Posts

XChange of Ideas – Trends with Benefits

/in ,

XChange Events

This XChange of Ideas shares trends that can boost your business’ productivity.

We recently spent three packed days at the XChange 2022 Conference. While we attend to improve our service offerings and business, many of the insights will benefit your business as well.

1 Industry Consolidation Awareness 

As with most maturing, dynamic industries, consolidation of vendors is not unusual in technology. Bringing together complimentary technologies and solutions can create synergy and economies of scale.  Currently, we are seeing something a bit different.  Companies that provide the systems we use to run our business are acquiring products and services that we offer to our customers.  By offering solutions we sell, and the solutions we use, our vendors are hoping to provide us with better integration and efficiencies.

The risk, however, is that service providers will focus, or limit, their options to match the “single vendor” efficiency. While you, as the customer, may benefit from the efficiency, these benefits will be fleeting if the solutions do not meet your needs.

We, at Cumulus Global, will continue to offer multiple solutions for nearly all of the services we offer. We commit to this strategy because efficient mediocrity serves nobody well.

2 VDI is Better than O.K.

Acceptance and use of virtual desktop infrastructure (VDI) and remote desktop services is on the rise. Beyond an interim solution, VDI services prove to offer many businesses long term value. We see several reasons for considering a move to VDI, including:

  • Support for hybrid work environments. With employees working in office and remote, a VDI environment provides a single computing environment for your entire business.  Accessing files and applications is the same, regardless of location and end user device.
  • Strategic Savings. VDI services extend the useful life of your existing laptops and desktops.  Since VDI clients are not processing data locally, the demand on processors, memory, and disk space are minimal.  Aging equipment can remain in service without impacting performance.
  • Improved Security.  VDI services run in secure, professionally run data centers. We use Microsoft Azure and Google Cloud Platform for VDI services. VDI provides private, secure networks, with multiple access options to meet your business needs.
  • Business Continuity and Resiliency. The faster you can recover from a disaster or technology failure, the better your business will survive and grow. VDI services remove most of the risks from local disasters and system failures.  As you can access your services from anywhere you are Internet-connected, and from most any end user device, teams can easily relocate and work around localized disruptions.

As disruption of technology supply chains continues, VDI allows you to upgrade your environment without investing in new desktop and laptop devices. You can move forward with your business without worrying about system availability.

To explore if VDI services can help your business, contact us about our security assessments, or schedule an intro call with one of our Cloud Advisors.

XChange of Ideas – Security

/in ,

XChange EventsLooking at what we learned during three packed days at the XChange 2022 Conference, we have much to share.  The XChange conferences help IT service providers, like Cumulus Global, explore emerging trends, challenges, products, and solutions.  While we attend to improve our service offerings and business, many of the insights will benefit your business as well. This XChange of Ideas shares three emerging security trends.

1 Security is Not a Technology

Most small and midsize businesses see themselves as having security because they have some security technologies and systems in place.  Security, however, is not a technology; security is an ecosystem that spans people, processes, and systems, as well as a lifecycle of prevention, response, and recovery. As important, we need to understand that managing our security

Most businesses still lack the basic set of security protections that span the security lifecycle. A solid security foundation should include advanced threat protection, next-gen endpoint protection, DNS security, web protection, multi-factor authentication, and encryption. A solid backup/recovery is also necessary; having a business continuity solution is preferred.

With the dynamic nature of threats and cyber attacks,  many businesses are at higher risk and should be deploying advanced security services. Advanced security services may include managed security incident detection and response (MDR) services, internal application whitelisting, segmentation, and other protections that can detect, halt, and stop the spread of an attack.

2 Cyber Insurance is Not Assurance

Cyber Insurance is more than a good idea, it is a necessity for almost every business.  But cyber insurance is not assurance that you can quickly recover from a cyber attack.

  • Cyber insurance underwriters have you complete a questionnaire or audit about your cyber protections, policies, and procedures. When you submit a claim, most cyber insurers will ask you to demonstrate that the protections were in place, how they were functioning, and that you follow the policies and procedures noted in your application.  If you cannot show that you do what you promise, expect your claim to be denied.
  • Your cyber insurance underwriters may prevent you from starting your systems and data recovery. Recovery typically destroys evidence of the attack, it’s cause, and it’s method of propagation. You may be unable to restore your systems and data for days — or even weeks — while your insurer completes a forensics investigation.

