Posts

3 IT Trends We See Now

Working with hundreds of small and midsize businesses, we often see trends in IT interests, plans, and initiatives. Given all the hype, we expected to see Generative AI as a big trend this fall. While our clients are interested in it and beginning to use it, Generative AI is not among the top three trends this fall.

Here are the 3 trends we see now.

3 Incremental Cybersecurity

With a never-ending string of cyber attacks, new regulations, and expanded expectations from customers, insurers, and others, your peers are reassessing their cybersecurity measures and making adjustments. 

Like your business, most small businesses have some cybersecurity measures in place. Adding incremental services is a fiscally smart way to increase prevention, fill gaps in protection, and ensure a more effective response. 

Universal multi-factor authentication (MFA), penetration testing, security awareness training, and improved recovery and continuity solutions are among the services your peers are adding.

2 Virtual Desktops

Remote and hybrid work are the norm. So is bring-your-own-device, or BYOD. The challenge is ensuring your team has a consistent user experience that is productive and secure.

Virtual Desktop, sometimes referred to as remote desktop solutions, provides a cloud-resident environment that is secure and effective. With a virtual desktop infrastructure (VDI), such as Azure Windows Desktop, your team accesses a secure work environment from any device with Internet access. Apps run and data remains in the cloud – only screen, keyboard, and mouse traffic touch the local device.

By removing the end user device from the security envelope, you do not need to put security software, or company data, on employees’ personal devices. You reduce the scope of your management (and the cost) while having more control over your environment.

1 Managed Cloud Services

Your IT and cloud services are more sophisticated and capable. Keeping current, ensuring the environment is secure, and helping your team use your IT services most effectively takes time. Instead of letting things slide, your fellow small business owners and leaders are moving towards Managed Cloud Services.

Managed Cloud Services, like more traditional managed IT services, put monitoring, management, administration, and support into the hands of experts. You get an integrated bundle of security, services, and support that matches your needs and your budget.

While Managed Cloud Services often comes with some increased costs, the enhanced value gained outweighs the cost.

Your Next Steps

Our Cloud Advisors are ready to help you assess if and how Virtual Desktops and Managed Cloud Services may benefit your team and business.

To assess and adjust your cybersecurity, check out these resources:

Our eBook, Cyber Security Requirements for Cyber Insurance, defines basic, preferred, and best practice cybersecurity for small businesses. 

We also offer multiple assessments to help you understand and benchmark your current cybersecurity, including:

These assessments are free with a Referral Code. 

Contact us or schedule time with one of our Cloud Advisors to learn more and obtain your Referral Code. 

About the Author

Bill Seybolt bio pictureBill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management.

ALERT: Threatening Emails are Spiking

ALERT

In the last 72 hours, our clients have reported an alarming increase in threatening emails. These emails contain enough personal information to legitimately trigger worry, fear, and in some cases, panic. 

This post covers three types of threatening messages and how to respond.

The Attacks

This type of attack is known as a “Exposure Threat” or “Fear of Exposure” attack. Attackers threaten to release embarrassing or sensitive information about you or your business. They may share bits of information or make claims that imply or confirm that they really do have some information. 

Here are three common forms of the threat:

1 “We Know Where You Live”

The email arrives in your inbox from what looks like a “legitimate” Gmail, Yahoo!, or other email service. The subject line contains your name or that of a family member. The message includes your full address and a valid phone number. In some cases, this threat may also include a picture of your home or office. 

Most often, this type of email does not include any explicit threat or demand.

The implication “we know where you live” is intended to instill fear. The goal is to make you more likely to respond and cooperate with future threats. 

2“We Know What You Did”

This form of attack claims to have documents, images, or video of you doing something embarrassing or illegal. The attacker will claim to have access to your email account, or all of your contacts, and will threaten to share the information if you fail to pay a ransom.

This is an explicit form of extortion.

The attackers are betting that the fear of exposure will cause you to pay the demand and prevent you from reporting the attack.

3“We Have Your Information”

This form of attack threatens to disclose sensitive information about you, your business, or your customers. The threat is the damage a data breach causes. This can include serious and costly legal, regulatory, or contractual issues. The attackers may share a sample that “proves” they have the information on hand.

This attack typically includes a specific threat and an extortion demand.

