Richard Tubb's Blog, page 23

In this episode, Richard speaks to Nancy Henriquez, Head of Community at SuperOps. They offer an AI-powered PSA-RMM solution for MSPs of all sizes. Nancy shares her story as a woman in tech – from MSP owner to community leader.

An Interview With Nancy HenriquezThe Importance of MSP Communities

As the new Head of Community at SuperOps, Nancy sees it as her role to bring together all of the MSP communities out there. “I understand that each one has its own strengths and uniqueness.”

So by bringing them together, we can grow the collective knowledge and understanding of the channel and elevate everyone. It’s a way for people to get to know each other, find support and ultimately, bring the MSP world a little closer.

Nancy’s Pick of the Latest SuperOps Tools

SuperOps are constantly working on new tools to help make life easier for MSP owners. But while there’s plenty to choose from, Nancy says she’s most excited about ‘Smarter Tracker.’

“When I was an MSP myself, the biggest problem I had was making sure that my techs were keeping and tracking time accurately. It can be so frustrating for them to do this when they’re trying to do their jobs at the same time.

“So for me, this is one of our best features right now. Because not only can your techs start to track time on jobs, it tracks things like travel time. And those little things where they lose time. It all ties into reports, too.”

The Contribution a Woman in Tech can Make

In the tech space, diversity is important. But, Nancy says, not just the obvious areas like gender, but also in methodologies and experiences. “What women add is an experience that only other women can understand.

“Our experiences create a unique way for us to see the world. Things like empathy and nurture contribute to the way we approach working in tech. So for me, growing up in this industry and running an MSP has had an impact on my approach.

“But we’ve all experienced things. So if we tap into those, it will be beneficial. It will help each of us to grow and support our peers. It leads to a more collaborative environment and community, which we all need to survive.”

The Evolution of the Role of a Woman in Tech

When asked what she sees for the future of women in tech, Nancy immediately says she’d like to see more in leadership roles. “In fact, it’s one of my missions to make sure that women are talked about and championed as much as the men.

“Every stage should be diverse. So women in middle management as well as right at the top. And a lot more women-owned MSPs, too. I can’t tell you the pride I feel knowing how many of these there are today compared to when I started out.”

The Biggest Barriers for a Woman in the Tech Sector

One challenge that women face more than men is childcare, especially if they’re single parents. Often, Nancy says, women have to work far harder to climb the career ladder.

“Even if you have a partner, the home responsibilities often fall to women. So until things change within cultures, there will always be a gap where women will have to either push harder to make up for or fall back.

“Post-covid, there has been a huge gap created, because women had to stay at home or work fewer hours to manage the house. So everyone in the tech space needs to be aware of that and support women, both in MSPs and in SMBs in general.

“They may not have the same time and resources, but that doesn’t mean they don’t have the same drive. But what’s missing is giving women the same vantage point as their male colleagues.”

The Organisations Working to Bring About Change

Nancy says there are a lot of organisations working for diversity, equality and inclusion in the IT space. She highlights Nerdy Girl Success, who encourage girls to take an interest in STEM.

And alongside that, larger organisations such as Channel Futures and CompTIA have a DE&I policy. There’s also Women in Tech, a global group supporting women in STEAM roles.

How to Connect With Nancy HenriquezSuperOpsFollow SuperOps on TwitterLike SuperOps on FacebookFollow SuperOps on LinkedInConnect with Nancy on LinkedInHow to Connect With MeSubscribe to TubbTalk RSS feedSubscribe, rate, and review TubbTalk on iTunesSubscribe and rate TubbTalk on SpotifyFollow TubbTalk on iHeartRadioFollow @tubblog on TwitterMentioned in This EpisodePodcast: Richard’s previous interview with NancyBook: Bob Burg: The Go-GiverPeer group: CompTIAPeer group: The Tech TribeYoung women in STEM group: Nerdy Girl SuccessBusiness strategy: Channel FuturesWomen’s STEAM organisation: Women in TechChannel marketer: Kris BlackmonCEO of Proda Technology: Marissa MaldonadoEchelon Computer Technologies: Justine AndersonLionguard CEO: Michelle AccardiChannel chief: Michelle Ragusa-McBainCEO of 3rd Element Consulting: Dawn SizerFounder of Bluebird Leaders: Rebecca WoodsSales Development Representative at SuperOps: Nicole JamesWomen in Tech ebookYou Might Also be Interested inPodcast: AI-Based Intelligent Alerting for MSPsCelebrating Five Amazing Women in Tech for International Women’s DayPodcast: How to Break Down Barriers so Women in IT Succeed

The post TubbTalk 147: One Woman in Tech’s Remarkable Journey from MSP to Community Manager appeared first on Tubblog: The Hub for MSPs.

