Richard Tubb's Blog, page 15

We’re living in an exciting time for growing and developing a Managed Service Provider (MSP) business. But what about MSP recruitment?

The shackles of traditional one-team, one-focus MSP recruitment seem to be pulling away, with many MSPs and IT business owners instead deciding to look at more flexible, sustainable workforce planning.

But what’s driving this? Across all aspects of MSP operations, there seems to be a significant change in gear towards a more efficient way of hiring, training, and managing personnel.

In fact, you may well have read a few of our articles and listened to Richard talk about MSP recruitment trends and challenges.

In this article, I’ll be looking at what’s driving MSPs away from traditional hiring routes, and considering popular ‘new’ options such as:

OutsourcingAI and automationStrategic alliancesUpskilling

So, without further ado, let’s address the elephant in the room – the recruitment shortage.

Are Business Owners Really Facing an MSP Recruitment Shortage? 

Given that MSPs wear lots of different hats and provide many different services to their clients, it’s reasonable to expect some recruitment fluctuation. After all, the world has seen one of the most tumultuous half-decades in recent history – for reasons I’ll cover shortly.

Several experts in the MSP space believe that finding and hiring the right people has become more and more complex, at least through traditional routes. Islam Soliman for IT Europa refers to MSP representatives growing concerned that there are lots of people who are certified, but not enough people who are experienced in specific areas.

It’s not that there’s a shortage of people to hire for MSPs – it’s that it’s getting harder to find the right talent. For example, an MSP could traditionally head-hunt a qualified networking engineer, take them to interview, and find they have zero real-world experience. That’s an exceptional amount of time and money wasted.

Therefore, it’s no wonder that MSPs are growing frustrated with traditional recruitment and are instead thinking about more flexible options. 

There are a few more reasons, beyond increasing skills gaps, why traditional hiring just isn’t cutting it for MSPs in 2024.

These include:The tools that engineers and specialists need for roles within MSPs are always evolving, and in some cases, are becoming more complex. That means the selection of specialists with skills in these tools is potentially shrinking.At the same time, many tools that specialists have trained themselves in are becoming obsolete thanks to the rise of automation and AI (artificial intelligence). Therefore, talented people who might previously have been adept hires now need to completely retrain and repivot.We also need to consider the COVID-19 remote working revolution. Many specialists now hold several cards when it comes to location preferences. Some may only want to work from home, when some MSPs only have the facility to employ people in-house.In line with cost of living challenges and inflation over the past few years, employees and job applicants have (quite reasonably in many cases) increased their salary expectations. Some MSPs simply can’t afford to meet these demands, and have looked into alternative, cheaper hiring methods. More on those below.Finally, many vacancies are simply going unfilled. This is happening worldwide, and across many different industries. Reasons for this include employee disenchantment during the pandemic, salary concerns, and, again, skills gaps.

Altogether, we’re looking at a series of worrying challenges that have built up into a messy recruitment headaches for traditional MSPs. And yet, these aren’t the only reasons why business operators are leaning away from old-school hiring and training practices.

What Else Might be Pushing People into Alternative MSP Recruitment Solutions?

For one, it’s all about the bottom line. Around three in ten companies outsource their IT operations to save money (more on outsourcing as a viable recruitment option later). That’s referring to business owners leaning into MSPs, in the main – but we can apply the same argument to how MSPs are hiring their own experts, too.

Everyone’s out to save money as well as make it – and in a fluctuating global economy, one can hardly blame MSPs for wanting to trim away financial fat and any time wasted hunting down bad hires.

Speaking of hiring, let’s focus on those headaches. MSPs are facing an unprecedented level of competition as we approach the middle of the decade. In fact, around 30% of MSP owners cite rising competition as their main challenge.

Given that competition is fierce and that the space is growing smaller, MSPs are under greater pressure than ever before to hire the right people as soon as possible. As we can see, relying on the same tired recruitment processes is likely keeping these firms back from growing and making progress.

And yet, there’s more!

Bad hires are just one concern for MSPs during recruitment. There’s also the matter of time-to-hire. With competition building and technology advancing rapidly, firms need to onboard talented people quicker than ever before – but that also means doing so without accidentally hiring the wrong people!

The average time to hire across industries right now is around 44 days. That’s per person – and that number is increasing year-on-year.

On average, MSPs can expect to interview around six people for every role they hire for. Keep in mind, that’s a global average – and while it might not seem like a huge number, it’s still a lot of administration and decision-making. And, that’s six people whittled down after weeks of decision-making.

This all paints a pretty clear picture of why MSPs are growing disenchanted with traditional recruitment funnels. Is it any wonder, therefore, why business owners are leaping into alternative, more sustainable ways to recruit reliable people to help run MSPs?

With that in mind, let’s look to the future…

What Alternative Options are Opening up in MSP Recruitment?

In the introduction, I briefly mentioned the more appealing options beyond traditional recruitment methods that are opening up to MSPs right now – but, to refresh your memory, and to give you a little more context, here are the most popular alternative routes:

Outsourcing: Where MSPs hire experts for specific projects and for specific set hours off-siteAI and automation: Where MSPs are both cutting down on hiring admin and reducing the need for human resources in menial rolesBuilding strategic alliances: Where MSPs are working with specific, successful firms and experts to mutually support each otherInvesting in skill development: Where MSPs choose to invest in their people, rather than to simply hire new experts every time a skills gap emerges

Let’s explore each of these options in a little more detail.

Outsourcing

Many businesses outsource to MSPs, but there are plenty of benefits in MSPs outsourcing their own work to certain firms and experts, too!

In fact, many business owners grow their client bases by harnessing support from other experts. It can be a lucrative way to efficiently build up a company to either grow more competitive or to sell on at a later date.

Outsourcing is, of course, all about delegating work out of house. It’s a particularly useful way to grow client relationships without having to manage an in-house team or continue hiring personnel for every open role. 

Some companies, for example, outsource to MSPs for cybersecurity expertise – and at the same time, those MSPs might white-label these services, meaning they outsource it to another third party, with everyone in the chain understanding what’s taking place.

The Benefits of Outsourcing

There are some immediate benefits to outsourcing as an MSP. To start, MSPs can save money on paying wages and benefits for employees who work a default number of hours each week. By setting up an outsourcing contract with a specialist, an MSP only ever needs to pay for the hours or project work they need, effectively keeping costs low.

Beyond this, outsourcing to a specialist means MSPs are working with experts from the get-go. As I explained in my post regarding outsourcing cybersecurity for MSPs, you cut out the concern about skills gaps and hiring people who fail to live up to expectations. There’s no training period and very little risk when it comes to expertise.

In the same article, I also mentioned that outsourcing work as an MSP also helps to support scalability. Instead of spending time, money, and planning effort hiring for multiple different departments – while you’re actually trying to run a business – you can simply delegate and let tasks take care of themselves.

Consider Outsourcing to a VA

One of the most effective ways of growing a business through the power of outsourcing is to work with virtual assistants. Instead of handling tasks such as communications, marketing, and sales in-house, many MSP leaders choose to delegate daily running tasks to professionals who work off-grid.

Virtual assistants are fantastic examples of self-starting experts who need less management and oversight compared to in-house employees. Typically, you can provide VAs with regular tasks and touch base to ensure targets are met, and otherwise provide them with complete autonomy once you’ve established a clear working relationship. Our guide goes into more detail as to why working with virtual assistants is so beneficial in the modern age.

While I’ve painted a fairly positive picture of outsourcing as a viable alternative to traditional recruitment, it’s important to keep things in balance. For one thing, you’re still going to need to hire your own experts to help you maintain strength in what you do well.

Things to Consider if Outsourcing is Your MSP Recruitment Solution

As MSP expert Mark Matthews discussed with Richard via TubbTalk, it’s wise to specialise in specific areas – you don’t want to be a jack of all trades and a master of none. Mark advised that, on route to outsourcing, you should consider:

How much time and money you will need to train staff in a specialismThe resources needed to build an in-house teamWhether or not it’s worth building a team just to have to start all over again

I’d seriously recommend listening to Mark’s talk with Richard – as he runs through more tips on how to prepare for working with an outsourcer for the first time.

When it comes to finding an outsourcing partner, you’re spoiled for choice. There are some fantastic, reputable, and well-established companies out there you can delegate to – such as Uptime, a white label IT support company that offers specific solutions for MSPs (and which comes with a personal recommendation from Richard).

If you’re keen to grow your client base but don’t have much time to handle general enquiries, for example, you might also consider working with AnswerConnect. For more food for thought, Richard tapped into the benefits of helpdesk outsourcing for MSPs with Uptime Bradley Munday and Jason Kemsley.

And then, for cybersecurity, there’s always Barracuda MSP – who provide education and security support on demand.

From there, if you need support with professional services in areas such as AI and infrastructure, you can rely on teams such as Pax8 – Richard spoke to the firm’s Principal Consultant, Andy Readman, to get the lowdown on what their services entail.

Is outsourcing the best option?

Not necessarily – outsourcing presents a few challenges, such as the fact you won’t have access to an exclusive, in-house team. If you’d prefer to keep your operations close-knit and behind closed doors, it might not be viable for you.

