Posts

Preparing for Your Cyber Insurance Renewal

/in

5 Cybersecurity Standards

As you approach your annual cyber insurance renewal, you can take specific steps to ensure you have appropriate coverage and reasonable premiums.

The cyber insurance market has matured greatly over the past two years and continues to evolve rapidly. Insurers have become significantly more savvy regarding risks, protections, recovery costs, and potential liabilities. As a result, carriers are more precise in their underwriting practices.

Reviewing your cybersecurity risks and protections is a wise investment of time and resources. In a recent blog post, for example, we outlined 5 minimum cybersecurity standards that – if in place – can significantly reduce your premiums.

Here is a roadmap:

Review Your Original Application and Security Declarations

When you first applied for cyber insurance, you completed an application and, in most cases, a security survey/questionnaire. If you have not formally asked to complete a new questionnaire, take the initiative to review and update your answers.

As a part of the review, document any changes in your cybersecurity protections. Make note if you added new protections or updated procedures.

If you’ve removed or replaced any cybersecurity tools, specify which ones and the reasons for the change. It’s important to track modifications as your needs and environment evolve.

Reassess your Cybersecurity Protections

Policy renewal is a great time to step back and reassess your cybersecurity. Compare your protections to industry, regulatory, and compliance standards relevant to your business.

Our eBook, Cyber Security Requirements for Cyber Insurance, outlines basic, preferred, and best-practice protections to consider before getting or renewing your policy.

As part of your analysis, consider completing new assessments, such as Penetration Testing and Security Audits of your Microsoft 365 or Google Workspace tenant. These evaluations can offer valuable insights, helping to inform decisions and set priorities for future cybersecurity improvements.

Deploy Additional Protections

Based on your review and assessments, determine if you should modify your cybersecurity protections. As you consider changes, prioritize your choices and efforts. hYou can make low-effort changes, as well as changes that address higher-level, critical risks.

You do not need to address every risk and gap. Instead, focus on demonstrating improvements and prioritizing the most likely and impactful risks for your business.

Put Your Policy Out to Bid

Finally, put your policy out to bid. Avoid simply adding coverage or riders to your general liability business coverage.

Cyber insurance is a specialized coverage, and the industry has become more adept at evaluating risks and potential liabilities.  Partner with a broker who specializes in Cyber Insurance to market your coverage to multiple, specialty carriers. This will help you find the best balance between coverage and price.

Your Next Steps

If you are ready to move forward, here are four steps you can take today:

  1. Schedule time with one of our Cloud Advisors.
  2. Ask your Cloud Advisor about discounted and free Security Assessments.
  3. Evaluate options and deploy additional protections, if needed and appropriate.
  4. Shop your policy for the best plan and price with our partner, DataStream.

As always, our Cloud Advisors are ready to help. Contact us or schedule time for a quick online consultation.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Sustainability: 1000 Trees and Growing

/in

ReforestationBack in January of this year, we announced that Cumulus Global was expanding its sustainability program. To help offset the carbon footprint of our offices and operations, we have strengthened our partnership with Evertreen and are committed to planting 100 trees per month.

Our forest has grown to over 1,000 trees across 7 countries and 3 continents. 

Over the next 30 years, the trees we have planted to date will remove over 300 tons of CO2 from the atmosphere. That is the equivalent of driving an average American car 750,000 miles. As we continue to plant, the amount of CO2 our forest cleans will continue to grow.

In addition to the climate benefits, our forest is producing food, reducing soil erosion, protecting watersheds, and providing local jobs.

As an IT firm, planting trees to offset our carbon footprint is part of an overall commitment to sustainability that includes using 100% renewable energy, reuse, and recycling.

We Can Help You Do More

One of the best ways to improve sustainability is to recycle electronic waste (e-waste). E-waste recycling has challenges, including but not limited to, finding reputable recyclers and cost.

Our Basic and Business Managed Cloud Services include lifecycle management for your computer with unlimited, no-cost, e-waste recycling.

For a small number of items, we provide a prepaid label. Just box up the items and drop them off at your local post office. If you are looking to clear the shelves or empty the closet of e-waste, we can have a recycling team show up to box, label, and ship everything for you. All for free!

