Posts

Understanding the Google Class Action Lawsuit Notice

/in ,

Google WorkspaceBeginning on September 23, 2024, Google Workspace administrators began receiving notices from Google Operations related to a class action lawsuit filed against Google in 2020. This Service Alert blog post summarizes the information and discusses next steps as they relate to users with Google Workspace accounts.

Background

In July 2020, a class action lawsuit was filed against Google LLC, alleging unauthorized data access. The case, titled Rodriguez et al. v. Google LLC, is being heard in the United States District Court for the Northern District of California. The plaintiffs, comprising four Google account holders, claim that Google unlawfully accessed their devices and data. The access was via non-Google mobile apps, even when the “Web & App Activity” (WAA) and “supplemental Web & App Activity” (sWAA) settings were turned off or “paused.”

This lawsuit has significant implications for Google account holders using non-Google mobile apps while signed into their Google Workspace accounts between July 1, 2016, and September 23, 2024. Despite Google’s denial of the allegations and no court ruling yet on the merits of the case, the lawsuit has proceeded with class certification. 

The notice received by Google Workspace administrators is part of the initial efforts to distribute notices to potentially affected users.

Key Allegations and Legal Claims

The plaintiffs in this lawsuit assert three primary legal claims against Google:

Invasion of Privacy:

  • The plaintiffs allege that Google unlawfully accessed their mobile devices to collect, save, and use data concerning their activity on non-Google apps.
  • These apps incorporate certain Google software code into the apps while WAA and/or sWAA were turned off or “paused.”

Intrusion Upon Seclusion:

  • Similar to the invasion of privacy allegation, This claim focuses on unauthorized intrusions into private activities.

Violation of the Comprehensive Computer Data Access and Fraud Act (CCDAFA):

  • Plaintiffs contend that Google violated this act by unlawfully accessing and using their data.

The plaintiffs are seeking monetary damages and changes to Google’s practices. Google denies any wrongdoing and maintains that it did not violate any laws.

Class Certification

The court has certified four classes to assert claims for damages based on specific criteria. The two classes covering invasion of privacy and intrusion upon seclusion apply only to non-managed user accounts.

The court defined Google Workspace accounts as “Enterprise” accounts.  For these users, the court defined two classes for claims under the CDAFA.

The classes cover:

  • Usage in the period from July 1, 2016, to September 23, 2024
  • Users with their WAA and/or sWAA settings turned off
  • A non-Google-branded mobile app transmitted activity to Google via the Firebase SDK and/or Google Mobile Ads SDK.

Class 1: From an Android device 

Class 2: From a non-Android device

The Role of Workspace Administrators

Workspace administrators play a crucial role in managing the implications of this Google class action lawsuit for their end users. The Court ordered Google to notify all relevant end users who may be class members. 

Workspace administrators must ensure that they comply with their obligations under the Google Workspace Terms of Service. Per sections 3 and 7, which pertain to legal notices and updates, Workspace administrators must forward messages to end users with accounts during the period of the claim. 

Google will send Administrators lists of end user email addresses. Administrators should forward class notification emails to these users. 

Per the Court Order, Administrators must:

  1. Be prepared to receive and distribute the notices; and
  2. Distribute notices appropriately, maintaining the confidentiality and security of the information as stipulated by the court.

Email Notices and What They Mean for End Users

The court-appointed Class Notice Administrator, Epiq, began sending email notices to all eligible end users as of September 23, 2025. These notices inform users of their status in relation to the class action, specifying whether they are included in the classes for damages or for seeking changes to Google’s practices.

The email notices will provide critical information, including a contact number and additional resources for users to determine their eligibility and understand the implications of the lawsuit. 

End users should read these notices carefully and follow the instructions provided to ensure they stay informed about their rights and any potential compensation.

Stay Informed

To stay informed, you may want to periodically visit the dedicated website www.GoogleWebAppActivityLawsuit.com. You can also call the contact number (855-822-8821) for additional information and updates about the lawsuit.

Your Next Steps

Given the court order, we recommend that Google Workspace administrators use Google Groups to create a distribution list. Your list should include current employees and the personal email addresses for past employees who worked between July 1, 2016 and September 24, 2024.

If you are a client or have a Google Workspace subscription and have questions, please contact us to connect with one of our Cloud Advisors.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Prevent Your Email From Being Pushed Aside or Blocked

/in

With the ever-present nuisance of spam and threats of cyber attacks, email services continue to add features and protections. Some of these will prevent your email from being delivered, and others will prevent your message from being seen. 

