Posts

The Kaseya Attack Effect

Data Protection & SecurityThe Kaseya attack demonstrates how cyber crime is a big, organized business.  How big? You can subscribe to “Ransomware as a Service” and outsource attacks on your intended targets.  How organized? Hacker groups and service providers, such as the REvil Ransomware Group and DarkSide, actively manage their brands and reputations.  The REvil attack on Kaseya shows us that cyber criminals are technically advanced and operationally sophisticated. The nature of the attack, and its scope, should scare you.

By using known vulnerabilities in Kaseya’s VSA Remote Monitoring and Management system, REvil was able to create an automated ransomware distribution network. They used the very systems that Managed Service Providers (MSPs) use to monitor and manage customer servers, computers, and networks.

The Impact

MSPs update their Kaseya VSA servers automatically installed the Ransomware on their customers’ systems, as well as their own. Best estimates are that up to  1,500 small and medium-sized companies are victims. While this number seems small, those 1,500 business face an existential threat. Remember: more than half of businesses victimized by ransomware fail within six months.

Most MSPs shut down their Kaseya VSA services before spreading the ransomware. These firms had no ability to monitor, manage, or remotely support their customers. Customers facing IT issues were met with longer diagnostic and resolution times, resulting in business disruption, lost productivity , and the possibility of data loss.

As a managed cloud service provider, Cumulus Global does not use the Kaseya VSA system.  Our clients were not at risk, via our services, from this attack.

The Lessons

We were on the sidelines for the Kaseya attack. We understand, however, that the way in which may cloud services are managed create connections between vendors, resellers, partners, and customers. While these connections do not generally provide any access to customer data, they do provide access to management functions and information about users.  This information, in turn, could be used to improve the effectiveness of phishing attacks, spoof identities, and gain access to systems.

As a trusted IT advisor and a managed cloud service provider, we are part of a connected supply chain. We take our responsibility to secure our part of that chain seriously. While we follow commercially accepted best practices for security and privacy, the Kaseya attack warns us to step back and re-evaluate our strategy, policies, and procedures.

Our Next Steps

Cumulus Global is conducting an internal review of all of our internal and operational systems, including vendor portals and services we use to order, provision, manage, and support cloud services. As part of this review we are examining our policies and procedures related to:

  • Identity management and protection
  • Access to the systems
  • System level permissions related to function and data
  • Roles and responsibilities with respect to security and privacy
  • Business continuity plans and capabilities

Through this process, we are challenging our assumptions, re-assessing how we operate security and effectively, and raising our expectations for how well we protect ourselves and our customers.

We will also be making recommendations to our clients, and the broader community, on steps they can take to improve their security profile and protections.

Your Next Steps

As a user of cloud services, and technology in general, have responsibilities as well.

We Can Help

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

The State of SMB Cyber Security

Data Protection & SecurityGone are the days when cybercrime was exclusively a big business problem. In the modern workplace, all businesses are at risk, regardless of their size or industry. Today, we recognize that implementing a cyber security program, much like hiring people and growing sales, is an essential part of running our companies.

With 43% of cyberattacks targeted at SMBs, it’s not surprising that many have identified cybersecurity as a priority. And while most of us have deployed protections, it is challenging to know if you have the right balance of protection relative to your risk.

Here are 4 key findings from research conducted by Microsoft:

01 Businesses understand that cybercrime is a problem, but understate the severity of the threat and overestimate their preparedness

The vast majority of businesses (85%) cite cybercrime as a concern, and more than half (56%) believe it is a top priority. Businesses are backing up this belief with action. Most have begun to invest both time and dollars into protecting their company from hackers and other malicious actors.

However, when you look a little deeper, it becomes clear that many have underestimated their risk. 74% of businesses don’t believe they are likely to be attacked at all and that corporations are two times as likely to be attacked.

90% of businesses say they have the right protections in place to prevent an attack, and those with more than 50 employees are even more confident. It is encouraging that businesses are investing in security, but the reality is that they are at greater risk than they think. Nearly half (41%) have been attacked

02 Small and medium-sized businesses are just as likely to be attacked as large corporations

For solutions that do cost money, businesses allocate about 15% of IT budgets go to cybersecurity,  and  21% plan to increase how much they spend protecting the company. Businesses recognize that this investment is worth it because three out of four know that it costs more to recover from an attack than it does to prevent one.