The preview information shared by the attackers may be from sensitive files, but it may also be available from other sources. This form of attack warrants some investigation.

How to Respond: Do NOT Panic!

First and foremost, do NOT panic. The success of these attacks is dependent upon your fear and your reaction. If you receive an email that is like one of these cases or similar, how you respond can make a difference.

No Specific Threat

  • If the email does not contain a specific threat or demand, your best response is to mark and report the email as spam. Doing so should direct future emails directly to your spam or junk folder.
  • You can take the extra step of reporting the message as abuse to the email server. Here are links to report email abuse for Gmail, Sky/Yahoo!, and Xfinity/Comcast.

With a Specific Threat

  • If the email contains a specific threat, you can and should report the message as spam/junk. We recommend your report this to your IT service provider. Your IT team should investigate the possible risks and take appropriate preventative and responsive measures.
  • Extortion is a crime. While many local law enforcement departments do not have the expertise to investigate cyber crimes, most state police organizations have cyber crime units. You can also report the attack directly to the Internet Crime Complaint Center (IC3). The IC3 will route your report to the FBI and other relevant agencies. Depending on the nature of the attack, the response may range from acknowledgement of the report to a full criminal investigation.
  • If the email includes a threat to show up at your home or business if you do not respond or comply. we strongly recommend reporting the threat to law enforcement.

Possible Data Breach

  • If the threat indicates that the attacker has, or can, access sensitive data, promptly take additional steps to protect yourself and your business.
  • If the attack references personal information, placing locks on your credit reports is always a good step. If the threat mentions (or indicates) a source, such as your bank or investment accounts, report the incident directly to that institution or business. Discuss protections they can put in place on your behalf.
  • If the attack references information from your business, promptly investigate the possible breach. This may involve scanning systems for malware and advanced threats, analyzing logs for unauthorized access, and verifying compliance with security measures. The level of your investigation should match the level of risk. Your IT service provider can help you assess the situation and determine the best course of action.

Your Next Steps

You can protect yourself and your business from these attacks, and other cyber attacks before they happen. Our Security CPR model provides a guide.

  • Communicate and Educate: Learn about, and help your team understand, the risks, nature, and impact of cyber attacks. Communicate the need for vigilance and how their behaviors can enable or prevent a successful attack.
  • Protect and Prevent: Put cybersecurity policies, procedures, systems, and services in place commensurate with your business’s risks, needs, priorities, and budget. This includes advanced threat protection for email and strong settings for your SPF, DKIM, and DMARC protocols in your DNS record. 
  • Respond and Recover: Ensure that you have systems, processes, and services in place to respond and recover should an attack be successful. Beyond restoring data and systems, have resources available to address the legal, regulatory, and customer service issues that often arise. Ideally, have solutions in place that allow you to keep your business running while you respond and recover.

For help assessing your current cybersecurity protections, please send an email or schedule time with one of our Cloud Advisors to discuss our cybersecurity assessments and solutions.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

5 Cybersecurity Standards for Small and Midsize Businesses

5 Cybersecurity StandardsAs small and midsize business leaders, we understand the need to comply with regulatory and industry requirements. We also want and need our IT services to support our business priorities and fit within our budget. So how much cybersecurity is enough? Our cyber insurance partner, Datastream, analyzed policies and coverages for nearly 8 million businesses across dozens of industries globally. The most common cyber attacks exploit weak credentials, human behavior, and out-of-date software to gain access to your systems and data. From there, they can not only launch ransomware attacks, they can initiate business email compromise and other costly and damaging attacks. The result: Datastream identified a bare minimum set of 5 cybersecurity standards

The 5 Minimum Cybersecurity Standards

To address the most common and costly forms of cyber attacks, implement these 5 cybersecurity standards.

1 Multi-Factor Authentication (MFA)

MFA requires a secondary physical authentication when logging in. Whether by text, authenticator app, one-time passwords, or magic links, MFA can prevent attackers from using compromised credentials. According to studies by Microsoft, more than 90% of cyber attacks can be blocked if MFA is in place.

While the minimum standard is coverage for email access and remote network connections, we recommend using MFA for access to any and all critical systems, applications, and data.

2 Encryption

Do you encrypt all sensitive information at rest, including backups?

