Posts

AI and Privacy Issues: Data Leaks and Breaches

/in

We recently posted about the AI warning we received from a partner about the use of AI tools and protecting their confidential information. Beyond the specifics of the warning, we quickly saw a much broader context. Using AI tools, if not managed carefully, will result in unauthorized data disclosures, breaches, or leaks. These disclosures may easily violate laws, regulations, industry standards, and contractual obligations. Before exposing your business to unnecessary liabilities, understand how your AI tools and services manage, and ensure, data privacy.

Scope of the AI and Privacy Problem

To gain a better sense of the issue, we decided to look into the data privacy practices of meeting assistants.  Meeting assistants are one of the most commonly used AI tools for small and midsize businesses.  Traditional meeting assistant tools transcribe discussions. Newer versions use AI engines to capture action items, summarize discussion points, and analyze the attitudes and sentiments of participants. We reviewed the terms of service, privacy policies, and FAQs for several services.

Here are some excerpts from our findings (company and service names redacted):

AI Terms of Service

Do not use the service if you need to keep protected or confidential information private:

You hereby represent and warrant to [Company] that your User Content … (ii) will not infringe on any third party’s copyright, patent, trademark, trade secret or other proprietary right or rights of publicity, personality or privacy; (iii) will not violate any law, statute, ordinance, or regulation (including without limitation those governing export control, consumer protection, unfair competition, anti-discrimination, false advertising, anti-spam or privacy);

The [Company] is not liable if you use their services:

… the user understands and accepts the risks involved with the use of AI or similar technologies and agrees to indemnify and hold [Company] harmless for any claims, damages, or losses resulting from such usage.

Allowing an AI engine to analyze your information, or allowing a service to use your information to train their AI-based services, is a disclosure:

When you post or otherwise share User Content on or through our Services, you understand and agree that your User Content … may be visible to others

AI Privacy Policies

Using AI tools has inherent risks:

By utilizing [Company]’s services, the user understands and accepts the risks involved with the use of AI or similar technologies and agrees to indemnify and hold [Company] harmless for any claims, damages, or losses resulting from such usage.

Some tools have service options, at added costs, to ensure data privacy:

… customers that want their data to be strictly segregated (for example, customers dealing with PHI) can choose the [service] option to exercise complete control over their compute and data infrastructure, ensuring that their data is separated per their compliance requirements.

Some services explicitly tell you that sharing confidential information violates their privacy policy:

You may also post or otherwise share only Content that is nonconfidential and that you have all necessary rights to disclose.

The Risks and Challenges with AI

With justifiable concerns about data protection and privacy, we have been trained to think about data leaks and breaches in terms of cyber attacks. We also look at “insider threats,” which are often human errors such as accidentally sharing files externally or putting confidential information in an unsecured email.

The use of meeting assistants and other AI-powered productivity tools creates a new category of risk.  In order to learn and improve, AI tools need to train using information. The easiest way to provide information to train an AI tool is to capture information provided by the users.  The users get their results; the AI tool trains, learns, and improves.

While this works for the AI tool or service provider, it creates a data breach platform for the users unless the tool has specific policies and services to ensure compliance with data privacy laws and regulations. 

Using an unsecured AI meeting assistant creates an incidental, if unintentional, breach. 

Some examples of incidental breaches caused by unsecure AI meeting assistants:

  • Two doctors discuss a patient consult, disclosing personal health information (PHI) to third parties in violation of HIPAA
  • You discuss project details with one of your clients, disclosing confidential intellectual property in violation of your contract
  • Your financial advisor discusses your financial holdings and accounts with you, disclosing personally identifiable financial information in violation of industry regulations and standards

Protect Yourself and Your Business from AI and Privacy Issues

From our review of several AI meeting assistant services, very few will keep your information private. Those that do will charge additional fees.

When you get on a video meeting or conference call, ask the host if their meeting assistant is secure. If not, or if they are unsure, ask them to turn it off.

