthly: $43.20

All other Microsoft 365 and Office 365 license fees remain this same with an annual commitment; monthly fees will reflect the 20% surcharge.

Next Steps

Our team is contacting each our customers impacted by the pricing to discuss their options and plan their services going forward.

As we are here to assist any small business with their cloud services, feel free to contact us by email, via our website, or by scheduling time directly with one of our Cloud Advisors to discuss your options and path forward.

Service Update: Archived User License Fees Begin in January

/in ,

Cumulus Global 15 Years of ServiceService Update: Archived User License Fees Begin on January 23, 2023.

As previously announced by Google and covered in our blog, Google has discontinued the Vault Former Employee (VFE) service.  All Google Workspace customers had there VFE licenses converted to a trial of the Archived User License (AUL) service.

The free trial of the AUL service ends on January 15, 2023.  Archived User License fees begin on January 16, 2023.

Archived User License (AUL) Fees

All customers with active AUL accounts will be invoiced in accordance with their Google Workspace License:

  • $4/user/month – Google Workspace Business AUL
  • $5/user/month – Google Workspace Enterprise Standard AUL
  • $7/user/month – Google Workspace Enterprise Standard AUL

Available Options

In addition to keeping your AUL subscription and paying the above fees, you have the option to:

  • Discontinue the AUL subcription
    • Removing the service will permanently remove all archived data.
    • Deleted archived data cannot be restored or recovered.
  • Export the Data prior to discontinuing the AUL service
    • This provides you with a static copy of existing data in your AUL accounts.
    • Data in your AUL accounts are permanently deleted when you discontinue the subscription.
  • Migrate to a third party archive solution prior to discontinuing the AUL service
    • Your archive of past Google Workspace user accounts is preserved using a third party archive solutions, prior to ending your AUL subscription.
    • The annual fees to retain the archived accounts is significantly lower than AUL licensing.
    • You will incur migration fees to move your data.
    • Data in your AUL accounts are permanently deleted when you discontinue the subscription.

Next Steps

Organizations with Archived User Licenses should contact us as soon as possible by email, via our website, or by scheduling time directly with one of our Cloud Advisors to discuss your options and path forward.

Google Workspace Transition Update – 12/01/22

/in

Google WorkspaceMore than two years after announcing the change, the Google Workspace transition from G Suite continues.

  • For organizations running G Suite with an annual or term commitment, your transition is scheduled to occur on your next renewal date.
  • For organization on the Flex Plan (month to month), Google will automatically transition your account with 60 days advanced notice.
  • Organizations willing to transition with an annual commitment before Google transitions you automatically may be eligible for incentive discounts.

For many, if not most, organizations, this transition will result in higher subscription fees and/or loss of features.

This post identifies the restrictions and potential features impact for organizations currently running G Suite Basic and G Suite Business editions.

Current G Suite Basic Subscribers

  • Additional Storage
    • If you currently do not have additional storage assigned to at least one user:
      • You can no longer add this service.
      • You will not have the ability to add storage to your Google Workspace subscription.
      • As users reach the 30GB limit, you will need to upgrade to Google Workspace Business Standard or Business Plus editions at an additional cost.
    • If you currently have additional additional storage assigned to at least one user:
      • You may grandfather this service and you may be able to add more storage.
      • The duration for how long you can maintain your existing additional storage or add new additional storage has not be clearly defined by Google. At the end of the grandfather period, you will need to upgrade to a version of Google Workspace that meets your storage needs.
  • Vault
    • If you currently have Vault:
      • You may be able to grandfather this service.
      • The duration for how long you can maintain Vault as an add-on has not been defined by Google. At the end of the grace period, you will need to upgrade to Google Workspace Business Plus to maintain this service and data.
    • If you currently do not have Vault:
      • You should select and upgrade to Google Workspace Business Plus to add this service.
  • Advanced Endpoint Management
    • This feature is not available in Google Workspace Business Starter or Business Standard subscriptions. You will not be able to set up company-managed mobile devices or selectively distribute apps to mobile devices.
    • If you use this feature, you should select and upgrade to Google Workspace Business Plus.
  • Organizational Branding / Templates
    • This feature is not available in Google Workspace Business Starter. You will no longer be able to create or use custom templates for Google Docs, Sheets, Slides, Forms and Sites. Documents created from the templates remain.
    • If you use this feature, you should select and upgrade to Google Workspace Business Standard or Business Plus.
  • Advanced Chat Space Features / Spaces
    • This feature is not available in Google Workspace Business Starter. You will no longer be able create spaces that allow external users. Existing spaces remain and users can make changes to existing spaces, such as adding or removing members.
    • If you use this feature, you should select and upgrade to Google Workspace Business Standard or Business Plus.