Most of our systems and applications encrypt data in transit (in motion). Encrypting data at rest, regardless of where it resides, prevents your data from being easily accessed and used in a cyber attack. Encryption should be in place on workstations and personal computers, not just on servers and in cloud-based services.

Just as important, backups should be encrypted. Unencrypted backups provide cyber attackers with easy access to data. Backups should also be stored off-site or in the cloud using immutable storage. This strategy prevents corruption of backup sets in the event of a ransomware attack. 

3 Data Recovery

In the last 6 months, has your company tested its ability to recover all business-critical data and systems within 10 days or less, from offline or cloud backups that are no more than a week old? 

Backing up data and systems is easy. Recovery is hard. Knowing that you can reliably restore your data and systems demonstrates your level of protection and how well you have reduced risks. Documenting this will impact your cyber insurance premiums.

While the 10-day recovery window is a minimum expectation, it may not be sufficient for your business. We recommend analyzing your business needs and setting goals to return to operations in a way that minimizes the impact of any disruption.

4 Automated Hardening Policies

Do you implement automated hardening policies?

Hardening systems is the process of limiting the attack surface of your systems, applications, and data. Hardening tactics include:

  • Removing unused applications and accounts
  • Disabling unnecessary services, ports, protocols, and features
  • Limiting administrative permissions and access
  • Logging appropriate activities, errors, and warnings

The process of configuring and managing hardened systems is easiest to manage with a remote monitoring and management (RMM) system in place.

5 Patches and Updates

Do you apply critical patches and updates to key IT systems and applications within two months?

Updates and patches to operating systems are familiar and comfortable. We regularly receive and apply updates to our smartphones, laptops, and desktops, most often as part of a default, automated process. We may not, however, be as diligent with our business systems and applications.

Updates and patches to databases, applications, and other software often require validation and may require changes to settings and integrations. Regularly reviewing updates and patches, and having a process in place to verify and apply updates, ensures that your systems have current security fixes and features.

Your Next Steps

Having these five cybersecurity standards in place represents a no-nonsense minimum that protects your business and can improve your cybersecurity coverage and premiums.

Our eBook, Cyber Security Requirements for Cyber Insurance, dives deeper to define basic, preferred, and best practices. You can, and should, scale your cybersecurity to meet your business’s specific risks, priorities, and budget.

We offer multiple assessments to help you understand and benchmark your current cybersecurity.

  • Rapid Security Assessment
  • Cyber Insurance Risk Assessment 

These assessments are free with a Referral Code. Contact us or schedule time with one of our Cloud Advisors to learn more and obtain your code.

Help us keep the ideas flowing. If you have any blog posts that are leadership thoughts you want to share, please let us know.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Cumulus Global Offers Free IT Asset Disposal with Managed Cloud Services

Managed Cloud Services by Cumulus Global

Cumulus Global Offers Free IT Asset Disposal with Managed Cloud Services

The company adds IT asset disposal and  lifecycle management to the Basic and Business tiers of its Managed Cloud Service offerings.

Cumulus Global proudly announces the addition of IT lifecycle management services to our Managed Cloud Service offerings. Available at the Basic, Business, and Enterprise levels, these services include asset tracking, access to low-cost extended warranties and accidental damage coverage, and free IT asset disposal services. 

“Properly disposing of IT assets and used electronics is necessary but not easy,” stated Cumulus Global CEO Allen Falcon. “Finding a reputable firm, disposal fees, handling fees, and shipping becomes expensive for most smaller organizations.”

The program, included in the company’s Managed Cloud Service offerings at no additional costs offers two levels of service.  For smaller quantities, customers box and inventory the items and receive prepaid US Postal Service shipping labels.  For larger quantities, a disposal team will come on site to box and ship the items.

“We are meeting an important and growing need for our clients,” noted Falcon. “Our service simplifies the process and saves money. It is a win-win for our clients and the environment.”

The addition of lifecycle management services is part of the Cumulus Global’s commitment to increasing value for clients.  These IT asset disposal and lifecycle management services complement the existing security, support, data protection, and co-management components of the company’s Managed Cloud Services.  Organizations interested in learning more can schedule an introductory call with a Cumulus Global Cloud Advisor.