Having the right protections in place, and being able to demonstrate compliance, is a clear expectation to resolve cyber insurance claims.  Having a continuity solution in place that allows you to return to operation in parallel with a forensics investigation should be considered.

3 HIPAA is Not Just For Doctors

HIPAA is the regulatory cornerstone for protecting personal health information (PHI). These regulations control how we store, transmit, and share — procedurally and technically — PHI. Compliance, however, is not just required of healthcare providers, insurers, and others direct access to patient records. Businesses serving healthcare providers — those that sign a Business Associates Agreement — face compliance requirements as well.

HIPAA enforcement is expanding beyond Covered Entities to Business Associates, as is notable on the US Department of Health and Human Services Office of Civil Rights HIPAA “Wall of Shame

If you are not sure that your security services are up to par, contact us about our security assessments, or schedule an intro call with one of our Cloud Advisors.

Resources for Small Business Owners and Solopreneurs

/in
Read more

Different Types of Email Security Features

/in

Different Types Of Email Security Solutions Can Help Protect your Business

When launched Cumulus Global 15 years ago to provide small and midsize businesses (SMBs) with email security and security solutions. As early adopters, we saw how managed cloud services and solutions made enterprise grade solutions affordable and effective for small businesses.  While much as changed over the past decade and a half, we still face email-based threats.

Email Attacks are Easy

According to Verizon’s 2021 Data Breach Report, email remains one of the most common vectors for attacks. And, phishing attacks are at the top of the list. Email phishing attacks remain prevalent because they are relatively easy. Cyber attackers are able to say one step ahead of our defenses, in large part to the rise in social engineering. With more of our personal information available through social media, attackers can use psychological tactics and personalized messaging to target specific individuals (spear phishing) and business leaders (whaling). In doing so, they garner sensitive information and gain access to systems and data.

Business Email Compromise

Business Email Compromise (BEC) attacks impersonate your email domains or emails for specific users. In most instances, BEC attacks look and feel like legitimate emails from your business. Combined with social engineering tactics and personalize information, they are hard to spot and often successful.  Cyber security attacks can be “internal” that target your employees, or “external” that use your business to defraud your customers and associates.

Email and Domain Impersonation

Preventing email and domain impersonation attacks bypass account level security, including multi-factor authentication. To prevent these attacks, recipients should only accept email that can be authenticated as coming from your domain.

Different Types of Email Security Protection: Good, Better, Best

Currently, you have three levels of email domain security that can protect your business and your identity: Good, Better, and Best.

Good: SPF Sender Policy Framework

SPF verifies emails sent from valid IP addresses, either from your domain or authorized senders. While most small businesses have an SPF record configured, errors cause individual emails, or emails from marketing and CRM systems, to be flagged as spam by the recipient. Cyber attackers can spoof email addresses to give the appearance of a validated sender.

Better: DKIM DomainKeys Identified Mail

DKIM verifies that have been digitally signed by the sending domain, or by services sending email on behalf of the domain. Proper configuration is technical and involves cryptographic key management; errors can lead to fake messages with valid DKIM signatures. Cyber attackers can remove the DKIM signature using sophisticated relay attacks.

Best: DMARC Domain-based Message Authentication, Reporting,
and Conformance

DMARC authenticates email origin by aligning identifiers from SPF and DKIM, and instructs recipients to deliver, quarantine, or reject failed emails by policy. DKIM helps improve email deliverability. Is the best protection against email and domain impersonation attacks, whether they target your employees, vendors, or customers. Reporting enables you to see email sources and manage your policies.

Protect Your Business With Our Email Security Services

While you set up SPF and DKIM with DNS record entries, DMARC is best implemented as a service. Doing so provides you access to settings, reports, and analysis tools. For most small and midsize businesses, the level of protection DMARC provides is worth the minimal cost.

You can learn more with our eBook: Email Security: Good, Better, Best.

To discuss your email security configuration, make an appointment with one of our Cloud Advisors, send us an email, or fill out our contact form.