Here are 3 actions you need to take so your messages arrive and are seen.

1 Ensure Your Emails Validate Properly

Yahoo, Google, and other email services now require validation for emails. Initially targeting volume marketers, the validation checks can prevent your emails from reaching their destination. To ensure your emails reach your recipients, you must have DomainKey Identified Mail (DKIM) and Domain-based Message Authentication, Reporting, and Conformance (DMARC) protocols in place.

Our eBook, Improve Your Email and Deliverability and Security in Five Steps, provides five steps you can take to ensure that your business and marketing emails reach your intended recipients. These steps also help protect you from costly and damaging email identity and business email compromise cyber attacks.

2 Use a Marketing Email Service

Google, Microsoft, and other email services limit the number of emails you can send individually and as an organization. Additionally, these email services lack the controls required by the CAN-SPAM Act and other regulations. 

Marketing email services include the necessary controls, including address publishing, unsubscribe links, and email preferences. They also provide tools for managing contacts, lists, and content.

Using a marketing email service enables you to send bulk emails without being flagged as a spammer. You can protect and maintain your email reputation by using the services to manage your email marketing and response campaigns.

3 Include AI Trigger Words In Your Content

Microsoft Outlook includes a Focus Inbox, while Google Workspace offers Priority Inbox. With iOS 18, Apple will auto-filter email into four segmented inboxes: Primary, Transactions, Updates, and Promotions.

With artificial intelligence (AI), the content of your email determines whether it lands in the primary inbox that people check most, or a secondary folder that may go unnoticed. Messages will be prioritized when they include phrases with:

  • Contextual Relevance: Phrases that indicate important actionable content
  • User Behavior: Messages that are typically opened and acted upon more frequently
  • NLP Recognition: Phrases commonly used in critical communications, as they signal priority
  • Transactional Nature: Content commonly used in transactional messages

In addition to identifying these emails for the focus, priority, or primary inbox views, the AI engines will prioritize messages to ensure recipients see them first.

AI trigger words and phrases should be included but need not be the focus of your message: Sample AI trigger words and phrases include:

Registration Confirmed Preview Meeting Invite
Exclusive Invitation Important Update X Day Left
New Feature Subscription Details Action Required
Invitation Enclosed Event Registration Priority Access
Add to Calendar Event Details

Using AI trigger words will improve the visibility of your emails. Expect that preferred phrases will evolve and change over time.

Your Next Steps

Our Cloud Advisors are ready to help you review your email service configuration. Contact us or schedule time with one of our Cloud Advisors to learn more.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Different Types of Email Security Features

/in

Different Types Of Email Security Solutions Can Help Protect your Business

When launched Cumulus Global 15 years ago to provide small and midsize businesses (SMBs) with email security and security solutions. As early adopters, we saw how managed cloud services and solutions made enterprise grade solutions affordable and effective for small businesses.  While much as changed over the past decade and a half, we still face email-based threats.

Email Attacks are Easy

According to Verizon’s 2021 Data Breach Report, email remains one of the most common vectors for attacks. And, phishing attacks are at the top of the list. Email phishing attacks remain prevalent because they are relatively easy. Cyber attackers are able to say one step ahead of our defenses, in large part to the rise in social engineering. With more of our personal information available through social media, attackers can use psychological tactics and personalized messaging to target specific individuals (spear phishing) and business leaders (whaling). In doing so, they garner sensitive information and gain access to systems and data.

Business Email Compromise

Business Email Compromise (BEC) attacks impersonate your email domains or emails for specific users. In most instances, BEC attacks look and feel like legitimate emails from your business. Combined with social engineering tactics and personalize information, they are hard to spot and often successful.  Cyber security attacks can be “internal” that target your employees, or “external” that use your business to defraud your customers and associates.

Email and Domain Impersonation

Preventing email and domain impersonation attacks bypass account level security, including multi-factor authentication. To prevent these attacks, recipients should only accept email that can be authenticated as coming from your domain.

Different Types of Email Security Protection: Good, Better, Best

Currently, you have three levels of email domain security that can protect your business and your identity: Good, Better, and Best.

Good: SPF Sender Policy Framework

SPF verifies emails sent from valid IP addresses, either from your domain or authorized senders. While most small businesses have an SPF record configured, errors cause individual emails, or emails from marketing and CRM systems, to be flagged as spam by the recipient. Cyber attackers can spoof email addresses to give the appearance of a validated sender.

