VISION ’22 is in the books, and this year’s event was truly one for the ages. It set the bar high for VISION ’23, and we’re already feeling pressure to start planning next year’s event!
But before looking ahead, we want to look back at last week’s events. So without further ado, here’s your recap of VISION ’22. If you were in attendance, we hope this is a fun trip down memory lane. And if you missed out … there’s always next year!
Venue — The Omni Frisco Hotel at The Star
VISION conferences are all about teaching MSPs to ‘go big,’ and the venue for this year’s conference was definitely in keeping with that theme.
VISION ’22 took place at the beautiful Omni Frisco Hotel in the heart of The Star, a 91-acre entertainment district built around the Dallas Cowboys World Headquarters and the Ford Center. The vibrant area is packed with restaurants, shops, and Cowboys-themed awesomeness. It’s such a cool setting, we’re pretty sure even non-Cowboys fans dug it!
A huge shout-out to the hotel staff for their consummate professionalism, punctuality, and warmth — y’all crushed it!
Main Stage Sessions
MSPs come to VISION because they’re looking to grow, and they know — or have heard — that our annual conference is packed with content to help them do just that. This year, our main stage speakers delivered the goods and then some! Some highlights …
Panel Discussions
Attendees were treated to two panels at VISION ’22. The 20’s own Crystal McFerran (CMO), moderated “Ain’t No Rabbits” – How Marketing Magic Really Works, featuring top-tier marketers Jimmy Hatzell, Andra Hedden, Emalee Sugano, and Dana Liedholm. The conversation was fantastic and chock-full of insights and advice for growing MSPs. And props to Dana for stepping in at the last minute!
The second panel – Actionable Strategies to Grow Your MSP – featured a group of MSP owners who are doing big things and growing their companies like crazy. Chris Traxler moderated the discussion, and was joined on stage by Eric Emerson, Christian Wartchow, Seana Fippin and Gary Blawat. As members of The 20 MSP Group, these savvy entrepreneurs have risen to the top of the MSP game, and at VISION ’22, they generously shared their knowledge with the MSP community.
Hot Topics
VISION ’22 gave MSPs fresh insights into a variety of timely topics …
Joseph Brunsman’s presentation, brought to attendees by MSP360, broke down cyber insurance on a level that impressed us all. The amount of useful and actionable information that Joseph shared was next-level!
Like cyber insurance, M&A activity is currently a hot topic in the MSP space. VISION attendees got to hear from Scott Renkes and Ted Gwara from Pinecrest Capital Partners, a PE firm that served as The 20’s exclusive financial advisor on our ten recent MSP acquisitions. We’ve benefitted immensely from their guidance, and so too will MSPs that caught Scott and Ted’s illuminating presentation.
The 20’s own Ken Pecot (COO) spoke to the MSP community about analytics — how to use them, which ones to use, and why they’re crucial to the success of any growth-minded MSP. No one understands this topic better than Ken, whose expertise has helped The 20 in profound and measurable ways.
Sales and Marketing
Sales and marketing are crucial to MSP growth, but MSPs tend to struggle with one if not both things. At VISION ’22, our very own Michael Bone delivered an energetic and engaging presentation that helped MSP owners in attendance see what successful sales is really about. And Nabila Moumen from HubSpot took a trip across the pond to give a wonderful presentation on inbound marketing and how to leverage it effectively using next-generation tools. After hearing from Nabila and Michael, we’re pretty sure VISION attendees are going to return to their own sales and marketing programs with newfound enthusiasm and confidence!
Two CEOs Raise the Roof … and Some Money Too!
What happens when a couple of straight shooters — and two of the most successful CEOs in the Channel — sit down to talk shop?
We found out at VISION ’22, where Fred Voccola, CEO of Kaseya, sat down with our own Tim Conkle to discuss the state of the channel. Fred and Tim rocked the house, shared exciting news about what their respective organizations have in store, and initiated an impromptu donation-matching exercise with the audience. The result was $140k raised for The Coventry Reserve, a community that helps adults with special needs live a full, active, and purposeful life.
The 20 MSP Members Only Half-Day
On Friday, it was ‘just us chickens’ (MSP members of The 20 MSP Group), and we wasted no time at all.
Our CEO Tim Conkle kicked off the Members Only Half-Day with an overview of what’s on the horizon for The 20 MSP and for our group of MSP members. Ken Pecot talked about service delivery and gave a preview of some exciting changes in store. Michael Bone and Andrew Churilla gave a powerful presentation on the “art of prospecting.” And Crystal McFerran moderated an excellent panel on MSP marketing, sharing with members both “hard and easy truths.”
It was gratifying to see our tight-knit community come together and get down to brass tacks. Collaborating, cooperating, and conquering this industry together is what The 20’s all about, it’s what VISION’s all about, and it’s why our MSP members are growing fast and having a blast. Good stuff, everyone!
Breakout Sessions
VISION ’22 featured six breakout sessions led by companies at the forefront of innovation in managed IT services: Marketopia, ConnectBooster, SpearTip, SaaS Alerts, Kaseya, Cytracom, and ThreatLocker. Participants got to delve into key topics in cybersecurity, sales, marketing, and more, and came away from the breakouts with actionable insights to grow their businesses.
We’d like to thank our sponsors for planning these awesome sessions, and for your overall participation at VISION this year. Your energy and presence were awesome! And a big thanks to everyone who attended the breakouts, as well. It’s great seeing peers tackle problems and questions collaboratively — hey, that’s what we do at The 20!
Three-note Speakers!
An Emmy Award winning reporter, a retired Navy SEAL lieutenant, and a bestselling author walk into an IT conference … No, this isn’t the start of a joke; it’s what happened this year at VISION ’22, where we were lucky enough to hear from not one, not two, but three outstanding keynote speakers:
Chris Gardner — Businessman, Entrepreneur, and Author of the Bestselling memoir The Pursuit of Happyness
Jeff Crilley — Emmy Award Winning Reporter and Publicity Mastermind
Jason Redman — Retired Navy SEAL Lieutenant and Leadership Expert
But wait, none of these people work in IT — what are they doing speaking at an IT conference? Teaching MSP owners how to kick a** not only in business, but in life — that’s what they were doing!
Chris Gardner’s presentation taught us what it means to dream big and what it takes to turn those big dreams into big wins. Jeff Crilley taught us that “marketing without money” isn’t an oxymoron, but something every MSP can do to stand out from the crowd. And Jason Redman brought us to our feet with his amazing story of survival, redemption, and the extraordinary power of positive thinking.
A heartfelt thank you to all three of our keynote speakers. Your words moved us all.
Party Time!
If three keynote speakers are better than one, so are three parties! There was no shortage of opportunities to have fun this year at VISION …
Rooftop Kickoff Party — Featuring the Dallas Cowboys cheerleading squad and live music from The Buffalo Ruckus
Happy Hour on the Field — Food and drinks out on Tostitos Championship Plaza
VISION PARTY! — This year’s VISION PARTY was so much fun, Zeke Elliott showed up!