That’s why it’s always worth considering MSP recruitment agencies. Former MSP owner Daniel Welling, for example, set up Welling MSP as a specialist recruitment company to help firms find talent efficiently and cost-effectively.

Daniel, in conversation with Richard, explores some of the bigger roadblocks preventing MSPs from approaching recruitment agencies – and cost is a big factor. Welling MSP’s model effectively matches a company’s cash flow and provides personnel based on its measured risk profile.

The MSP recruitment industry is larger than perhaps many business owners realise. Dean Watmough, for example, set up Humnize to specifically help MSPs build and develop teams from scratch. In fact, he tries to avoid the word ‘recruitment’ wherever possible – simply because of the negative connotations it can bring!

Therefore, before leaping into outsourcing wholesale, it’s certainly worth considering a specialist recruitment option, or at least looking into the remaining options I’ve yet to talk about!

AI and automation

It’s pretty safe to say that AI and automation have altered the way many jobs are performed in just a few short years, and the same could even be said for industries! MSPs are, naturally, always looking for ways to provide fantastic services more efficiently – both to keep their clients happy and to keep ahead of the competition.

Automation and AI can help MSPs with recruitment challenges in two key ways:

MSPs can delegate certain tasks to machines and automationMSPs can use AI and automation to improve and speed up hiring processes

Some companies even follow both methods! Many menial tasks are easily automated using a variety of specialist software – and AI can even be used to help support threat detection and bolster communication between separate devices.

Essentially, if there is an opportunity for human effort to be reduced, you can be sure that AI and automation can step in and help. That said, neither are likely to ‘take’ human jobs or roles in the years to come – if anything, people will need to learn how to complement their working strategies with the software.

Certain hiring software and recruitment dashboards can organise funnels so that applicants are kept informed at each step of the process. What’s more, MSPs can automate certain areas of hiring, such as by setting up chatbots to answer simple questions and to deliver information as and when required.

It’s not wise to rely on AI wholesale to manage certain tasks and even to help cut down workloads. As Gudrun explains in her article on supporting MSP clients with AI tools, there are always going to be cybersecurity risks when rolling out AI for clients, and when using AI to generate content, there’s always a risk of accidental plagiarism. Tread carefully!

Building strategic alliances

Building strategic alliances is all about sharing expertise and talent – it’s mutual support between two experts, and it doesn’t have to be transactional.

For example, an MSP specialising in one area of IT support for its clients could ‘top up’ its knowledge and expertise by working directly with another firm that’s a known expert, and who is willing to work on an exchange of ideas and physical support.

This can work well provided that companies involved build up a culture of trust, and that both businesses align with each others’ goals and needs. Therefore, setting up a strategic alliance can be a delicate process that doesn’t always lead to the perfect partnership.

What’s more, this recruitment alternative doesn’t necessarily solve the wider hiring problems MSPs face. It’s often seen as safer and more scalable for MSPs to outsource specific tasks and roles to specialists as and when they find them or need them, in line with client needs. Richard himself was successful with outsourcing to peers.

So, strategic alliances do work – it just takes some careful relationship nurturing, and of course, necessary paperwork along the way!

Investing in skill development

For many MSPs, making the most of talent they already have is likely to be the most cost-effective and efficient way to build a team of specialists. After all, provided they have hired people who are receptive to upskilling and growing with a specific firm, there are no reasons why they can’t build upon their skill sets and learn new things along the way.

However, there needs to be a careful balance in terms of budget and effort. Will it take more time, money, and hassle to set up training than it will to, say, hire people outright?

To fine-tune an upskilling strategy, MSPs need to be laser-focused on what they want from their hires. They should ideally test skills and personalities before hiring, for example, so they can be assured they’re recruiting people who are fully receptive and aligned with their culture and values.

Otherwise, upskilling people could lead to failed experiments – and if you give people too many hats, it’s easy to get overwhelmed and feel burned out. Surely it would be better to fine-tune one or two areas of expertise!

If you want to build a strong MSP with an upskilled backbone, there are a few steps you can take to position yourself as an appealing authority to the right type of people. Stephen wrote in his guide to hiring the best technical staff for your business.

Here’s a quick summary:Build your brand: Create and nurture a brand that clearly invests in people and which offers technical opportunities. Make your brand more than just recognisable, but also desirable – show that you’re accountable for your actions and that you support trust and openness.Offer incentives and training: Many people just want to learn and explore what they can do with their talents. No one truly intends to apply for jobs in dead-end roles, meaning you should make it clear that you invest in cutting-edge technology and supply useful training opportunities for those who are growing their careers.Look for the right attitude: As mentioned above, it’s just as important to look for personality as it is to look for technical skills. After all, you’ll want to recruit people who are receptive to training, who accept criticism in a healthy way, and who work well with others. Beyond this, look for curious, hard-working people who are realistic and who care about themselves and their projects.

Investing in raw talent and developing from within is much more sustainable, scalable, and future-proof compared to constantly hiring people and playing catch up with trends. I’d recommend adopting an upskilling mentality as well as one or more of the alternative hiring methods explored above.

Conclusion

In summary, MSPs are facing unprecedented challenges when it comes to hiring, building talent, and retaining the right people. We’re through the looking glass as far as remote hiring is concerned, and technology is evolving at a blistering pace.

As you can see (and hear) from several of Richard and the Tubblog team’s explorations on MSPs and recruitment, there are plenty of ways to break free from traditional hiring traps. However, it will take a careful balance of a combination of outsourcing, upskilling, and strategic partnering to do so in the long term.

Look carefully at your recruitment strategies, retention rates, and HR expenditure. Are you facing an internal talent crisis of your own?

Try outsourcing little by little – but remember, focus on building and maintaining a specialised brand that clients and applicants will want to keep coming back to.

You Might Also Be Interested InIncredible MSP Lead Generation Tips For Growth And SustainabilityTubbTalk 161: Why CompTIA are the MSP Industry’s Best Kept SecretElevate Your Client Retention Strategy with Outstanding Customer Service

The post MSP Recruitment in 2024: Proven Strategies to Tackle Hiring Challenges appeared first on Tubblog: The Hub for MSPs.

Lead generation is a very important part of creating a sustainable managed service provider (MSP) business.

In this webinar from SuperOps, marketing expert Lodewijk ‘Louis’ Veldhuijzen gave some insights into his marketing playbook. Tips that help you to gather more clicks to your website and generate more leads for your sales funnel.

The advice covered everything from getting better ranking for you business on Google, to making improvements to your website. And how to get the most out of a Google Ads campaign.

Introduction

Lodewijk ‘Louis’ Veldhuijzen is the CEO and founder of MSP Launchpad. It’s a digital marketing agency focused on creating inbound leads for MSPs.

They’ve been operating for around three and a half years, and been a part of over 80 marketing campaigns.

He says that a lot marketing agencies will promise 30 leads in a month to their customers, but it’s tricky to get good results if you don’t understand or respect the market.

For most of the presentation, Louis demonstrated some of the tips he’d learned in lead generation, which fell into four categories:

Quickest gainsWebsiteGoogle AdsSEOMSP Lead Generation 101 Webinar Replay

If you want to watch the replay of this webinar in full, you can find it here.

Quick Gains in Lead Generation

When you think about how people find your business online, you think about how you can better rank your business in search engine results.

It’s worth noting that having an optimised google business profile can help you rank in results local to the person searching.

In a average random selection of ten searches:

Sponsored results get around one hit (10%)Results that feature on google maps that are nearby get around five or six hits (50-60%)Results below this will get an average of two clicks (20%)Optimising Your Google Business Profile

Five things you should do:

List ALL of your services (compare this with your main competitors)Optimise using keywordsInclude photos of your business (what you do, who you are, your office or fleet of vehicles, etc.)Call your clients for testimonials (and get them to write them with their phone so it picks up the location)Build citations in business directories (Chamber of Commerce, Yelp, Expertise) to improve Domain Authority
Improving Your Website to Increase Lead Generation

Whether you like to admit it or not, to your customers, how your website looks and feels indicates to them how professional your IT services will be if they buy from you.

Therefore, as an IT provider, if the experience for visitors is anything but slick, it may give them a bad impression. However, this can still be saved with good examples of social proof, such as certifications and amazing testimonials.

Photos on your website that show your team, your offices, examples of your good work and satisfied customers go a long way to building a strong rapport with new prospects.

The effort to put this in place need not be too costly. You can encourage your team to put a portfolio of shots together with a DSLR camera, or just hire a professional for a day. The return on investment (ROI) is well worth it.

According to Louis, when you are attracting small businesses, they care more about having their pain points resolved. Whereas larger businesses care more about process optimisation.

As long as usability and navigation is easy, a website needs to have clear calls to action (CTA) and clear forms that are easy to follow in order to be effective.

Better Lead Generation from Google Ads

Louis gave away quite a few tips on how to conduct an effective Google Ads campaign.

He said you need to be aiming for a budget of around $3,000 to $5,000 per month to expect a good return on your investment. And the key to a successful campaign lies creating a good balance of match keywords, with a comprehensive negative keyword list.

He explained that using generative AI here can be very useful in helping come up with keyword matches, as well as informing you what you need to exclude.