Insider threats are something every business needs to be concerned about and take very seriously.

Cybersecurity distributors Brigantia held a series of roadshows across the UK, bringing together product experts and managed service providers (MSPs).

The aim, to explain the dangers of insider threats, and what tools can be utilised to mitigate them.

The events took place in February over consecutive days in London, Birmingham and York.

Stephen McCormick went along to the Birmingham event, which took place on Thursday 22nd February 2024.

Introduction: Why Brigantia?

Brigantia Partners are cybersecurity distributors who work on the belief that traditional distribution is broken.

Senior product specialist Ed Knox explained that Brigantia is built on three founding principles:

Quality Products – Vendors are chosen for their rigorously tested quality products, not just their reputation in the marketplace.Trusted Advisers – Peerless knowledge with dedicated product support.Strong Partnerships – Adding value and providing tailored support to build a strong relationship with customers.

They work with a collection of hand-picked vendor partners that provide solutions that work for MSPs and their clients, some of whom were in the room to give their expertise.

Channel Statistics

Ed provided some statistics and predictions for the channel for 2024:

Compliance consulting services will grow by 60% for MSPs throughout 2024At least 65% of end users will be using generative AI tools to grow productivityTotal managed services revenue will grow by approximately 12%Human firewall and staff cyber hygiene training will continue to be a growth marketWhat is an Insider Threat?

The definition of an insider threat is a risk posed by those who have access to an organisation’s physical or digital assets.

Threats can come from:

Current employeesFormer employees (where access has not been revoked during offboarding)Malicious actors (cybercriminals)Unintentional insiders (coming from employee negligence or not adhering to company policies)

These threats can lead to data breaches, phishing and social engineering, fraud, negligence, compliance violations and unauthorised access to your systems.

The channel is underprepared, and therefore it’s a big opportunity for MSPs to increase their revenue in 2024.

How to Protect Against Insider Risk for Microsoft 365

Hornet Security’s Matthew Frye explained how Microsoft 365 has transformed productivity and expanded collaboration.

However, allowing users to work from anywhere across a broad spectrum of connected devices has its downsides too. Insider risks for M365 include:

Data is easily shared across numerous applications (Sharepoint, Teams, OneDrive, etc.)

Human aspect (overriding data, malicious data loss, stolen devices, etc.)

Unauthorised access via phishing and ransomware

Purview Insider Risk Management is not practical for small and medium-sized businesses (SMBs)

Permission Management Risks

In Microsoft 365, a new user is usually given group access, but will have full access to any subfolders or confidential files.

Shared files do not have granular controls, and by default, anonymous copy-link sharing is universal.

Also, if a team member has a change in role, they’re much more likely to request access to files and folders they need from now on. But it’s human nature to forget to request for access to be revoked for the things they no longer need.

Furthermore, when it comes to access audits, these are rarely carried out by the people who know who should have access. So, they don’t know where access should be granted and where it should be revoked.

Hornet Security’s Microsoft 365 Permissions Manager

One of the great features of this tool is the audit feature.

You can use it to identify audit policy violations after they’ve been set via a central dashboard. You can fix or approve any violations across all the sites you manage.

Quick actions include:

Copy user permissionsRemote access for a user or groupSet site permissionsClean up orphaned usersRemove ‘everyone’ user permissions

This kind of audit feature can fuel your governance, risk and compliance strategy.

Unrestricted access leaves your business exposed to insider risks. It’s harder to spot lateral movement when access is not controlled. And this can lead to data breaches, exfiltration and ransom.

Real-Time Email Analysis

AI-recipient validation is an AI-based learning tool that recognises patterns in user behaviour and provides feedback to advise the user before they send an email.