Why so many parties? Because we believe having fun is an important part of running your own business and being an entrepreneur. Fun is what energizes and inspires you. It’s what keeps you going and allows you to face the next obstacle down the road. If you’re a business owner, having fun is seriously important.
Plus, we just like to party!
A Few Final Thoughts
Looking back at VISION ’22, it’s hard not to arrive at the following realization: when people get together in the spirit of cooperation and collaboration, something special happens. Magical even.
And let’s face it, running a business is hard work. It takes determination, perseverance, and guts. But the struggle, while often overwhelming to someone working alone, becomes something more when it’s shared with others. It becomes a journey, an adventure, a source of inspiration and fun.
So THANK YOU everyone for your presence and participation at VISION ’22. Y’all make VISION what it is — a celebration of community and the power of togetherness.
Now, let’s get out there and have ourselves a big year!
October sees The 20 MSP’s M&A spree continue, as we acquire 4 more leading MSPs.
The 20 MSP is delighted to announce another round of acquisitions are in the books. Last month we added six stellar MSPs to The 20 team, and now we’re kicking off October by with four more deals!
We warmly welcome the following managed service providers to The 20 MSP family:
As members of The 20’s growth platform, all four of these organizations have achieved consistent growth and success across a variety of industry verticals. These are operationally mature companies with momentum and ambition, and we’re absolutely thrilled to be joining forces with them.
Every successful M&A deal we make is based on careful consideration of operational and cultural compatibility, and brings us one step closer to our ultimate goal of building a premium national MSP with unmatched scale.
One Team. One Dream. One Brand.
Our mission here at The 20 MSP is simple: we want to build the first and best premium national MSP platform in the United States. We’re well on our way to achieving this goal, fueled by a combination of organic growth and an aggressive M&A strategy tempered by our commitment to partnering only with companies that share our core values and ‘people-first’ business philosophy. After all, successful M&A deals require more than basic operational compatibility; they require a shared vision.
What makes these acquisitions so exciting and promising is the fact that we’ve worked closely with all four of the MSPs involved, and know that they genuinely care about their clients’ success. It’s not by chance that WOLFGUARD IT, BOLDER Designs, Byte-Werx, and JS Computek have established themselves as leading MSPs; they understand how to leverage technology to help clients achieve core business goals, and they deliver exceptional technical service with a human touch.
In short, we’re confident that this is a win for everyone involved — especially for our collective client base, who can expect the support they receive to get even better. We’re talking more advanced services and higher-value offerings. Our team hasn’t just gotten bigger; it’s gotten smarter and faster, too.
The 20 MSP has more acquisitions lined up in the coming months. “We have plenty of MSPs in The 20’s growth platform who are ready to be rolled up,” said our CEO, Tim Conkle. “And because we’ve worked closely with these companies, a lot of the integrative work that traditional mergers require is already done, allowing us to consolidate quickly and seamlessly. This is an exciting step forward, but it’s one of many we plan on taking.”
About The 20 MSP
The 20 MSP has been helping businesses succeed through better technology since 1986.
As a leading provider of managed IT services, The 20 MSP serves hundreds of businesses nationwide, providing each one with white glove service, secure and streamlined IT infrastructure, and 24/7/365 support. We believe in building lasting relationships with clients founded on trust, communication, and the delivery of high-value services for a fair and predictable price. Our clients’ success is our success, and we are committed to helping each and every organization we serve leverage technology to secure a competitive advantage and achieve new growth.
Business is better when IT runs smoothly.
When Disaster Strikes: Disaster Recovery and Your Small Business
When it comes to preparing for the worst, strive to be the best. Small businesses that invest in a robust disaster recovery plan are much more likely to survive a major incident.
When disaster strikes, will your small business be ready?
Notice the word “when” in the above sentence. At some point, for some reason, your company is going to experience a disruptive event that puts some of your IT infrastructure out of commission. It could be a cyberattack, a natural disaster, or just good old-fashioned human error. But whatever it is, it’s going to happen.
And when it does, having a plan of action in place — a disaster recovery plan (DRP) — will, more than anything else, be the difference between weathering the storm and getting dashed on the rocks of misfortune. Whether your company has 5 employees or 5,000, you need to treat disaster recovery planning like the vital business function it is, which means actually investing in it. Failing to prepare means preparing to fail!
In this blog post, we talk about disaster recovery planning: why it matters, what it involves, and how to approach the task of creating a DRP at your growing business.
Small Businesses and Disaster Recovering Planning
While it’s true that there’s only so much you can do when disaster strikes — many things are outside of our control — it’s pretty clear that small business owners could be doing more. Let’s look at some numbers …
Back in 2015, a study by Nationwide found that 75% of small
businesses don’t have a disaster recovery plan. A more recent report from Shred-it found that 67% of small businesses lack an incident response plan, which suggests that smaller companies are starting to get their act together — although not nearly fast enough.
With so few small businesses giving disaster recovery planning adequate attention, it’s no surprise that 40% of small businesses close permanently in the wake of a disaster (source: FEMA). Without any kind of DRP, a small business is likely to experience lengthy downtime after a disaster, which is expensive — to say the very least!
So what can your small business do to avoid becoming a statistic? Well, the first step is to finish reading this blog post — sound advice is coming your way!
An Important Point to Keep in Mind
Before we get into the nitty-gritty of disaster recovery, a quick word on the nature of disasters. When you hear the word “disaster,” you likely think of dramatic, cataclysmic events — earthquakes, fires, maybe a sweeping cyberattack carried out by nefarious hackers.
But the truth is, the two most common “disasters” are simple hardware failure and power failure. These more mundane, day-to-day disasters might not make the news, but they will take down your IT systems and, consequently, bring your business to a grinding halt.
Keep this point in mind as you cultivate disaster recovery capacities at your own business; you’re not just preparing for highly unlikely and highly
destructive scenarios, but fairly likely (and potentially highly destructive) ones, too. In short, develop your DRP with an eye to the fact that you’re going to end up using it!
It Starts with Backup
The cornerstone of every DRP is a sound backup strategy. Backing up data just means making a copy of it. It’s easy to understand why backup is such a powerful tool in the context of disaster recovery. When disaster strikes and crashes your IT infrastructure, you can lose data. But if that data’s backed up, it’s not really gone, is it?
An analogy: Let’s say your car gets stolen, but you have the exact same car — down to the mileage. You can just start driving your backup-mobile and it’ll be like nothing happened. Problem solved.
Of course, things aren’t quite so simple. Just as having a ‘backup car’ doesn’t negate all of the negative consequences of your car getting stolen, having a backup of your data doesn’t negate all of the negative consequences of a data breach, natural disaster, or any other disruptive event that does significant harm to your business’s IT infrastructure.
That said, it does diminish overall damage considerably, especially in the case of ransomware attacks, which have become utterly rampant as of late.
Let’s review two topics pertinent to developing a sound backup strategy: the “3-2-1 rule” and RTO/RPO.