Here are just some other tips he recommends:

Start with a high volume, don’t build up to a high volume – you’ll yield better results if you go big from the start. You can also reduce it later, once SEO kicks inInclude matches in your negative keyword list that won’t result in a conversion for your business. e.g. “How to”, “Free” and “Jobs and Careers”Keep your keywords as local as possible to get the best matches for your business, and reflect this in your marketing local SEOYou must invest in fraudulent click protection software as this will save you up to $1000 per month

Watch the full webinar replay for more tips on optimising your Google Ads campaigns.

Improving Your Marketing SEO for Better Lead Gen Results

In the final part of the webinar, Louis talked about search engine optimisation (SEO) as part of your lead generation marketing strategy.

He said that generative AI tools like ChatGPT are not very good at creating SEO content. Content needs to be of excellent quality to be effective at driving prospects in your direction.

Outstanding articles or other content will drive traffic in your direction. And if you can link content together in silos or through pillar pages it will amplify your content further. This is especially effective where the keywords you’re going for are highly competitive.

Only really large brands can achieve true global reach from SEO, according to Louis. However, you can still attain global reach through use of location keywords.

The Importance of Domain Authority

Domain authority (DA) is rating score that gives an indication of how likely a webpage will rank in search engine results.

For massive global brands, they expect this score to be in the higher percentile range. However for MSPs, a very good rating out of 100 would be around the 30-40 mark.

You can use tools like Semrush or Moz to find out DA scores for your own pages. This is worth doing before asking a marketing agency to improve your SEO, as this will give you a baseline.

Achieving Better Lead Generation for Your MSP Business

Lead generation is tricky for many businesses, but by understanding SEO and how keywords help you to rank better in search engine results, you can drive more traffic to your website.

If your keywords are cultivated to attract your ideal customer, then you’re more likely to have the right audience in front of the rest of your digital marketing machine.

To improve growth and increase revenue for your business, you might look at Google Ads as part of your strategy, but make sure you do it right. You’ve got to aim to be the number one provider, at least in your area, in order to put your business in the forefront of your future prospect’s minds.

Has improving your business profile on Google resulted in greater interest in your MSP? Have you had experience in using Google Ads, and if so, did it work out well for you? We would really love to hear your story in the comments.

You Might Also Be Interested InThe MSP Opportunity in Up-Serving and Cross-SellingTubbTalk 159: How to Use Personal Branding to Boost Your MSP’s ReachIs a Co-Managed IT Model the Opportunity Your MSP Has Been Looking For?

The post Incredible MSP Lead Generation Tips For Growth And Sustainability appeared first on Tubblog: The Hub for MSPs.

MJ Shoer is the Chief Community Officer at CompTIA. After studying for a degree in computer science, he worked in sales for startup software and hardware companies.

He taught himself everything he needed to know about technology and became an IT director. He went on to found his own successful Managed Service Provider (MSP) business, which he sold to a competitor. After doing some consulting, he got his first role at CompTIA.

An Interview With MJ ShoerWho are CompTIA and What do They Do?

CompTIA are essentially a non-profit association, says MJ. He adds: “We’re a trade association, so our role is to represent the industry and help it be the best it can be. Our strategic mission is to unlock the potential of every individual and organisation in this amazing industry.”

CompTIA offerings include certification and training; they’re the premiere vendor-neutral certifying authority in the technology space. The community team MJ looks after has 1,000 members globally.

Plus, each member organisation’s employees can access the range of benefits on offer. There are local groups, online and offline meetups and bigger events, as well as research, mentor opportunities and an educational offer for American middle-schoolers.

What is ChannelCon?

ChannelCon is an international event hosted by CompTIA. They take place in America and in Europe. MJ says it’s unique because of how they operate in the industry: “Everyone is welcome to come together. Exhibitors all get a booth of the same size, and a ticket is free to members.

“And we want people to come with a goal of helping their peers. ChannelCon is about thought leadership and education. There’s no sponsorship or selling. But everyone loves it and networks with peers and vendors from around the world.”

Why MSPs Should get Involved with Their Local CompTIA Group

The organisation started out as a UK community (with yours truly as its first chair!) Designed for business owners in the IT space, the original group offered support, networking and collaboration opportunities, with events open to all.

So while CompTIA is now global, it’s still built on a local model. MJ adds: “Each region has an Executive Council, with individuals representing all the types of members. They drive the agenda based on what’s important in their region.

“Regions meet twice a year. And we have speakers, workshops, updates and networking opportunities. It means we can address unique challenges in each area and support each other better.”

What Is The Information Sharing and Analysis Organisation (ISAO)?

The concept of Information Sharing and Analysis is an American one, admits MJ, but with a strong global relevance. Born from a US initiative, it means that the CompTIA Information and Sharing Analysis Organisation (ISAO) are able to focus specifically on a community with shared interest – IT and tech.

“The programme brings together a massive volume of raw threat intelligence that is going around between governments and private organisations. Sharing that allows us to work to combat those cyber threats. We can provide real-time, actionable information when there is an impact, to recover from it as quickly as possible.

“Our analysts filter all the information they receive, pull out the critical pieces and simplify it. Then they can tag it as ‘informational’, ‘important’ or ‘urgent.’ It means MSPs can make a quick decision on the potential impact of a threat. And the analysts provide advice on how to protect against it.”

The Relationship Between MSPs and Vendors

MJ says that the relationship is getting better all the time, but says they have been adversarial in the past. Because each believed the other was trying to take advantage of them.

“But now, I think we are in a period of evolution where they really are starting to become true partnerships. Each sees that they are directly vested in one another’s success.

“There is more and more understanding of what each partner’s business model is, and a respect for that, and a willingness to work together for the relationship to be a win-win because it makes no sense that it was ever adversarial. Vendors are trying to do the right things.”

The CompTIA Spark Initiative

This is a nonprofit foundation where CompTIA give some philanthropic donations to worthy charities that touch the tech space. MJ says it’s around $150,000, and the regions pick the charitable organisations.

“So we give away money in all of our local regions around the world. And we have a middle school curriculum that is a great idea. Approximately 100 schools have implemented it and they feed back that it’s great for the kids and the educational system.

“Our aim is to expand internationally and offer it to schools globally. But we need to make sure it fits their educational model. However, we DO know that we’re making a difference by giving kids these skills, especially girls. They see that a tech career is fun and important.”

How to Connect With MJ ShoerCompTIA: Certifications and trainingCompTIA: Community and membershipConnect with MJ on LinkedInEmail MJFollow CompTIA on LinkedInLike CompTIA on FacebookFollow CompTIA on XHow to Connect With MeSubscribe to TubbTalk RSS feedSubscribe, rate and review TubbTalk on iTunesSubscribe and rate TubbTalk on SpotifyFollow TubbTalk on iHeartRadioFollow @tubblog on TwitterMentioned in This InterviewCompTIA course: A+ certificationCompTIA Network+ certificationCompTIA Information Sharing and Analysis Organisation (ISAO)PSA-RMM platform SuperOps and the SuperSummit eventsCompTIA CEO Todd ThibodeauxNancy HammervikCybersecurity and Infrastructure Security AgencyNational Cyber Security CentreTracy Pound of MaximityCompTIA course: Managing the Technology ChannelTubbTalk episode 62 with Tracy Pound on Advancing Women in ITWomen in Tech ebookYou Might Also be Interested inCompTIA UK&I 2024: Remarkable Insights For Excellence And InnovationPodcast: Who are CompTIA and How can They Help Your IT Business?The Power of Help Through Your Local MSP Peer Groups

The post TubbTalk 161: Why CompTIA are the MSP Industry’s Best Kept Secret appeared first on Tubblog: The Hub for MSPs.

Client retention is a concern for any managed service provider (MSP) who wants a healthy and profitable business.

If you’re not careful, slips in service and poor communication could result in them shopping around for a new provider.

So what can you do to reduce this kind of client churn? And what steps can you take to improve your customer service game?

In this article, we take a look at what client retention is, and the role that customer service plays in reducing client turnover for your MSP business.

What is Client Retention and Why is it So Important?

Customer retention refers to the ability of a company or brand to retain its customers or attract repeat business. For MSPs, this translates to the ability to retain clients.

The key to this is delivering a consistent service which keeps your clients satisfied.

In order to make your MSP sustainable, you need to keep a balance where you’re keeping your current clients happy, while attracting new clients to your business.

Key Customer Retention Metrics

As we often say here at Team Tubb, if it’s not measured, it’s not managed.

According to an Average Customer Retention Rate Report from CustomerGauge, average retention rates across all industries are about 72%. However, as many as 44% of businesses are not measuring their retention rates at all.

Having a clear picture of where your business currently sits in terms of client churn is a good idea. So, what other data is worth making a note of?

Here are a few examples of metrics to record and manage in your MSP business:

Churn Rate – This compares the number of new clients you take on over the year compared with those you let go.

Client Health Score – This metric helps you to determine the likelihood of clients being able to grow, stay stable or churn. This will help you identify clients who may be at risk.

Customer Satisfaction – This can be measured through surveys when tickets are resolved, or as part of regular reviews.

How Good Service Can Elevate the Experience for the Client and Their Customers

There are a number of reasons why a client may seek out other IT providers.