03 Employees can be a business’s biggest protection and also their biggest threat

As a small business owner, you face many of the same threats as larger businesses, but also unique challenges.

Given the number of security events tied to employees, businesses run the risk of underestimating the threat of employees leaking data or  sharing sensitive information, whether maliciously or accidentally.

Insider threats take several forms. Employees or partners may find it more convenient to transfer sensitive data using personal email or an unsecure cloud drive, not realizing the risk to your company. In fact, 30% of security events are attributed to careless or uninformed employees. More alarming is the roughly 36% of attacks where a malicious employee steals sensitive data.

04 Businesses have begun taking steps to protect themselves and there is a set of solutions and practices available to them

Most small and midsize businesses don’t have the same scale of resources to combat security threats and implement cyber security solutions as larger entities.

Fortunately, there are right-sized solutions and strategies designed to overcome the unique vulnerabilities of smaller companies. An effective security strategy doesn’t have to be expensive—or time-consuming. With a few simple, no-cost/low-cost steps, you can make a significant  impact on your company’s overall security profile. The key is to match security to your business needs and your budget.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Top 3 Types of IT Security Threats and How to Prevent Them

Data Protection & SecuritySecurity Threats: 3 You Know and 1 You Should

Security threats take many forms. Most owners of small and medium-sized businesses (SMBs) are aware of the need to defend against the top three — viruses, ransomware, and phishing attacks — but their organizations are generally not as prepared to deal with the risks related to employees leaking data or sharing sensitive information, whether maliciously or accidentally.

Top 3 Types of IT Security Threats

1. Viruses

According to research conducted by Microsoft, infection by a computer virus is the most commonly cited among security threats facing businesses. Preventing viruses requires an integrated approach to endpoint and identity management.

How to Prevent Viruses:

  • Deploy next-gen antivirus software, with advanced threat protection, installed and updated, on all devices
  • Use web filtering and monitoring services to prevent infection, even from trusted sites
  • Roll out mobile device management to secure work devices (including laptops and desktops), as well as personal devices used for work
  • Enforce the use of multi-factor authentication as part of an integrated identity and access management solution

2. Ransomware IT Security Threats

Ransomware is a type of malware that restricts access, encrypts files, or even stops you from using your systems. Like viruses, ransomware can enter the company through insecure endpoints or unsuspecting users.

While virus protections also protect against ransomware, no protection is perfect. You need to be ready to respond and recover in the event of a successful cyber attack. This includes implementing solutions and services, and ensuring you have the proper protocols in place.

How to Prevent Ransomware Security Threats

  • Backup your data and system images, in the cloud, to ensure your ability to restore and recover
  • Encrypt all data, at rest and in motion
  • Deploy business continuity services to spin-up copies of servers in parallel with remediation
  • Pre-arrange access to forensic, legal, and communications resources to ensure a proper business response
  • Acquire cyber insurance to cover remediation, recovery, and regulatory costs, along with lost revenue
  • Focus on the four pillars of cloud security, and continue to review them on a yearly basis

3. Phishing Attacks

The majority, 67 percent, of cybersecurity professionals surveyed consider phishing attacks to be the greatest security threat facing your business and employees. Take the proper steps today to protect your people, your data, and your business.

How to Prevent Phishing Attacks:

  • Configure advanced threat protection services to identify and block attacks via email using links and/or attachments
  • Monitor inbound and outbound email traffic
  • Provide your team with awareness training to recognize problem emails, and how to respond/act
  • Instruct your team to report suspicious messages, links, and attachments
  • Deploy domain level services to prevent identity-spoofing

1 Additional IT Security Threat You Should Know

!! Internal Leaks & Threats

Insider security threats are often overlooked, and small and midsize businesses are generally unprepared to deal with these IT security threats, accidental or malicious. Surveys indicate that 53% of organizations have experienced insider attacks against their organization.

These risks take several forms. About 37% of internal leaks can be attributed to careless or uninformed employees. In many cases, these employees are using personal, less secure or unsecured services to conduct business.  Whether consumer versions of email or cloud drives for sync and share, these “shadow IT” services pose a significant risk.