3-2-1 Rule
Whatever your business’s size or specific backup needs, following the 3-2-1 rule is a good idea when it comes to backing up organizational data. This rule states that businesses should maintain:
3 copies of data
2 (or more) of which are stored on different media formats
1 (or more) of which is stored offsite
The 3-2-1 rule gives your organization resilience. If a disaster wipes out one storage medium, you’ve got the other to fall back on. If a disaster wipes out all of your on-site data, you’ve got the off-site copy to fall back on. The idea is that whatever happens, at least one copy of your data will survive, allowing you to resume operations as swiftly and seamlessly as possible.
RTO & RPO
RTO and RPO are difficult to calculate, but fairly straightforward on a conceptual level:
RTO stands for “recovery time objective,” and refers to how long your business’s IT infrastructure (or certain parts of it) can remain out of commission before it starts to do serious harm to your organization.
RPO stands for “recovery point objective,” and refers to how much data — measured in time: minutes, hours, days, etc. — your organization can afford to lose, counting back from the present. If your company can function normally without data from the last four minutes and fifty-nine seconds, but it needs 5-minute-old data, then your RPO is equal to 5 minutes.
Let’s connect these concepts to backup and disaster recovery.
One thing you want from your DRP is the ability to recover from a disaster quickly. But how quickly? That’s the question that RTO answers by identifying how long is too long. If your RTO is 2 days, it means
you can’t afford more than 2 days of downtime following a disruptive event.
Your DRP should also include a backup solution that makes sufficiently frequent copies of your organization’s data. But how frequent is “sufficiently frequent”? That’s the question that RPO answers by identifying the amount of data your organization can afford to lose. If you can’t afford to lose more than the last 10 minutes of data (RPO = 10 minutes), you want a backup solution that makes a copy of your data (and stores it offsite preferably), every 10 minutes — or even more frequently than that.
Backup vs Disaster Recovery
A lot of explanations concerning the relationship between data backup and disaster recovery overcomplicate things. So we want to put it in plain English: Data backup is an important part of your disaster recovery plan.
See? Simple. Two words tell you everything you need to know: “important part.”
Data backup is IMPORTANT because if you can’t, following data loss due to disaster, recover your data via accessing a sufficiently recent copy of it, resuming normal operations is going to be tough, if not downright impossible.
But it’s only PART of disaster recovery because the latter refers to everything involved in making sure your business can bounce back quickly after a disaster. This goes well beyond maintaining backups of data — as we will now discuss.
Creating a DRP for Your Business
Here are 4 tips to help you get the most out of your disaster recovery planning.
Tip #1: Don’t go it alone!
Creating a DRP for your small business can be daunting — especially when you’re already knee-deep in the day-to-day — so our first piece of advice is simply: Don’t go it alone! Involve your employees (it might even be a good idea to create a “disaster recovery team” whose job is to oversee and develop the procedures included in your DRP), your in-house IT staff/IT provider, your insurance broker, and disaster, backup and recovery (DBR) experts.
Tip #2: Figure out ‘the what’ and ‘the who’!
When drawing up your DRP, you want to include very specific instructions detailing not only what is to be done following a major disruptive event, but also, who is to do it. In other words, assign particular tasks and responsibilities to particular people within your company — and put it in documentation. Who’s in charge of contacting clients after an incident? What about vendors? When disaster strikes and every second counts, you’ll be glad you don’t have to waste precious moments trying to figure out who should do what.
Another component of figuring out ‘the what’ is taking inventory of all the IT assets at your company: hardware, software, devices, etc. Furthermore, assign relative levels of importance to the different parts of your digital landscape. The more important an IT asset is to your organization, the more quickly you want to restore it to full functioning in the wake of a disaster. So establish what’s critical, so that your DRP can prioritize getting those things back up and running the fastest.
Tip #3: Put it to the test!
This is perhaps the most effective — and overlooked — aspect of disaster recovery planning. Small business owners will create a DRP and
then file it away to collect dust. This is a big mistake, because in a disaster situation, the last thing you want to be doing is trying out your DRP for the first time. Practice makes perfect, so run drills that force you and your team to put your DRP into action. Nothing exposes flaws in a DRP like actually trying to run it through. Test, troubleshoot, rinse and repeat!
Tip #4: Work with an MSP!
Disaster recovery takes time and resources. There’s creating the plan. There’s testing it. There’s training employees. There’s revising the plan in light of technological and other sorts of changes. It adds up — and can get expensive if you’re not careful in how you invest.
For this reason, more small and mid-sized businesses are turning to managed service providers (MSPs) for help with disaster recovery planning, training, and execution. A good MSP can help with every facet of disaster recovery and business continuity, and stitch together a DRP that’s tailored to your organization’s exact needs. Moreover, MSPs know how to leverage modern IT solutions like cloud computing and the automation of backup monitoring and reporting to keep your disaster recovery investment from outpacing your IT budget.
If you’re really looking to improve your organization’s disaster recovery and resilience, it might be worth looking into DRaaS (Disaster Recovery as a Service), now offered by many MSPs. DRaaS is a cloud-based solution aimed at minimizing downtime caused by catastrophic events that disrupt IT functions. With DRaaS, a third party (your provider) copies your data and systems to a cloud infrastructure at a frequency in line with your RPO. If disaster strikes and causes your primary site to go down, your DRaaS will trigger a failover — the transition of your workloads from your primary
systems to your standby systems — thereby reducing, if not eliminating, unwanted downtime.
If you have DRaaS, you can rest easy knowing a whole team of experts is overseeing and managing every facet of disaster recovery at your business. Talk about peace of mind!
Final Thought
In the fast-paced world of business, waiting until you have a perfect grasp of something before giving it a try is a recipe for regret and missed opportunities. So don’t let the fact that you don’t perfectly understand all the ins and out of disaster recovery stop you from getting started on your own DRP. You can refine and learn as you go. What matters is that you take those first steps and get the ball rolling!
The 20 MSP Announces Six Acquisitions, Bold Vision for the Future
September is a month of vigorous M&A activity for The 20 MSP, as we acquire six industry-leading MSPs.
The 20 MSP is proud and excited to announce that it has acquired six MSPs located in five different states. We warmly welcome the following companies to The 20 family:
All six of these organizations have been members of The 20’s growth platform for quite some time, leveraging our MSP blueprint to achieve consistent growth and success across a variety of industry verticals. Adding their talented teams, resources, and growing client bases will give The 20 a tremendous boost, deepen our national footprint, and elevate our services.
One Team. One Dream. One Brand.
Our mission here at The 20 MSP is simple: we want to build the first and best premium national MSP platform. And doing that means remaining on a trajectory of rapid growth. M&A will play a large role in our growth strategy, but we’re committed to partnering only with companies that share our values and organizational culture. Successful M&A deals require more than basic operational compatibility; they require a shared vision.
What makes these acquisitions so exciting and promising is the fact that we’ve worked closely with all six of these MSPs, and know that they’re people-first companies, just like us. We’re on the same page, and now, we’re on the same team.