As an added bonus, our IT asset disposal partners partner with Veritree to plant trees with every recycling order.

Call to Action:

For more information about our Managed Cloud Services, please contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

A Model for Business Resilience

/in

Aviate Navigate Communicate

The recent global systems outage, caused by CrowdStrike’s failed update, exposes a key flaw in how we view business resilience. When asked how we make our businesses resilient to failures, human acts or errors, disasters, and other disruptions, we tend to focus on the technologies and services we put in place to prevent/protect and restore/recover.

Business Resilience 

We define Business Resilience as your ability to get and keep your business up and running (even if it is running at a degraded level) until you can fully restore and recover.

Given the impact of the CrowdStrike failure on the airline industry, here is an aviation-themed model you can use as a guide.

Aviate

When an emergency happens in flight, the pilot’s first focus is to aviate – to ensure the plane keeps flying. If you can’t keep the plane in the air, your direction of travel does not really matter. 

The same is true for your business. If you cannot keep your business running at a minimally viable level, you can run out of time and/or money before you are able to restore and recover.

Navigate

Once the pilot knows that the plane will continue to fly, they can assess their current location and take the necessary direction and steps they need to land safely.

Once you know that you can continue to operate, even if only at a base level, you can step back and map out the potentially complex steps needed to restore, recover, and return to normal operations. You can then navigate the technical, operational, customer service, legal, and other processes needed for your safe landing.

Communicate

Once the pilot can safely navigate to a landing, they have the time and focus to communicate. Although, pilots do communicate during the aviate and navigate phases, they limit communications to only information air traffic control, ground operations, emergency responders, and others need in order to assist with the situation. Additional details and analysis come later.

The same is true for you and your business. While you are aviating and navigating, you will want and need to share necessary information with those who need it. These communications need to be “to the point” and focused. You will have the time and focus to share more detailed information as you approach, or after you make, your safe landing. You will have the time needed for review, analysis, and planning after your return to normal operations.

Call to Action:

If you are unsure or lack confidence in your business’s resilience to disruptions, we can help. Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Resilience, the CrowdStrike Failure, and the Real Impact on Your Business

/in

Resilience

We have not written or posted much about the CrowdStrike failure. CrowdStrike is designed and priced for large enterprises. We offer endpoint protection, detection, and response services that are better designed for the small and midsize organizations we serve. In large part, the CrowdStrike failure has not directly impacted our clients and other smaller businesses.

However, the CrowdStrike failure has, and will, indirectly impact you and your business.

Technical Impacts

The biggest technical impact will be the role of automatic updates. The CrowdStrike failure was due to a programming error in a software update that was sent and applied automatically. Customers did not have the ability to limit or test the update prior to deployment.

Going forward, expect vendors to rethink how and when they use automatic updates. What for expectations that you, the customer, should test and approve changes. This shift will transfer more of the responsibility from vendors to your IT team. If you do not have the resources to test and verify updates, you will be taking on more of the responsibility should issues arise.

If you have an IT provider or managed service provider, you may need to negotiate this additional work into your contracts.

Business Impact

The most significant impact of the CrowdStrike failure is on our understanding of “Resilience.” When we talk about endpoint protection services like CrowdStrike, backup/recovery solutions, advanced threat protections, encryption, and other services, we are talking about tools that help our businesses become and remain resilient to cyber attacks, improper user activity, disasters, and other disruptions. 

These technical solutions provide some of the “Prevent & Protect” and “Restore and Recover” components of our Security CPR model and services. With the CrowdStrike failure, a tool intended to improve resilience exposed a weakness in our resilience: what happens when your solution becomes the problem?

Our understanding of resilience needs to change. We must move away from thinking about resilience as a function of IT. Resilience is a business-level function that encompasses all aspects of your organization.

Anecdotally, we learned that during the CrowdStrike failure: 

  • Airlines in Hong Kong wrote out boarding passes by hand and kept lists in notebooks to track manifests and seating assignments.
  • Lacking computers to centrally monitor infants and non-operational security doors in a California Hospital maternity ward, nurses were held over and stationed at each infant’s bedside, and security guards were tasked with guarding doors.
  • A small distributor wrote labels, bills of lading, and customs documents by hand for thousands of shipments.