More generally, take a step back and plan your approach to AI.

  • Consider how and when you want to use AI in your business
  • Make sure you and your team understand your contractual and regulatory responsibilities with respect to information privacy
  • Assess the AI tools and services you plan to use:
    • Understand their data privacy commitments
    • Match privacy policies and commitments against your business and legal requirements
    • Opt-in to agreements that ensure data privacy, even if it requires paying for the service,

With an understanding of your requirements and AI services, AI can add value to your business without introducing significant avoidable risk.

We Can Help

To discuss your technology service needs and plans, click here to schedule a call with a Cloud Advisor or send us an email.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Our First AI Warning: Why Using AI Services Can Breach Your Contracts

/in

We recently received our first AI Warning. This was not a a general warning such as, “anything built for good can be use for evil” or “AI can replace you.” We received a direct warning about specific uses of artificial intelligence services and our contracts. The warning we received applies to you as well.

Some Background About this AI Warning

Cumulus Global is known for our professional services, including our ability to successfully manage cloud migrations from a variety of local environments. We often provide these services to other technology firms that need our expertise and experience to solve specific client needs. We have standing partnership agreements with several of these firms.

The AI Warning came from one of our partners.

The AI Warning

The warning we received centered on our potential use of AI services and the implication for confidential information belonging to our partner and their clients. The warning stated that providing this data to any AI system or tool is a likely violation of our contract, confidentiality, and non-disclosure agreements.

Specifically:

  • Providing confidential information to any AI system or tool is an authorized disclosure unless we have a contractual agreement in place with the AI vendor that ensures all data remains private and confidential.
  • The use of any confidential information for feeding or training AI system or tool is considered an authorized disclosure. Even if the AI system or tool is private the confidential information will be used outside the scope of any project, work, or need.

In addition to clearly defining limits on the use of their data with AI services, the warning included the company’s intent to pursue any and all contractual and legal methods to prevent, or in response to, disclosures.

Bigger Context

While this AI warning was specific to one business relationship, we see a bigger context. The current flood of AI services is exciting, and the potential uses and benefits are great. If we want to engage, however, we need to be careful. Whether we are deliberately training an AI system or creating prompts and providing feedback to refine answers, we are placing information in the hands of others. Unless we take explicit steps to ensure privacy with AI tools, our expectation must be that the information we provide will be used train the AI service, effectively placing the information in the public domain.

We must also recognize that the generative nature of AI increases the risk of improper disclosure. While we may not intend to disclose information, AI engines can recognize and correlate information. In other words, AI services can piece together data to create and share  information that should be private.

Your Action Plan to Prevent AI Issues

Take a step back and plan your approach to AI.

  • Consider how and when you want to use AI in your business
  • Make sure you, and your team, understand your contractual and regulatory responsibilities with respect to information privacy
  • Assess the AI tools and services you plan to use;
    • Understand their data privacy commitments
    • Match privacy polices and commitments against your business and legal requirements
    • Opt-in to agreements, even if it requires paying for the service, that ensure data privacy

With an understanding of your requirements and AI services, AI can add value to your business without introducing significant avoidable risk.

We Can Help

To discuss your technology service needs and plans, click here to schedule a call with a Cloud Advisor or send us an email.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

Understanding a Third Party Data Breach & How to Prevent One

/in ,

Understanding Third Party Breach AlertsWhat is a Third Party Data Breach?

A third party data breach occurs when an individual’s login identity and/or personally identifiable information (PII) has been disclosed by a third party system or service. A third party system or service is one that is unrelated to your business.

Third party data breaches are a security risk to your business and your employees. To understand this risk, we look at human behavior and the nature of modern cyber attacks. Knowing the risks, we look at ways to identify and respond. We discuss methods to ensure you are properly protecting your employees and your business.