Your IT Group, INGRAIN IT, Peterson Technology Group, Monroy IT Services, Network Management Solutions, and Cirrus Technologies, Inc. all boast a proven track record of client satisfaction, and have experienced steady growth over the past several years. We’re excited to join forces with such exemplary managed service providers, and are confident that this is a win for everyone involved — especially our collective client base, who can expect great things in the coming months. We’re talking more advanced services and higher-value offerings. Our team hasn’t just gotten bigger; it’s gotten smarter and faster, too.
Pinecrest Capital Partners served as the exclusive financial advisor to The 20 on the acquisitions and associated financing.
The 20 MSP has more acquisitions lined up in the coming months. “The plan is to continue aggressively expanding our nationwide footprint through a combination of organic growth and acquisitions,” said our CEO, Tim Conkle. “This is just the beginning.”
About The 20 MSP
The 20 MSP has been helping businesses succeed through better technology since 1986.
As a leading provider of managed IT services, The 20 MSP serves hundreds of businesses nationwide, providing each one with white glove service, secure and streamlined IT infrastructure, and 24/7/365 support. We believe in building lasting relationships with clients founded on trust, communication, and the delivery of high-value services for a fair and predictable price. Our clients’ success is our success, and we are committed to helping each and every organization we serve leverage technology to secure a competitive advantage and achieve new growth. To learn more, visit https://www.the20msp.com/
About The 20 MSP Group
The 20 is an exclusive business development group for Managed Service Providers (MSP) aimed at dominating and revolutionizing the IT industry with its standardized all-in-one approach. The 20’s robust RMM, PSA, and documentation platform ensures superior service for its MSPs’ clients utilizing their completely US-based Help Desk and Network Operations Center. Extending beyond proven tools and processes, The 20 touts a proven sales model, a community of industry-leaders, and ultimate scalability.
This blog post is for small business owners contemplating a simple question: Does my small business need an enterprise-grade router? A simple question deserves a simple answer, so that’s what you’ll get here — not an avalanche of terminology, just solid, actionable advice.
But first, a brief overview is in order. Let’s talk about what a router even is — in plain English — and go over two broad categories of routers: home routers and enterprise-grade routers.
What Even IS a Router?
A router, simply put, is a little computer — physical or virtual — that allows multiple devices in a single network to ‘talk to’ each other and to the internet. A router directs, or ‘routes,’ packets of information within the network, so that the information ends up at the right place. For instance, if you want to print something at your small business, your router makes sure the information gets sent to the printer.
In short, routers coordinate where data flows within a network — between devices, to and from the internet. If you’re a business owner, you can think of your router as the hub of your organization’s entire IT infrastructure.
Home Routers vs. Enterprise-Grade Routers
There are various types of routers, and it’s easy to get lost in the dizzying number of features and functions that distinguish them from one another, but routers can be divided into two general categories: home routers (a.k.a. “consumer-grade routers”) and enterprise-grade routers (a.k.a. “business routers,” “business-class routers,” or “commercial routers”).
Home routers and business routers serve the same basic function — routing traffic within a network — but there are important differences between the two.
The overarching difference is — you guessed it — home routers are designed primarily for use in the home, while business routers are designed primarily to be used by businesses.
But this doesn’t tell us very much. So, let’s dig into what actually separates the two types of routers, with an eye to answering the simple question: Which one should you be using at your small to medium-sized business (SMB)?
Home Routers vs Business Routers: Breaking Down the Differences
Cost
Business routers are much more sophisticated, secure, and reliable than home routers, and for this reason, they cost more. A typical business router runs from $500 to several thousand dollars, while home routers generally cost less than $100. For this reason, a lot of SMB owners go with the latter, thinking it’s a frugal decision that will save their business money.
But the truth is, business routers are only more expensive initially; over time, a business router will likely save your business money — and lots of it! By the end of this blog post, it should be clear why.
Security
The superior security that enterprise-grade routers offer businesses is, by itself, a good reason NOT to use a home router at your organization. Cybercrime is rampant in this day and age, and contrary to widespread belief, it’s not just large corporations that get hit by cyberattacks. In fact, hackers are increasingly targeting smaller companies because they know ‘the little guy’ tends to lack robust security.
If you’re skeptical, here are some stats to help you wake up and smell the danger:
61% of SMBs have reported at least one cyberattack over the past year
If more business owners knew just how common cyberattacks have become, we’d surely see a greater level of investment in cybersecurity. But, shockingly, 43% of SMBs don’t have any kind of cybersecurity plan in place.
Simply put, if you’re a small business owner and security is a priority — which it should be — it’s more than sensible to go with a business router over a home router; it’s essential. Most home routers now come with a basic firewall, but the problem is, it takes a lot more than that to fend off the incredibly sophisticated cyberattacks hackers deploy these days.
For example, ZuoRAT is a next generation threat which targets SOHO (Small Office/Home Office) routers. It spies on you and your network, allows threats to become persistent, and can cost your business with downtime or further compromise.
Support
Routers, like any hardware, need to be maintained, updated, patched, etc. If your business uses a consumer-grade router, this can quickly become a huge hassle. Patching a home router can be difficult and time-consuming — especially when you throw compliance into the mix — and in many cases, it’s downright impossible. In a lot of cases, ‘patching’ or ‘updating’ a home router means throwing it away and purchasing a newer model.
Home routers do a lot with very little, but there’s a new model every year. And while enterprise equipment has an expected lifespan, consumer-grade isn’t necessarily promised a single update, and manufacturers can lack the resources to fix a nasty bug. Moreover, consumer-grade routers cut corners for components like flash storage or RAM, limiting their flexibility. They also use a patchwork of disparate software, which creates difficulties around maintenance. And, with built-in obsolescence, vendors can’t always keep home routers up-to-date, even if they wish to do so.
Bottom line — when you purchase a business router, your contract with the vendor will ensure a level of support that you simply can’t get for a home router.
Quality & Features
When it comes to quality, the difference between home and business routers tends to be vast. Your typical home router requires regular rebooting, which means one thing for your business: DOWNTIME! How costly is downtime? Let’s just say the upfront cost of purchasing a business router looks like pocket change compared to the cost of severe downtime. Check out this blog post to learn more.
In short, an enterprise-grade router is designed to last multiple years, even a whole decade or more, while home routers are designed to be thrown away after a year or two.
And when it comes to features, business routers blow home routers out of the water. Take, for instance, a VPN (virtual private network). In this age of remote work, VPNs are essential to ensuring that remote workers can access your organization’s network safely and securely. And, although most home routers boast some kind of VPN, a business router will give you a built-in VPN that is significantly more effective (i.e., secure and reliable). If some of your workforce is remote, a powerful VPN isn’t a luxury, but a necessity.
Scalability
If you want to grow your business, you’ll want a router that scales easily to support more devices, users, data, etc. In other words, you’ll want an enterprise-grade router. Business routers, unlike home routers, scale easily as your business grows.
Business-class hardware is made to connect far more systems in far more intricate ways than virtually any consumer-grade router. You can plug a 24-port switch (or more than one) into nearly any business router, which would bring a home router to a grinding halt — or crash it entirely.