The Big Question

Answer the following question for your business:

  • Can you run your business, even if it is in a degraded mode, without one or more of your key systems? If so, for how long?

Your answer is key to understanding how resilient your business is to disruption, the potential operational and business impact of a disruption, and your ability to recover and survive.

Call to Action:

If you are unsure or lack confidence in your business’s resilience to disruptions, we can help. Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

7 IT Blind Spots Small Businesses Miss the Most

/in

IT Blind Spots

Your small business depends on your IT services to run effectively and efficiently. Even so, like many small business leaders, you likely have one or more “IT Blind Spots”. The blind spots are not “all or nothing.” They evolve from decisions about what IT services are needed, wanted, and worthy of spending on at a particular point in time. Over time, internal and external factors change. If we do not take a fresh look, our IT services will not keep up. 

While not intentional, these blind spots create unnecessary risks and expenses. Here are the seven (7) blind spots we see the most.

1Security and Privacy

As small business owners and leaders, we understand the need for security – especially in today’s environment. We wonder, however, how much security is enough and what we should prioritize. We see small businesses with antivirus protection on their computers, strong passwords, and basic backup/recovery. While these services were the benchmark for basic security, they are now insufficient.

Check your IT blind spots for other core security services, including multi- or two-factor authentication (MFA/2FA), advanced threat protection (ATP) for email, advanced endpoint protection and response, encryption, and immutable backup/recovery services.

If you do not have these in place, your security is likely insufficient to protect your business.

2Duplicate Services

It has never been easier to sign up for new services. With a few clicks, payment information, and a quick setup, your new, cloud-based application or service is up and running. The convenience is great when you need something specific or a new solution. The low barrier to entry, however, makes it easier to sign up for apps and services that duplicate others you already have in place.

Check your IT blind spots for these duplicate services. We most often see companies paying for Zoom or GoTo, even though they have Microsoft Teams or Google Meet for online meetings and presentations. Some spend on Slack and other tools instead of using Teams or Google Chat services that are already in place. Rather than managing permissions to share files from Microsoft 365 or Google Workspace, small businesses often spend more on Dropbox and other services. While these are the most common duplicate services, we often see others across a wide range of apps and functions.

3Shadow IT

We used to define Shadow IT as any IT service in use without proper vetting or authorization. Today, we expand the definition to include consumer-grade hardware, software, and services. Team members using unauthorized IT services typically create security risks, increase costs, reduce control of company information, violate information privacy rules, and put data at risk. While less costly up-front, consumer-grade equipment, software, and services typically lack the security and integration needed for business use.

Check your IT blind spots and survey your environment for Shadow IT. Team members often go rogue for personal preference, convenience, or because they do not understand how to use features and functions already in place.

4Latent Apps and Services

When was the last time you looked to see if you were paying for IT services that you no longer use or need? With the low barrier to entry for cloud services, we often see companies that have signed up for an app or service, only to later decide that it is not the right solution or to see usage decline over time. Without a set process for on/off-boarding IT services, these often remain idle, incurring monthly or annual fees.

Check your IT blind spots for applications and services. Review company and staff personal credit cards for recurring payments. Scan Microsoft 365 and Google Workspace accounts for apps and services with federated logins.

5Business Continuity

While almost all small businesses like yours have backup/recovery in place for most of their systems and data, most still lack a business continuity solution. Even without a big disaster, the loss of a single, key system can be crippling.

Check your IT blind spots for business resilience. Can you run your business without your IT systems and services? For how long? Which systems and services can you live without for a short period of time and which are critical to your business? The answer to these questions dictates the types and extent of business continuity services you need. Focus on what you need to reasonably run your business while you make repairs and complete larger recovery efforts.

6Cyber Insurance

Most small businesses know that they should have cyber insurance in place, and many do. Too often, however, we see small businesses signing on to policies with inadequate or inappropriate coverage. We also see many businesses overpaying for cyber insurance to cover risks that could easily be reduced with incremental security services.

Check your IT blind spots for appropriate cyber insurance coverage and rates. If your policy was not purchased through a specialized agent or broker, an independent review may be worthwhile. If you do not yet have a policy, check out our resources and ask about our cyber insurance readiness assessment.