If your prices are too high for the client’s budget, or if your stack doesn’t suit their needs, that’s one thing. However, clients may also leave if they feel undervalued, which could result from feeling they’re just not getting the service they were promised or expected.

If this is the case then that’s something that you need to address, as it could have implications for your other clients too.

Better Communication Stops Issues Escalating into Major Problems

Just as important as understanding a client’s technical requirements is understanding their operational rhythms, growth goals and communication needs.

Better communication results in a stronger relationship between partners, and often it can prevent issues from becoming bigger problems further down the line.

Helping your client understand your service level agreements and escalation policies will result in fewer conflicts. Plus, it will allow you to take control of your service request queues, and not run around chasing your tail.

Finally, you have to be aware that when dealing with client representatives, they may require different assurances, depending on their role within the business. For example, a finance director may want to know the detail behind figures, whereas an executive might be more concerned with outcomes.

Tailoring your communication is a skill that comes with practice, but it makes all the difference to your clients.

When it comes to the channels available to your clients, an omni-channel approach will offer your clients options. However, you must ensure consistency across a broader spectrum to ensure you serve them all equally.

Empathy and Accountability Builds Trust

Good customer service is an ethos that should be part of your company culture. When your clients raise a service request, you are committing to deliver on a promise and provide a positive outcome in the best way you can.

When things go right, and the client or their customers are happy, then it’s an ideal outcome. However, when the client isn’t satisfied, or needs further assurances, then that’s when it’s important to be accountable too.

When services don’t go according to plan, it’s important to demonstrate that you empathise with the client, and hold yourself accountable. Attempt to understand the problem before attempting to resolve it so that you don’t cause further strain on the relationship.

Once that’s done, attempt to resolve the issue in a timely fashion, and then follow up with a report that demonstrates full transparency. Finally, state how you intend to improve your process in the future. By doing this, you are showing that you’re putting your client first, and that you’re going to make positive changes.

Consistency is Key

When clients receive a consistent service, they can better rely on you to provide support when they need it most. There are two ways to ensure consistency in what you do. Ensure your team is trained to deliver services to a high standard, and ensure you communicate that standard to your clients.

Training for your staff needs to go beyond the technical capabilities of the job and incorporate customer service training as well.

And hold yourself to the high standards you communicate to your clients. Things may not always go to plan. However, if you can recognise any failings and aim to improve in the future, it will prevent patterns of inconsistency from becoming an issue.

Under Promise but Over Deliver

It may be tempting to show confidence in your sales pitch to new prospective clients, but you should be realistic about their expectations of you too.

Clients are always much happier when your service exceeds their expectations. So, in order to make this happen, never fall short on the promises you make to your clients.

When you deliver more than they expect in terms of service, that’s when they truly appreciate you for going the extra mile.

Why Feedback is Important to Both Gather and Act Upon

Feedback is the lifeblood of any service improvement strategy.

Bill Gates once said: “”Your most unhappy customers are your greatest source of learning.”

However, we know it’s not easy to ask for feedback, as it forces us to acknowledge our weaker areas. It gives our clients a medium to tell us what we’re getting right, and what we’re missing the mark on.

You can ask for feedback whenever you like, but it’s often easiest to ask just after delivering a service, when it’s fresh in their minds.

If you have a ticketing system for service requests, it’s common to have a survey tool plugged in to it. Once a ticket has been resolved, the survey is then issued to the user to complete.

One completed survey will help you see how well you did on that one ticket. However, once you have a number of completed surveys, you can start to analyse the data across a wider area. And see where the areas are that you need to improve upon.

Quarterly Business Reviews (QBRS)

Another area to collate client feedback is directly from the client representative you deal with as part of your regular business review meetings.

QBRs or TBRs (Technical Business Reviews) allow you to ask for feedback on a more strategic level. As part of this meeting, you’ll already be discussing that client’s technical roadmap and future projects, as well as any regularly raised tickets or other sticking points.

Sometimes this can result in sales opportunities for you, and other times it will highlight efficiency savings for both your team and the client.

Acting Upon That Feedback

Service improvement is something every business should be aiming to do. And feedback can assist you with what you should focus on improving.

It’s all very well asking and getting the feedback from your clients, but you must act upon that feedback for it to be worthwhile.

If the remedial action required involves education and training for your team, then it’s worth sharing in your marketing. You’re acknowledging the problem and doing something about it, so it shows your client that you’re listening.

If, however, the problem you’re trying to solve involves working on a new project, then it’s worth taking note of the baseline results ahead of undertaking the work. This will give you some data to compare to once the completed project starts producing hopefully better outcomes.

Failing to take any action to improve at all might not have any immediate impact, but it will affect how your clients perceive the benefit of completing surveys. This may also impact client retention rates too if many of your clients feel you’re not listening to them.

Other Tips for Better Customer Retention

Aside from improving customer service and operation efficiency, there are other ways MSPs can improve customer retention.

Proactively Prevent Issues from Affecting Your Client’s and Their Customers

When you’re operationally aligned with your clients, you are much more likely to spot and circumvent problems that might otherwise affect them.

Applying your knowledge and experience as an IT expert allows you to make course corrections and apply updates with minimal impact to their business.

This is the value you provide as a managed service provider, and why your clients trust you to protect them from future setbacks.

Stay Ahead of the Technological Curve

Another reason that clients choose to move on from their IT suppliers is stagnation.

If clients believe that you’re not keeping up with the latest technology, it can be a great concern to them. Companies demand the newest and best tools for their business, and if you’re not keeping up, they may look to other suppliers who can meet their needs.

However, it can also work the other way too. Some clients refuse to adapt to new technology because it requires additional training, and they can become too comfortable with the familiar.

A challenge some MSPs often have is to get clients to commit to migrating their customer data to a newer, more up-to-date platform and let go of legacy systems they’ve grown accustomed to.

Utilise Automation and Standard Operating Procedures

It’s difficult to provide a consistent stellar service when you have a busy workload. However, there are ways to make some efficiency savings while keeping your service running effectively.

By incorporating email templates, you can easily set standards for communication, while automation tools will help you even further.

Client Retention Through Outstanding Customer Service Conclusion

With exceptional customer service at the core of what you do, you can reduce client churn in your business. Client retention is challenging enough when you have to keep up to date with new technology trends and threats and trying to provide value for your clients while making a profit.

Communication and consistency are two areas every business should look at to see if there’s room for improvement. Keeping your clients happy with a service that never goes wrong is a good thing. How you react when things don’t go according to plan is just as important getting it right.

Dealing with a client that has been let down, whether it’s your fault or not, is an opportunity to show how good you are at listening and empathising. If you can secure a positive outcome for that client, it will build greater trust. Even better if you can later follow up with them about how you can avoid circumstances like that in future.

Have you made changes to your customer services policy that has seen greater client retention? Or have you lost a customer that you let down over something that could have been easily prevented? If so, we’d love to hear about it in the comments.

You Might Also Be Interested InA Blueprint for Success: Sensational Insights Revealed at SuperSummit 2024TubbTalk 160: How to Harness Personal Power, Energetics, and Mindset for MSP SuccessHow to Use the ‘3, 2, 1 Quarterly Review’ Methodology for Better Business Planning

The post Elevate Your Client Retention Strategy with Outstanding Customer Service appeared first on Tubblog: The Hub for MSPs.

Pricing is one of the four most important things to think about when running a managed service provider (MSP) business. Alongside your clients, your tech stack and your team.

We know that every MSP is different, and that there’s no one-size-fits-all when it comes to the pricing model that best suits your business.

However, we’ve put together this article to explain what options there are available to you when it comes to pricing. And how tier pricing can help you to sell more services to your clients.

Introduction

Pricing and how you choose to structure your managed services offering is something unique to each individual MSP. A lot can depend on the type of services offered, the maturity of the business and the type of clients you serve.

Many MSPs begin their journey as IT support for their customers, charging them a fee for a service on an ad-hoc basis. However, many MSP owners know that this depends on a regular demand for that service, and is ultimately unsustainable.

Today’s managed service providers rely on a regular recurring revenue stream to keep their businesses profitable. This allows them to grow and adapt to a constantly evolving technological landscape more effectively.

Pricing Models for Today’s Managed Service Providers

Here are a few examples of pricing models known to be in use today by MSPs:

Per User/Per Device

This model uses a straightforward licence-based agreement, in much the same way software companies charge for their products.

The advantage of this model is that it’s very easy to scale to the size of the client. However, this can become really difficult to manage if they have to scale down, especially with multiple devices.

Tiered Pricing

Tiered pricing provides a range of product options to your clients. The tiers are designed to give them a few options that suit their requirements and their budgets.

Choices give potential buyers more confidence and can help get prospects over the line.

However, too many options can actually put potential buyers off, and you have to be clear about what’s included in each tier in case conflicts arise.

À La Carte Pricing

This is where the customer just pays for what they want from a menu of options.

This does offer a huge amount of choice to the client, but it can make billing and managing products overly complex for you.

As it’s true in running a restaurant, you should be careful not to have too many menu options. Otherwise, you’ll be making it difficult for yourself to keep your MSP profitable.