And hardware is just part of the equation. Software is different between the standard consumer-grade router and an enterprise device. A consumer-grade router may allow certain features, but they don’t always play well together. The difference is between a device that may do something and one that will do something.
Summing Up
A business-class router is appropriately named, as it is suitable for use by businesses. Opting for a home router to save money in the short-term is likely to come back and bite you, as home routers simply aren’t equipped to evolve with technological change, defend against sophisticated cyberattacks, or scale with your business.
Spending a little more on an enterprise-grade router now is almost guaranteed to save you money in a long run. Indeed, when you zoom out and consider the overall benefits of a business router, it’s clear that purchasing one for your SMB isn’t so much a cost as it is a wise investment that can ‘future-proof’ your growing organization.
Picking the right router for your small business is an important decision, but wading through the plethora of options can be stressful and confusing. Working with a managed service provider (MSP) is a great way to ensure that not only your router, but your entire IT infrastructure, is optimized for your business’s specific needs and goals. Remember, business is better when IT runs smoothly!
In this digital age, your company’s website is a crucial part of your business. You want it to look professional, as well as be easily navigable and highly engaging. But you don’t just want a website that looks nice and has an intuitive user interface (UI) — you also want a website that’s secure.
Website security, despite being a vital part of your overall cybersecurity posture, is far too often overlooked by small and medium-sized business (SMB) owners. As with many aspects of cybersecurity, there is an enduring belief that hackers don’t come after ‘the little guy.’ And so, SMB owners put ‘improve website security’ at the bottom of their to-do lists, thinking it can wait.
But the truth is, the ‘we’re too small’ justification for neglecting website security is paper thin; we’re seeing threat actors target smaller companies more and more. A recent study revealed that 61% of SMBs have experienced a cyberattack over the past year. Cyberattacks on SMBs aren’t rare, they’re rampant, and beefing up your website’s security isn’t preparing for a possibility, but bracing for an inevitability.
So, let’s talk about website security. Here are our Top 5 Website Security Tips for Small Business Owners …
Tip #1: Practice Good Password Hygiene
Your company’s passwords are a critical line of defense against cyberattacks. Unfortunately, poor ‘password hygiene’ is practically an epidemic, even in this dangerous digital era. The UK’s National Cyber Security Centre recently discovered that over 23 million user accounts worldwide still use the password “123456”! Statistics like this make IT experts cringe, because weak passwords make your business a sitting duck for threat actors.
Bottom line, get serious about practicing good password hygiene at your business. Set up password complexity requirements on your company’s website(s), train your staff on what makes a strong password, enlist a password manager so employees don’t have to rely on memory or sticky notes, and bolster your passwords with multi-factor authentication (MFA). Doing these things might seem like a hassle, but the inconvenience pales in comparison to the devastating effects of a serious data breach.
Tip #2: Make the Move from HTTP to HTTPS
The difference between “HTTP” and “HTTPS” might be just one letter, but what a difference that one letter makes! But what are these acronyms?
Well, any website you visit will begin with either “HTTP’ or “HTTPS.” “HTTP” stands for “Hypertext Transfer Protocol,” and the “S” stands for “Secure.” A website that begins with “HTTPS” will also display a padlock symbol in the address bar to the left of the URL. But what’s the difference?
An HTTPS site is vastly more secure than an HTTP site because it enlists an SSL (Secure Sockets Layer) certificate to create an encrypted connection between the server and the browser. In plain English: the
data that flows to and from an HTTPS site — credit card information, passwords, etc. — is scrambled, so even if a hacker manages to intercept it, it will be unintelligible — i.e., pure nonsense.
Having an HTTPS site is utterly essential if you accept sensitive information through your website, but even if you don’t, it’s still a good idea to enlist an SSL certificate for that added layer of protection against malware, viruses, and the like. Moreover, HTTPS sites receive an SEO bump from Google, which makes the adoption of HTTPS even more of a no-brainer.
So, if you haven’t already, make the move from HTTP to HTTPS — and get in the habit of avoiding websites that don’t display the reassuring padlock. Here’s a good article outlining the steps required to make the switch.
Tip #3: Keep Up with Updates
Creating a website for your small business has never been easier. Content management systems like WordPress, Joomla, and Drupal simplify the process so that even the least tech-savvy business owners can create a website with relative ease.
But as easy as it is to make your company website, you can’t just create your website and then expect it to take care of itself. Like any piece of property, your patch of digital land requires maintenance. More to the point, you have to keep up with software and plugin update requests.
Now, these might seem like a hassle, and you might not think it’s a big deal if your organization operates without the latest WordPress update for a day or day — or a whole week even. After all, you’ve ignored cell phone updates before and it’s not like your whole life came crashing down …
Stop right there! Updates are not optional enhancements; they’re necessary adaptations to an ever-evolving threat landscape. And if you’re casual about updates, you’re putting your entire organization at risk. So keep up with updates, and work with your IT provider to streamline and automate updates as much as possible, or you can expect to join the 30,000 websites hacked each day!
Tip #4: Backup, Backup, and Backup Some More!
Like updates, data backup is a security fundamental business owners can’t afford to neglect. No matter how careful you are, things happen — cyberattacks, natural disasters, simple employee errors — and data gets lost. But when the data you lose is backed up — i.e., when there’s a copy of it — it’s not truly lost. You swap in the copy and you’re back on your feet.
Of course, things are more complicated than that. If hackers get their hands on your customers’ credit card info, it won’t matter much that the data is backed up. That said, data backup does protect businesses from numerous cyber risks, and is a critical component of a sound disaster recovery plan.
But how often should you be backing up your data? Does your backup need a backup? Is it important to have a backup offsite? Can the cloud provide a sensible backup solution for small businesses? To answer these in order — it depends on the nature of your business (and your RTO/RPO), most likely it does, yes, and yes.
Creating the ideal backup strategy for your business isn’t something you should undertake on your own. Work with in-house IT staff or your IT provider/managed service provider to come up with a backup solution that fits your business’s needs and automates as much as possible.
Tip #5: Train Your Staff
The importance of employee training cannot be overstated. Your people are your most valuable asset — this isn’t just true as a general adage, but as a principle of cybersecurity! If there is one thing any business can do to immediately bolster its website security, it’s implement regular staff training. An informed workforce is an empowered one, and considering that 82% of data breaches in 2021 involved human error, it’s safe to say that businesses across the board aren’t investing enough time and resources in employee cyber risk training.
Don’t be afraid to get creative and inject some fun into your staff training. Cybersecurity is a deadly serious topic, but that doesn’t mean cyber training has to be dull and dry or all ‘doom and gloom.’ Try ‘gamifying’ some of the training. Serve cake at in-person training sessions. Send out fake phishing emails and reward employees who spot them and report them according to company protocol.
Whatever training regimen you come up with, stick with it. Cyber risk training should be ongoing and regular. And if part of your workforce is remote, make sure to train them on the cyber risks associated with working-from-home (WFH) before you let them leave the office. Remember, cybercrime has skyrocketed since the start of the COVID-19 pandemic, largely due to the rise in remote work. So don’t let your commitment to cybersecurity end at the walls of your physical office.