This provides advisor warnings when you’re about to send an email containing sensitive information, such as credit card details, across email.

Be Ready for What’s Next – Next DLP’s Reveal Platform

Stefan Jarlegren from Next DLP began with a bit of background.

Data loss has always been a risk to businesses, but the way we send, receive and store data has changed. Digital transformation has seen businesses move away from on-prem servers and put their data in the cloud.

The Reveal platform provides the optimal balance of risk insights and data loss prevention (DLP).

It uses instant on-endpoint and cloud sensors which provides cloud, system, user, data and network telemetry. It provides cross platform protection covering ingress and egress on both managed and unmanaged devices.

With all this coverage, you can accelerate investigations using contextual reporting across all touchpoints in your network.

Three Use Cases for Managed Security Service Providers (MSSPs)

Phishing – Threat actors exploit human vulnerabilities to steal access details and exploit sensitive data. Reveal notices suspicious links and prompts the user to think before entering their details.

AI Chatbots – Reveal can monitor and secure data headed for ChatGPT or other Large Language Models (LLMs). It will look for sensitive data, such as API codes or confidential information and flag it up as a risk before the data is shared.

Cross-Platform DLP Controls – When sharing files across platforms, such as via a USB stick, the platform will prompt the user to choose an alternative sharing method. This is because it recognises that files shared using USB drives are not secure.

The Future for Reveal

The Reveal platform is scalable, simple and secure. It’s an industry first MSP insider risk and DLP tool.

The roadmap for future development of the platform includes:

SaaS VisibilitySecure Data FlowXTND AI ServiceUnmanaged Devices

How Hackers Bypass MFA With Session Hacking

Joe Burns of Reformed IT, an MSP based in the East Midlands, gave a couple of demonstrations on how easy it is to hijack session cookies using phishing techniques. And how a ‘rubber ducky’ can be used to steal stored browser passwords from an unlocked device.

Session Cookie Theft

A session cookie is a token that gives you the right of access once you authenticate at the gateway of a system.

When a user has been phished by a threat actor, they may be sent to a login page, which is actually a spoofed proxy. The login will prompt their username and password, and then ask for multifactor authentication.

These will log the person into the system, but it will also provide the scammer with all of that information, plus the session ID.

The threat actor will then be able to copy and paste this into a new browser window, and gain access to their Microsoft 365 mailbox, for example.

Mitigation and Remediation

If you have behaviour detection and conditional access policies implemented, you can mitigate this threat.

Trusted devices and approved geolocation are good parameters to establish to protect your network.

Though passkeys will be an even better practice, once they’re available.

If you are hit by this type of attack, it’s advised that you terminate the session immediately and change the password. You can also reduce permissions and isolate the account if you want to be extra cautious.

Rubber Ducky – Browser Password Theft

A rubber ducky is a device that plugs into a USB slot and runs a short PowerShell script to copy any saved passwords in the Chrome or Edge browser cache for that device. Though browser passwords are typically encrypted, it also steals the key as well.

It avoids detection by not showing up as a USB drive, and instead disguises itself as unassuming device like a keyboard or mouse.

It’s not a good idea to keep passwords stored in your browsers. Instead a password vault is recommended to mitigate this type of attack.

Protecting Against Insider Risk with Conceal Browse

Conceal‘s Mark Ross explained why insider risk is such an important consideration for cyber defence, especially in the public sector.

Between 2018 and 2022 there were 1,819 publicly disclosed cyber attacks on schools in the UK.And over 100 million patient records were leaked in 2023 according to NHS data.Phishing remains the dominant threat in the cyber landscape80% of reported security incidents began with a phishing attack74% of data breaches result from human error

So, the earlier an attack can be prevented, the less likely a phishing attack will succeed. That’s why protection at the browser level can intercept this kind of attack and minimise insider risk.

Chief Information Security Officer (CISO) budgets are constrained year on year. So, a lightweight solution like Conceal Browse, which doesn’t impact on services, is ideal.

How Conceal Browse Protects Against Insider Threats

Conceal Browse is an AI-powered zero trust browser extension. While running, as you browse, it performs multiple checks in the background to find malicious links or bad DNS records on webpages you visit.

It covers Microsoft Teams, Whatsapp, Google Workspace, Slack and more.