Block Hours Pricing

This model allows the client to buy support and services in blocks of time over the course of a set period. If the hours aren’t used, they may carry over, or if the client needs more support, they can top up this amount.

This model makes a good compromise away from the traditional break/fix model, as it guarantees you some income upfront. And it may suit certain businesses who can’t afford expensive contracts.

However, administrating a contract like this for several customers could become cumbersome. It could also lead to disputes when clients ask for amendments to work you’ve already carried out. This is often referred to as ‘scope creep’.

Value-Based Pricing

Value-based pricing are charges based on the value delivered to the client. This is usually demonstrated in metrics or other measured deliverables.

This price model shows how committed you are to the success of your clients, and demonstrates your value as their chosen technology provider. The success you deliver can also justify and support price increases too.

The difficulty with this method is in agreeing the metrics with each customer, but it’s worth the effort if goals align as it strengthens the relationship considerably.

Client Factors and How they Can Influence Your Pricing Model

As well as whether a pricing model suits your MSP, you have to think about whether it’s a good fit for your ideal customer. Plus, think about how your model scales with the services you’re offering.

Here are some of the areas to consider:

Client Size and the Industry They Serve

Larger clients, or clients with more complex IT requirements can demand a greater breadth of IT services. This may suit a hybrid approach to pricing where services are tiered, but with projects requiring a different kind of billing, for example.

Budget Constraints

Clients who have tight budgets or who are just starting on their journey to become more financial mature might affect your pricing models. You might be serving a particular niche industry as an MSP where the sector is largely underfunded, for example.

IT Complexity and Service Portfolio

Clients’ requirements can be tricky to pigeonhole into your pricing model if they are vast and will require a lot of work to implement. This will require some analysis on your part sometimes to see if your pricing model will work, or if it needs a hybrid approach.

Client Scalability

If your clients are looking to grow and scale quite quickly, certain pricing models can come across as restrictive if there’s little wiggle room.

Complex tier structures can be less forgiving than per user/per device pricing if the client is in the process of expanding their operation.

Competition and Other Financial Challenges

Analysis of competitors offerings and market forces may influence how you structure pricing models for your own business.

You can align your pricing in ways that offer an alternative to your customers or follow best practice advice from your peers. Either way, both angles are worth researching if you are thinking about changing your pricing model.

Before Changing Your Pricing Plans

Before you go ahead and implement a new pricing model, there are some steps you need to take for the best result. Though some of these may seem obvious, they’re worth bearing in mind in how they’ll affect your business, your team, and of course, your clients and prospects.

1. Consult with Your Peers

Speak to other MSPs in your peer group and ask them for advice. They will have different perspectives to offer you.

The benefit of their wisdom can steer you away from mistakes before you make them.

2. Conduct a Thorough Analysis

It’s a bold step to introduce a new pricing structure, so make sure you’ve looked at the pros and cons of moving to a new model. Be aware of the limitations in your new pricing structure and don’t rush into it.

3. Train Your Team

Ensure your team are aware of the new pricing plans and when they’ll come into effect for each customer – especially your sales team.

If training is required, ensure that this is carried out before the pricing model takes effect.

4. Communicate with Your Clients and Prospects

Some may be happy with your decision to try something different and will happily move across to a new pricing model when their contract is up for renewal. Some will not be as happy, and you have to decide if it’s worth keeping those clients.

5. Ensure Marketing Collateral is All Up To Date

From the prices on your website and social media to email newsletters and any printed materials, your pricing needs to be clear and consistent throughout.

Conclusion

With many different pricing models available for MSPs, there should be one to suit any business. Finding the one that suits you and the sorts of clients you want to attract needs careful consideration.

To balance the benefit of monthly recurring revenue in a way that brings value for the client and profitability to your business is desirable. However, how you market and maintain this is completely up to you.

Have you had to adjust your pricing model when moving from a break/fix support business to a fully-fledged MSP? Did it work out well, or were there some areas that could have been handled better? We’d love to hear your experiences in the comments.

You Might Also Be Interested InMaximising Your MSP’s Marketing with Proven Social Proof StrategiesTubbTalk 159: How to Use Personal Branding to Boost Your MSP’s ReachCompTIA UK&I 2024: Remarkable Insights For Excellence And Innovation

The post MSP Pricing Models for Profitability, Growth and Client Satisfaction appeared first on Tubblog: The Hub for MSPs.

Keeping up with today’s cybersecurity threats can seem difficult, but what if you could you fight back against the hackers? With the right tools, managed service providers (MSPs) can adopt a more proactive approach to cyber defence.

During the summer, Huntress hosted a series of webinars to show you how their cybersecurity solutions help you to defend your clients’ businesses.

The 30-minute virtual event featured a swift demonstration and tour of the Huntress platform, followed by an ‘Ask Me Anything’ Q&A session.

Huntress Security Platform: Demo and AMA (Ask Me Anything)

These webinars give attendees a quick look at some of the features that the Huntress platform has to offer.

The speakers for the session that took place on the 7th August 2024 were:

John Brennan, Sales Engineer at HuntressHenry Washburn, Manager, Sales Engineering at Huntress

Jesse Nine, another Sales Engineer at Huntress spoke at some of the other sessions, but wasn’t present in this particular virtual presentation.

The Huntress platform provides protection and threat intelligence to managed service providers and their clients.

Webinar: Meet Huntress: Demo and AMA Replay

If you want to catch a replay of this webinar, you can find it here.

A Tour of the Huntress Platform

John logged into the system and showed us the Command Center. This is a hub where all the Huntress products converge.

MDR for Microsoft 365Managed EDRSecurity Awareness Training

Imagine a sort of home page dashboard where key information is displayed to the MSP about users and endpoints. This page displays the triage feed for incidents and escalations, alongside widgets that provide key metrics at a glance.

From here you can drill further into the detail and select information on individual hosts.

Host surveys are carried out every fifteen minutes revealing up-to-date information and providing context for any incidents as and when they occur.

Incidents and Alerts in the Huntress Security Platform

Incidents are shown on the dashboard as either active or resolved, and also reported are the number of EDR signals that have been investigated.

When an alert comes into the EDR platform an agent assigns it to themselves to it and begins an investigation. They always prioritise the most critical alerts first.

If an incident is critical, the analyst can isolate the host to prevent any further egress or escalation of the problem. This could include:

Lateral movement across the networkElevation of privilegesSetting new email mailbox rules

The MSP partner may release the host from isolation if they believe the activity that was marked as suspicious is, in fact, legitimate.

Huntress agents won’t release an isolated host without speaking to the MSP partner first.

An Example of an Alert: Business Email Compromise

When looking into an alert, the agent knows what to look out for if ‘Business Email Compromise’ is suspected.

Key signs include: unauthorised access, new mailbox rules, added users and privilege escalations.

Remedial actions against the incident can be manual or automatic, and then follow-up action suggestions will recommend things like policy changes and password resetting.

Unwanted Access Microsoft 365

You can set rules for what can access your M365 accounts and from where.

This can be as granular as you want it to be and can be set at the user level or organisation level.

For example, you can allow access from specific countries only, while also make an exception for users who may require access while they’re on holiday.

Security Awareness Training to Help Educate Users on Today’s Relevant Threats

Huntress create episodic education content in the form of short animations called Curricula. The purpose of these animations is to be insightful, short and entertaining and to be accessible to users who might not be very technical in their jobs.

‘Curriculaville’ is the setting for the characters in these animations, and the episodes all create an ongoing story. Henry explained that having a familiar group of characters helps users to learn and retain the information more easily.

Phishing Simulations

To test what users have learned, you can send out phishing simulations as part of a campaign.

Phishing Defence Coaching (PDC) is another tool Huntress SAT employs to reinforce learning in end users. PDC comes into play if users are caught out in the phishing simulation.

If this occurs, the simulation will issue a warning and then explain what you’ve done wrong. It will also explain why the email link you’ve clicked on is suspicious and what the attacker is trying to do to pressure you into action.

Question and Answers about the Huntress Security Platform

Q1: If we want to find out more, where can we go or who can we speak to?

A1: You can start a free trial or schedule a demo at Huntress.com

Q2: Do users receive certificates for completing Curricula modules, and can you see which users have completed specific modules?

A2: Curricula will notify users of new episodes to complete and keep a record of which episodes they’ve completed. The system notes the episodes that each user has completed, so that you can see at a glance who has viewed the content and who has not.

Conclusions About the Huntress Security Platform Demo

As a short webinar, the demo was a very quick tour of the platform’s features and the potential it shows to MSP partners.

The constant monitoring of endpoints, as well as M365 identity access, gives businesses piece of mind. While the security awareness training helps users to spot and react to suspicious phishing emails. Helping you to build a robust human defence for your business.

Have you been considering a change to your cybersecurity provider? Perhaps you’re thinking about moving to a cloud-based platform that covers threats attacking your network? Or improving the security awareness of your end-users? We would love to hear about it in the comments.

You Might Also Be Interested InComplement Your Cybersecurity Strategy with Security Awareness TrainingTubbTalk 155: How To Stop Mac Hacks In Their Tracks and Bolster macOS SecurityPhishing Defence Coaching: A Targeted Approach To End-User Security Training

The post Fight Back Against the Hackers with Huntress Security Solutions appeared first on Tubblog: The Hub for MSPs.