While the majority of internal leaks and threats are unintentional, 36% of internal leaks are identified as attacks by a malicious employee.

To prevent data leaks and breaches, you should:

  • Actively manage access and permissions to networks, systems, applications, and data; periodically review permissions for compliance
  • Leverage features within your systems that help you manage and protect confidential and proprietary information
  • Deploy information protection solutions, such as Data Loss Prevention (DLP) and document/message level encryption, to block sensitive data from leaving your control
  • Implement proper cyber insurance and breach response protocols

>> Take Action Against IT Security Threats

All of the suggestions, above, fall within our CPR best-practice model for data protection and cyber security: Communicate & Educate; Prevent & Protect; Respond & Recover.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Cyber Protection Solutions for SMBs

Data protection iconAs our businesses become even more reliant on technology and cloud services, the frequency and sophistication of cyber attacks continue to accelerate. Your Cyber Protection 

Cyber Protection Needs

We need our businesses — and our people — to be aware, protected, and able to recover.

At Cumulus Global, our CPR model maps the necessary components of cyber security into three areas.

  • Communicate & Educate
    • Ensure you team understands the risk, educate them so they can avoid falling prey, create a culture of security and data privacy.
  • Protect & Prevent
    • Leverage advanced and “next gen” technologies to prevent attacks and to protect your networks, systems, data, and people from attacks.
  • Recover & Respond
    • No system is perfect; make sure you can recover your data and systems, return to normal operations, and respond to the technical, legal, and communication challenges.

Successful Cyber Protection relies on your policies and procedures, technologies, and people working in sync. Across more than a dozen focus areas, you need to balance the level or protection you need with the costs and with the risks of not doing enough. You need to balance external requirements, such as government and industry regulations, with internal priorities.

Your Cyber Protection Solution

To design and implement an affordable, integrated, and effective cyber protection solution for your business, start with a Cyber Protection Assessment (CPA).  A CPA will assess your needs, within the context of your business, and preferred solutions across 15 areas of focus:

  • Written Information Security Plan
  • Patches and Updates
  • Email Encryption
  • Data Destruction
  • Background Checks
  • Written Information Response Plan
  • Antivirus and Intrusion Detection
  • Email and Web Security
  • Account and Identity Management
  • Employee Training
  • Firewalls
  • Backup / Continuity / Disaster Recovery
  • File Encryption
  • Network Access Security
  • Responsible Parties

Using the results of the Cyber Protection Assessment, you can plan and implement your levels of protection in each area to create the balance that is best for your business.

Next Steps and Resources

Your best next step is to contact us and discuss your cyber protection status and needs with one of our Cloud Advisors. Consider using our Cyber Protection Assessment to understand your needs, current protections, gaps, and priorities.

Related Resources:

Evaluating SaaS Backup Solutions and Software

Data protection icon

You have many choices when choosing your SaaS backup solution for Google Workspace (G Suite), Microsoft 365, Salesforce.com, and other cloud services. But first, lets learn more about what a SaaS backup solution entails, as well as what to expect with this type of cloud service.

What is a SaaS Backup?

Backup of Software as a Service, or SaaS backup, is the process of duplicating and storing data generated by SaaS products. This information is frequently derived from cloud-based SaaS applications, PaaS (Platform as a Service), and cloud-based network IaaS. (Infrastructure as a Service).

The responsibility of a SaaS provider extends only to their software and not to the information or data contained within it. They only guarantee the app’s and its supporting infrastructure’s uptime. As a result, businesses and organizations must obtain SaaS backup and disaster recovery services to protect their data in the cloud.

When picking your backup solution, look for the data protection capabilities you need. At a minimum, a SaaS backup solution should offer the following.

SaaS Backup Solutions

Comprehensive Protection

Some SaaS backup solutions only protect email, files, and folders. Look for solutions that offer protection for contacts, shared drives, collaboration and chat tools, and calendars. Solutions with these features are far more effective at maintaining business continuity. And, the cost is often comparable.

Frequent Backups

More frequent backups let you to restore to a more recent point in time, minimizing data loss. Restores are faster and easier with less manual effort to perform restores. Services that backup multiple times per day will provide better results than those that only backup daily.