About Cumulus Global

Managed Cloud Services for Small and Midsize Businesses, Governments, and Schools

Cumulus Global (www.cumulusglobal.com) is an industry-leading managed cloud service provider with a mission to deliver solutions with tangible value.

  • What We Do: We translate your business goals and objectives into solutions and services.
  • How We Do It: We start with your business needs and priorities. Planning and migration includes guidance to help your team adopt and utilize new services. Your team benefits from co-managed services, ongoing support, and client success services that help you adapt as your business changes and grows.
  • What We Offer: Managed cloud solutions featuring Google, Microsoft, and more than three dozen providers.

For more information, schedule a no-obligation introductory meeting with a Cloud Advisor.

Sustainability: 1000 Trees and Growing

ReforestationBack in January of this year, we announced that Cumulus Global was expanding its sustainability program. To help offset the carbon footprint of our offices and operations, we have strengthened our partnership with Evertreen and are committed to planting 100 trees per month.

Our forest has grown to over 1,000 trees across 7 countries and 3 continents. 

Over the next 30 years, the trees we have planted to date will remove over 300 tons of CO2 from the atmosphere. That is the equivalent of driving an average American car 750,000 miles. As we continue to plant, the amount of CO2 our forest cleans will continue to grow.

In addition to the climate benefits, our forest is producing food, reducing soil erosion, protecting watersheds, and providing local jobs.

As an IT firm, planting trees to offset our carbon footprint is part of an overall commitment to sustainability that includes using 100% renewable energy, reuse, and recycling.

We Can Help You Do More

One of the best ways to improve sustainability is to recycle electronic waste (e-waste). E-waste recycling has challenges, including but not limited to, finding reputable recyclers and cost.

Our Basic and Business Managed Cloud Services include lifecycle management for your computer with unlimited, no-cost, e-waste recycling.

For a small number of items, we provide a prepaid label. Just box up the items and drop them off at your local post office. If you are looking to clear the shelves or empty the closet of e-waste, we can have a recycling team show up to box, label, and ship everything for you. All for free!

As an added bonus, our IT asset disposal partners partner with Veritree to plant trees with every recycling order.

Call to Action:

For more information about our Managed Cloud Services, please contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

A Model for Business Resilience

Aviate Navigate Communicate

The recent global systems outage, caused by CrowdStrike’s failed update, exposes a key flaw in how we view business resilience. When asked how we make our businesses resilient to failures, human acts or errors, disasters, and other disruptions, we tend to focus on the technologies and services we put in place to prevent/protect and restore/recover.

Business Resilience 

We define Business Resilience as your ability to get and keep your business up and running (even if it is running at a degraded level) until you can fully restore and recover.

Given the impact of the CrowdStrike failure on the airline industry, here is an aviation-themed model you can use as a guide.

Aviate

When an emergency happens in flight, the pilot’s first focus is to aviate – to ensure the plane keeps flying. If you can’t keep the plane in the air, your direction of travel does not really matter. 

The same is true for your business. If you cannot keep your business running at a minimally viable level, you can run out of time and/or money before you are able to restore and recover.

Navigate

Once the pilot knows that the plane will continue to fly, they can assess their current location and take the necessary direction and steps they need to land safely.

Once you know that you can continue to operate, even if only at a base level, you can step back and map out the potentially complex steps needed to restore, recover, and return to normal operations. You can then navigate the technical, operational, customer service, legal, and other processes needed for your safe landing.

Communicate

Once the pilot can safely navigate to a landing, they have the time and focus to communicate. Although, pilots do communicate during the aviate and navigate phases, they limit communications to only information air traffic control, ground operations, emergency responders, and others need in order to assist with the situation. Additional details and analysis come later.

The same is true for you and your business. While you are aviating and navigating, you will want and need to share necessary information with those who need it. These communications need to be “to the point” and focused. You will have the time and focus to share more detailed information as you approach, or after you make, your safe landing. You will have the time needed for review, analysis, and planning after your return to normal operations.

Call to Action:

If you are unsure or lack confidence in your business’s resilience to disruptions, we can help. Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Resilience, the CrowdStrike Failure, and the Real Impact on Your Business

Resilience

We have not written or posted much about the CrowdStrike failure. CrowdStrike is designed and priced for large enterprises. We offer endpoint protection, detection, and response services that are better designed for the small and midsize organizations we serve. In large part, the CrowdStrike failure has not directly impacted our clients and other smaller businesses.