The Risks of Third Party Data Breaches

The Risk of Human Nature

Multiple studies show that between 65% and 70% of humans will use identical or similar passwords across systems. The practices of “patterning” and “mimicking” passwords is more common across accounts using the email address or username as the account identity, whether or not the login is for a business system or some other system or service.

Think about employees using their work email for business-related services, such as video conferencing services, LinkedIn, or file sharing services. Some employees may have accounts to online stores for purchasing materials or supplies.  A breach in any of these systems, which are out of your control, poses a risk to your business.

A second aspect of human nature that works against us: humans are social creatures.  People, at different levels, want and need to interact with others.  In general, humans are trusting and we want to be helpful.  We will share information if and when it fits within typical interactions and when we think we are helping ourselves or others.

The Risk of Cyber Attack Methods

Currently, sophisticated criminal organizations (sometimes backed by hostile nation-states or terrorist groups) execute the vast majority of cyber attacks. They often sell and trade methods, malware, and data on the dark web, as different organizations build specialized expertise. Modern cyber attacks reflect the sophistication and expertise of the cyber criminals. Most cyber attacks involve indirect and direct methods.

Indirect Attacks

We define indirect attacks as those intending to gather information. Cyber criminals collect useful information in order to conduct direct attacks and to sell to other criminals. Phishing, social media “clickbait”, and third party data breaches are three common examples of indirect attacks that provide personal information for further attacks.

Direct Attacks

We define direct attacks as those intending to gain access to your systems and information. These include compromised user identities or credentials, ransomware, activity/keystroke monitoring, business email compromise attacks, and other attacks where your data is exposed or altered.

Direct attacks are more successful if they use data gathered from previous, indirect attacks.  And while cyber attackers may manage the complete attack, it is more common for those interested in direct attacks to buy data from those that specialize in conducting indirect attacks.  Your answers to quizzes and games on Facebook are being sold to cyber criminals that will use that information against you in a future attack. Indirect attacks also gather information that allow the attackers to impersonate you, organizations, or those around you.

Maybe the information lets them craft a surprisingly real-looking email asking you to log into a fake website, or to transfer money to a vendor using incorrect banking information.  Or, you are asked to share the MFA code you received by text. And with enough information, the attackers pretend to be you and ask your customers to make a payment by wire or ACH transfer using their banking information, not yours.

Tracking Third Party Data Breaches

The best method of tracking third party data breaches is subscribing to a monitoring and alert service.  Use the service to scan and monitor the dark web for data breaches related to any email address from your business domain(s).  The service should send you alerts that include:

  • Email address of the breached account
  • Origin of the breach, if known and disclosed
  • The Source of the breached data (where was the data posted/visible)
  • The type of the compromise
  • When the data was found
  • If a password was compromised, and if the password is visible or encrypted
  • Any PII disclosed in the breach

Using this information, you can assess the risk and take appropriate actions in response.

At Cumulus Global, we partner with DarkWeb ID for third party data breach monitoring and alerts.  Our eBook, Understanding Third Party Breach Alerts, covers how to analyze alerts, assess risks, and respond accordingly.

Protecting Your Business From a Third Party Data Breach

To fully protect your business from a third party data breach, your security strategy needs to ensure you have three things in place:

  1. You and your team should understand your security risks and how your behaviors can help or prevent an attack.
  2. Have procedures and technologies in place to protect you from successful attacks
  3. Have security services in place to prevent the disclosure or loss of data and/or system access.
  4. Capabilities and services in place to respond should an attack be successful, and to help your business recover.

We developed our Security CPR Model specifically to help small and midsize businesses create, deploy, and manage an appropriate security strategy. If you follow this model in addition to other cyber security best practices, you’ll be well positioned to prevent a third party data breach.

Communicate & Educate

    • Communicate with your team that Cyber Security is a priority and educate them on cyber security risks, the need for everybody to be vigilant, and the behaviors/actions they can use to help prevent successful attacks.
    • Develop policies and procedures to establish clear expectations for how your organization will maintain cyber security and how your team will use security technologies and services

Protect & Prevent

      • Select, deploy, and maintain security technologies and services that match and support your cyber protection needs and priorities.
      • You can simplify your security services by focusing on the most likely threats and those that would have the greatest impact if successful (see: How Can SMBs Streamline IT Security?)