And with Conceal Browse, malware will not reach the endpoint, and credentials will never be harvested!

The solution is deployable via an Remote Monitoring and Management (RMM) solution, so can be rolled out across any site you monitor.

Conceal Browse will see coverage for Apple devices and Android by the end of 2024.

Lead the Email Security Charge and Strengthen Client Trust with DMARC

Lee from Sendmarc explained that 91% of cybercrimes today are initiated using email. And worryingly, 95% of breaches are caused by human error.

This can be by impersonation, where threat actors submit fraudulent requests, or by interception, where details are changed or diverted.

For example, when you receive an email asking you to pay an invoice via a link. it may look legitimate. But you could be sending your payment information anywhere if you can’t authenticate the email.

What is DMARC?

DMARC stands for Domain-based Message Authentication, Reporting and Conformance.

DMARC is a policy standard that helps to establish the legitimacy of an email. When an email is received it uses a combination of SPF record and DKIM keys to authenticate the sender is from the domain they say their from. And if they’re not, the email is rejected.

Therefore, it’s an effective way to solve the impersonation problem.

How Sendmarc helps MSPs to Protect Against Insider Threats

Sendmarc is an MSP-centric DMARC solution that helps their clients see how vulnerable their domains are.

It helps businesses protect their domains so that cyber criminals can’t spoof them, and ensures compliance in DNS security by managing their SPF and DKIM authentications.

By securing your clients, you are are not only protecting their businesses, but also anyone in their supply chain, which is peace of mind when protecting their reputation.

MSP Compliance Opportunities and How to Sell Managed DMARC Services

Regulators and institutions are pushing for DMARC compliance regulation and accreditation.

Out of 5,000 UK companies surveyed, 75% are not yet protected, so the opportunities are massive.

So, Sendmarc helps certify MSPs to deliver a multi-tenanted managed white labelled DMARC solution.

And they can also help in marketing managed DMARC to generate leads, target new prospects, and co-sell with full implementation and support.

Insider Threats and the Markets They Provide MSPs

Brigantia understand the impact insider threats have on UK businesses. So the potential this has for MSPs, both in terms of the dangers and sales opportunities, is immense.

Knowing the breadth of tools out there, especially tools that have Brigantia’s seal of approval, is always a good thing. And as providers of managed services, you get a broader perspective on compliance as a whole, and what you can offer your clients as part of your ever-expanding tech stack.

And although the roadshow was a half-day event, there were lots of quality speakers and a wealth of information to take away.

Though sales pitches were part of it, they were informative too, and there was no pressure to have follow-up sales calls.

However, it did start up conversations, around risk, compliance and protection, which was a good thing.

So, did you make it to any of the roadshows? What did you think? And how do you think the compliance market will expand for MSPs over the next three to five years? We’d love to hear your thoughts in the comments!

You Might Also Be Interested InBreaches, Brew and Banter: A Fun Roadtrip with Cybersecurity ExpertsTubbTalk 143: How to Navigate the Cybersecurity Landscape: A Comprehensive Guide for MSPsKey Importance of Privacy for MSPs and Clients

The post Brigantia Roadshow: Tools For MSPs To Mitigate Insider Threats appeared first on Tubblog: The Hub for MSPs.

How can today’s MSPs grow and scale their businesses? What should they offer to better support their clients? One thing I suggest to every managed services owner I speak to is advanced security services.

So I’m going to talk about exactly that in a webinar hosted by Exertis and Seceon. It’s taking place on 12 March at 2pm GMT and I’ll share my thoughts on why cybersecurity is key to every MSP’s growth in 2024.

https://www.tubblog.co.uk/wp-content/uploads/2024/02/Video-Promo-for-Seceon-Exertis-Webinar-on-12.03.24-UPDATED-1.mp4How to Register for the Session

Our webinar takes place on 12 March at 2pm GMT (9am EST). Click here and register for the session.

Will There be a Recording of the Session?

This presentation will be recorded and made available to view on-demand. Click here and register to be notified when the recording is available.

Why are Advanced Security Services an Opportunity for Your MSP?

The cybersecurity threat isn’t going away any time soon, so MSPs in 2024 must face it head on. If you’re not already offering advanced security services to your existing clients, now is the time!