Access During Outages

Look for and choose a SaaS backup service that lets you export and access your data in the event of an outage. While limited in scope, the ability to use data should Google Workspace or Microsoft 365 be unavailable can help you keep essential work on-track.

Security & Compliance

The SaaS backup service you choose should be secure, with data encrypted at rest and in motion.  Additionally, SaaS backup solution services that meet SOC1/SSAE-16 and SOC 2 Type II reporting standards will help you meet HIPAA, GDPR, CCPA, SEC, and other regulatory compliance requirements.

Your Next Step for Choosing a SaaS Backup Solution:

Comprehensive protection, frequent backups, access during outages, and security and compliance should all be included in your SaaS backup solution, software, or service.

We recommend you protect all data in Google Workspace or Microsoft 365 with a secure and robust backup/recovery solution.  Protecting your cloud-resident data is no different than protecting data hosted on servers and systems in your office. We can help you make the right choice.

For more information, view and download our eBook, SaaS Protection Buyers Guide.

Learn more about Cumulus Global’s data protection and security solutions, contact us to discuss you needs and options, or schedule a complimentary cloud advisor appointment.

3 Reasons to Secure Your Data with SaaS Data Protection Solutions

Data protection icon

What is SaaS Data protection and why You Should Consider it

SaaS data protection refers to the measures and strategies that software-as-a-service (SaaS) providers implement to safeguard their customers’ data from unauthorized access, alteration, theft, or loss.

SaaS data is not immune to permanent data loss. Microsoft and Google make no guarantees when it comes to restoring deleted data, whether from human error or a malicious act. While Microsoft 365 and Google Workspace (formerly G Suite) may make collaboration more efficient, data protection and management is a shared responsibility. Both Google and Microsoft include some basic recovery capabilities, but they not enough to protect your business.

SaaS providers use a combination of technical, administrative, and physical controls to protect their customers’ data. Encryption of data in transit and at rest, access controls and permissions, firewalls, intrusion detection and prevention systems, multi-factor authentication, regular security audits and assessments, and disaster recovery and business continuity plans are examples of these controls. SaaS providers also have legal and regulatory obligations to protect their customers’ data, depending on the type of data and the jurisdiction in which they operate. This may include compliance with industry standards such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA).

Here are 3 major reasons to add SaaS data protection to your Microsoft 365 or Google Workspace solution.

Overall, SaaS data protection is crucial for maintaining the trust of customers and ensuring the confidentiality, integrity, and availability of their data. The three reasons below are vital to understand as it relates to how to secure data in SaaS.

1: Data Loss Due to Permanent Deletion

If an employee accidentally deletes a critical spreadsheet from OneDrive or Google Drive, or a deleted folder of important emails passes the retention period in Trash, neither Microsoft nor Google will be able to recover your data.

Even if those files are within your retention period, locating and restoring lost data can cost you more time than you can afford.

2: Data Loss Due to a Ransomware Attack

If your business suffers a ransomware attack, you cannot roll-back your data to a point-in-time before the attack without a backup solution. Your data is likely gone forever.

More than losing valuable business data, you will face potentially crippling costs.  You may choose to pay the ransom (without any guarantee your files will be unlocked). You may work to rebuild your lost data. Either way, you will spend significant money, time, and lost productivity trying to save your business.

3. Time and Money Lost in Recovering Files

Retaining critical user data when employees leave your company is costly without a backup solution in place. The time spent to recover data might be more than what your business can afford. SaaS Data Protection and backup solutions lets you retain past employee data without the need to keep their Microsoft 365 or Google Workspace account active. You save time and money.

Whether you lose data or time, the impact to your bottom line can be significant. To address this challenge, you need a secure solution for this growing reliance on the cloud.

Learn more about Cumulus Global’s data protection and security solutions. To ensure your business continues to run smoothly, schedule a complimentary cloud advisor appointment.

Service Update: Datto SaaS Protection

Service Update: Datto SaaS Protection. The latest Datto SaaS Protection platform is now available to all of our costumers. For more recent customers, you are already on the newest platform.  For our longer term SaaS Protection (aka Backupify) customers, the transition process will begin as early as February 1, 2021. The process will complete before May 31, 2021.