Respond & Recover

    • Put systems in place to recover lost or damaged data and systems; consider business continuity solutions that enable you to continue operating your business while restoring your primary systems.
    • Pre-arrange resources to help you respond to the technical, regulatory, legal, reputation, and customer service impacts of a successful cyber attack

You can learn cyber security tips and key information about third party data breach prevention by viewing Security CPR, our 3T@3 Webcast from January 2023.

Call To Action

Complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

Or, contact us or schedule time with one of our Cloud Advisors to discuss your security needs, priorities, and solutions.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

 

 

How Can SMBs Streamline IT Security?

/in

Data Protection & Security

Cumulus Global CEO, Allen Falcon, answers this question in Inc. Magazine.

Small businesses face new demands to improve and maintain their IT Security.  Customer, vendors, regulators, and insurance carriers are defining criteria and pushing SMBs to implement procedures and technologies. If not managed well, SMBs end up with duplicate services and increased operating costs. How can SMBs streamline their IT security to manage costs without losing capabilities?

To learn more about cyber security for SMBS, visit these blog posts:

Additional resources to help you Streamline IT Security:

Need guidance? Schedule a call with one of our Cloud Advisors.

Resources for Small Business Owners and Solopreneurs

/in
Read more

4 Pillars of Cloud Security: The Most Important Strategies to Know

/in

Learn about the four pillars of cloud security that can help you reduce risk, increase agility, and run more efficiently: (C/I/A), external threat protection, data loss protection, and compliance.

While Cyber Security month comes and goes, the four pillars of cloud security remain integral to long term business success.  In what seems like a never-ending process, we continue to face new and advancing cyber security threats to the integrity of our data, identities, and businesses.  For those of use with small and midsize businesses, we need to ensure our systems and information are secure. At the same time, we want to keep our IT systems simple and manage our budgets.

Four Strategies for Cloud Security

To strike the right balance, we need to assess our current security foundation, identify gaps, and fill in services where needed. Doing so creates a security foundation that covers your basic needs.  From there, with the four pillars of cloud security in place, you can add services and build the security footprint you need to meet industry expectations and regulatory requirements.

A sound cloud security foundation is built on four pillars of cloud security.

1. Basic C/I/A

Ensure the confidentiality, integrity, and availability (C/I/A) of information you create, receive, maintain, or transmit.

This first pillar of cloud security establishes your basic security infrastructure that protects against attacks and prevents breaches across your IT systems.  It also creates your ability to respond to issues and recover, key to ensuring business continuity and resilience.

2. External Threat Protection

Identify and protect against reasonably anticipated threats.

This pillar of cloud security focuses on the attacks and threats from outside your business. From phishing, ransomware, and business email compromise, to DNS and advanced persistent threats, the focus is on protecting your data, applications, systems,  and people from harm.

3. Data Loss Protection

Identify and protect against reasonably anticipated uses and disclosures.

Data breaches and data loss result from configuration issues, application errors, and individual actions. Permission errors, inappropriate sharing, and other actions are often accidental, resulting from a lack of understanding of policies and/or how systems work. They can, however, result from intentional acts of misconduct. Proper data protection and security solutions will help protect against these internal risks and threats.

4. Compliance

Ensure workforce and business compliance.

Nearly all businesses must meet basic legal requirements to protect sensitive information. Most businesses must also adhere to industry and additional legal requirements.  This cornerstone encompasses the policies and procedures that ensure your team, and your business meet your compliance requirements. IT also includes the tools and methods to enforce policies and report on compliance.