Tubbservatory Round-Up – Tools and Resources for Your MSP

Each month, Richard Tubb delves into the internet to find the most crucial resources. And he curates a unique collection tailored for IT Managed Service Providers (MSPs) who want to thrive in their industry.

Welcome to the Tubbservatory! An engaging video series that highlights meticulously selected articles, podcasts, events and more, all geared toward IT innovators.

Introducing the Tubbservatory Round-Up #31, your portal to the July 2024 edition! We’ve gathered all of this month’s episodes for you to enjoy.

And make sure you check out the links to these invaluable resources at the end of this post!

This month’s topics include MSP hires, Carbon Emissions, AI, Events, Answering Service, Cybersecurity, Inbox, Podcasts, Pen-Testing.

Tubbservatory: The July 2024 Round-Up Video

Tubbservatory Round-Up #31: July – Week 1

 

#1 The Evolving Landscape of the MSP Business Report 2024

We kick this week off with The Evolving Landscape of the MSP Business Report 2024.

In this annual report, commissioned by Barracuda MSP, over 700 MSP decision-makers from around the world were surveyed, with some interesting insights.

For instance, 97% of the MSPs surveyed expect to increase their service portfolio with around six new services on average in 2024, with a heavy focus on security.  

This report is a free download, and I’d highly recommend it to all MSPs.

#2 Avoiding Bad Hires: 6 Top Tips for Awesome MSPs & Inhouse Tech Teams

An article that caught my eye was “Avoiding Bad Hires: 6 Top Tips for Awesome MSPs & Inhouse Tech Teams” from Jane Matthews of Wildcat Careers.

Matthews gives her expert in-depth advice on making good MSP hires, including comprehensive screening techniques.

If you’re an MSP employer, then this is a superb article to read.

#3 How 25 UK Resellers and MSPs Are Addressing Their Carbon Emissions

The IT industry takes a heavy toll on the environment, so I was pleased to see this article on How 25 UK resellers and MSPs are Addressing Their Carbon Emissions.

Taken from the ‘Channel Race to Zero’ report by Doug Woodburn of IT Channel Oxygen. So, this article should give MSPs ideas on how to improve their environmental impact.

#4 Nothing Happens by Itself – Even With AI

Nothing Happens by Itself – Even with AI, says MSP legend Karl Palachuk in his latest video.

AI is a tool (or is built into tools). But you need to learn to use your tools, says Palachuk. And he offers some thoughts on the best and worst practices with AI in business today.

#5 SuperOps SuperSummit Virtual 2024: Navigating Tomorrow

The biggest Managed Service event of the summer takes place on July 17th 2024, as the SuperSummit Virtual hits the airwaves!

Organised by SuperOps, this year’s SuperSummit virtual embraces the theme Navigating Tomorrow: Crafting the The Future-Ready MSP.

There are two tracks for attendees — one for MSP owners, and one for technicians.

Speakers include Rob Rae and Rex Frank of Pax8, Arvind Parthiban and Juan Fernandez of SuperOps, Tracie Orisko of Huntress, plus Erick Simpson, Paul Green, Ian Luckett, Amy Luby, myself and many others.

 

Tubbservatory Round-Up #31: July – Week 2

 

#1 Support Clients 24/7 With an MSP Answering Service

Telephone interruptions are a necessary part of any MSP’s life, but they can be a bane to productivity.

So, MSP-friendly call answering service AnswerConnect really caught my eye as a potential solution for MSPs looking to grow their business.

Unlike most call-answering services, AnswerConnect integrates with the top Professional Service Automation (PSA) and Helpdesk tools, and they really understand the MSP market.

AnswerConnect also offers out-of-hours call answering, and custom forwarding and relay rules for tickets.

If you’re looking to reduce those telephone interruptions and regain your MSP’s productivity, this solution could be the answer.

#2 The Checklist Manifesto: How MSPs Can Get Things Right

A book I’d highly recommend to MSPs is The Checklist Manifesto by Atul Gawande.

In my opinion, checklists are the superpower of any IT business, and in this book, Gawande explains how checklists can be used to deliver consistently superior service for any organisation.

#3 Manifest.ly

Talking of process, if you’re looking for a simple, but really powerful tool to manage your checklists, then we highly recommend Manifestly – A Checklist App for Teams.

Manifest.ly is an app that allows you to create checklist templates to help you effectively manage recurring tasks within a team.

We’ve used Manifestly internally within Team Tubb for many years now, and it’s simple to use, but with powerful features.

#4 Interview From Tampa at the SuperOps Super Summit – Arvind Parthiban

A video that caught my eye was the IT Business Podcast, with host Marvin Bee catching up with SuperOps CEO, Arvind Parthiban.

Parthiban talks about how SuperOps have created a buzz — no pun intended, Marvin — simply by focusing on MSP education and networking, rather than sales pitches.

If you want an insight into why SuperOps are taking the MSP world by storm, then Marvin does a superb job with this video podcast interview.

#5 Helping You Take Your MSP to the Next Level

The rumours are true! The Tech Tribe are running their first conference for MSPs!

The illustrious leader of The Tech Tribe, Nigel Moore, announced that ScaleCon 2024 will be taking place between October 2nd-4th at The Linq in Las Vegas, Nevada, in conjunction with the team at MSP Camp.

Tickets will be on-sale soon, and this event is expected to sell out extremely quickly, so if you’re not already a Tech Tribe member, now is the time to join up. To give you a nudge, use the link on-screen for a 49% discount on your first month’s membership.

Tubbservatory Round-Up #31: July – Week 3

 

#1 UptimeLIVE: Innovation, Reliability and Scalability for MSPs

We kick off this week with huge event news, and as MSPs know all too well, many IT conferences can be… less than thrilling.

Well, with the MSP event in need of a new high bar for quality, Jason Kemsley and Bradley Munday of Uptime have announced Uptime Live for September 17th 2024 in London.

Uptime Live promises to set a new standard as a business strategy event for MSPs, with zero vendor pitches, and highly valuable sessions.

In addition, Uptime Live will feature top notch speakers from outside the MSP industry, and a focus on business growth.

Uptime Live promises to be an event not to be missed. I’ll be going, and I hope to see you in London on Sept 17th!

#2 Stop Mac Hacks in Their Tracks

How can MSPs stop Mac hacks in their tracks?

Well, with cybersecurity specialists Huntress recently announcing their macOS endpoint solution for MSPs, Huntress’s Stuart Ashenbrenner and Wes Hutcherson give MSPs some great practical strategies to combat the growing macOS threats and stop hackers in their tracks in this video.‍

With the lightning-fast speed of modern-day macOS-specific threats and the hackers behind them, this is a video every MSP should watch.

#3 Beeper – All Your Chats In One App

Now, we’re all overwhelmed with multiple inboxes for messages, right?

Well, an app I’ve found super useful is Beeper — which pulls all your chats into one place.

Beeper works with WhatsApp, Facebook Messenger, SMS, Slack, Teams, LinkedIn, Telegram, Signal and many more services, and is available on both desktop and app for Android, iOS, Windows and Mac.

#4 How to Turn Bad Day Into a Great Day With Ian Luckett

We’ve all experienced the pain of a bad day in business, but in his latest podcast, Ian Luckett shares his techniques for turning a bad day into a good day!

At the heart of this episode is Ian’s exercise of ‘red and green language’ and what we need to do to help us progress and grow as individuals as well as business leaders. 

#5 The Fastest Data in the World

If you’re struggling with slow broadband, then you’ll be blown away to learn that researchers have created a data link that can reach speeds of 800 gigabits per second  – or more than 11,000 times the average UK home broadband speed!

Scientists at the Large Hadron Collider (LHC) in Switzerland, working with equipment from Nokia, set up a data link to The Netherlands, which produced the record breaking data speed. And yet I still can’t get a decent mobile signal in Newcastle City centre! Sigh.

Tubbservatory Round-Up #31: July – Week 4

 

#1 How A Penetration Test Uncovered Astonishing Network Flaws

What happened when I ran a Cybersecurity Penetration test on my home network?

I recently asked Cybersecurity experts Endida to run their AI-based autonomous Pen-Test on the device-heavy network at Tubb Towers and the results were… surprising!

In our latest article, I take a deep-dive into how Endida’s MSP-friendly Pen Test offering works, and how MSPs can use it to keep their clients safe.

#2 Erick Simpson’s DISC Overview: #1 DISC

If you’ve ever wondered what DISC Personality Profiles are, and why they are so popular with MSP teams, then MSP Legend Erick Simpson has a video for you.

In this video, Simpson explains DISC Behavioural Profiles and how they are used in hiring and team building processes to ensure the right people are in the right seats on the bus doing things right.

#3 Trundl

If you’re finding your team stuck behind a keyboard far too much, then an app that is becoming very popular with MSPs is trundl.

trundl is a walking for charity app that helps you and your team make a personal impact on important areas of life, like health, charity support and environmental protection.

The app turns every walk into a charity donation. So trundl gives you and your team good reasons to go out and boost your wellbeing, no matter how far or fast you can go.

