Posts

Hybrid Business Strategy: Examples, Considerations, and Recommendations

Hybrid Workplace

The Business Side of Hybrid Workplace Strategy

The business side of hybrid workplace strategy is forefront as we make plans for the future. In a survey recently published by Gartner, CEOs were asked to identify the top enduring changes resulting from the pandemic. 45% of CEOs stated that hybrid and remote work was the most significant long-term impact. This equals all other noted enduring changes, combined. Nearly every business will have some degree of remote and hybrid working arrangements, as we experience a change in employee expectations and broader cultural shifts.

In past posts, we have looked at the technology and related managed cloud services needed to properly support remote and hybrid workplaces. The business administration issues related to hybrid and remote work are more complex than the technology solutions.

Four Hybrid Workplace Business Considerations

We’ve broken down what you should think about when it comes to hybrid workplace strategy into four key points. Each of these aspects of a hybrid workplace contains examples of how a hybrid business strategy might be implemented. See how these four considerations can help you strike the right balance and create a hybrid workplace that prioritizes people.

1. Working Environment

As we have noted before, as employers we are responsible for providing staff with a safe and healthy work environment.  If employees are working remotely, or from home, on a regular basis (an expectation for the job), their work environment must be managed appropriately through a hybrid work strategy.  We are responsible to ensure appropriate lighting, noise, desk space, seating, and ergonomic accommodations, as well as productivity tools, and cloud collaboration services.

2. Payroll, Benefits, and Compliance

With employees working at home, you are more likely to be paying employees who both live and work out of state (or in another tax jurisdiction). In addition to accurately representing their work location for payroll, you will need to provide benefits in each state and comply with each state’s employment laws.  Minimum wage, sick time, and paid leave are a few of the regulations that differ between states, and need to be considered in a hybrid business strategy.  Healthcare plans and providers will also differ, as do contributions to state unemployment insurance programs.  Additionally, you will need workers’ compensation insurance coverage for each state in which employees work.

3. Insurance

Beyond workers’ compensation, you may need to update your general liability coverages to address employees working from home.  Your insurer may see additional risk and/or the need to document work locations to ensure your business is properly covered.  Most policies require that you list any company-owned or leased work spaces, including co-working spaces.

4. Taxes

Lastly, when it comes to a hybrid workplace strategy, having employees work in your state while living in another is not uncommon. States have reciprocity agreements that dictate how these employees need to file their personal tax returns.  When you have remote employees working in other states, the rules are not yet as clear. Some states expect you to withhold taxes based on your employees’ locations, as this is their workplace.

Even more impactful, some states see an employee’s work location as creating nexus, and will require you to file business tax returns in that state.

Recommendations on a Hybrid Workplace Strategy

We strongly recommend that you proactively address the business side of hybrid work.  Speak with your HR, tax, and legal advisors as you navigate and design your hybrid strategy and remote work plans.

  • Consider using a Professional Employment Organization, or PEO, to manage payroll, benefits, HR policies, unemployment insurance, and workers’ compensation insurance.  In addition to operating across state lines, PEOs provide you with a unified approach to human resource services. They can assist with recruiting, onboarding, offboarding, and regulatory needs such as driver safety, OSHA compliance, and testing for banned substances. PEOs als0 assume liability for compliance errors.
  • Be prepared to provide employees working from home with the workspace and accommodations they need to be healthy, safe, and productive. Beyond IT, we can assist with home office workstations, desks, stands, lighting, and more.
  • Communicate with your insurance provider to ensure your coverages are appropriate and correct.
  • Consult your tax and legal advisors to ensure you understand when, and where, you have nexus with respect to corporate registrations and taxes.

If you’d like to chat more about hybrid business strategy, be sure to get in touch!

The Kaseya Attack Effect

Data Protection & SecurityThe Kaseya attack demonstrates how cyber crime is a big, organized business.  How big? You can subscribe to “Ransomware as a Service” and outsource attacks on your intended targets.  How organized? Hacker groups and service providers, such as the REvil Ransomware Group and DarkSide, actively manage their brands and reputations.  The REvil attack on Kaseya shows us that cyber criminals are technically advanced and operationally sophisticated. The nature of the attack, and its scope, should scare you.

By using known vulnerabilities in Kaseya’s VSA Remote Monitoring and Management system, REvil was able to create an automated ransomware distribution network. They used the very systems that Managed Service Providers (MSPs) use to monitor and manage customer servers, computers, and networks.