Join me, Seceon and Exertis for this exclusive webinar. I’ll share my thoughts on where cybersecurity is going. Plus, we’ll look at whether you should build your own cybersecurity solutions or not. And of course, how to do so profitably!

What do you think about offering cybersecurity solutions in your MSP? Is this something you already do? Can you see how advanced security services might help you attract new clients?

If this is something you’d like to know more about, sign up for the webinar now! And do let me know if you’re coming along, too!

You Might Also be Interested inPodcast: How to Transform From an MSP to an MSSP for Business GrowthHow to Keep Smart in Cybersecurity with Your IoT Smart DevicesPodcast: How to Build a Modern MSP for Business Growth and Success

The post Webinar: Exertis Cybersecurity and Seceon: Launching Advanced Security Services appeared first on Tubblog: The Hub for MSPs.

In this episode, I speak to Michael Lawson. He has over 15 years of experience in working with MSPs. A seasoned start-up founder, he’s recently built an exciting new platform for MSPs. Movebot is designed to make data migration easier, particularly at scale.

An Interview with Michael LawsonHow Michael Came up with the Idea for Movebot

Michael runs Couchdrop, an SFTP server that sits on top of any cloud storage platform. His team learned that partners were using it for migrations. As SFTP isn’t designed to do that, it became apparent that there was a need for a solution that did.

“I was surprised by the size of the problem. Moving data between cloud platforms seems trivial, but doing it was a nightmare. So we evolved Couchdrop, added in some technology abstractions and built it into a platform which can migrate data at scale.

“From there, we moved into data lifecycle management, syncing, backup and so on. Movebot is designed to make data migration easy. And you should only think about it when a client asks you to do it, and forget about it the rest of the time.”

The Types of Data Migration you Can Do in Movebot

Up until recently, Movebot only migrated files. Because, as Michael says, they wanted to do file data migration really well. That was where MSPs really have a challenge.

“I could see that there are a lot of email migration tools on the market. But there are not so many that offer both highly optimised and simple file transfer, file and folder migration tools.

“Once we’d established the file migration, we began to build out email migration for Google, Office and so on. And today, we also offer support to move calendars, contact lists and other things that clients need. We’ve taken a different approach to the rest of the market.”

How Real-Life MSPs Use Movebot in Their Businesses

Movebot’s clients use it for all sorts of things, Michael says. A typical migration would be between five and ten terabytes of data, shifted between Google and SharePoint, and users usually do the same with emails.

“But we find that customers move anything from a couple of users up to thousands of users. It varies. But it’s almost always last minute! Data migration tends to be an afterthought lumped in with a bigger project.

“And with that can come some tight turnaround times. We pride ourselves on being quick with file transfers. It’s important to be responsive. The biggest single migration we did was Google to Backblaze – that was 35 terabytes per day with 1.2 petabytes of data to shift!”

Live Data Migration with Movebot

Movebot do offer live data transfers, and they take a modern approach to it. “In the past, we’d tell clients not to do anything and stay away from the data. But that it’s extremely prohibitive for the clients. And you don’t have any margin for failure in that case.

“So we tell customers not to mention that they’re moving any data and let Movebot perform the copy operation in the background. Once it’s done, we get them to test and check that the data is in the right place.

“And then we go into what we call a continuous data cut over. Movebot will look at the source and destination and identify changes. It only moves data being changed or added. You can grab most of your data in one go, and then you slowly cut your users at time which suit them.”

How Movebot Helps Global MSP Clients to Stay Data Compliant

While Movebot are based in New Zealand, they have very few clients in the country. However, Michael explains that data sovereignty is up to the client.

“So when you configure a project, you tell us where you would like the data to reside. And we have a micro data centre or point of presence in most regions.

“When we deploy resources for your migration, which we do in the background for you automatically, we will put it in a particular region and your data doesn’t leave that region. So as long as you choose the appropriate place, depending on the regulations that you’re trying to satisfy, you’ll be fine.”

Movebot’s Outsourced Data Migration Offering

Movebot do offer professional services, but they don’t push it too heavily. “Our customers are MSPs, so we do have it there for them,” Michael says. But they prefer to help the client through the data migration process itself.