Tactics for Implementing the Four Pillars of Cloud Security

To ensure your cornerstones are set and your cloud security foundation is place, conduct a security footprint assessment.  For each pillar of cloud security, identity the services you have in place and those that may be needed. The assessment should cover the “CPRs” of security:

  • Communication/Education
  • Protect / Prevent
  • Respond / Recover

For more information, send us an email or complete our contact form.

Mandatory Google Workspace Transitions Begin

/in ,

Google Cloud PartnerIf you have not completed your transition from G Suite to Google Workspace, Google will automatically begin Google Workspace transitions on January 31, 2022.  You will receive at least 30 days notice of your migration.

Please note that this transition includes significant changes to your subscription options, features/functions, AND PRICING.

Google Workspace

KEY POINTS TO KNOW:

  • Disruption: The transition is non-disruptive to end users and administrators, unless you decide to transition to a subscription with different features.
  • Pricing: Depending on your size and current G Suite services, keeping the same features may result in price increases of 50% to more than 300% (see below).
  • Savings: Cumulus Global can manage your transition, help you select the best Google Workspace for your business, and offer discount incentives for making your transition before the end of the year.

YOUR KEY DECISION:

You need to decide if you want to manage your transition or wait for Google to transition your subscription automatically.

If you chose to manage your transition, we can:

  • Save you money with Google-supported incentive discounts, provided we schedule your transition before the end of the year.
  • Help you select the best subscription plan/mix for your business, ensuring your business and security needs are met at the lowest cost.
  • Schedule your transition at a time that works for you and your team.
  • Educate your IT team on any new end-user, admin, and security features.
  • Support your IT team and end users.

YOUR MANAGED TRANSITION

To learn more about Managed Transitions, please contact us by email, or use the following form:


RESOURCES

In addition to more information in the “About” sections, below, we offer the following resources as well:

About: Automatic Transitions

Google will begin automatic transitions on January 31, 2022.

  • For annual subscriptions, the transition will occur at the end of your current annual or fixed term contract.
  • Companies on “Flex Plan”, month-t0-month services, Google will transition your account as quickly as possible
  • Google will determine the Google Workspace subscription based on your current product features, even if this change results in a significant price increase
  • Automatic transitions are not eligible for incentives or other discounts

About: Pricing Changes

The three biggest impacts on your Google Workspace pricing are your number of licenses,  features, and storage.

License Count

Companies with fewer than 300 users can select from three Google Workspace Business subscriptions.  Companies with more than 300 users will need to select from the two Google Workspace Enterprise subscriptions.  While you can mix and match licenses within the Business and Enterprise tiers, you cannot mix and match Business and Enterprise subscriptions.

Impact for companies with more than 300 users:

  • Companies running G Suite Basic, will see their per user license fees increase form $6 per month to at least $20 per month.
  • Companies running G Suite Business, will see their per user license fees increase form $12 per month to at least $20 per month.

Features

The biggest feature impact for most companies will be their use of Vault.  Companies running G Suite Basic and Google Vault, or running G Suite Business (which includes Vault), will need to transition to Google Workspace Business Plus. Because both Google Workspace Enterprise subscriptions include Vault, any company with more than 300 users will have Vault due to the license count-based migration requirements.

Impact for companies using Vault (with 300 or fewer users):

  • Companies running G Suite Basic plus Vault, will see their per user license fees increase form $11 per month to $18 per month.
  • Companies running G Suite Business, will see their per user license fees increase form $12 per month to at least $18 per month.

Storage

Added storage is no longer an option with Google Workspace. Because you can mix and match licenses within the Business and Enterprise tiers, you may need to transition users to different subscriptions based on their storage needs.

The Google Workspace subscriptions offer the following per-user storage:

  • Business Starter = 30GB, no Shared Drives
  • Business Standard = 2 TB, aggregated across the domain, with Shared Drives
  • Business Plus = 5 TB, aggregated across the domain, with Shared Drives
  • Enterprise Standard = Unlimited storage, with Shared Drives
  • Enterprise Plus = Unlimited storage, with Shared Drives

Other Changes: Vault Former Employee Licenses

Vault Former Employee (VFE) licenses are free or discounted Vault licenses for users that no longer have active G Suite accounts.  With the transition to Google Workspace, VFE licenses are no longer available; VFE licenses will transition to Archive User Licenses (AUL).