The Impact

MSPs update their Kaseya VSA servers automatically installed the Ransomware on their customers’ systems, as well as their own. Best estimates are that up to  1,500 small and medium-sized companies are victims. While this number seems small, those 1,500 business face an existential threat. Remember: more than half of businesses victimized by ransomware fail within six months.

Most MSPs shut down their Kaseya VSA services before spreading the ransomware. These firms had no ability to monitor, manage, or remotely support their customers. Customers facing IT issues were met with longer diagnostic and resolution times, resulting in business disruption, lost productivity , and the possibility of data loss.

As a managed cloud service provider, Cumulus Global does not use the Kaseya VSA system.  Our clients were not at risk, via our services, from this attack.

The Lessons

We were on the sidelines for the Kaseya attack. We understand, however, that the way in which may cloud services are managed create connections between vendors, resellers, partners, and customers. While these connections do not generally provide any access to customer data, they do provide access to management functions and information about users.  This information, in turn, could be used to improve the effectiveness of phishing attacks, spoof identities, and gain access to systems.

As a trusted IT advisor and a managed cloud service provider, we are part of a connected supply chain. We take our responsibility to secure our part of that chain seriously. While we follow commercially accepted best practices for security and privacy, the Kaseya attack warns us to step back and re-evaluate our strategy, policies, and procedures.

Our Next Steps

Cumulus Global is conducting an internal review of all of our internal and operational systems, including vendor portals and services we use to order, provision, manage, and support cloud services. As part of this review we are examining our policies and procedures related to:

  • Identity management and protection
  • Access to the systems
  • System level permissions related to function and data
  • Roles and responsibilities with respect to security and privacy
  • Business continuity plans and capabilities

Through this process, we are challenging our assumptions, re-assessing how we operate security and effectively, and raising our expectations for how well we protect ourselves and our customers.

We will also be making recommendations to our clients, and the broader community, on steps they can take to improve their security profile and protections.

Your Next Steps

As a user of cloud services, and technology in general, have responsibilities as well.

We Can Help

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

The State of SMB Cyber Security

Data Protection & SecurityGone are the days when cybercrime was exclusively a big business problem. In the modern workplace, all businesses are at risk, regardless of their size or industry. Today, we recognize that implementing a cyber security program, much like hiring people and growing sales, is an essential part of running our companies.

With 43% of cyberattacks targeted at SMBs, it’s not surprising that many have identified cybersecurity as a priority. And while most of us have deployed protections, it is challenging to know if you have the right balance of protection relative to your risk.

Here are 4 key findings from research conducted by Microsoft:

01 Businesses understand that cybercrime is a problem, but understate the severity of the threat and overestimate their preparedness

The vast majority of businesses (85%) cite cybercrime as a concern, and more than half (56%) believe it is a top priority. Businesses are backing up this belief with action. Most have begun to invest both time and dollars into protecting their company from hackers and other malicious actors.

However, when you look a little deeper, it becomes clear that many have underestimated their risk. 74% of businesses don’t believe they are likely to be attacked at all and that corporations are two times as likely to be attacked.

90% of businesses say they have the right protections in place to prevent an attack, and those with more than 50 employees are even more confident. It is encouraging that businesses are investing in security, but the reality is that they are at greater risk than they think. Nearly half (41%) have been attacked

02 Small and medium-sized businesses are just as likely to be attacked as large corporations

For solutions that do cost money, businesses allocate about 15% of IT budgets go to cybersecurity,  and  21% plan to increase how much they spend protecting the company. Businesses recognize that this investment is worth it because three out of four know that it costs more to recover from an attack than it does to prevent one.

03 Employees can be a business’s biggest protection and also their biggest threat

As a small business owner, you face many of the same threats as larger businesses, but also unique challenges.

Given the number of security events tied to employees, businesses run the risk of underestimating the threat of employees leaking data or  sharing sensitive information, whether maliciously or accidentally.

Insider threats take several forms. Employees or partners may find it more convenient to transfer sensitive data using personal email or an unsecure cloud drive, not realizing the risk to your company. In fact, 30% of security events are attributed to careless or uninformed employees. More alarming is the roughly 36% of attacks where a malicious employee steals sensitive data.

04 Businesses have begun taking steps to protect themselves and there is a set of solutions and practices available to them

Most small and midsize businesses don’t have the same scale of resources to combat security threats and implement cyber security solutions as larger entities.