Mandatory Google Workspace Transitions Begin

/in ,

Google Cloud PartnerIf you have not completed your transition from G Suite to Google Workspace, Google will automatically begin Google Workspace transitions on January 31, 2022.  You will receive at least 30 days notice of your migration.

Please note that this transition includes significant changes to your subscription options, features/functions, AND PRICING.

Google Workspace

KEY POINTS TO KNOW:

  • Disruption: The transition is non-disruptive to end users and administrators, unless you decide to transition to a subscription with different features.
  • Pricing: Depending on your size and current G Suite services, keeping the same features may result in price increases of 50% to more than 300% (see below).
  • Savings: Cumulus Global can manage your transition, help you select the best Google Workspace for your business, and offer discount incentives for making your transition before the end of the year.

YOUR KEY DECISION:

You need to decide if you want to manage your transition or wait for Google to transition your subscription automatically.

If you chose to manage your transition, we can:

  • Save you money with Google-supported incentive discounts, provided we schedule your transition before the end of the year.
  • Help you select the best subscription plan/mix for your business, ensuring your business and security needs are met at the lowest cost.
  • Schedule your transition at a time that works for you and your team.
  • Educate your IT team on any new end-user, admin, and security features.
  • Support your IT team and end users.

YOUR MANAGED TRANSITION

To learn more about Managed Transitions, please contact us by email, or use the following form:


RESOURCES

In addition to more information in the “About” sections, below, we offer the following resources as well:

About: Automatic Transitions

Google will begin automatic transitions on January 31, 2022.

  • For annual subscriptions, the transition will occur at the end of your current annual or fixed term contract.
  • Companies on “Flex Plan”, month-t0-month services, Google will transition your account as quickly as possible
  • Google will determine the Google Workspace subscription based on your current product features, even if this change results in a significant price increase
  • Automatic transitions are not eligible for incentives or other discounts

About: Pricing Changes

The three biggest impacts on your Google Workspace pricing are your number of licenses,  features, and storage.

License Count

Companies with fewer than 300 users can select from three Google Workspace Business subscriptions.  Companies with more than 300 users will need to select from the two Google Workspace Enterprise subscriptions.  While you can mix and match licenses within the Business and Enterprise tiers, you cannot mix and match Business and Enterprise subscriptions.

Impact for companies with more than 300 users:

  • Companies running G Suite Basic, will see their per user license fees increase form $6 per month to at least $20 per month.
  • Companies running G Suite Business, will see their per user license fees increase form $12 per month to at least $20 per month.

Features

The biggest feature impact for most companies will be their use of Vault.  Companies running G Suite Basic and Google Vault, or running G Suite Business (which includes Vault), will need to transition to Google Workspace Business Plus. Because both Google Workspace Enterprise subscriptions include Vault, any company with more than 300 users will have Vault due to the license count-based migration requirements.

Impact for companies using Vault (with 300 or fewer users):

  • Companies running G Suite Basic plus Vault, will see their per user license fees increase form $11 per month to $18 per month.
  • Companies running G Suite Business, will see their per user license fees increase form $12 per month to at least $18 per month.

Storage

Added storage is no longer an option with Google Workspace. Because you can mix and match licenses within the Business and Enterprise tiers, you may need to transition users to different subscriptions based on their storage needs.

The Google Workspace subscriptions offer the following per-user storage:

  • Business Starter = 30GB, no Shared Drives
  • Business Standard = 2 TB, aggregated across the domain, with Shared Drives
  • Business Plus = 5 TB, aggregated across the domain, with Shared Drives
  • Enterprise Standard = Unlimited storage, with Shared Drives
  • Enterprise Plus = Unlimited storage, with Shared Drives

Other Changes: Vault Former Employee Licenses

Vault Former Employee (VFE) licenses are free or discounted Vault licenses for users that no longer have active G Suite accounts.  With the transition to Google Workspace, VFE licenses are no longer available; VFE licenses will transition to Archive User Licenses (AUL).