Archive User Licenses are NOT FREE. The per user per month pricing for AULs is as follows:

  • AUL – Business = $4
  • AUL – Enterprise Standard = $5
  • AUL – Enterprise Plus = $7

Companies with VFE licenses should plan for alternate retention strategies or potentially significant licensing fees.

 

The Kaseya Attack Effect

/in

Data Protection & SecurityThe Kaseya attack demonstrates how cyber crime is a big, organized business.  How big? You can subscribe to “Ransomware as a Service” and outsource attacks on your intended targets.  How organized? Hacker groups and service providers, such as the REvil Ransomware Group and DarkSide, actively manage their brands and reputations.  The REvil attack on Kaseya shows us that cyber criminals are technically advanced and operationally sophisticated. The nature of the attack, and its scope, should scare you.

By using known vulnerabilities in Kaseya’s VSA Remote Monitoring and Management system, REvil was able to create an automated ransomware distribution network. They used the very systems that Managed Service Providers (MSPs) use to monitor and manage customer servers, computers, and networks.

The Impact

MSPs update their Kaseya VSA servers automatically installed the Ransomware on their customers’ systems, as well as their own. Best estimates are that up to  1,500 small and medium-sized companies are victims. While this number seems small, those 1,500 business face an existential threat. Remember: more than half of businesses victimized by ransomware fail within six months.

Most MSPs shut down their Kaseya VSA services before spreading the ransomware. These firms had no ability to monitor, manage, or remotely support their customers. Customers facing IT issues were met with longer diagnostic and resolution times, resulting in business disruption, lost productivity , and the possibility of data loss.

As a managed cloud service provider, Cumulus Global does not use the Kaseya VSA system.  Our clients were not at risk, via our services, from this attack.

The Lessons

We were on the sidelines for the Kaseya attack. We understand, however, that the way in which may cloud services are managed create connections between vendors, resellers, partners, and customers. While these connections do not generally provide any access to customer data, they do provide access to management functions and information about users.  This information, in turn, could be used to improve the effectiveness of phishing attacks, spoof identities, and gain access to systems.

As a trusted IT advisor and a managed cloud service provider, we are part of a connected supply chain. We take our responsibility to secure our part of that chain seriously. While we follow commercially accepted best practices for security and privacy, the Kaseya attack warns us to step back and re-evaluate our strategy, policies, and procedures.

Our Next Steps

Cumulus Global is conducting an internal review of all of our internal and operational systems, including vendor portals and services we use to order, provision, manage, and support cloud services. As part of this review we are examining our policies and procedures related to:

  • Identity management and protection
  • Access to the systems
  • System level permissions related to function and data
  • Roles and responsibilities with respect to security and privacy
  • Business continuity plans and capabilities

Through this process, we are challenging our assumptions, re-assessing how we operate security and effectively, and raising our expectations for how well we protect ourselves and our customers.

We will also be making recommendations to our clients, and the broader community, on steps they can take to improve their security profile and protections.

Your Next Steps

As a user of cloud services, and technology in general, have responsibilities as well.

We Can Help

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Quick Guide to Your Google Workspace Transition

/in

Google Workspace

G Suite to Google Workspace Transition is Happening Now

According to Google support, “Now is the time to transition your customers’ G Suite Basic and G Suite Business subscriptions to Google Workspace. Beginning February 1, 2023, Google will automatically transition your customers once they are eligible.”

In October 2020, Google announced the transition of its productivity platform from G Suite to Google Workspace.  More than a simple branding change, the Google transition includes significant changes to your subscription options, features/functions, and pricing.