However, the CrowdStrike failure has, and will, indirectly impact you and your business.

Technical Impacts

The biggest technical impact will be the role of automatic updates. The CrowdStrike failure was due to a programming error in a software update that was sent and applied automatically. Customers did not have the ability to limit or test the update prior to deployment.

Going forward, expect vendors to rethink how and when they use automatic updates. What for expectations that you, the customer, should test and approve changes. This shift will transfer more of the responsibility from vendors to your IT team. If you do not have the resources to test and verify updates, you will be taking on more of the responsibility should issues arise.

If you have an IT provider or managed service provider, you may need to negotiate this additional work into your contracts.

Business Impact

The most significant impact of the CrowdStrike failure is on our understanding of “Resilience.” When we talk about endpoint protection services like CrowdStrike, backup/recovery solutions, advanced threat protections, encryption, and other services, we are talking about tools that help our businesses become and remain resilient to cyber attacks, improper user activity, disasters, and other disruptions. 

These technical solutions provide some of the “Prevent & Protect” and “Restore and Recover” components of our Security CPR model and services. With the CrowdStrike failure, a tool intended to improve resilience exposed a weakness in our resilience: what happens when your solution becomes the problem?

Our understanding of resilience needs to change. We must move away from thinking about resilience as a function of IT. Resilience is a business-level function that encompasses all aspects of your organization.

Anecdotally, we learned that during the CrowdStrike failure: 

  • Airlines in Hong Kong wrote out boarding passes by hand and kept lists in notebooks to track manifests and seating assignments.
  • Lacking computers to centrally monitor infants and non-operational security doors in a California Hospital maternity ward, nurses were held over and stationed at each infant’s bedside, and security guards were tasked with guarding doors.
  • A small distributor wrote labels, bills of lading, and customs documents by hand for thousands of shipments.

The Big Question

Answer the following question for your business:

  • Can you run your business, even if it is in a degraded mode, without one or more of your key systems? If so, for how long?

Your answer is key to understanding how resilient your business is to disruption, the potential operational and business impact of a disruption, and your ability to recover and survive.

Call to Action:

If you are unsure or lack confidence in your business’s resilience to disruptions, we can help. Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

7 IT Blind Spots Small Businesses Miss the Most

IT Blind Spots

Your small business depends on your IT services to run effectively and efficiently. Even so, like many small business leaders, you likely have one or more “IT Blind Spots”. The blind spots are not “all or nothing.” They evolve from decisions about what IT services are needed, wanted, and worthy of spending on at a particular point in time. Over time, internal and external factors change. If we do not take a fresh look, our IT services will not keep up. 

While not intentional, these blind spots create unnecessary risks and expenses. Here are the seven (7) blind spots we see the most.

1Security and Privacy

As small business owners and leaders, we understand the need for security – especially in today’s environment. We wonder, however, how much security is enough and what we should prioritize. We see small businesses with antivirus protection on their computers, strong passwords, and basic backup/recovery. While these services were the benchmark for basic security, they are now insufficient.

Check your IT blind spots for other core security services, including multi- or two-factor authentication (MFA/2FA), advanced threat protection (ATP) for email, advanced endpoint protection and response, encryption, and immutable backup/recovery services.

If you do not have these in place, your security is likely insufficient to protect your business.

2Duplicate Services

It has never been easier to sign up for new services. With a few clicks, payment information, and a quick setup, your new, cloud-based application or service is up and running. The convenience is great when you need something specific or a new solution. The low barrier to entry, however, makes it easier to sign up for apps and services that duplicate others you already have in place.

Check your IT blind spots for these duplicate services. We most often see companies paying for Zoom or GoTo, even though they have Microsoft Teams or Google Meet for online meetings and presentations. Some spend on Slack and other tools instead of using Teams or Google Chat services that are already in place. Rather than managing permissions to share files from Microsoft 365 or Google Workspace, small businesses often spend more on Dropbox and other services. While these are the most common duplicate services, we often see others across a wide range of apps and functions.