Archive User Licenses are NOT FREE. The per user per month pricing for AULs is as follows:

  • AUL – Business = $4
  • AUL – Enterprise Standard = $5
  • AUL – Enterprise Plus = $7

Companies with VFE licenses should plan for alternate retention strategies or potentially significant licensing fees.

 

The Kaseya Attack Effect

/in

Data Protection & SecurityThe Kaseya attack demonstrates how cyber crime is a big, organized business.  How big? You can subscribe to “Ransomware as a Service” and outsource attacks on your intended targets.  How organized? Hacker groups and service providers, such as the REvil Ransomware Group and DarkSide, actively manage their brands and reputations.  The REvil attack on Kaseya shows us that cyber criminals are technically advanced and operationally sophisticated. The nature of the attack, and its scope, should scare you.

By using known vulnerabilities in Kaseya’s VSA Remote Monitoring and Management system, REvil was able to create an automated ransomware distribution network. They used the very systems that Managed Service Providers (MSPs) use to monitor and manage customer servers, computers, and networks.

The Impact

MSPs update their Kaseya VSA servers automatically installed the Ransomware on their customers’ systems, as well as their own. Best estimates are that up to  1,500 small and medium-sized companies are victims. While this number seems small, those 1,500 business face an existential threat. Remember: more than half of businesses victimized by ransomware fail within six months.

Most MSPs shut down their Kaseya VSA services before spreading the ransomware. These firms had no ability to monitor, manage, or remotely support their customers. Customers facing IT issues were met with longer diagnostic and resolution times, resulting in business disruption, lost productivity , and the possibility of data loss.

As a managed cloud service provider, Cumulus Global does not use the Kaseya VSA system.  Our clients were not at risk, via our services, from this attack.

The Lessons

We were on the sidelines for the Kaseya attack. We understand, however, that the way in which may cloud services are managed create connections between vendors, resellers, partners, and customers. While these connections do not generally provide any access to customer data, they do provide access to management functions and information about users.  This information, in turn, could be used to improve the effectiveness of phishing attacks, spoof identities, and gain access to systems.

As a trusted IT advisor and a managed cloud service provider, we are part of a connected supply chain. We take our responsibility to secure our part of that chain seriously. While we follow commercially accepted best practices for security and privacy, the Kaseya attack warns us to step back and re-evaluate our strategy, policies, and procedures.

Our Next Steps

Cumulus Global is conducting an internal review of all of our internal and operational systems, including vendor portals and services we use to order, provision, manage, and support cloud services. As part of this review we are examining our policies and procedures related to:

  • Identity management and protection
  • Access to the systems
  • System level permissions related to function and data
  • Roles and responsibilities with respect to security and privacy
  • Business continuity plans and capabilities

Through this process, we are challenging our assumptions, re-assessing how we operate security and effectively, and raising our expectations for how well we protect ourselves and our customers.

We will also be making recommendations to our clients, and the broader community, on steps they can take to improve their security profile and protections.

Your Next Steps

As a user of cloud services, and technology in general, have responsibilities as well.

We Can Help

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Quick Guide to Your Google Workspace Transition

/in

Google Workspace

G Suite to Google Workspace Transition is Happening Now

According to Google support, “Now is the time to transition your customers’ G Suite Basic and G Suite Business subscriptions to Google Workspace. Beginning February 1, 2023, Google will automatically transition your customers once they are eligible.”

In October 2020, Google announced the transition of its productivity platform from G Suite to Google Workspace.  More than a simple branding change, the Google transition includes significant changes to your subscription options, features/functions, and pricing.

Big Picture of the Google Workspace Transition

  • Google Workspace has two subscription tiers: Business and Enterprise
    • The Google Workspace Business tier offers three subscription options: Business Starter, Business Standard, and Business Plus
      • You may mix and match subscription types within the Business tier based on user and group needs
      • You total user count (licenses) cannot exceed 300
    • The Google Workspace Enterprise tier offers two options: Enterprise Standard and Enterprise Plus
      • You may mix and match subscriptions within the Enterprise tier
      • You have no limited on the number of user licenses

Read more about Google Workspace Plans and Pricing.