Better: DKIM DomainKeys Identified Mail

DKIM verifies that have been digitally signed by the sending domain, or by services sending email on behalf of the domain. Proper configuration is technical and involves cryptographic key management; errors can lead to fake messages with valid DKIM signatures. Cyber attackers can remove the DKIM signature using sophisticated relay attacks.

Best: DMARC Domain-based Message Authentication, Reporting,
and Conformance

DMARC authenticates email origin by aligning identifiers from SPF and DKIM, and instructs recipients to deliver, quarantine, or reject failed emails by policy. DKIM helps improve email deliverability. Is the best protection against email and domain impersonation attacks, whether they target your employees, vendors, or customers. Reporting enables you to see email sources and manage your policies.

Protect Your Business With Our Email Security Services

While you set up SPF and DKIM with DNS record entries, DMARC is best implemented as a service. Doing so provides you access to settings, reports, and analysis tools. For most small and midsize businesses, the level of protection DMARC provides is worth the minimal cost.

You can learn more with our eBook: Email Security: Good, Better, Best.

To discuss your email security configuration, make an appointment with one of our Cloud Advisors, send us an email, or fill out our contact form.

Customer Notice Update: Email Advanced Threat Protection

/in , ,

Data ProtectionGiven the demand and need to improve your protection from the devastating impact of ransomware, crypto attacks, and other forms of cyber attacks we are extending the Advanced Threat Protection Priority Opt-in discount period through March, 2020. We understand that adding a service, even a critical service, impacts your budget and costs. Our Priority Opt-In discounts, and other measures (see below), intend to minimize the impact.

Email Advanced Threat Protection (ATP) and Multi-factor authentication (MFA) are necessary, baseline services for protecting your business

Beginning April 1, 2020, we require Advanced Threat Protection for all of our customers’ email service, unless you specifically opt out. Opting out is appropriate if you already have an advanced threat protection service in place.

If you opt out, the cost of our data recovery efforts will not be covered under our unlimited support plans (See our Support Services SLA). When we add ATP to your service, we will discuss with you when we can add MFA.

We will mitigate the cost.

We are sensitive to your budget.

  • ATP requires a technical setup and typically incurs a setup fee along with the monthly or annual subscription.
  • We are discounting both the setup and subscription fees for all customers. For customers requesting Priority Opt-In, we will waive the ATP related setup fees completely.
  • MFA implementation is covered by our support plans as an administrative change.  If you do not have on of our support plans, we will provide an affordable, discounted quote for the project.
  • For customers without an unlimited support plan and/or those that choose to Opt-Out, we will discount our hourly fees for recovery work.

For more information on specific discounts and pricing, and to let us know if you want to Opt-In, to have Priority Opt-In, or to Opt-Out, please visit this web page and complete the form.

We realize that this is a significant change for most of our customers.  We also understand the importance of these protections.  Please contact us with questions or concerns

Thank you for being part of our community,
Allen Falcon
CEO & Pragmatic Evangelist

Customer Notice: Email Advanced Threat Protection

/in ,

Data Protection

(Updated January 20, 2020)

We continue to witness the devastating impact of ransomware, crypto attacks, and other forms of cyber attacks on our customers.  The recovery cost and frequency of attacks are increasing at alarming rates. The average cost for a small or midsize business (SMB) to fully recovery from a cyber attack has increased to between $145,000 and $180,000. This includes loss of direct business, remediation costs, damage to reputation, and employee downtime.  At the same time, the number of ransomware attacks so far in 2019 has doubled when compared with the same period in 2018.

As a managed cloud service provider, you have heard from us that you “should” have more protections in place. Our position is changing: these protections are a “must”.

Multi-factor authentication (MFA) and email Advanced Threat Protection (ATP) are necessary, baseline services for protecting your business. 

Beginning April 1, 2020, we will require and will begin adding Advanced Threat Protection to all of our customers’ email service unless you specifically opt out. If you opt out, the cost of our data recovery efforts will not be covered under our unlimited support plans (See our Support Services SLA). When we add ATP to your service, we will discuss with you when we can add MFA.

We will mitigate the cost.

We are sensitive to your budget.

  • ATP requires a technical setup and typically incurs a setup fee along with the monthly or annual subscription.  We are discounting both the setup and subscription fees for all customers. For customers requesting Priority Opt-In, we will waive the ATP related setup fees completely.
  • MFA implementation is covered by our support plans as an administrative change.  If you do not have on of our support plans, we will provide an affordable, discounted quote for the project.
  • For customers without an unlimited support plan and/or those that choose to Opt-Out, we will discount our hourly fees for recovery work.