Fortunately, there are right-sized solutions and strategies designed to overcome the unique vulnerabilities of smaller companies. An effective security strategy doesn’t have to be expensive—or time-consuming. With a few simple, no-cost/low-cost steps, you can make a significant  impact on your company’s overall security profile. The key is to match security to your business needs and your budget.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Top 3 Types of IT Security Threats and How to Prevent Them

Data Protection & SecuritySecurity Threats: 3 You Know and 1 You Should

Security threats take many forms. Most owners of small and medium-sized businesses (SMBs) are aware of the need to defend against the top three — viruses, ransomware, and phishing attacks — but their organizations are generally not as prepared to deal with the risks related to employees leaking data or sharing sensitive information, whether maliciously or accidentally.

Top 3 Types of IT Security Threats

1. Viruses

According to research conducted by Microsoft, infection by a computer virus is the most commonly cited among security threats facing businesses. Preventing viruses requires an integrated approach to endpoint and identity management.

How to Prevent Viruses:

  • Deploy next-gen antivirus software, with advanced threat protection, installed and updated, on all devices
  • Use web filtering and monitoring services to prevent infection, even from trusted sites
  • Roll out mobile device management to secure work devices (including laptops and desktops), as well as personal devices used for work
  • Enforce the use of multi-factor authentication as part of an integrated identity and access management solution

2. Ransomware IT Security Threats

Ransomware is a type of malware that restricts access, encrypts files, or even stops you from using your systems. Like viruses, ransomware can enter the company through insecure endpoints or unsuspecting users.

While virus protections also protect against ransomware, no protection is perfect. You need to be ready to respond and recover in the event of a successful cyber attack. This includes implementing solutions and services, and ensuring you have the proper protocols in place.

How to Prevent Ransomware Security Threats

  • Backup your data and system images, in the cloud, to ensure your ability to restore and recover
  • Encrypt all data, at rest and in motion
  • Deploy business continuity services to spin-up copies of servers in parallel with remediation
  • Pre-arrange access to forensic, legal, and communications resources to ensure a proper business response
  • Acquire cyber insurance to cover remediation, recovery, and regulatory costs, along with lost revenue
  • Focus on the four pillars of cloud security, and continue to review them on a yearly basis

3. Phishing Attacks

The majority, 67 percent, of cybersecurity professionals surveyed consider phishing attacks to be the greatest security threat facing your business and employees. Take the proper steps today to protect your people, your data, and your business.

How to Prevent Phishing Attacks:

  • Configure advanced threat protection services to identify and block attacks via email using links and/or attachments
  • Monitor inbound and outbound email traffic
  • Provide your team with awareness training to recognize problem emails, and how to respond/act
  • Instruct your team to report suspicious messages, links, and attachments
  • Deploy domain level services to prevent identity-spoofing

1 Additional IT Security Threat You Should Know

!! Internal Leaks & Threats

Insider security threats are often overlooked, and small and midsize businesses are generally unprepared to deal with these IT security threats, accidental or malicious. Surveys indicate that 53% of organizations have experienced insider attacks against their organization.

These risks take several forms. About 37% of internal leaks can be attributed to careless or uninformed employees. In many cases, these employees are using personal, less secure or unsecured services to conduct business.  Whether consumer versions of email or cloud drives for sync and share, these “shadow IT” services pose a significant risk.

While the majority of internal leaks and threats are unintentional, 36% of internal leaks are identified as attacks by a malicious employee.

To prevent data leaks and breaches, you should:

  • Actively manage access and permissions to networks, systems, applications, and data; periodically review permissions for compliance
  • Leverage features within your systems that help you manage and protect confidential and proprietary information
  • Deploy information protection solutions, such as Data Loss Prevention (DLP) and document/message level encryption, to block sensitive data from leaving your control
  • Implement proper cyber insurance and breach response protocols

>> Take Action Against IT Security Threats

All of the suggestions, above, fall within our CPR best-practice model for data protection and cyber security: Communicate & Educate; Prevent & Protect; Respond & Recover.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Work From Home – Office Ergonomic Checklist

Even with the pandemic and the shift to work from home (“WFH”), business owners remain responsible for making sure employees’ home work spaces are safe, comfortable, and effective.  For employees working at a computer most of the day, bad ergonomics can lead to musculoskeletal disorders (MSDs) such as tendonitis, carpal tunnel syndrome, and sciatica.  MSDs can be uncomfortable or painful for employees.  Beyond the impact on productivity and job satisfaction, MSDs often require medical treatment and can result in longer term disabilities.