Big Picture of the Google Workspace Transition

  • Google Workspace has two subscription tiers: Business and Enterprise
    • The Google Workspace Business tier offers three subscription options: Business Starter, Business Standard, and Business Plus
      • You may mix and match subscription types within the Business tier based on user and group needs
      • You total user count (licenses) cannot exceed 300
    • The Google Workspace Enterprise tier offers two options: Enterprise Standard and Enterprise Plus
      • You may mix and match subscriptions within the Enterprise tier
      • You have no limited on the number of user licenses

Read more about Google Workspace Plans and Pricing.

Impacts of the Transition From G Suite to Google Workspace

Vault

As part of the repackaging, Google Vault is no longer available as an add-on.  G Suite Business subscriptions and G Suite Basic subscriptions with Vault as an add-on, will need to move some or all of their users to Google Workspace Business Plus.  At standard pricing, this means a price increase from $11 or $12 per user per month up to $18 per user per month.  For businesses that need Vault for regulatory or industry compliance, this increase in unavoidable.

License Counts

From companies with more than the 300 users, Google is forcing a move to the Google Workspace Enterprise tier.  While Google offered a grace period allowing companies with more than 300 users to transition to Google Workspace Business subscriptions for up to 3 years, the offer has expired and is not expected to return.

The impact is a standard price increase from G Suite Basic and G Suite Business at $6 and $12 per user per month, respectively, to $20 per user per month for Workspace Enterprise Standard.  As noted, below, we can help with Google Workspace transition incentives and discounts to help mitigate the increase.

Storage

Workspace Business Standard and Workspace business Plus have 2TB and 5TB per user, respectively. This storage is pooled and available to all users, reducing the likelihood that specific users will need additional storage space.  While rare, some businesses running G Suite Business with unlimited storage are above those limits.  This will also become an issue over time for some businesses, particularly those that work with large files, such as CAD, images, and video.

Big Incentives

Working with Google, we are able offer incentive and discounts for transitioning from G Suite to Google Workspace.

  • Incentives and discounts are greater if you transition before your annual renewal date
  • Greater discounts exist if you are willing to commit to a 2 or 3 year term, instead of a 1 year term
  • Incentives change quarterly and, generally, become less generous over time, so reach out to us for details and your specific options
  • We will work with Google to address any unique requirements and circumstances

Incentives and smart subscription and license planning will save you money and mitigate any cost increase related to your G Suite to Google Workspace transition.

Your Next Steps for the Google Workspace Transition

  1. Check out our Quick Guide – Google Workspace Transition that covers migration paths and the impact on features and costs.
  2. Contact us to discuss and map out your transition from G Suite to Google Workspace, or use schedule a brief call with one of our Cloud Advisors directly.


The State of SMB Cyber Security

/in

Data Protection & SecurityGone are the days when cybercrime was exclusively a big business problem. In the modern workplace, all businesses are at risk, regardless of their size or industry. Today, we recognize that implementing a cyber security program, much like hiring people and growing sales, is an essential part of running our companies.

With 43% of cyberattacks targeted at SMBs, it’s not surprising that many have identified cybersecurity as a priority. And while most of us have deployed protections, it is challenging to know if you have the right balance of protection relative to your risk.

Here are 4 key findings from research conducted by Microsoft:

01 Businesses understand that cybercrime is a problem, but understate the severity of the threat and overestimate their preparedness

The vast majority of businesses (85%) cite cybercrime as a concern, and more than half (56%) believe it is a top priority. Businesses are backing up this belief with action. Most have begun to invest both time and dollars into protecting their company from hackers and other malicious actors.

However, when you look a little deeper, it becomes clear that many have underestimated their risk. 74% of businesses don’t believe they are likely to be attacked at all and that corporations are two times as likely to be attacked.