“We prefer to do that rather than doing it for them. Once MSPs realise how easy it is to use the tool and they’ve been through a migration with it, then it’s not such a big obstacle. And then when there are issues or things they don’t know, we’re here to help.”

How to Connect With Michael LawsonMovebot.ioFollow Movebot on LinkedInConnect with Michael on LinkedInFollow Couchdrop (Movebot’s parent company) on TwitterLike Movebot on FacebookHow to Connect With MeSubscribe to TubbTalk RSS feedSubscribe, rate, and review TubbTalk on iTunesSubscribe and rate TubbTalk on SpotifyFollow TubbTalk on iHeartRadioFollow @tubblog on TwitterMentioned in This EpisodeMovebot’s parent company and SFTP solution: CouchdropCloud storage solution: DropboxMulti-tier storage: Apache IgniteMicrosoft collaboration tool: SharePointMicrosoft’s online communication suite: Office 365Google’s online communication suite: WorkspaceCloud-based client portal: HuddleProject management tool: BIM 360Amazon cloud storage: S3Cloud storage: WasabiCloud storage and backup tool: BackblazeUK data protection legislation: GDPRUS health legislation: HIPAACalifornian consumer legislation: CCPAPrivacy experts: KeepablOnline collaboration tool: SlackMSP peer group: IT NationOnline chat forums: DiscordMovebot’s Discord channelYou Might Also be Interested inPodcast: How Outsourcing Your MSP Service Desk Leads to Business GrowthFive Powerful Security Tips for Keeping Data Safe This ChristmasWhy Your MSP Should Offer Offsite Data Backup to Clients

The post TubbTalk 146: Growth and Success Advice from The Wizard of MSP Data Migrations appeared first on Tubblog: The Hub for MSPs.

For today’s article, I’m handing over to guest blogger Jude Sarkar. Jude initiated his journey in the cybersecurity landscape, initially assisting clients in Valentin Vigil’s CPA business. Following his experience with an MSP venture, he founded MicroSec in March 2023, drawing inspiration from the Irish cybersecurity startup, Cyberpie. With a commitment to serving microbusiness owners, consumers, and senior citizens, Jude brings a wealth of expertise to our discussion on cybersecurity.

Let’s delve into Jude’s insights and recommendations for safeguarding your digital world.

Richard Tubb.

***

Embarking on the CyberSec Warrior Quest

The journey of MicroSec started in early 2023 with the mission in mind to anoint our customers to be CyberSec Warriors. I was so much into this idea that I separately got a domain of cybersecwarrior.com. 

Psychology of Privacy: Nurturing Understanding

MicroSec believes that the concept of privacy or cybersecurity has to be embedded in the psychology of an individual. Once you understand it, you can explain to others why it’s important. 

As humans, we are constantly generating data in all forms. Be it through our reviews or sharing our opinions on social media, or even when using various software platforms online.

The biggest question is: how can you safeguard yourself in this journey of data-gobbling services and apps we have on our phones and computers?

Guess what? It’s not only those apps trying to profile you, but also the threat actors who constantly want to steal your information and make a profit, either by selling it or using it as a mask to hurt more people online.

This is the reason why I feel that if we have to safeguard our virtual environment it has to be done with a three-pronged approach.

The Three-Pronged Approach to Cybersecurity

This is the responsibility that is shared equally between business owners, consumers, and the government. 

I find that individuals take less interest in safeguarding their data as they have not been exposed to the benefits of privacy, or they haven’t yet faced a situation where their information got compromised. 

Americans have mostly been affected by scams online where their data gets compromised, whether that’s an email or phone number hack or even their financial information.

Practical Tips for Personal Data Protection

One of the most common pieces of advice I give to my clients is to have two separate email addresses. One you use to register at all the important places like banks, insurance, and healthcare facilities. The other address is for shops, loyalty cards, and any other random places where you need to sign up for services. 

I always advise my clients to use a masking email feature that Apple provides when signing up for services, thus not exposing their personal details. In terms of financial services, especially with credit cards, individuals can contact their credit card providers to generate virtual credit card numbers and prevent fraud when making transactions. 