When employees work from home, the are unlikely to have the same chair and workstation options as they do at the office.  Businesses should do what they can to help employees maintain good posture and relieve strain.

This short checklist can help you evaluate work from home environments. Have employees answer these questions to determine if any changes are needed and appropriate. Often, small adjustments to the work space can improve ergonomics and reduce the risk of injury.

General

  • Are items that you frequently use located close by?
  • Are items positioned equally on both sides, i.e., not all on the dominant side of your body?

Chair

  • Are feet resting flat on the floor, with hips slightly higher than knees?
  • Does the chair fit the contour of your back? If you can, adjust the back rest up or down to fit the
    natural curve of your lower back with the curve of the chair.
  • Is there a two-finger gap between the back of your lower legs and the seat of your chair? If
    possible, adjust the seat pan forward or backward to correctly fit it to the length of your legs.
  • Are both chair arms are at the same height to prevent you from leaning one way throughout the
    day?
  • Can you use your keyboard and mouse without twisting or reaching? Note: If you can’t get the
    keyboard or monitor low enough for your body type then raise your chair and use a footrest to
    obtain the ideal height for the chair, keyboard, and monitor.

Keyboard

  • Is the keyboard close to elbow level to help keep the wrists straight? Note: Don’t use high force to
    type on your keyboard as force can put strain on your muscles and ligaments.
  • Is the mouse located right next to the keyboard so it can be operated without reaching?
  • Can you move your mouse cursor from one end of your screen(s) to the other without picking it
    up? (Adjust mouse/pointer settings as needed in your software)

Computer monitor(s)

  • Can you see the display of both monitors without looking downward or to either side?
  • Does the distance from your monitor(s) to your eyes allow you to read the screen without leaning
    your head, neck, or trunk forward or backward?
  • Is the monitor positioned so the top line of the screen is no higher than eye level? Note: If you
    wear bifocals and you feel like you’re always looking down, you should adjust your monitors lower
    than the normal height to use the bifocal part of your glasses.

Varying positions

  • When possible, do you make small adjustments to your chair or backrest to keep from staying in
    the same posture for long periods of time?
  • Do you stretch your fingers, hands, arms, and torso throughout the day?
  • At least hourly, do you stand up and walk around for a few minutes periodically?
  • If possible, do you perform some of your tasks in a standing position? Note: When adjusting height of your
    desk or monitor, ensure it is on a sturdy surface with proper adjustment of your mouse also.

If you cannot answer “Yes” to most, if not all, of these questions, we can help.  Cumulus Global can provide ergonomic aids — from keyboards and wrist supports to monitor arms and sit/stand desks. Email us or complete our contact form for information and solutions.

 

library

State of Security for Small and Midsize Businesses

eBook | Source: Microsoft —
This eBook identifies key findings in studies and surveys covering security for small and midsize businesses, and provides set of recommendations to ensure …

Protect Your Business – Top 3 Security Threats

eBook | Source: Microsoft —
This eBook explores how you can safeguard your business against the top three security threats, plus the one threat your business is probably overlooking.

Crash Course in Office 365

eBook | Source: Microsoft —
You already know the productivity power of Office applications like Word, PowerPoint, and Excel. Full adoption empowers you to access your …

Global Year in Breach – 2021

eBook | Source: ID Agent —
2020 saw a cybercrime boom that included record-breaking phishing and ransomware threats. This report provides insights into the rapidly changing cybersecurity landscape; forecasts cybersecurity trends for 2021; and provides helpful advice about smart risk mitigations that fit every business and every budget.

Google Workspace Security

eBook | Source: Google —
Google started in the cloud and runs on the cloud, so it’s no surprise that we fully understand the security implications of powering your business in the cloud.

Make it Work: The Future of Collaboration and Productivity

eBook | Source: Google —
The future of work is here – it’s just not evenly distributed. This report identifies three changes businesses  can make to work in the future

Unblocking Workplace Collaboration

eBook | Source: Microsoft —
Poor workplace collaboration is 1 of 5 top reasons people quit their jobs. Break down collaboration blockers so that teams …

Six Types of Remote Workers and How to Support Them

eBook | Source: Microsoft —
Great teams build great companies. Understand the six types of remote workers who impact your team, evaluate their technical needs, assess their …

Webcasts

Next Normal: WFH and Remote

(4/20/2021) – We explore how Work From Home and remote workers alters your IT service needs. Taking a holistic view, we look beyond using apps and accessing files, discussing factors that protect your business and support productivity