3Shadow IT

We used to define Shadow IT as any IT service in use without proper vetting or authorization. Today, we expand the definition to include consumer-grade hardware, software, and services. Team members using unauthorized IT services typically create security risks, increase costs, reduce control of company information, violate information privacy rules, and put data at risk. While less costly up-front, consumer-grade equipment, software, and services typically lack the security and integration needed for business use.

Check your IT blind spots and survey your environment for Shadow IT. Team members often go rogue for personal preference, convenience, or because they do not understand how to use features and functions already in place.

4Latent Apps and Services

When was the last time you looked to see if you were paying for IT services that you no longer use or need? With the low barrier to entry for cloud services, we often see companies that have signed up for an app or service, only to later decide that it is not the right solution or to see usage decline over time. Without a set process for on/off-boarding IT services, these often remain idle, incurring monthly or annual fees.

Check your IT blind spots for applications and services. Review company and staff personal credit cards for recurring payments. Scan Microsoft 365 and Google Workspace accounts for apps and services with federated logins.

5Business Continuity

While almost all small businesses like yours have backup/recovery in place for most of their systems and data, most still lack a business continuity solution. Even without a big disaster, the loss of a single, key system can be crippling.

Check your IT blind spots for business resilience. Can you run your business without your IT systems and services? For how long? Which systems and services can you live without for a short period of time and which are critical to your business? The answer to these questions dictates the types and extent of business continuity services you need. Focus on what you need to reasonably run your business while you make repairs and complete larger recovery efforts.

6Cyber Insurance

Most small businesses know that they should have cyber insurance in place, and many do. Too often, however, we see small businesses signing on to policies with inadequate or inappropriate coverage. We also see many businesses overpaying for cyber insurance to cover risks that could easily be reduced with incremental security services.

Check your IT blind spots for appropriate cyber insurance coverage and rates. If your policy was not purchased through a specialized agent or broker, an independent review may be worthwhile. If you do not yet have a policy, check out our resources and ask about our cyber insurance readiness assessment.

7Utilization

Multiple services tell us that most small businesses use about 15% of the capabilities in their Microsoft 365 or Google Workspace services. Your investment in Microsoft 365 or Google Workspace includes a rich set of features and functions – major and minor – that help your team collaborate and work more efficiently, individually and as a team.

Check your IT blind spots to understand how well your team is using the tools available to them. A little bit of education, training, and guidance can boost productivity within Microsoft 365 and Google Workspace by up to 60%.

Call to Action:

If you suspect, or just wonder, what is in your IT blind spot, we can help. We can help you check your blind spots and assess what, if any, changes are necessary or recommended. Once decided, we can help you plan and execute those changes. Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Cybersecurity in the Whitespace

Cybersecurity White Space

A recent online post pointed out that the whitespace in the FedEx logo, between the “E” and “x”, creates an arrow. 

FedEx Logo

Once you see the arrow, you cannot miss it. You will see it every time you look at the logo.

The subtle, almost subliminal, arrow symbolizes a sense of forward motion and subconsciously reinforces the FedEx brand message of on-time delivery.

The power of the logo is not just the name, it is in the symbolism. The same is true for your cybersecurity.

The power of your cybersecurity is not just in the overt actions, success is in the whitespace.

Focus

Our cybersecurity efforts often focus on the concrete measures we can take to protect ourselves and prevent attacks. We deploy hardware, install software, and configure settings to both passively and actively protect our systems, data, and people. These actions are tangible and visible. 

Cybersecurity Whitespace

Equally important, if not more so, are the less visible cybersecurity efforts– your cybersecurity whitespace. Ask yourself these questions:

  • Is cybersecurity awareness a deliberate part of your culture?
    • Do you educate your team on their role in cybersecurity?
    • Do employees and contractors understand which behaviors help security and which can harm it?
    • Does your team understand how to recognize, report, and respond to security risks and attacks?
  • Do you have policies and procedures in place that set expectations for maintaining appropriate cybersecurity?
    • Do these policies and procedures include guidance and limits on human behaviors and actions that can pose or elevate risks?
    • Do you have consequences for negligent or deliberate non-compliance?
  • Do you understand the risks should a cyber attacker gain access to your systems?
    • Do you understand the protections you need in place to limit attacker access to identities and sensitive information?
    • Can you isolate attacks and prevent them from spreading across your environment?
  • Do you have plans in place to not only restore damaged or lost data, but to recover your business from a successful cyber attack?
    • Do you have cyber insurance?
    • Do you have clear action plans for how your business will respond to a successful cyber attack?
    • Will you be able to run your business while you recover your systems and data (and/or while computers are held as evidence)?
    • Do you have plans and resources in place to:
      • Comply with state and regulatory reporting requirements?
      • Communicate effectively with customers, vendors, and partners?
      • Manage your legal and financial liability?