Benefit:

With this move, all Datto SaaS Protection customers will have access to the latest features. These include protection for Microsoft Teams and Google Shared Drives, and the Daily Backup Success Report.

Process:

To ensure a smooth transition, any data on the legacy platform will be archived in one of Datto’s secure Microsoft Azure instances. A fresh backup set will initiate on the new platform. We can assist you in exporting your legacy backup data if you prefer to not have it stored by Datto on Microsoft Azure.

There are some unique aspects of the transition for some of our customers, our Service Team will contact you as needed to discuss your transition.

Please contact us with any questions or concerns.

SaaS Backup Myths – 4 Dangerous Misconceptions Debunked

SaaS Backup is just as important, and necessary, as backups for data hosted on in-house servers and systems.

Data protection iconWith more remote work, our reliance on SaaS applications and services such as Microsoft 365 and Google Workspace has become more critical to our success. Easy access to files and folders from anywhere and the integrated collaboration tools keep our teams connected and productive.

Here are 4 common, but dangerous, myths and misconceptions about SaaS applications and services that will put your data and your business at risk.

Top 4 Software as a service (SaaS) Backup Myths Dispelled

Myth 1: SaaS Applications do not Require Backup

While SaaS applications protect against data loss in their cloud servers, this does not protect against user error, accidental and malicious deletion, or ransomware attacks. And while accidental deletion of files is by far the most
common form of data loss in SaaS apps, ransomware can be the most damaging. Ransomware is designed to spread across networks and into SaaS applications, impacting many users.

Ransomware isn’t only an on-premises problem. It can and does spread into the cloud, especially when using the OneDrive and/or Drive File Sync clients.

You need a way to quickly revert files, folders, settings, and permissions in the event of an attack.

Myth 2: File Sync is a Backup

While file sync tools like Microsoft OneDrive or Google Drive File Sync do create a second copy of files and folders, they do not replace backup. File sync automatically copies changes to synchronized files. If a file or folder is infected with ransomware, the malware will automatically be copied to all synced versions of that file.

File sync services do offer some restore capabilities via versioning, but they fall short of a true SaaS backup solution.

  • If a file is deleted, older versions of the file are also deleted
  • End users control backup and recovery, so you have no control over coverage or process
  • Large restores are a time-consuming, manual process.

Beyond simply lacking the restore capabilities of a backup solution, file sync and share can introduce ransomware to Microsoft 365 or Google Drive. File sync and backup are not competitive solutions, rather they can and should be used together.

File sync and share tools are for productivity; backup is for data protection and fast restore.

Myth 3: SaaS Applications are Always Available

While SaaS apps are highly reliable, outages do occur. In 2020 alone, Microsoft 365 suffered five significant outages in the space of six weeks. Last year, Google Workspace suffered a global outage, leaving users with no access to for several hours.

Outages and slow restore times are not just an inconvenience. When you cannot access important business data, productivity falls and revenue suffers. Creating backups that are independent of a SaaS provider’s cloud servers is the only way to ensure access to essential files in the event of an extended outage.

Myth 4: Microsoft and Google are Responsible for Backup

Microsoft and Google ensure they will not lose your cloud data. However, they do not take responsibility for restoring data if you lose it. This is why Microsoft recommends third party backups for Microsoft 365 data, having defined the concept of the Shared Responsibility Model.

In the Shared Responsibility Model:

  • Microsoft and Google protect your data against:
    • Service interruptions due to hardware or software failure
    • Loss of service due to natural disaster or power outage
  • You must protect your data against:
    • Accidental deletion and damage
    • Hackers, ransomware attacks, other malware
    • Malicious insiders

The Shared Responsibility Model places the onus of SaaS data protection squarely on you. Google and Microsoft are responsible for keeping their systems up and running; you are responsible for preserving and securing your data.

FAQs

What are the disadvantages of cloud backups?

Many people are wondering what the drawbacks of cloud backups are, and while there are more pros than cons, there are certainly still a few key factors to consider. These include the following SaaS backup drawbacks:
  1. Cost
  2. Complexity
  3. Time-consuming
  4. Data recovery time
  5. Risk of failure
  6. Security concerns

Do I need to backup SaaS?