7Utilization

Multiple services tell us that most small businesses use about 15% of the capabilities in their Microsoft 365 or Google Workspace services. Your investment in Microsoft 365 or Google Workspace includes a rich set of features and functions – major and minor – that help your team collaborate and work more efficiently, individually and as a team.

Check your IT blind spots to understand how well your team is using the tools available to them. A little bit of education, training, and guidance can boost productivity within Microsoft 365 and Google Workspace by up to 60%.

Call to Action:

If you suspect, or just wonder, what is in your IT blind spot, we can help. We can help you check your blind spots and assess what, if any, changes are necessary or recommended. Once decided, we can help you plan and execute those changes. Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

IT Solutions: 3 You Need

/in

Business Continuity & Protection

With continued, rapid change and evolution of the cloud services and capabilities, we hear that we “need” many things. The reality, however, is that many of the “solutions” being hyped are not really needed. Therefore, we will cover three IT solutions that you do need.

1 Resilience

Basic protections against malware, ransomware, phishing, and other cyber attacks are no longer enough. Businesses are not pressing for better cybersecurity from suppliers. Cyber insurance carriers are looking for more cybersecurity capabilities to better manage their risks.

We expect most small and midsize businesses to be asked about, or required to deploy, more advanced cybersecurity services and solutions. Fortunately, these can be provided affordably and effectively to smaller businesses.

2 Continuity

It is not enough to be able to recover files from backup in the event of a disaster, system failure, or cyberattack. Your business needs to be able to return to operations (RTO) quickly, even if your operations are degraded. The ability to fully recover and return to normal operations (RTNO) is also a new priority.

If your customers are other businesses, you are part of a supply chain. Your customers are under pressure to ensure and demonstrate that their supply chains are secure and reliable. This means your customers want you to demonstrate that you are protected and, if a cyberattack happens, that you can recover quickly. Your business disruption is theirs as well. Your customers want and need assurances.

Continuity solutions for small and midsize businesses are effective and can be cost-effective when properly planned and executed. These can range from system images that run in the cloud in an emergency to using remote desktop/virtual desktop services.

3 Secure BYOD

A few years ago, “Bring Your Own Device” (BYOD) was just an experimental strategy. With hybrid and remote work now a part of our norm, BYOD can be an effective means to provide budget-friendly IT services to your team. The challenge is that employee devices being used for company work need to be managed and secured as if they are company-owned.

Employees need to allow you to install security tools, such as endpoint protection and remote management agents, as well as backup/recovery and continuity tools. This can be a difficult task, as employees worry about the privacy of their information on their personal devices.

Securing BYOD can be a mix of policies, procedures, technology, and compensation. Secure BYOD can also be attained by separating the device from the business apps and data. Remote Desktop/Virtual Desktop Infrastructure solutions allow any device to access and use a secure and private environment –  network, systems, applications, and data – without commingling personal and business apps and data.

What to Do:

The first step is to assess your current business resilience and continuity capabilities. Completing our free Rapid Security Assessment will provide a quick review along with recommendations specific to your business and needs.

Next, please contact us or schedule time with one of our Cloud Advisors. Without obligation, we are happy to discuss your business’s operational IT needs and how you may increase your capabilities and save money.

Finally, stay tuned, as our next blog post will cover three IT Solutions you can do without.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Change Management in Cyber Security

/in

Security, Privacy, & ComplianceCyber Security Will Change Companies

IT change management is a structured process for evaluating proposed IT system or service changes. This procedure is carried out prior to implementing the requested change on an organization’s network, reducing or eliminating network outages.

At a recent security and risk management summit, Gartner shared their views of how cyber security will change companies.  While Gartner’s predictions focus on larger enterprise, several of their observations will likely hold true for small and midsize businesses (SMBs) when it comes to change management in cyber security processes.

Here are some observations and our view of how they will impact small and midsize businesses.

Impacts of Cyber Security Change Management

Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70% of global GDP.

Privacy regulations will continue to expand as more nations pass legislation establishing privacy requirements.  Within the US, we expect more states to follow California, New York, and Massachusetts with varying levels of regulations. Along with the regulations come the potential for fines and increase civil litigation, making it vital to pursue cyber security change management. In many of the statues, the protection is afforded the customer based on the customer’s location, not the location of the business.