Model for Success

Successful cybersecurity includes the visible and the whitespace. Our Security CPR model and managed security services include all three best-practice pillars:

  • Communication and education
    • Security awareness focused on human behaviors, risk recognition, and responding to suspicious acts.
    • Policies and procedures that guide and protect your business in line with compliance requirements.
  • Prevention and protection
    • Expertise, tools, and services to prevent cyberattacks and protect your business, data, and team.
    • Compliance assessment and management services to benchmark and certify to appropriate industry and regulatory standards.
  • Recovery and response
    • Business continuity services to keep your business running during forensic investigations and data/system recovery and restoration efforts.
    • Data restoration and disaster recovery plans and resources to return your business to normal operations as quickly and effectively as possible.
    • Cyber insurance brokerage partnerships to ensure your business is properly covered within your budget.

Call to Action

If you have not done so recently, now is a great time to step back and assess your IT services and solutions. Our Cloud Advisors are ready to help and assist with any questions or concerns. Start with a complimentary Rapid Security Assessment, contact us, or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Improve Your IT Atmosphere

AtmosphereFor those of us who have played video games over the years, even though we are not hard-core gamers, the experience has changed. The technology has certainly advanced over time. More importantly, the user experience – the IT atmosphere – has improved.

Back in the day, video game sound provided basic contextual clues to guide your gameplay. Listen to a few seconds of the Atari Combat game soundtrack from 1977. With only 8 bits to work with, and speakers that could only play one note at a time, the beeps and buzzes react to player actions and provide a basic context for the game. 

Now listen to a minute of the Gusty Garden Galaxy Theme from Super Mario Galaxy from 2007. Even without seeing the game in action, you can hear and feel the motion of the game. The more than 80-piece orchestra does more than reflect player actions, it creates an atmosphere and sets a mood.

IT Atmosphere

The same evolution is true for your IT services. Historically, your IT services were there to help you complete tasks – send messages, write documents, and create spreadsheets. Today, your IT services should create a rich atmosphere that empowers your team and enables your business

From simple tools to feature-rich, integrated productivity suites, you and your team have access to features that save time and effort, foster collaboration, and save money.

And yet studies show that, on average, small businesses underutilize the tools they have. Studies show, for example, that small businesses only use 15% of their Microsoft 365 services. Oftentimes, lack of awareness (or education) results in adding other services and tools that duplicate existing features and capabilities.

Making Improvements

Creating an effective IT atmosphere involves more than having tools and services in place. An effective atmosphere is an environment that fosters communication, collaboration, and productivity for individuals and teams.

Know What You Have

Catalog the IT services and capabilities you have in place. Understand how your team is using the services and identify underutilized features and functions. Identify those that could be beneficial. 

Eliminate Duplicity

Remove duplicate and overlapping services from your environment. Ensure your team is using the same tools and resources. Create commonality and encourage sharing of best practices.

Educate, Train, and Support Your Team

Ensure your team is aware and understands how to take full advantage of the capabilities within their current workflows or as part of improved workflows. Guide team learning to align with their roles and responsibilities; keep it timely, relevant, and in digestible chunks. 

Manage Your Shadow IT

Shadow IT, the individual use of non-sanctioned tools, can trigger significant problems for your business. Beyond security and information privacy risks, shadow IT isolates information and people. Listen to why your team is using tools and work to ensure that those capabilities are within your ecosystem. Remove objections to using company systems while enforcing your policies.

Call to Action:

If you have not done so recently, now is a great time to step back and assess your IT services and solutions. Our Cloud Advisors are ready to help and assist with any questions or concerns. Contact us or schedule time with one of our Cloud Advisors

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.