Yes, it is important to backup SaaS data to ensure that your critical data is protected against loss, corruption, or cyber attacks. While SaaS providers typically have their own data backup and recovery processes in place, they may not always guarantee the recovery of data lost due to user error, malicious deletion, or other data loss scenarios.

Why cloud backup may not be the best choice?

While cloud backup solutions can offer many benefits, they may not always be the best choice for all organizations. The main downsides include the following:
  1. Cost of cloud backup solutions can be expensive
  2. Security concerns still remain
  3. Dependency on internet connection
  4. Lack of control over how data is stored, accessed, and managed.
  5. Compliance concerns
  6. It can be difficult and costly to switch to a different provider or to migrate your data to a different solution in the future

To review your data protections, and your ability to recover from accidental or malicious loss, contact us or schedule an appointment with our Cloud Advisors.

9 Cyber Security Tips for Small Businesses

Since the start of the COVID-19 pandemic, cyber threats and ransomware attacks have accelerated, exceeding 30,000 attacks per day in the US. Cybersecurity measures have never been more important. The move to remote working environments as well as the vulnerability of global economies in crisis has created an open-season for cybercriminals. No business—big or small—is safe.

Small and medium businesses (SMBs) seemingly have a target on their backs, so strengthening your SMB security posture is essential right now. The good news: There are ways to protect your business against ransomware attacks. Read on below to learn about our top nine cyber security tips and best practices to keep your small business safe.

Here are nine tips you that boost your business’ resilience to cyber attacks:

Communicate & Educate

1. Conduct a security risk assessment

Understand potential security threats (e.g., downtime from ransomware) and the impact they may have on your business (lost revenue). Use this information to shape a security strategy that meets your specific needs.

2. Create straightforward cybersecurity policies

Write and distribute a clear set of rules and instructions on cybersecurity practices for employees. This will vary from business to business but may include policies on social media use, bring your own device, authentication requirements, etc.

3. Train your employees

Because cybersecurity threats are constantly evolving, an ongoing training plan should be implemented for all employees. This should include examples of threats, as well as instruction on security best practices, and periodic testing.

Prevent & Protect

4. Protect your network and devices

Implement a password policy that requires strong passwords and monitor your employee accounts for breach intel through dark web monitoring. Deploy firewall, VPN, and next-gen antivirus technologies with advanced threat protection. Ensure your network and endpoints are not vulnerable to attacks. Implement mandatory multi-factor authentication. Ongoing network monitoring is essential, as is encrypting hard drives.

5. Keep software up to date

This cyber security tip involves being vigilant about patch management. Cyber criminals exploit software vulnerabilities using a variety of tactics to gain access to computers and data. Your IT provider should automate this for your businesses with a remote monitoring and management. Keep your mobile phones up to date as well.

6. Back up your data

Daily (or more frequent) backups are a requirement to recover from data corruption or loss resulting from security breaches. Consider using a data protection tools that take incremental backups of data periodically throughout the day to prevent data loss. Remember that you need to protect your data in the cloud as well as you protect your data on local servers and workstations.

7. Know where your data resides

The more places data exists, the more likely it is that unauthorized individuals will be able to access it. Use data discovery tools to find and appropriately secure data along with business-class Software-as-a-Service (SaaS) applications that allow for corporate control of data. Eliminate redundant and “Shadow IT” services.

8. Control access to computers

Use key cards or similar security measures to control access to facilities. Ensure that employees use strong passwords for laptops and desktops. Give administrative privileges only to trusted staff as needed.

Respond & Recover

9. Enable uptime

Our final cyber security tip dives into responding and recover. Here, it’s vital to choose a powerful data protection solution that enables “instant recovery” of data and applications. In fact, 92% of managed IT service providers report that companies with business continuity disaster recovery (BCDR) products in place are less likely to experience significant downtime from ransomware and are back up and running quickly. Application downtime can significantly impact a business’ ability to generate revenue. Can your business afford downtime costs that are 23X greater (up by 200% year-over-year) than the average ransom requested in 2019?

Get In Touch To Learn More About Cyber Security Tips and Best Practices

The best defense is a good offense. A robust, multi-layered cybersecurity strategy can save your business. Contact us to learn more and for a free Cyber Security Assessment.