#4 Business Insights Podcast – Recruitment State of Mind With Debby Clements of Pax8

Recruitment always poses a challenge for MSPs. So, a podcast that caught my ear was Paul Croker of The Business Insights Podcast speaking with Debby Clements of Pax8.

Clements shares how MSPs can go “Beyond the Resume and Embrace the Power of Interviewing the ‘Whole Person’.”

If you’re an MSP employer, this episode is definitely worth listening to.

#5 Pax8 Beyond EMEA 2024

Pax8 Beyond EMEA takes place in Berlin, Germany between 13th-15th October, 2024.

And the event is now 50% sold out!

Attendees can expect to master cybersecurity techniques, learn how to grow their MSP business, and elevate their team’s capabilities. There’s three days of immersive, groundbreaking sessions with leading industry speakers, MSPs and vendors.

Grab your ticket now. I hope to see you there!

Links to the Resources Mentioned in this Round-Up

From Week 1The Evolving Landscape of the MSP Business Report 2024Avoiding Bad Hires: 6 Top Tips for Awesome MSPs & Inhouse Tech TeamsHow 25 UK Resellers and MSPs Are Addressing Their Carbon EmissionsNothing Happens by Itself – Even With AISuperOps SuperSummit Virtual 2024: Navigating TomorrowMentioned in Week 2Support Clients 24/7 With an MSP Answering ServiceThe Checklist Manifesto: How MSPs Can Get Things RightManifest.lyInterview From Tampa at the SuperOps Super Summit – Arvind ParthibanHelping You Take Your MSP to the Next LevelWeek 3UptimeLIVE: Innovation, Reliability and Scalability for MSPsStop Mac Hacks in Their TracksBeeper – All Your Chats In One AppHow to Turn Bad Day Into a Great Day With Ian LuckettThe Fastest Data in the WorldAnd Week 4How A Penetration Test Uncovered Astonishing Network FlawsErick Simpson’s Disc Overview #1 DiscTrundlBusiness Insights Podcast – Recruitment State of Mind With Debby Clements of Pax8Pax8 Beyond EMEA 2024

How You Can Help

As we wrap up Tubbservatory Round-Up #31, let’s get excited for August!

Got something awesome to share? Whether it’s a handy tool, a great article, or an interesting tip, drop it in the comments below. Let’s keep the knowledge flowing—your input means a lot!

You Might Also be Interested inWhy you Should Encourage Your MSP Employees to Switch off on HolidayTubbTalk 153: The Godfather Of Modern Productivity: How To Leverage GTD For TeamsPhishing Defence Coaching: A Targeted Approach To End-User Security Training

The post Tubbservatory Round-Up #31 – July 2024 appeared first on Tubblog: The Hub for MSPs.

The post Team Tubb Takeover – Summer 2024 appeared first on Tubblog: The Hub for MSPs.

Security awareness training (SAT) is a way for businesses to protect themselves from cyber attacks that specifically target the people that work for you.

As a managed service provider (MSP), you already know there are many sophisticated tools to prevent unauthorised access to your systems and data. This is why attackers employ a variety of tactics to target the staff of the businesses you support.

Therefore, there’s a great opportunity here to offer and encourage security awareness training for your clients. And to reduce the risk of cyber-attacks against their businesses.

What is Security Awareness Training?

Security awareness training is any form of education for staff in being able to spot, avoid and respond to cyber threats.

It’s also about establishing best practice in all aspects of digital safety.

The idea is to create a culture within the business where employees are equipped to better protect data assets and limit access. And to not fall prey to social engineering tactics.

SAT training can come in a variety of forms, often by design, to make the learning easier to digest. Effective engagement is key to ensuring staff take on board the lessons and apply them in practice.

Vendor partners who offer Security Awareness Training include:

Huntress Security Awareness TrainingUsecure Human Risk ManagementKnowBe4 Security Awareness Training

Social Engineering Tactics – How Attackers Find Our Weaknesses

Social engineering is a tactic employed by attackers to manipulate and lure end-users into taking an action that helps them hijack systems or steal data. They do this by exploiting human psychological weaknesses in a number of clever ways.

Here are just a few of the techniques employed by attackers every day to exploit us:

Phishing

Phishing is a technique that uses an electronic communication medium, usually email, to illicit sensitive or confidential information. It usually involves coercing or enticing users to click a malicious link. They do this using language to convey urgency, or some other psychological trigger.

It’s one of the most common types of cyberattack in circulation today. More sophisticated phishing attacks can target specific employees, which is called spear phishing or whaling.

Business Email Compromise (BEC)

This method involves the attacker attempt to trick a senior executive or budget holder into sending money or divulging confidential information. Sometimes the attacker will spoof the email of someone in the organisation with the authority to request one-off payments in this way to make them look more legitimate.

Watering Hole Attacks

In this type of attack. The criminals compromise a ‘trusted’ website frequented by an organisation with the aim of distributing malware through malicious links. This website will usually be one with low security which can be manipulated to trigger a malicious payload, which unwary users may not notice. Supply chain attacks work in a similar way.

5 Tips for Effective Security Awareness Training Programmes

Here are a few tips to consider when defining a security awareness training programme:

1 Set Regular Training Intervals

Though mileage will vary from one business to the next. It’s generally considered that every three months is a good target to aim for regular training. Some argue that monthly or bi-monthly is better, but there’s an argument that conducting training too often will result in a lack of engagement.
If you discover that many employees failed a phishing simulation, then you may need to increase this frequency.

2 Ensure Training is Relevant and Engaging

PowerPoint training slides can be somewhat dry and unengaging for most people. Especially if the subject is IT, and they’re not really IT-minded people.
If you’re able to use real-life examples in the training that will be much more effective. However, using a mixture of visual media for learning, backed up with quizzes to reinforce the knowledge works well too.

3 Cover Essentials and Topical Threats

Training topics should cover the broad spectrum of threats staff need to look out for in phishing attacks. It should also cover good practice in security, from handling data to using public wi-fi.

It’s important to explain the ‘why’ along with the ‘what’ in order to build an effective security-savvy culture.

4 Perform Regular Phishing Simulations

To ensure employees are putting into practice what they’ve learned, phishing simulations are an effective tool to deploy to see how effective the training has been.
It’s better to test the human factor in your business in this way, than wait for a real-life attack.

5 Measure the Impact of Training

Measuring the impact of the training is important because you can see if it’s working or not. Running a post-training quiz will demonstrate whether employees have understood what they’ve learned.

Comparing these results with the results of simulated phishing campaigns also demonstrates the effectiveness of the training. And helps demonstrate the value of security awareness training to your clients.

Why SAT Training is an Essential Component in Cyber Risk Reduction Strategies

According to the Cyber Security Breaches Survey 2024, produced by the UK Government last. The most common type of attack to breach UK business last year were Phishing attacks. With 84% of those surveyed being affected.

If businesses are not training their workforces to spot malicious emails as a bare minimum, they’re leaving themselves open to attack. Also, for the best results, that training needs to cover much more than suspicious-looking emails.

Training needs to be engaging, relevant and regular if you want to get the most out of it. As an MSP, encouraging a security awareness training programme for your clients, is a very worthwhile endeavour, especially if you can demonstrate the value with phishing simulations.

Have you seen the value of promoting security awareness training for your clients? We’d love to hear your story in the comments.

You Might Also Be Interested InWhy MSP Owners Should Schedule a Mid-Year Business ReviewTubbTalk 151: How to Uncover Cutting Edge Cybersecurity Solutions for MSPsPhishing Defence Coaching: A Targeted Approach To End-User Security Training

The post Complement Your Cybersecurity Strategy with Security Awareness Training appeared first on Tubblog: The Hub for MSPs.

Many IT Solution Providers and Managed Service Providers (MSPs) are familiar with a cybersecurity penetration test.

Historically, MSPs have employed third-party cybersecurity experts to do manual penetration tests on their clients’ networks.

However, advances in Artificial Intelligence (AI), Machine Learning (ML) and other technologies have changed things. MSPs are now being given the option of using automated penetration testing.

So, I did some research to see if these automated penetration tests are as effective and reliable as a manual pen test run.

I asked the team at UK-based cybersecurity specialists Endida to run a thorough automated pen test of my home network.

As you’re about to read, the results of the penetration test were surprising!

What is a Penetration Test?

Before we dive into Endida’s work, let me explain exactly what a penetration test is.

A penetration test, often referred to as a “pen test,” is a simulated cyber attack against an IT system, network or infrastructure. The goal of the pen test is to identify vulnerabilities that could be exploited by cybercriminals.

Traditionally, pen tests have been conducted by ethical hackers who use a variety of tools and techniques to probe a system with the aim of uncovering security weaknesses before malicious actors do.

The results of a pen test often provide valuable insights to an MSP into the security posture of their clients’ systems, revealing recommendations for strengthening defences and mitigating potential risks.

What is Automated Pen Testing?

As mentioned, there is a new breed of AI/ML-based automated pen tests becoming available to MSPs.

These pen tests are still run by cybersecurity experts. But rather than manually probe an infrastructure for vulnerabilities, an automated pen test relies on artificial intelligence to scan a system and highlight issues.

UK-based Endida is a cybersecurity company that offer an Autonomous Penetration Testing platform — or Pen Testing-as-a-Service (PtaaS).