Impacts of the Transition From G Suite to Google Workspace

Vault

As part of the repackaging, Google Vault is no longer available as an add-on.  G Suite Business subscriptions and G Suite Basic subscriptions with Vault as an add-on, will need to move some or all of their users to Google Workspace Business Plus.  At standard pricing, this means a price increase from $11 or $12 per user per month up to $18 per user per month.  For businesses that need Vault for regulatory or industry compliance, this increase in unavoidable.

License Counts

From companies with more than the 300 users, Google is forcing a move to the Google Workspace Enterprise tier.  While Google offered a grace period allowing companies with more than 300 users to transition to Google Workspace Business subscriptions for up to 3 years, the offer has expired and is not expected to return.

The impact is a standard price increase from G Suite Basic and G Suite Business at $6 and $12 per user per month, respectively, to $20 per user per month for Workspace Enterprise Standard.  As noted, below, we can help with Google Workspace transition incentives and discounts to help mitigate the increase.

Storage

Workspace Business Standard and Workspace business Plus have 2TB and 5TB per user, respectively. This storage is pooled and available to all users, reducing the likelihood that specific users will need additional storage space.  While rare, some businesses running G Suite Business with unlimited storage are above those limits.  This will also become an issue over time for some businesses, particularly those that work with large files, such as CAD, images, and video.

Big Incentives

Working with Google, we are able offer incentive and discounts for transitioning from G Suite to Google Workspace.

  • Incentives and discounts are greater if you transition before your annual renewal date
  • Greater discounts exist if you are willing to commit to a 2 or 3 year term, instead of a 1 year term
  • Incentives change quarterly and, generally, become less generous over time, so reach out to us for details and your specific options
  • We will work with Google to address any unique requirements and circumstances

Incentives and smart subscription and license planning will save you money and mitigate any cost increase related to your G Suite to Google Workspace transition.

Your Next Steps for the Google Workspace Transition

  1. Check out our Quick Guide – Google Workspace Transition that covers migration paths and the impact on features and costs.
  2. Contact us to discuss and map out your transition from G Suite to Google Workspace, or use schedule a brief call with one of our Cloud Advisors directly.


The State of SMB Cyber Security

/in

Data Protection & SecurityGone are the days when cybercrime was exclusively a big business problem. In the modern workplace, all businesses are at risk, regardless of their size or industry. Today, we recognize that implementing a cyber security program, much like hiring people and growing sales, is an essential part of running our companies.

With 43% of cyberattacks targeted at SMBs, it’s not surprising that many have identified cybersecurity as a priority. And while most of us have deployed protections, it is challenging to know if you have the right balance of protection relative to your risk.

Here are 4 key findings from research conducted by Microsoft:

01 Businesses understand that cybercrime is a problem, but understate the severity of the threat and overestimate their preparedness

The vast majority of businesses (85%) cite cybercrime as a concern, and more than half (56%) believe it is a top priority. Businesses are backing up this belief with action. Most have begun to invest both time and dollars into protecting their company from hackers and other malicious actors.

However, when you look a little deeper, it becomes clear that many have underestimated their risk. 74% of businesses don’t believe they are likely to be attacked at all and that corporations are two times as likely to be attacked.

90% of businesses say they have the right protections in place to prevent an attack, and those with more than 50 employees are even more confident. It is encouraging that businesses are investing in security, but the reality is that they are at greater risk than they think. Nearly half (41%) have been attacked

02 Small and medium-sized businesses are just as likely to be attacked as large corporations

For solutions that do cost money, businesses allocate about 15% of IT budgets go to cybersecurity,  and  21% plan to increase how much they spend protecting the company. Businesses recognize that this investment is worth it because three out of four know that it costs more to recover from an attack than it does to prevent one.

03 Employees can be a business’s biggest protection and also their biggest threat

As a small business owner, you face many of the same threats as larger businesses, but also unique challenges.

Given the number of security events tied to employees, businesses run the risk of underestimating the threat of employees leaking data or  sharing sensitive information, whether maliciously or accidentally.

Insider threats take several forms. Employees or partners may find it more convenient to transfer sensitive data using personal email or an unsecure cloud drive, not realizing the risk to your company. In fact, 30% of security events are attributed to careless or uninformed employees. More alarming is the roughly 36% of attacks where a malicious employee steals sensitive data.