For SMBs, establishing and maintaining a sound change management cyber security footprint is essential. Beyond the cloud infrastructure technology tools, businesses need to educate employees and have the policies and procedures in place. These policies and procedures should define expectations for employees and for how the business will respond to an incident.

By 2025, 80% of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE (Security service edge) platform.

Protecting access to systems is more challenging as the proliferation of usernames and passwords continue.  As the human element can be the greatest security challenge, Identity and Access Management (IAM) solutions will become the norm.

For SMBs, Single Sign-On (SSO), centralized identity/password vaults, and other tools are available and are, generally affordable.  Many SMBs current hesitate given the incremental cost per user per month. As the cost and risk of missing becomes greater, we expect SMBs will see value of Identity and Access Management solutions. These solutions will become the norm within a cyber security strategy, not an add-on.

By 2025, 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.

With increased concern and scrutiny from customers, consumers, and regulators, businesses are under increasing pressure to monitor and protect against third-party cyber security risks.  This trend will impact SMBs in two ways.

  1. Given the prevalent use of business email addresses as identities for third party applications and services, SMBs will monitor for reported breaches. Third party breaches give cyber criminals an attack vector.
  2. Larger enterprises will see businesses in their supply chains as potential security risks. They will increasing include cyber security requirement in vendor authorization process and in contracts.

SMBs need to be ready to meet the security and risk management demands — people, process, and technology — of their customers.

By 2025, 70% of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.

As businesses adapted to the COVID-19 pandemic, the inability of most businesses to respond to large scale disruptions exposed flaws in traditional business continuity planning. The pandemic put a spotlight on the need for business resiliency and continuity plans for businesses that had not yet considered continuity to be a priority.  The level of planning to address the threats from cybercrime will need to be the same as the planning for other disasters and business disruptions.

For SMBs, leveraging cloud solutions will remain the most cost-effective business continuity option.  Moving systems and applications into cloud services increases security, adds redundancy, provides geographic diversity, and provides better remote access than on-premise systems.  SMBs are at greatest risk from local or regional issues. Managed cloud services … even if only a “lift and shift” of existing servers and applications … will be accepted as a cost-effective way to improve cyber security processes, security and resiliency.

Final Thoughts on Change Management in Cyber Security

We expect small and midsize businesses will need to expand and change their cyber security footprint and processes. They will need to improve resiliency.  Appropriate solutions such as cyber insurance and breach response are available and are affordable.  Businesses can meet their security, resiliency, continuity, and operational needs effectively and affordably. The inherit advantages of cloud services and solutions make this possible.

To evaluate your requirements and readiness for better security and resilience against cyber attacks and other business disruptions, contact us for a consultation, or book some time with a Cloud Advisor.  The consultation is free and without obligation.


Expect an Increase in Cyber Attacks

/in ,

Data Protection & SecurityThe U.S. Cybersecurity & Infrastructure Security Agency, part of the U.S. Department of Homeland Security, is warning businesses to be prepared to defend against cyber attacks originating from Russia. “Every organization—large and small—must be prepared to respond to disruptive cyber activity,” the agency says in its warning.

Our security vendors, analyzing aggregate data, are starting to see a definitive increase in the number and frequency of attacks.

Fortunately, you have a range of tools at your disposal to protect you business:

  • Next-Gen endpoint protection
  • Advanced threat protection
  • Multi-factor authentication
  • Cyber-awareness training
  • DNS/Web protection
  • Third party breach monitoring

These services, paired with recovery and continuity services, can prevent your business from succumbing to an attack. And, if you do fall victim, ensure your business can be back up and running on hours, not days or weeks.

Please contact us if you have any questions or would like a no-obligation review of your security footprint.  You can also schedule a call with one our Cloud Advisors, below.


Data Breaches are Still a Thing

/in

As we speak with small and midsize business executives, we sometimes hear that cyber attacks and the risk of data breaches are no longer seen as a threat serious enough to warrant attention and spending.  We understand this hesitancy. Even with the level of media visibility, the prevalence of security solutions and a weariness of the constant focus on security can lead to the conclusion that we can let our guard down.