90% of businesses say they have the right protections in place to prevent an attack, and those with more than 50 employees are even more confident. It is encouraging that businesses are investing in security, but the reality is that they are at greater risk than they think. Nearly half (41%) have been attacked

02 Small and medium-sized businesses are just as likely to be attacked as large corporations

For solutions that do cost money, businesses allocate about 15% of IT budgets go to cybersecurity,  and  21% plan to increase how much they spend protecting the company. Businesses recognize that this investment is worth it because three out of four know that it costs more to recover from an attack than it does to prevent one.

03 Employees can be a business’s biggest protection and also their biggest threat

As a small business owner, you face many of the same threats as larger businesses, but also unique challenges.

Given the number of security events tied to employees, businesses run the risk of underestimating the threat of employees leaking data or  sharing sensitive information, whether maliciously or accidentally.

Insider threats take several forms. Employees or partners may find it more convenient to transfer sensitive data using personal email or an unsecure cloud drive, not realizing the risk to your company. In fact, 30% of security events are attributed to careless or uninformed employees. More alarming is the roughly 36% of attacks where a malicious employee steals sensitive data.

04 Businesses have begun taking steps to protect themselves and there is a set of solutions and practices available to them

Most small and midsize businesses don’t have the same scale of resources to combat security threats and implement cyber security solutions as larger entities.

Fortunately, there are right-sized solutions and strategies designed to overcome the unique vulnerabilities of smaller companies. An effective security strategy doesn’t have to be expensive—or time-consuming. With a few simple, no-cost/low-cost steps, you can make a significant  impact on your company’s overall security profile. The key is to match security to your business needs and your budget.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Webcasts

Your 2024 IT Action Plan

/in

(12/19/2023) – When planning for the upcoming year, we often forget to consider the role our technology and services can play in supporting our business goals and objectives. Align your IT plans to best support your business goals.

Read more

Your Transition to Google Workspace

/in

Map your transition to Google Workspace: Understand the changes in features/functions and the cost impact for your business.

Read more

library

Protect Your Business – Top 3 Security Threats

/in

eBook | Source: Microsoft —
This eBook explores how you can safeguard your business against the top three security threats, plus the one threat your business is probably overlooking.

Read more

Crash Course in Office 365

/in

eBook | Source: Microsoft —
You already know the productivity power of Office applications like Word, PowerPoint, and Excel. Full adoption empowers you to access your …

Read more

Global Year in Breach – 2021

/in

eBook | Source: ID Agent —
2020 saw a cybercrime boom that included record-breaking phishing and ransomware threats. This report provides insights into the rapidly changing cybersecurity landscape; forecasts cybersecurity trends for 2021; and provides helpful advice about smart risk mitigations that fit every business and every budget.

Read more

Google Workspace Security

/in

eBook | Source: Google —
Google started in the cloud and runs on the cloud, so it’s no surprise that we fully understand the security implications of powering your business in the cloud.

Read more

Make it Work: The Future of Collaboration and Productivity

/in

eBook | Source: Google —
The future of work is here – it’s just not evenly distributed. This report identifies three changes businesses  can make to work in the future

Read more

Unblocking Workplace Collaboration

/in

eBook | Source: Microsoft —
Poor workplace collaboration is 1 of 5 top reasons people quit their jobs. Break down collaboration blockers so that teams …

Read more

Google Workspace Migration Guide

/in

eBook | Source: Google — What are your goals, and what makes one technology solution the best fit? Here are some insights that can help facilitate a smooth transition to new workplace productivity tools at all stages — with specifics on Google Workspace — from decision to preparation to deployment to upkeep.

Read more

Six Types of Remote Workers and How to Support Them

/in

eBook | Source: Microsoft —
Great teams build great companies. Understand the six types of remote workers who impact your team, evaluate their technical needs, assess their …

Read more

The Ultimate Meeting Guide

/in

eBook | Source: Microsoft —
Many businesses experience a sizable gap between the increasing number of meetings and the value derived from the time spent in these meetings. What can you do? The simple answer for better meetings is to …

Read more

Securing Your Digital Transformation

/in

eBook | Source: Cumulus Global

Read more