04 Businesses have begun taking steps to protect themselves and there is a set of solutions and practices available to them

Most small and midsize businesses don’t have the same scale of resources to combat security threats and implement cyber security solutions as larger entities.

Fortunately, there are right-sized solutions and strategies designed to overcome the unique vulnerabilities of smaller companies. An effective security strategy doesn’t have to be expensive—or time-consuming. With a few simple, no-cost/low-cost steps, you can make a significant  impact on your company’s overall security profile. The key is to match security to your business needs and your budget.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Top 3 Types of IT Security Threats and How to Prevent Them

/in

Data Protection & SecuritySecurity Threats: 3 You Know and 1 You Should

Security threats take many forms. Most owners of small and medium-sized businesses (SMBs) are aware of the need to defend against the top three — viruses, ransomware, and phishing attacks — but their organizations are generally not as prepared to deal with the risks related to employees leaking data or sharing sensitive information, whether maliciously or accidentally.

Top 3 Types of IT Security Threats

1. Viruses

According to research conducted by Microsoft, infection by a computer virus is the most commonly cited among security threats facing businesses. Preventing viruses requires an integrated approach to endpoint and identity management.

How to Prevent Viruses:

  • Deploy next-gen antivirus software, with advanced threat protection, installed and updated, on all devices
  • Use web filtering and monitoring services to prevent infection, even from trusted sites
  • Roll out mobile device management to secure work devices (including laptops and desktops), as well as personal devices used for work
  • Enforce the use of multi-factor authentication as part of an integrated identity and access management solution

2. Ransomware IT Security Threats

Ransomware is a type of malware that restricts access, encrypts files, or even stops you from using your systems. Like viruses, ransomware can enter the company through insecure endpoints or unsuspecting users.

While virus protections also protect against ransomware, no protection is perfect. You need to be ready to respond and recover in the event of a successful cyber attack. This includes implementing solutions and services, and ensuring you have the proper protocols in place.

How to Prevent Ransomware Security Threats

  • Backup your data and system images, in the cloud, to ensure your ability to restore and recover
  • Encrypt all data, at rest and in motion
  • Deploy business continuity services to spin-up copies of servers in parallel with remediation
  • Pre-arrange access to forensic, legal, and communications resources to ensure a proper business response
  • Acquire cyber insurance to cover remediation, recovery, and regulatory costs, along with lost revenue
  • Focus on the four pillars of cloud security, and continue to review them on a yearly basis

3. Phishing Attacks

The majority, 67 percent, of cybersecurity professionals surveyed consider phishing attacks to be the greatest security threat facing your business and employees. Take the proper steps today to protect your people, your data, and your business.

How to Prevent Phishing Attacks:

  • Configure advanced threat protection services to identify and block attacks via email using links and/or attachments
  • Monitor inbound and outbound email traffic
  • Provide your team with awareness training to recognize problem emails, and how to respond/act
  • Instruct your team to report suspicious messages, links, and attachments
  • Deploy domain level services to prevent identity-spoofing

1 Additional IT Security Threat You Should Know

!! Internal Leaks & Threats

Insider security threats are often overlooked, and small and midsize businesses are generally unprepared to deal with these IT security threats, accidental or malicious. Surveys indicate that 53% of organizations have experienced insider attacks against their organization.

These risks take several forms. About 37% of internal leaks can be attributed to careless or uninformed employees. In many cases, these employees are using personal, less secure or unsecured services to conduct business.  Whether consumer versions of email or cloud drives for sync and share, these “shadow IT” services pose a significant risk.

While the majority of internal leaks and threats are unintentional, 36% of internal leaks are identified as attacks by a malicious employee.

To prevent data leaks and breaches, you should:

  • Actively manage access and permissions to networks, systems, applications, and data; periodically review permissions for compliance
  • Leverage features within your systems that help you manage and protect confidential and proprietary information
  • Deploy information protection solutions, such as Data Loss Prevention (DLP) and document/message level encryption, to block sensitive data from leaving your control
  • Implement proper cyber insurance and breach response protocols

>> Take Action Against IT Security Threats

All of the suggestions, above, fall within our CPR best-practice model for data protection and cyber security: Communicate & Educate; Prevent & Protect; Respond & Recover.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Data Breaches are Still a Thing

/in

As we speak with small and midsize business executives, we sometimes hear that cyber attacks and the risk of data breaches are no longer seen as a threat serious enough to warrant attention and spending.  We understand this hesitancy. Even with the level of media visibility, the prevalence of security solutions and a weariness of the constant focus on security can lead to the conclusion that we can let our guard down.