Final Thoughts
Protecting your growing business means protecting its website. And while following the above five tips won’t guarantee your website’s total security — sadly, no such guarantees exist — they will go a long way toward protecting your organizational and customer data, and keeping hackers off your digital land.
Don’t let website security and other IT issues overwhelm you! If you’re struggling to stay on top of IT at your business, reach out to a trusted MSP in your area for help. A good MSP will take care of your website — and your entire IT infrastructure — for a single predictable monthly fee.
Top 10 Reasons You Don’t Want to Miss VISION ’22!
VISION isn’t ‘just another IT conference,’ because you’re not trying to grow ‘just another MSP.’
VISION ’22 is only three months away! The 20 warmly invite MSPs of all sizes to join us in Dallas, TX for the premier MSP event of the year. Learn results-driven growth strategies from industry experts, get inspired by an out-of-this-world speaker lineup, and connect with the most welcoming, dynamic, and fun community in the managed services world.
This sh*t is awesome! But don’t take our word for it. Check out this testimonial.
If you’re in the MSP game and are determined to not be ‘just another MSP’, don’t go to ‘just another IT conference’ — come to VISION and learn to be GREAT.
And if you’re still on the fence about attending VISION this year, The 20’s Crystal McFerran and Alexis Williams are here to give you a nudge with the Top 10 Reasons You Don’t Wanna Miss VISION ’22 …
Reason #1 – The Main Stage Speakers
What do an Emmy Award winning reporter, a retired Navy SEAL Lieutenant, and the author of the best-selling The Pursuit of Happyness have in common?
They’re all going to bring down the house on the main stage at VISION ’22!
Reason #2 — The Venue
This year’s conference takes place at the beautiful Omni Frisco Hotel at The Star, a huge entertainment district surrounding the Dallas Cowboys World headquarters and 12,000 seat Ford Center.
Reason #3 — Community
Connecting with other MSP owners who face similar struggles and challenges is what VISION is all about. So don’t go it alone — come to VISION instead!
Reason #4 — Our Sponsors
We have a full slate of industry-leading vendors, including Gradient, MSP360, Huntress, and more! Come to VISION and connect with the companies driving change in the MSP space.
Reason #5 — Exclusive Content
MSPs that want to thrive over the next several years need to be ready for what’s coming. At VISION, we’re going to talk about practical steps your MSP can take right now to position itself for success.
Reason #6 — VISION Party!
Is it really as fun as people say?
Join us at Concrete Cowboy on the night of October 6th and find out for yourself!
Reason #7 — The 20
We approach MSP growth a little differently here at The 20. Spending 2 days with us at VISION is a great way to see what we’re all about, and how we’re changing the MSP game.
Reason #8 — Breakout Sessions
We have a bevy of breakout sessions planned for VISION ’22, covering technical training, sales, and everything in between. Come make a business breakthrough with the right breakout.
Reason #9 — GROWTH!
It’s an exciting time to be an MSP. Demand for managed services is at an all-time high, and at VISION ’22, you’ll learn how to make sure your MSP captures its fair share of the expanding market.
Reason #10 — The Dallas Cowboys
You don’t have to be a fan of ‘America’s Team’ to hang out with the Dallas Cowboys cheerleaders at this year’s welcome reception.
The core tenet of zero trust architecture can be summed up as: never trust, always verify. Traditional security approaches treat a site as a fortress against the outside versus one which accepts it may be breached from inside. Your security plan should treat breaches as an inevitability rather than a possibility, and focus on the response rather than only prevention. Zero trust architecture grants better security, bottlenecks (or even stops) successful attacks, and can improve overall business functionality.
It works so well because it’s not a specific technology, it’s a strategy. Zero trust is technology agnostic (past a certain requisite level of minimum functionality). The hard part is building the policy and then maintaining it. To do so, you need to understand what you’re doing and why at every level.
Never Trust, Always Verify
Security has changed (see here on how to future-proof your MSP). We live in a post-security landscape where you have to accept security incidences as a cost of doing business rather than something you can always prevent. Total security is impossible, but you can mitigate its damage. Never trust a source even if it should be legitimate.
Many modern security problems come from an overabundance of trust inside one’s own network. What makes your job easy can make a threat actor’s job easier too.
Flat networks allow anything to talk to anything else on a given network. The flatter your network, the less work it takes to maintain but the more easily a security incident could spread. A ransomware event on the secretary’s computer probably doesn’t matter, but what about when it spreads across the network? A flat network is a plain of dry grass for the coming wildfire.
The topography of your network can matter as much as which EDR (or XDR) you use, what firewall you have, or even what email provider you use depending on the industry and required compliance. Things have just gotten more complex with the uptick in cloud services and work from home.
The situation is just going to continue getting more complicated. Each new exploit raises the bar in the arms race for security. The era of BYOD (Bring Your Own Device) and now WFH (Work From Home) have just made the need all the more obvious for zero trust architecture. Any device could be legitimate, but it can also become a threat with the right threat actors. Never trust, always verify.
BYOD and WFH
From a security standpoint, the worst thing your company can do is allow people to bring their own devices. From a social or morale perspective, the worst thing your company can do is forbid those devices (without a good reason). The cat’s out of the bag for employee devices in the workplace. You can try to implement restrictions, but it’s easier to just embrace the security implications of BYOD (and WFH).
The problem with BYOD isn’t the fact people bring their devices – it’s the lack of control over them. BYOD isn’t (typically) dangerous because of internal hackers (they may exist, but they’re rare for most businesses), it’s dangerous because the devices themselves may be compromised by the time they connect to the company WiFi or network.
WFH has the same problems, but exacerbated by the fact that you can’t control the network their device (which may not be in your purview) is on, you need a way in for their connection, and multiple services are stitched together to make this all transparent for the employee. You have the worst from BYOD, but all the way up to their connection.
How much can you trust a remote user (outside of what they need)? How much can you trust that same user knowing they might be on an unencrypted, public network? They aren’t malicious, but their network or environment is questionable at best (for most positions).
How do you strike a balance without making the security requirements onerous? You have to assume that something attached to your network is as much a way in as it is a way out for data and/or threats. Zero trust architecture changes this from a matter of who to trust to acknowledging that trust (from a security standpoint) is purely condition.
What It Means for Security
Zero trust architecture is a philosophy for security rather than a specific set of techniques. The implementation is generic at best, but follows an abstract, iterative process. You aren’t following a guide for how to do something – you’re looking at what general goals each security change should have.
Zero trust architecture distills the concept of not trusting everything (or anything) on your network to something memorable and applicable. You need to understand what attack surfaces exist which you can turn into protect surfaces. Each asset on your network performs a specific function – if it doesn’t, why is it there? The next step is to divide a network into spaces where there needs to be some form of trust, and a way to connect each microperimeter. From there, you establish an actual implementation enforcing what needs to happen as a zero trust policy (that is, put the previous findings into a sane policy) and maintain it.