For more information on specific discounts and pricing, and to let us know if you want to Opt-In, to have Priority Opt-In, or to Opt-Out, please visit this web page and complete the form.

We realize that this is a significant change for most of our customers.  We also understand the importance of these protections.  Please contact us with questions or concerns

Thank you for being part of our community,
Allen Falcon
CEO & Pragmatic Evangelist

Myth-Busting Monday: Office 365 is not just Office “Online”

/in

Office 365Even with the growing adoption, many still see Microsoft Office 365 as “Office in the Cloud”.

In fact, Office 365 is an entirely different suite of services.  Yes, Office 365 Business Premium and Enterprise licenses include the MS Office apps we know and use — Outlook, Work, Excel, Powerpoint, and more.  But Office 365 is not just a suite of productivity tools.

Microsoft Office 365 is a business communication, collaboration, and information management ecosystem.

Office 365 licenses can include:

  • OneNote – Multimedia note taking from any platform
  • SharePoint – Collaboration platform for file sharing, intranets, document management, workflows, and information management
  • OneDrive – Personal and shared file storage
  • Skype for Business – Voice, secure IM, video meetings, and presence management
  • Yammer – Social collaboration for business
  • Power BI – Wizard driven business analytics
  • Sway – Web 2.0 publishing to tell your story
  • Planner – Project and task management

As important as the suite of tools, Office 365 can change the way your team works together.  With your data secure and in the cloud, you share information rather than attaching files to endless chains of emails. Your team has the ability to work anytime, from anywhere, from nearly any device. Your people are connected because the data and information they use is connected.

So if you haven’t moved into the cloud, stop thinking of Office 365 as hosted email and some apps. Start thinking about how you want to improve your business. Then use Office 365 to make it happen.

Already on Office 365 and feel like you’re not using it to its fullest potential? Ask us about our adoption and engagement programs.

This is the first of a multi-part series designed to help companies better assess the opportunity and value of cloud-based solutions.  Contact Us for more information or a free Cloud Advisor session.

 

Tuesday Take-Away: Gain Control of Your Email – Inbox Zero Academy

/in ,

Sanbox Chalkboard
Email Overload is a Global Epidemic !

According to a recent McKinsey study, an average person spends 13 hours/week reading and replying to emails, a completely reactive activity, which is not part of anyone’s job description. What a waste of time!

The team at Sanebox has spent the last 5 years helping professionals fall in love with their email again. They’ve done a ton of research, talked to thousands of customers and compiled their findings into a series of bite-sized lessons. Most of them are extremely easy, while others will take some discipline.

Inbox Zero Academy is here to help you get to Inbox Zero every day!

Get 1 bite-sized lesson in your inbox every day, for 10 days. No more, no less.

Click here to sign up for the Inbox Zero Academy today.

For more information about Sanebox, our preferred Inbox Zero solution, click here.

 

5 Ways Google Apps Will Help Your Business

/in

 

Not just an email service, Google Apps is a business platform that enables efficiency and productivity by giving your team better communication and collaboration tools.

In less than 12 minutes, Cumulus Global’s CEO Allen Falcon identifies 5 ways that Google Apps will help your business.

1) Improved Communications

2) Collaboration — More and Better

3) Secure Access — from anywhere at anytime

4) Business Continuity

5) Lower Operating Costs — instead of CapEx + OpEx 

The video is a recording of Allen’s Standing Room Only seminar at the Central Mass Business Expo in September 2014.  Click Here to view the recording and contact us for more information and a free assessment of your business’ cloud potential.

 

 

Moving from SBS? 6 Questions to Ask

/in ,

NoWindows
Back in 2012, Microsoft announced the end of life for the Small Business Server (SBS) product line (see SBS End of Life: Microsoft Punishes Small Businesses).  As with any retiring technologies, some organizations will wait to move until there is a current need.  If something works, why fix it?

With Windows XP and Windows Server 2003 reach end of life as well, many are taking a new look at whether now is the time to move.

Here are 6 questions to ask before you make the move.

1) Does cloud-based email work for your business?

While many focus on why you should NOT move to cloud-based email, services like Google Apps for Business provide the security and privacy controls — and support encryption and other services — needed to meet pretty much any data protection requirement.

Focus on the value cloud-based email can provide to your business.

  • Secure access to email, from any device, at any time
  • Built in spam/virus protection
  • No monthly updates
  • No local queue errors
  • No VPN or additional web server needed
  • Affordable options for archiving, encryption, and backup/restore

2) What is the total cost of ownership?