The reality, however, is that the rate of cyber attacks jumped about 600% in 2020.  More businesses are getting attacked and more attacks are successful.

A List of Breaches

For perspective, in the last 4 weeks, the cyber security experts at ID Agent have published data on these major breaches. Many are likely to be familiar to you or represent a major government entity.

  • Metropolitan Police Department of the District of Columbia
  • Pennsylvania Department of Health
  • The Resort Municipality of Whistler
  • CNA Financial
  • OfficeDepot
  • Personal Touch Holding Corp
  • Facebook
  • Hobby Lobby
  • Illinois Office of the Attorney General
  • Wyoming Department of Health
  • Eversource Energy
  • California State Controller
  • LinkedIn
  • The New York Foundling
  • University of Maryland Baltimore
  • CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC)

The Case for Concern

The list, above, is only a sample and only represents larger breaches.  Cyber attacks hit small and midsize businesses on a daily basis. Even so, we often view protection and recovery services as insurance.  We do not want to pay for coverage; we hope we never need to use it; and we do not see the value until we are a victim.

A Model for Success

Cyber security differs from insurance. We can reduce the risk of successful attacks with foresight, planning, and protections. Our CPR Cyber Security Model balances awareness, prevention, and response.

Communicate and Educate

Involve everybody in the solution. Communicate the risks and your commitment to protecting the business and your employees. Educate your team on the risks, how to spot and report attacks, and how their behavior can prevent or help an attack.

Protect and Prevent

Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Use “next gen” solutions that analyze behaviors and that can learn as risks evolve.

Respond and Recovery

No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, we recommend that you put in place the forensics, legal, public relations, and customer service resources you will need in a cyber attack emergency.

Want to learn more?  Want to assess your cyber security protections and risks? We can help.  Email us or complete our contact form to schedule a complimentary meeting with one of our Cloud Advisors.

 

Webcasts

Manage Cloud Services Primer

/in

(9/21/2021) – Managed Cloud Services differ from traditional managed and “break-fix” services. Explore how, beyond cost savings, Manage Cloud Services offer strategic security, services, and business advantages.

Read more

Your Transition to Google Workspace

/in

Map your transition to Google Workspace: Understand the changes in features/functions and the cost impact for your business.

Read more

Small Business Guide to Cyber Threats, Security, and Response

/in

(6/15/2021) – A practical guide to cyber threats and security. We will share data that quantifies the most prevalent types of risks and will outline practical, reasonable, and affordable steps you can take to both protect your business and, should an attack succeed, respond and recover.

Read more

Productivity Suites: Google and Microsoft Revisited

/in

(5/18/2021) – Take a fresh look at Google Workspace and Microsoft 365 and how each might best serve your business. Rather than a feature-by-feature comparison, we take a strategic look at positioning, architecture, services, subscription options, and integrations.

Read more

Next Normal: WFH and Remote

/in

(4/20/2021) – We explore how Work From Home and remote workers alters your IT service needs. Taking a holistic view, we look beyond using apps and accessing files, discussing factors that protect your business and support productivity

Read more

Next Normal: Apps & Servers

/in

(3/16/2021) – COVID-19 and the events of the past 10 months have, and continue, to change the way we run our businesses. Explore how your team accesses the applications, systems, and data they need to succeed, whether in the office or working remotely.

Read more

Next Normal: IT Efficiency

/in

(02/23/2021) – COVID-19 and the events of the past 10 months have, and continue, to change the way we run our businesses. Are the IT choices made during the crisis the best for your business in the long term?

Read more

library

Simplify Security with Microsoft

/in

Infographic | Source: Microsoft

Read more

15 Best Practices for Cyber Protection

/in

eBook | Source: Cumulus Global 

Read more