There’s a lot of auditing and understanding the network setup involved for implementing zero trust architecture. You need to understand more than just what comes in and goes out of the network – you need to understand what goes on inside your network to make the business work. What ports need to be available to what networks? How do you isolate devices without choking the business?
Implementing zero trust architecture is an iterative process. Identify, survey, delineate, and then codify and maintain. These steps are effective in almost any process, but they have specific meaning for zero trust architecture. You need to establish your boundaries, then you need to figure out what happens in your purview, then you need to split up regions for sane security. Done right, this is the basis of a policy you can implement and maintain.
Identify the Protect Surface
Your protect surface is the opposite of your attack surface. Any way into your network is also a way in for potential threat actors.
Every unprotected device is a ticking time bomb if not managed properly. Every unknown device is an unknown threat. What do you need to protect overall and what do you need to protect for the business to function? It’s one thing to lose a couple rarely used PCs, it’s another when your core application server or production database gets hit. There are levels in between as well where sometimes the trade-off in security impact is worth the loss in flexibility or convenience to keep a business running.
You need to see what is an attack surface from the outside, but also, what can be used as such internally? A file share which your business depends on is essential, but it also needs some level of trust between multiple types of access. Done right, a compromised machine can only ruin data for a single department or in limited areas. Done (more) right, you have a backup to restore from because this is essential to your business.
Map the Traffic Flow
Every asset you have can create a hole in your security setup. A device needs to have a purpose where it is or else it can become a liability. A dumb, networked printer may make sense in one area, but should it have access to internal networks? It probably won’t matter (hacking is a numbers game for most basic intrusions), but it doesn’t add value at the expense of a potential risk. Each way in can be a liability, so make sure you know what has access to where and why.
This is basically creating a network map with dependencies. If a user needs access to a specific application, and a specific file share, how do they get there on the network? If it’s necessary, you probably can’t wall them off from both, but you can wall them off from other assets, ports, applications, etc. that may exist in the same microperimeter (see below) they need access to.
Define the Zero Trust Microperimeters
Divide the networks into regions which can have a sane policy. A microperimeter is effectively a subsection of your network which is secured as if each other portion is potentially hostile. This means that you are creating the equivalent of smaller LANs (like old school subnetting) but for smaller units using smarter technology for network flow (i.e. not going crazy from maintaining a traditional, paranoid subnet).
If an RDS requires a file share, they’ll probably end up in the same microperimeter, or at least have some path between them. You want assets which depend on each other to have some level of trust between them to prevent security from overwhelming functionality. Unless you’re in a high security environment, it isn’t typically acceptable to make a user jump between jump boxes to do basic computing tasks. You need to define the perimeters in the network based on both security and functionality.
Create a Zero Trust Policy
Once you know what goes together, why it goes together, and how it all goes together, you can begin creating an actual zero trust policy. Does your secretary’s machine need access to the DC? Almost definitely, but does it need access to a privileged engineering share? Probably not. Define your policy on real usage from what you measured before. We define our microperimeters based on our network mapping and what our protect surface is. A good zero trust policy is just enforcing what a network needs to function without allowing arbitrary access.
Zero trust architecture is a process and not a specific technique. How you implement depends on what you have available. A layer 7 firewall might be more efficient for making the separations less painful, but a standard layer 3 setup is good enough for most policies. The point is to separate out assets and prevent implied trust between each computing unit or microperimeter. We can always go back and change out the technology as things improve, but the general process behind creating a zero trust policy is always virtually the same, never trust, always verify.
It’s one thing to let an application server inherently trust its own database server, and another to let a random cloud service have wholesale access to your network. Base your policy on use and the minimum of what is needed to function combined with what the risk is for a given compromise. A minor compromise at a Department of Defense contractor is more impactful than the same level compromise at a franchised fast food restaurant.
Iteratively Maintain the Zero Trust Policy
Once a policy is set, it needs to be maintained. Zero trust is an iterative process. You assess the network and the resources available and you define policy based on what needs access to what and why. Business needs or technical changes can impact the previous policy and make it inefficient. You establish zero trust architecture once, but you never stop iterating over it.
Make auditing and refining your policy something which is ongoing. Small changes are easier than massive overhauls. Quarterly (or ideally more frequently) audit your resources and your network. What talks to what and why? This question is something you need to be able to answer about every line of communication internally, if not, things are falling through the cracks.
You need to keep looking for new holes and new weaknesses. What constitutes a “response” will vary depending on what you need to respond to. All that matters is that you make your policy congruent with the reality of security.
Going Forward
Zero trust architecture isn’t anything new, but the term does nicely package up concepts which have existed in security for ages. Research facilities and more secure government entities have used similar techniques, going so far as air-gapping and similar to achieve much higher stake “microperimeters”. Modern technology has made the principle easier to perform without having to make as large scale infrastructure changes and without the same headache of managing it. A modern firewall can split a network on par with air-gapping or separate networks (for most civilian purposes).
Flat networks are easy to maintain, but risky, while heavily subnetted and otherwise schismed networks are much more secure at the cost of functionality. You need to create the right balance so that your users get the best of both (where possible). Even if you can’t implement a full zero trust policy, preparing one can have its own benefits to shoring up security or even performance issues.
The very process of building a zero trust policy involves auditing the network, understanding what goes where and why, and trying to do something about the flow to prevent potentials roads of ingress and egress. Breaching a computer can breach your whole network and bring down your business, or it can inconvenience a user for an afternoon. It all boils down to how much trust each asset requires at a bare minimum to function at a business and reducing your attack surface around these requirements. Never trust, always verify.
Meet Zane Vakser, Member Success Manager!
Zane Vakser quickly became a tremendous asset to the entire team at The 20. Read below to find out more about Zane.
What do you do here at The 20?
I recently transitioned from a Support Desk Technician to a Member Success Manager.
Describe The 20 in three words…
Ambitious, Accommodating, Adept
As a kid, what did you want to be when you grew up?
A race car driver, which is ironic because I am a terrible “regular car” driver.
What’s the most challenging thing about your job?
Anything with printers – I hate printers.
What do you consider your greatest achievement?
Any of the times I have actually fixed a broken printer.
What do you think is the most important quality necessary for success?
Be willing to adapt, and approach every change with an open mind.
What do you like most about The 20?
The people I work with and the welcoming work culture they facilitate.
What do you like to do in your spare time? / What are your hobbies?
I’m really into music, whether that’s listening, writing or playing. I spend most of my time playing drums.
Where are you going on your next vacation?
No vacation spot can beat the comfort of my bed, so either that or NYC.
What is your top life hack?
Microsoft will pay you to use Bing instead of Google. It’s not my favorite but free money is free money!
Last week at Channel All-Stars, The 20’s CEO Tim Conkle participated in a panel discussion on ‘Strategies to Power MSP Growth.’ Here’s a recap of the stimulating conversation, just in case you missed the event!
It’s been one week since Channel All-Stars, a large virtual MSP event hosted by Channel Program. Our own Tim Conkle (CEO at The 20) spoke at the event, participating in a panel discussion on “Strategies to Power MSP Growth.”