I engaged Endida’s founder and CEO Ian Schenkel to perform an automated pen test of my home network here at Chez Tubb.

My Home InfrastructureThe Network Cabinet at Tubb Towers. Our home network definitely leans towards the Prosumer setup.

Now, being a huge tech geek, my home network contains:-

A multitude of IP-based security camerasA Network Attached Storage (NAS) serverA CAT6e-based ethernet network, spanning multiple switches and routersA mesh-based WiFi networkDesktop PCs, Raspberry Pi machines, Laptops, Printers and Scanners.Dozens of home automation devices

In short, my home network is very much a “prosumer” setup, and probably contains more devices than the majority of MSPs’ typical client networks.

Therefore, I was intrigued to see how Endida’s automated pen testing would perform against my infrastructure.

Preparing for the Pen Test

After engaging the team at Endida, Ian jumped on a call with me to understand my home network.

Surprisingly, Ian said that the pen test wouldn’t just look at devices on my network, but would also test cloud-based systems such as our web-site, DNS, email and other services.

I provided Ian with details of names and websites registered to my company, to enable Endida to create an “Asset group” they could run tests on.

In order to facilitate the pen test, I was given some instructions on setting up a laptop to host the pen test on my home network.

The laptop — which had a decent, but not powerful spec (16GB RAM, Quad Core CPU 20GB free HDD space) ran a virtual machine.

We used the freely available Oracle VM VirtualBox Manager. The Endida team install their automated pen testing platform onto it. It’s based on Horizon3.ai NodeZero software.

Ian and I then scheduled some mutually convenient time to not only run the pen test on my network, but to show me how the entire process works.

Preparing for the Automated Pen Test

Within a few days, Ian and I jumped on a video call. I was introduced to Will and David from the Endida team, who would be performing the pen test.

I had to grant the Endida team permission to remotely access my laptop. Then, they walked me me through setting up an account on their web-based system.  Next, the Endida team had to install the virtual machine to run some exploratory tests.

With the Endida team confident the laptop was configured correctly, there was a run-through on how they would configure the pen test.

They made a note of external resources (websites, domain names, etc) the Endida team also asked me if I wanted to inject some credentials into the test.

Injected credentials are typically Windows domain accounts, local user accounts, AWS access keys and similar. Cybercriminals don’t have to work hard to discover these. It includes usernames like admin, administrator, or firstname.lastname user accounts.

The Pen Test then injects those credentials into its process. This will show how far an attacker could get if they compromise a credential within your system.

The Endida platform has a bank of default and weak credentials, which is used to attempt to gain access. So effectively, they guess or brute force the credentials. The testers also perform an OSINT to uncover relevant employee names/company details to guess username/password combinations.

Carrying out the Pen Test

Once these credentials were entered, the automated test would run for 6 hours to discover every device on my network (and beyond!) and ascertain any vulnerabilities.

Once the pen test completed, they would deliver a PDF-based report to me, and schedule a follow-up meeting to explore their feedback on any vulnerabilities that the test found.

And that was it! The setup process was simple, and inside an hour, the automated pen test was off and running.

Monitoring the Pen Test

Of course, the whole point of an automated, AI-based pen test was that you don’t have to monitor the test as it runs!

Nevertheless, the geek in me wanted to see any vulnerabilities as they were discovered!

Therefore, I could watch the pen test running through Endida’s Horizon3.ai dashboard. That’s accessed from any machine, not just the laptop being used for the pen test. And I could see the results as they were discovered.

Once my curiosity was met, and I saw the test doing its thing, all that was left for me to do was wait for the results.

The Results of the Pen Test

The next day, the Endida team sent me an email to let me know the pen test was completed!

The Horizon3.ai dashboard is easy to navigate and shows the internal and external pen test results, plus:-

ImpactsWeaknessesCredentials discoveredCompromised hosts

My network’s overall exposure level was scored as “Medium” (Yellow) with 4 weaknesses, and 1 credential discovered by the pen test.

Thankfully, 3 of the 4 weaknesses were rated as “low”, with SMB Signing not turned on some devices such as my Synology NAS.

More worryingly, the pen test discovered one of my IP-based security cameras had Telnet turned on, with the default credentials still in place. Eek!

The pen test also discovered over 600 different services running on my network,  from web-servers I was previously unaware of. And the aforementioned Telnet service, which shouldn’t have been turned on.

Additionally, the pen test highlighted 10 different certificates on my network, many of which were outdated and needed replacing.

The external pen test also found a host of sub-domains and services that we no longer use. So we’ve now flagged those for retirement.

The NodeZero software that Endida uses allows you to download a comprehensive PDF and CSV based reports showing the results of each of the pen tests. You can download a single ZIP file with all the reports, which allows you to then browse them offline.

The Executive Report was especially useful, and Endida tell me that this report can be white labelled so that MSPs can deliver it directly to their own clients.

AI-based Pen Test Remediation

One of the most interesting aspects of Endida’s service was the AI-based remediation platform they provided me, post-test. This is a service that they’re rightly proud of.

Helpfully, the mediation advice includes relevant screenshots and multiple options based on the identified environment. So it’s easy to see what changes need to be made.

Furthermore, the platform allows you to interrogate the results of your pen test in plain English.

For instance,  unsure how to fix an SMB signing issue, I could ask Endida’s platform. “What is SMB Signing and how should I secure it against the issue?”

And for MSPs, they are able to charge their end customers for remediation. They just follow the instructions given, and perform a one-click verify to prove to the customer that the remediation was effective.

The AI-based platform then produced a series of easy to understand steps to secure the issue.

This ChatGPT-esque tool will be incredibly useful for any MSP who needs help to understand how to remediate any issues the Endida pen test discovers.

And once you resolve all the vulnerabilities that the pen test finds, Endida allows you to re-run the pen test at no charge, to ensure you’ve not missed anything.

I think that this offer of unlimited pen tests will be of real value to any MSP.

As we shared in Championing the Cybersecurity Right of Boom and the MSP Revolution, anything that enables MSPs to highlight left of boom issues is a bonus.

An unexpected result!

But our story doesn’t finish just yet!

The most interesting aspect of the pen test on my home network was an entirely unanticipated one.

Before the pen test, Endida had, quite naturally, sought my written permission to perform the test on my network.

After all, running a pen test without permission is dangerously close to being seen as a hacker!

However, during the test routine, my wife, who works for a local government authority in the education space, had arrived to work from home and connected to our home WiFi.

Being a part of the network, the AI then ran a penetration test on my wife’s laptop. And scarily, it found some serious vulnerabilities.

Suffice to say, her employer’s IT team absolutely freaked out. And despite explaining the situation, my wife’s laptop was disconnected and her work access was cut off.

What Happened Next?

Within hours, Ian at Endida had been connected with my wife’s employer’s IT team, and explained the situation. Ian shared that we were the good guys, not cybercriminals — and that quite by accident, we’d found a fairly serious vulnerability.

Ian went out of his way to give the IT team details of the exploit, and how they could resolve it. However, at the time of writing, we don’t know if things have changed.

The head of IT no longer responds to email enquiries on whether they have patched the vulnerability.

This is very disappointing, as the local authority involved is responsible for some extremely sensitive and critical data of a personal nature. Perhaps the vulnerability has been patched — we really can’t be sure.

I think the lesson for MSPs here is that many internal IT departments are under-resourced. And so they’re overwhelmed when it comes to cybersecurity.

Therefore, if you accidentally find a vulnerability and highlight it to these organisations, don’t be surprised if you, the messenger, are attacked rather than thanked.

Conclusion

As we’ve seen, there are now more cost-effective ways for an IT Managed Service Provider (MSP) to support their clients. But today, an AI tool can carry out a cybersecurity penetration test on any network.

And many of them offer retesting as part of the price, so there’s no cost for making sure updates have worked. So it’s easier and cheaper than ever for MSPs to keep their clients’ data safe.

However, thanks to Artificial Intelligence/Machine Learning, MSPs are now able to engage autonomous, or automated pen testing to keep their networks safe.

Companies such as Endida provide these autonomous pen testing services in affordable, easy to access solutions for MSPs.

And the AI pen testing solution they offer is backed by years of experience from cybersecurity experts. These experts can help an MSP to resolve any vulnerabilities. Hopefully, my experiment with Endida’s Continuous Penetration Testing platform on my home network will reassure you that it works.

So clients will look to MSPs for more cybersecurity advice, guidance and the responsibility for keeping their infrastructures safe. I can see autonomous pen testing becoming a serious weapon in the arsenal of any MSP business.

Do you have any experience with automated pen testing? Is autonomous pen testing useful within your MSP business? Or do you have concerns about handing across the keys to your infrastructure to an AI-based solution? Get in touch, or leave a comment below with your thoughts.

You Might Also Be Interested InPodcast – TubbTalk 106: Application Allowlisting, Cybersecurity and RingfencingArticle – How Huntress’ Product Lab Shares News, Trends and Improvements with PartnersPodcast – TubbTalk 138: How to Become the Go-To Threat Operations Expert for MSPs

The post How A Penetration Test Uncovered Astonishing Network Flaws appeared first on Tubblog: The Hub for MSPs.