The reality, however, is that the rate of cyber attacks jumped about 600% in 2020.  More businesses are getting attacked and more attacks are successful.

A List of Breaches

For perspective, in the last 4 weeks, the cyber security experts at ID Agent have published data on these major breaches. Many are likely to be familiar to you or represent a major government entity.

  • Metropolitan Police Department of the District of Columbia
  • Pennsylvania Department of Health
  • The Resort Municipality of Whistler
  • CNA Financial
  • OfficeDepot
  • Personal Touch Holding Corp
  • Facebook
  • Hobby Lobby
  • Illinois Office of the Attorney General
  • Wyoming Department of Health
  • Eversource Energy
  • California State Controller
  • LinkedIn
  • The New York Foundling
  • University of Maryland Baltimore
  • CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC)

The Case for Concern

The list, above, is only a sample and only represents larger breaches.  Cyber attacks hit small and midsize businesses on a daily basis. Even so, we often view protection and recovery services as insurance.  We do not want to pay for coverage; we hope we never need to use it; and we do not see the value until we are a victim.

A Model for Success

Cyber security differs from insurance. We can reduce the risk of successful attacks with foresight, planning, and protections. Our CPR Cyber Security Model balances awareness, prevention, and response.

Communicate and Educate

Involve everybody in the solution. Communicate the risks and your commitment to protecting the business and your employees. Educate your team on the risks, how to spot and report attacks, and how their behavior can prevent or help an attack.

Protect and Prevent

Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Use “next gen” solutions that analyze behaviors and that can learn as risks evolve.

Respond and Recovery

No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, we recommend that you put in place the forensics, legal, public relations, and customer service resources you will need in a cyber attack emergency.

Want to learn more?  Want to assess your cyber security protections and risks? We can help.  Email us or complete our contact form to schedule a complimentary meeting with one of our Cloud Advisors.

 

Cyber Protection Solutions for SMBs

/in

Data protection iconAs our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. Your Cyber Protection 

Cyber Protection Needs

We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
    • Ensure you team understands the risk, educate them so they can avoid falling prey, create a culture of security and data privacy.
  • Protect & Prevent
    • Leverage advanced and “next gen” technologies to prevent attacks and to protect your networks, systems, data, and people from attacks.
  • Recover & Respond
    • No system is perfect; make sure you can recover your data and systems, return to normal operations, and respond to the technical, legal, and communication challenges.

Successful Cyber Protection relies on your policies and procedures, technologies, and people working in sync. Across more than a dozen focus areas, you need to balance the level or protection you need with the costs and with the risks of not doing enough. You need to balance external requirements, such as government and industry regulations, with internal priorities.

Your Cyber Protection Solution

To design and implement an affordable, integrated, and effective cyber protection solution for your business, start with a Cyber Protection Assessment (CPA).  A CPA will assess your needs, within the context of your business, and preferred solutions across 15 areas of focus:

  • Written Information Security Plan
  • Patches and Updates
  • Email Encryption
  • Data Destruction
  • Background Checks
  • Written Information Response Plan
  • Antivirus and Intrusion Detection
  • Email and Web Security
  • Account and Identity Management
  • Employee Training
  • Firewalls
  • Backup / Continuity / Disaster Recovery
  • File Encryption
  • Network Access Security
  • Responsible Parties

Using the results of the Cyber Protection Assessment, you can plan and implement your levels of protection in each area to create the balance that is best for your business.

Next Steps and Resources

Your best next step is to contact us and discuss your cyber protection status and needs with one of our Cloud Advisors. Consider using our Cyber Protection Assessment to understand your needs, current protections, gaps, and priorities.

Related Resources:

library

A Cyber Insurance Primer (Slide Deck)

/in

Slide Deck | Source: Cumulus Global —
Cyber Insurance is a tool, not a solution. This deck is from our June 2022 3T@3 Webcast: A Cyber Insurance Primer and discusses the what and why of cyber insurance and how it fits into your cyber security and incident response plans.

Read more

15 Best Practices for Cyber Protection

/in

eBook | Source: Cumulus Global 

Read more

SaaS Protection Buyer’s Guide

/in

eBook | Source: Cumulus Global

Read more