Channel veteran, Kris Blackmon (Chief Channel Officer at JS Group), served as moderator, and joining Tim on the panel were Joe Alapat (Founder & CEO at Liongard) and Steve Petryschuk (Product Strategy Director at Auvik).
When you get such prominent and insightful industry voices in one room, the ensuing conversation is bound to be illuminating — and a lot of fun! Needless to say, this panel didn’t disappoint.
In fact, it was packed with so many actionable insights for growth-minded MSPs, we’d be remiss not to share some of the discussion highlights with our MSP community and blog readership. So just in case you missed the All-Stars event — or if you simply want to revisit some of the awesome content — here’s a recap of the discussion between Kris, Joe, Steve and Tim …
Cha-Change = $Cha-Ching!
It’s no secret that the managed IT services industry is growing and maturing — but not all MSPs are developing at an equal rate. In broad strokes, there are those MSPs capitalizing on market trends and fresh opportunities — the “leaders” — and then there are the MSPs eking out what little growth they do manage to achieve, and struggling to remain competitive — the “laggers.”
So, what separates the leaders from the laggers in the MSP space?
This question kicked off Wednesday’s panel discussion, and a consensus quickly arose among the three panel members: being successful as an MSPs means learning to embrace change.
The MSP world is constantly changing, and lately, at breakneck speed. As technology evolves, so too do customer expectations. Keeping pace with all of this change — and staying competitive — means stepping outside of your comfort zone. It means trying new things, discarding old methods, and innovating and automating at every turn.
As CEO at The 20, Tim has had the opportunity to guide hundreds of MSPs on their respective growth journeys. What has all of that experience taught him? Without hesitation, Tim shared that the “number one difference between MSPs in The 20 that actually knock it out of the park and those that don’t” is that the former are willing to change.
Getting Specific: How & What to Change
What should MSPs be looking to change exactly? The panel turned its attention next to specific areas that MSPs should be looking to evolve to win new business and sustain growth in the coming years.
Make Marketing Matter
The panel agreed that one area MSPs continue to overlook — although many are coming around, and doing so quickly — is marketing. It’s been said many times, but it bears repeating: MSPs need to take marketing seriously.
We’re talking about a fundamental shift in mindset here. Getting serious about marketing doesn’t mean doing one or two things and then sitting back, expecting the leads to come rolling in. It means committing to marketing as a core engine for growth, and sticking with it.
Preferring Recurring
The panelists also discussed the importance of recurring revenue. Long-term, steady growth comes from recurring revenue, not projects. A lot of MSP owners don’t fully embrace this truth — or they do, but don’t always make decisions from an ‘MRR-first’ perspective.
As an MSP owner, you should be looking to boost recurring revenue and wean off project work, but don’t expect to make this transition overnight. It takes time, effort, and a sound strategy.
It also takes saying ‘no.’ In the early days of growth, MSPs can easily fall into the “all revenue is good revenue” mindset — and with good reason. But as Joe reminded us on Wednesday, “never saying ‘no’ to a customer can get you in trouble.”
Saying ‘yes’ to every MRR opportunity can also get you in trouble. Just as not all revenue is good revenue, not all MRR is good MRR. A lot of MSP owners chase MRR at all costs, which ends up diluting their focus and spreading resources too thin. Look to boost MRR, but do so with an overarching gameplan. To quote Joe, you have to be intentional.
Learn to Let Go!
A lot of MSP owners start out filling every role at their business. And when you’re just starting out, you can be a one-person band; it will work … until it doesn’t. At a certain point, you have to give up some control, and let other people manage parts of your growing business.
Some MSP owners are slow to accept this. They get stuck in the mode of trying to do everything themselves — sales, employee training, engineering, marketing — even when it becomes stressful or downright unmanageable.
But it’s like Steve said during Wednesday’s panel, “taking your business to the next level rakes a different skill set.” In other words, you need the right people. This holds true whether you’re trying to make the jump to $500k, $1M, or $10M ARR. Surrounding yourself with the right team is paramount to sustained entrepreneurial success.
Steve encourages MSP owners to figure out their own roles first. Pick a hat, and wear it. Once you know what your role is, you can start building an elite team of people with skills that complement your own.
Keep Your Eyes on KPIs
The panel turned to an important topic next: metrics. Your MSP should be using a variety of metrics to keep track of performance levels, instill a culture of continuous improvement, and identify problem areas. And most likely you already are. But Kris posed an important question to panelists that really got the conversation going: which critical metrics do MSPs commonly miss?
Tim responded with a hard truth: MSPs miss a lot of them. He elaborated that MSPs tend to be great at tracking day-to-day service, but when it comes to the financial side of things, they’re often “missing the whole box.”
You want to get granular with your metrics. What are your most profitable contracts? Which clients are actually costing you money? If you look at elite MSPs, they track profitability at the level of individual contracts/clients. Do the same.
And when a client is costing you money, you have to decide: can this be fixed? If the answer’s ‘no,’ you’ve got to let them go. KPIs and other metrics need to give you data to make hard decisions, or else it will be left to emotion, a point Tim emphasized to the panel.
Not all KPIs are created equal, and it’s important to choose the right KPIs for your MSP. Steve shared an important point with the panel on the topic of selecting metrics: you want to strike a balance between leading and lagging indicators. Lagging indicators shine a light on past performance, and are certainly important — you want to know how your MSP has been doing, and where it’s at.
But you also want data that is forward-looking: leading indicators that give you some insight into the future, and the direction your MSP is heading. Metrics such as Net Promoter Score and CSAT Score are examples of leading indicators that can help you predict churn and retention, and even avoid negative outcomes — when you know a client relationship is suffering, you can take action to improve the situation.
Summing up the panel’s rich discussion of KPIs: get granular, focus on profitability, and look to the future as well as the past.
Nail Scale
A panel on MSP growth strategies wouldn’t be complete without some talk of scalability. If you’re serious about growing your MSP, you have to make scalability a priority. What works with just a handful of clients won’t work with a large client base. At a certain point, your processes — if they’re not streamlined, efficient, and replicable — will break down.
Joe shared a great way to think about scalability: think about turning as many of your MSP’s processes as possible into “managed workflows,” which Joe defined as something that “just runs.” He compared managed workflows to cattle, as opposed to pets, in that they can be easily managed en masse — a terrific metaphor that really captures the essence of scalability!
Final Thoughts
Channel All-Stars was an incredible event with an electrifying special guest in Gary Vaynerchuk, and a stellar lineup of keynotes and panelists. The event truly was a “celebration of the energy that powers growth,” and a reminder that a big source of that energy is community. When we get together and lift each other up, not only do our individual businesses benefit, but also, the IT industry as a whole.
Speaking of getting together — have you registered for The 20’s annual VISION conference yet? VISION ’22 is going to be a blast, with exclusive content for growth-minded MSPs, a fantastic speaker lineup including an incredible keynote (soon to be announced), networking opportunities galore, and the MSP party of the year. It all takes place at the beautiful Omni Frisco Hotel at The Star, home of the Dallas Cowboys World Headquarters.
Follow this link to register for VISION ’22 today!