Current G Suite Business Subscribers

  • Storage Capacity
    • Your storage capacity will be limited based on the Google Workspace Business tier subscription you select for you transition:
      • Business Starter: 30GB per user, fixed
      • Business Standard: 2TB per user, aggregated across all users
      • Business Plus: 5 TB per user, aggregated across all users
    • To maintain unlimited storage capacity, you should select and upgrade to Google Workspace Enterprise Standard or Enterprise Plus.
  • Google Vault
    • This service will not be available if you transition to Google Workspace Business Starter or Business Standard.  Additionally, holds and retention rules will stop protecting your organization’s messages and files. Google will immediately remove all data that users deleted more than 30 days ago from all Google systems. You cannot recover this data.
    • To keep the Vault service, you should select and upgrade to Google Workspace Business Plus or an Enterprise tier subscription.
  • Advanced Endpoint Management
    • This feature is not available in Google Workspace Business Starter or Business Standard subscriptions. You will not be able to set up company-managed mobile devices or selectively distribute apps to mobile devices.
    • If you use this feature, you should select and upgrade to Google Workspace Business Plus.
  • Organizational Branding / Templates
    • This feature is not available in Google Workspace Business Starter. You will no longer be able to create or use custom templates for Google Docs, Sheets, Slides, Forms and Sites. Documents created from the templates remain.
    • If you use this feature, you should select and upgrade to Google Workspace Business Standard or Business Plus.
  • Advanced Chat Space Features / Spaces
    • This feature is not available in Google Workspace Business Starter. You will no longer be able create spaces that allow external users. Existing spaces remain and users can make changes to existing spaces, such as adding or removing members.
    • If you use this feature, you should select and upgrade to Google Workspace Business Standard or Business Plus.
  • Shared drives
    • This feature is not available in Google Workspace Business Starter. You will no longer be able manage existing shared drives. In addition, users and owners will not be able access shared drive content or add or delete content to or from shared drives. Before switching editions, ask shared drive owners to review their content and move it to their My Drive to maintain access.
    • If you use this feature, you will should select Google Workspace Business Standard or Business Starter.
  • Organization-Specific Drive Settings
    • This feature is not available in Google Workspace Business Starter. All users in your organization will inherit the settings of your top-level organizational unit, but the organizational structure itself will not change.
    • To maintain this feature, you should select Google Workspace Business Standard or Business Plus.
  • Meets
    • If you transition to Google Workspace Business Starter, your Meets will be limited to 100 participants.
    • Select G Suite Business Standard or Business Plus to maintain you Meets capacity.
  • Calendar Advanced Controls
    • These controls will not be available if you transition to Google Workspace Business Starter or Business Standard.  Rooms aren’t automatically released when all attendees decline. Rooms that decline invitations aren’t replaced. You can’t set a default duration for events.
    • To maintain access to these controls you will should select Google Workspace Business Plus.
  • Data Regions
    • These controls will not be available if you transition to Google Workspace Business Starter or Business Standard.  You can no longer choose a geographic location for your data.
    • To maintain access to these controls you should select Google Workspace Business Plus.
  • Session Length for Google services
    • These controls will not be available if you transition to Google Workspace Business Starter or Business Standard.  You can no longer control how long users can access Google services without having to sign in again.
    • To maintain access to these controls you should select transition to Google Workspace Business Plus.
  • Predefined Content Detectors
    • This feature is not available in Google Workspace Business Starter. If you use any predefined content detectors data-loss prevention, Google will remove them from any settings that use them.
    • To maintain this feature, you should select Google Workspace Business Standard or Business Plus.
  • Automated User Provisioning Applications
    • Google limits the scope of this feature in Google Workspace Business Starter. If you have more than 3 automated user provisioning applications, you must first remove automated user provisioning from all but 3 applications before downgrading.
    • To maintain this feature, you should select Google Workspace Business Standard or Business Plus.
  • Target Audiences
    • This feature is not available in Google Workspace Business Starter. You can’t recommend specific groups of people, like departments or teams, for your users to share their items with. Important: Any target audiences currently in use aren’t automatically deleted when you switch to this edition. You might want to delete them before switching.
    • To maintain this feature, you should select Google Workspace Business Standard or Business Plus.

Call To Action

Contact us or schedule time with one of our Cloud Advisors to discuss your options to best manage your transition. By default, Google will transition your G Suite account to the version of Google Workspace based on your user account and your use of the services and features listed, above. Your subscription fees may double or triple.

Responding to Ransomware: Police, Pay, or Panic?