COVID-19 Survey: Revenue Losses and Diminishing Cash Reserves

In a national survey of more than 2400 businesses conducted and published by American City Business Journals finds that small and midsize businesses are seeing severe impacts from the COVID-19 pandemic.

The Impacts: Profits, Revenue, Cash, and Survivability

About 69% of respondents have seen revenue decline since the major onset of COVID-19 in March 2020.  Of those seeing revenue decline, close to half see revenue falling by 50% or more year over year.

Additionally, 47% indicate that they have not been profitable and nearly one third report being cash flow negative over the first six months of the pandemic. About 70% of those losing money are losing more than $10,000 per month and 64% will run out of funds within the five months.

About 40% of respondents raised cash through loans or equity investments since March 1, with 91% of these businesses receiving loans from a federal stimulus program, such as the Paycheck Protection Program. These funds were predominantly used to cover payroll and operating expenses as opposed to funding investment or growth.

Change in Focus

With the stark financial impacts, most smaller businesses are changing their focus. Rather than looking forward one to three years, most SMBs are focuses on the current and next quarter. The shift from strategic to tactical is a direct response to the many unknowns of the pandemic, the near-term economy, business sector and market impacts, and government recovery and stimulus plans.

The near-term focus makes sense as we look to minimize costs, conserve cash, and ensure profits and our sustainability.

Where IT Services Can Help

Leveraging the right IT services can help you prepare and react to changes as you navigate the on-going unknowns.  Here are 5 ideas to consider.

Audit your IT services for redundant services.
  • Most businesses find they are paying for multiple services with redundant or overlapping capabilities.
  • In many instances, we see businesses paying for third party services that are available for no additional cost in their productivity suites.
  • Eliminating duplication will require some change of habits, but can dramatically reduce on-going IT costs.
Audit your communication tools.
  • Are you paying for, and not using your available communication tools?
  • Chat, video, and collaboration tools are standard in Microsoft 365 and G Suite, and can reduce or eliminate the need for expensive voice, teleconference, video conference, and online meeting solutions.
  • A modest investment in training/education can help minimize communication costs.
Replace file servers with file services.
  • Most businesses using Microsoft 365 or G Suite are storing files in these systems; these same businesses still run on-premise or hosted file servers.
  • OneDrive, SharePoint, My Drive, and Shared Drives make it easy to save, share, and manage files.  The OneDrive and Drive File Stream clients connect your end user applications to your cloud file services.
  • Moving files from servers to cloud services eliminates the need for physical services, monthly MSP monitoring fees, backup/recovery costs, anti-virus costs, and more.
  • If your staff need to access your on-premise services remotely, you may also be able to reduce or eliminate expenses related to VPN and other remote access services.
  • While you will still want and need to protect cloud-resident files, your cost to store, share, and manage files will be lower.
Move applications and systems from on-premise to cloud
  • You can lower you monthly operating costs and give you the ability to scale your resources and costs up and down as needed on a monthly basis.
  • Make it easier to reduce your physical footprint for potential savings on rent and utilities.
  • Scale your services up and down as needed to avoid unnecessary costs and capital expenditures.
Execute a service and data governance strategy
  • Scale services up and down as needed to manage costs
  • Ensure data is secure, managed, and protected
  • Leverage data archiving services to minimize active account costs

To explore your options and best next moves, contact us for a complimentary Cloud Advisor session.


 

library

State of Security for Small and Midsize Businesses

eBook | Source: Microsoft —
This eBook identifies key findings in studies and surveys covering security for small and midsize businesses, and provides set of recommendations to ensure …

Protect Your Business – Top 3 Security Threats

eBook | Source: Microsoft —
This eBook explores how you can safeguard your business against the top three security threats, plus the one threat your business is probably overlooking.

15 Best Practices for Cyber Protection

eBook | Source: Cumulus Global 

SaaS Protection Buyer’s Guide

eBook | Source: Cumulus Global

Webcasts

Next Normal: IT Efficiency

(02/23/2021) – COVID-19 and the events of the past 10 months have, and continue, to change the way we run our businesses. Are the IT choices made during the crisis the best for your business in the long term?