When upgrading from SBS, organizations will need to purchase new 64-bit server hardware with additional disk space, new versions of Windows Server, new Windows CALs, Exchange Server Licenses, new Exchange CALs.  They will also need to purchase or upgrade their spam/virus protection solution and backup/recovery system.

Beyond the purchase, Microsoft still requires administrators to update software monthly — often multiple times each month — in order to maintain security patches and updates.

Moving to the cloud, organizations skip the large capital expenditure.  Cloud-based email solutions are operating expenses.  Costs are tied to the number of users, not to the amount of capacity you may use in the future.

When moving organizations to Google Apps for Business, we see customers saving 30% to as much as 70% over 3 year and 5 year TCO cycles.

3) How much disruption will end users experience?

Yes, some users are afraid to move away from MS Outlook and your existing web access for email.  When surveying users, however, we find that in most organizations, 60% to 80% already use cloud-based email services, like Gmail, personally.  The change in user experience is likely less than initial perceptions.

But, moving is a change and can have an impact.

As we move organizations to Google Apps, we include communications about the changes and opportunities for users to learn how to best use the new tools.  We make self-help learning systems — video and interactive — available to users.  We also offer customized workshops and “web office hours”.  In short, many methods exist to help users make the transition and understand how they can do more with their new email service.

4) Is the replacement system you’re considering easy to administer?

If planning to stay in-house, the answer will be “No!”.  New versions of MS Exchange include features and complexity designed to serve the needs of larger enterprises.  For small and mid-size enterprises, they live with the additional administrative burden.

Moving to cloud-based email dramatically reduces administrative requirements.  Without hardware, operating systems, and Exchange software, management of Google Apps for Business focuses on user settings and support.

5) Is the vendor committed to small and mid-sized businesses?

By deeds more than words, Microsoft is focused on large enterprises.  Recent licensing changes have removed the most affordable Windows and Exchange options for small and mid-size enterprises, increasing minimum costs by as much as 100%.

Cumulus Global, as a Google Apps Premier SMB Partner, is focuses exclusively on businesses and nonprofits with 1 to 500 employees.  We also serve K-12 education, smaller higher education, and local/regional governments.  We tailor our services to the needs of small and mid-size enterprises, understanding needs, priorities, and budgets.

6) Is the change a better value?

When moving from any in-house MS Exchange solution to Google Apps for Business, you are gaining more than a secure, reliable email service.  Google Apps is a small business productivity platform, with:

  • Integrated personal and shared calendars
  • Secure Instant Messaging
  • Voice / Video conferencing
  • Hangouts — video meetings with shared documents and desktops
  • Google Docs productivity tools — word processing, spreadsheets, and more
  • Drive for storage of Google-based and legacy files of any type
  • Local Drive sync and share, providing integration for MS Office users
  • Secure web Sites, for your intranet, projects, and customer portals
  • Integration with hundreds of business applications and services.

With more than email to offer, solutions like Google Apps for Business deliver greater value, even if additional features are not used immediately.

Cumulus Global offers Emergency Email and File Services to Businesses

/in

Hurricane SandyCumulus Global (www.cumulusglobal.com) announced an emergency assistance program for small and mid-size businesses impacted by Hurricane Sandy.  Cumulus Global will provision replacement email and file services to help get businesses up and running.  As part of the program, companies will paid reduced activation fees and will contract for services on a month-to-month basis.  Businesses can be up and running, back in business, in a matter of hours.

“Small and mid-size businesses are the backbone of our economy and are often the hardest hit by natural disasters,” stated Allen Falcon, CEO of Cumulus Global.  “This program is not about making money, it is about saving businesses and jobs.”

Leveraging Google Apps, Cumulus Global can have businesses up and running with email, voice/video conferencing, file services, and more in a matter of hours.

Companies in any of the states impacted by Hurricane Sandy or its aftermath are eligible for 30% discounts on activation and service fees.  Services start at $10 per month and run on a month-to-month basis with no long term contract.

Businesses interested in the program should contact sales@cumulusglobal.com immediately.

 

library

Email Security: Good, Better, Best

/in

eBook | Source: Cumulus Global —
Cyber attacks by email have skyrocketed over the last decade. Email and domain impersonation attacks, fueled by successful phishing attacks, bypass account-centric security. This eBook discusses how to protect your business and domain from Business Email Compromises and impersonation attacks.

Read more