/in

ransomware response plan In today’s digital landscape, the threat of ransomware looms large, posing a significant risk to businesses and organizations of all sizes. Ransomware, a malicious form of cyber attack, can swiftly encrypt critical data and hold it hostage until a ransom is paid. These attacks can disrupt operations, compromise sensitive information, and inflict financial losses. In the face of this evolving threat, having a robust ransomware response plan is imperative.

At Cumulus, we understand that responding to ransomware is complicated.  With the continuing increase of successful cyber attacks against small businesses, we hear a lot of debate on two aspects of your ransomware response to a successful attack.

  • Should you contact law enforcement?
  • Should you pay the ransom?

Both of these questions have pros and cons. How and when you answer these questions can have a long-lasting impact on you and your business. Read on to learn about top ransomware response plans, how to prevent a ransomware attack, and other vital information to keep you and your business safe.

Ransomware Incident Response Strategies

Involving Law Enforcement

The debate about if and when to contact law enforcement often centers around what happens after law enforcement gets involved.  Typically, you would contact your local police department which, in turn, would contact the cyber crimes unit of your state police (if your state has one) and/or the FBI. You can also report a ransomware attack directly to the FBI or the Cybersecurity and Infrastructure Security Agency (CISA).

The biggest risks to involving law enforcement are the effects of a criminal investigation. You may not be able to repair and rebuild your systems until a forensic investigation is complete. In some cases, your computers may be considered evidence as part of a criminal investigation. By delaying your access to your computers, these actions can disrupt your ability to recover those systems.

The biggest advantages to involving law enforcement is the assistance the cyber security agencies can provide during the investigation and recovery. The FBI Cyber Division, CISA, and the National Cyber Investigative Joint Task Force can help identify the specific attack. For known variants, they often have valid decryption keys.  If involved quickly enough, the FBI and other agencies have a history of recovering at least some ransoms and thefts (e.g. the Colonial Pipeline incident).

If you have cyber insurance, you may not have a choice about reporting the attack to law enforcement.  Your carrier may require you to involve law enforcement as a condition for processing your claim. Your insurer may also mandate a forensic analysis to fully understand the scope of the attack and the necessary steps to recovery.

Paying the Ransom

Responding to ransomware, you want to move quickly and correctly. Wiping and rebuilding systems, restoring your data from backups, and recreating missing or damaged data takes time and money. Decrypting the data can be faster and easier.  Paying the ransom is tempting. Your insurance carrier may also pressure you to pay the ransom to lower the cost of the claim.

Before you pay a ransom, consider the following:

  • As noted above, law enforcement may already have decryption key;
  • It is a funding mechanism for hackers to carry out future and repeated attacks;
  • Paying a ransom does not guarantee you will receive a decryption key;
  • Even with the decryption key, you may not be able to recover all of your data;
  • Attackers will often demand additional payments to prevent the release of stolen information; and
  • Paying the ransom is likely to be a federal crime as it may be funding hostile nations, terrorism, human tracking, or child exploitation.

To the latter point, paying ransom to an organization or government on a sanctions list, including those tied to terrorist activities, violates US law (18 USC 2339A, 2339B, 2339C). In October of 2020, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued a warning that “Ransomware Payments with a Sanctions Nexus Threaten U.S. National Security Interests” and could result in civil and criminal actions.

Recommended Actions For a Ransomware Response

When responding to ransomware, you will need to work with your cyber insurance carrier. Contacting law enforcement early is more likely to help your recovery than hinder it.

  • Additional expertise
  • Simultaneous investigation/forensics with your insurer
  • The possibility of known decryption keys for your ransomware variant
  • The ability to cover lost or stolen funds
  • The potential identification of the source of the attack

These benefits can mitigate the damage and help speed recovery.

Paying the ransom should always be a last resort. To avoid violating US law and facing the risk of criminal charges or civil sanctions, paying a ransom should not be done without consulting law enforcement.

For more information about cyber security and protecting your business, visit our Resource Center, or schedule an introductory call with one of our Cloud Advisors.

 

Cumulus Global Receives Inc.’s Inaugural Power Partner Award

/in ,

2022 Inc. Power Partner AwardNew award highlights B2B partners that support startups across all business functions and empower growth

WESTBOROUGH, MA, November 22, 2022 – Cumulus Global is honored to be recognized by Inc. Business Media with a listing on the inaugural Power Partner Award list. The awards honor B2B organizations across the globe with proven track records supporting entrepreneurs and helping startups grow. The list recognizes 252 firms in marketing and advertising, health and human resources, technology, finance, and security, and other areas of business.

“We are proud of the recognition in both the Cloud Computing and IT Management and Systems categories,” stated Cumulus Global CEO Allen Falcon. “Our team deserves the credit. The Power Partner Award recognizes our team’s consistent focus on quality services and impactful business results.”

All 252 companies received top marks from clients for being instrumental in helping leadership navigate the dynamic world of startups. These B2B partners support entrepreneurs across various facets of the business, including hiring, compliance, infrastructure development, cloud migration, fundraising, etc., allowing founders to focus on their core missions. 

“Trusted B2B partners provide guidance and expertise that founders rely on at various steps of their organization’s journey. Partners that possess a demonstrated ability to deliver quality support are at the core of entrepreneurship and help bring big ideas to life,” says Scott Omelianuk, editor-in-chief of Inc. Business media. 

Cumulus Global has helped over 1,500 small and midsize organizations move core productivity services into Google Workspace and Microsoft 365. By understanding clients’ business objectives, Cumulus Global helps companies drive efficiencies and growth by leveraging secure, managed, cloud services and solutions. Cumulus Global services businesses, from solopreneurs and family-owned businesses to fast-growth startups and mature enterprises across multiple industries and markets.

About the Power Partner Awards

Inc. partnered with leading global social and media intelligence platform Meltwater to develop a proprietary methodology that uses sentiment from online conversations about organizations and translates it into numerical scores. Judges evaluated companies on commitment, reliability, trust, creativity, supportiveness, and other virtues that offer value to clients. Inc. gathered client testimonials as part of the process. 

To view the complete list, go to: https://www.inc.com/power-partner-awards/2022

The November 2022 Issue of Inc. magazine is available online now at https://www.inc.com/magazine and on newsstands.

Read more

2022 SMB IT Security Needs Study Highlights & Contradictions

/in

Security firm Action 1 recently published the results of its 2022 SMB IT Security study after surveying 750 small and midsize businesses.Data Protection & Security

Key Findings and Contradictions of the Action1 SMB Report

It is no secret that perceptions about our security risks differ from reality.  Not surprisingly, some of the 2022 SMB IT security needs survey results contradict one another.

52% vs 65% vs 37%

52% of respondents acknowledge that they lack sufficient skills and technology to effectively protect against cyber attacks. But 65% believe the cost of protection is too high and 37% complain that security controls hurt productivity. Businesses clearly struggle to balance the security they need with the cost and the user experience. Often SMBs are presented with security solutions designed – and priced – for larger organizations. As employees use added security steps for everyday transactions (online banking, etc.), the overhead of security protocols is less intrusive.

63% vs 81% vs 40%

While 63% believe that their SMB faces a lower cyber risk compared to larger companies, 81% of respondents had at least one security incident within the past 12 months. 40% of SMBs had 2 or more incidents. Too many SMBs continue to have a false sense of security. Cyber criminals understand that is easier to hack 10, or even 100, small businesses than it is to successfully attack 1 large enterprise. And with current tools, cyber attacks are inexpensive to launch and manage.

Where the Security Risks Exist

40% vs 39% vs 34%

The most common forms of successful cyber attacks are password attacks (40%), ransomware or other malware (39%), and phishing (34%). Note that these forms of attack are not mutually exclusive.  One form of attack, malware for example, can be used to gather the information needed for a successful password breach.

63% vs 43%

Looking at root causes, 63% of SMB IT Security study respondents noted that attacks began with phishing.  Unpatched systems were the starting point for 43% of attacks. These numbers make sense as these attack vectors provide access to information that supports further attacks.

Who is Helping

96% vs 23%

The vast majority of SMBs rely on outside experts for help with their security needs.  93% of respondents use an IT firm for at least some of their IT security needs.  That said, 23% of small businesses are looking to replace their IT service providers in the coming year. While security is not the only trigger for changing providers, it is one consideration.

48% vs 33% vs 29%

SMBs responded that poor system performance (48%), system outages (33%), and long problem resolution times (29%) are the three primary reasons for switching service providers. Each of these issues relate to business interruptions.

2022 SMB Security Study Conclusions

Examining the SMB IT Needs Security Study results, we see three clear conclusions.

  1. Failing to recognize the risks leads business owners to under value security technology and services.  The cost to respond and recover to a single incident dwarfs the cost of reasonable protections.  For SMBs, the average successful cyber attack can disrupt business operations for 18 to 21 days at a total cost to recover exceeding $200,000.
  2. With 50% of employees working remotely, at least part time, individuals and systems are more exposed to attack. Physical security is no longer sufficient. SMBs need a security services designed to protect against the most common and the most costly types of cyber attacks.
  3. As an IT service provider, we must ensure that our services, first and foremost, do no harm.  While security protocols can introduce some inconveniences, our services cannot interfere with performance, availability, or reliability.

Next Steps to Improve Your IT Security

Step back and take a look at your security services and footprint.  Our Rapid Security Assessment is a quick and simple starting point to identify security gaps. You can also schedule a call with one of our Cloud Advisors to review your security and IT services.