With phone numbers, one of the best practices is to have features like spam protection enabled, for example, Hiya Protect or Robokiller‘s mobile spam blocker.  Having these means you can easily recognise genuine calls and block fraudulent ones. BT Group and EE offer Hiya’s spam and fraud call protection to UK customers. Recognising that 29% of all UK calls to businesses are Spam, and up to 50% are fraudulent.

This gives business users huge peace of mind when the call comes up on their phone.

A Unique Approach to Security

MicroSec takes a unique approach, as we work with microbusiness owners, consumers, and senior citizens. We’ve observed that customers, whether they’re business owners or not, haven’t yet understood the importance of browser security. They assume having antivirus installed is enough to protect them, but that’s not always the case.

For privacy and security browser extensions, we recommend uBlock Origin, Privacy Badger, and Malwarebytes Browser Guard. We also advise our customers to use a privacy shutter for their webcams and encourage them not to store any form of credentials on their browsers. 

If they have to write their passwords down, they should use a notebook. Of course, don’t label it “passwords.” And where possible, we encourage them to use a password management tool.

Tailoring Cybersecurity Solutions to Customer Knowledge and Comfort

As an MSP or service provider, it’s vital to understand what knowledge your customers have and what tech they’re comfortable with using.

This will inform the package you provide for them and how much support they’ll need during the onboarding process. This reduces confusion and complication and ensures the safety and security of their data at all times.

We always tell our clients that cybersecurity is a preventive measure, much like a vaccine. However, just follow the steps is not enough – they need to understand why each step is important.

It’s not about just paying a provider for security services. They must also be proactive when it comes to protecting their data and networks. 

At MicroSec, we communicate regularly with our clients to keep them aware of the latest trends and developments in the world of privacy.

Conclusion

For us at MicroSec, the key way we safeguard our clients is through constant communication. Just like warriors need constant training to keep them at their best, our customers do too.

As you delve into implementing these cybersecurity best practices, we’d love to hear from you!

What additional measures do you take to secure your digital presence? Share your insights and join the conversation. Let’s build a community committed to online safety.

Leave a comment below or get in touch with Richard or me, Jude Sarkar!

About Jude Sarkar

Jude Sarkar embarked on his journey in the cybersecurity realm after assisting clients in Valentin Vigil’s CPA business. Following a stint with an MSP business, he founded MicroSec in March

2023, drawing inspiration from the Irish cybersecurity startup, Cyberpie. MicroSec specialises in serving microbusiness owners, consumers, and senior citizens, offering tailored cybersecurity solutions. Find out more on the Microsec website.

Jude Sarkar is committed to safeguarding clients through MicroSec’s unique approach, offering constant communication and education in the ever-evolving landscape of cybersecurity.

Connect with Jude Sarkar:Twitter: Jude SarkarTwitter: MicroSecMicroSec Facebook: MicroSec

You Might Also Be Interested In:Powerful Video Help for MSPs on GDPR – Privacy KitchenTubbTalk 135: How to Turn Employees into a Company’s Biggest Cybersecurity AssetProtonVPN – Protect Your Privacy with a Free VPN

The post Key Importance of Privacy for MSPs and Clients appeared first on Tubblog: The Hub for MSPs.

Cybersecurity experts often refer to a “Boom” event when discussing threats such as hacks or breaches.  It’s a criticial event when there’s a network breach, database hack or device infection.

So, what do cybersecurity professionals mean when they talk about a “Right of Boom”?

It’s a phrase that’s fairly common in discussions regarding breach recovery and bouncing back from data loss. However, it’s rarely spoken of among MSPs.

In this guide, we’ll break down what the “Left” and “Right” of Boom mean and why it’s so important for even the smallest of IT companies to understand the difference.

What is a Cybersecurity “Boom?”

As mentioned briefly, a Boom is an inciting incident. It’s when a cybersecurity attacker successfully breaks through a company’s defences. We typically imagine Boom to sit in the middle of a breach sequence.

Therefore, we refer to “Left of Boom” as events that precede that midpoint and “Right of Boom” as events that follow it.

Put even simpler, Left is prevention, and Right is cure. For all you might focus more on the Right, both wings need equal attention.

What is “Left of Boom?”

Left of Boom refers to either the steps attackers take to breach data, or the preventative measures an MSP takes to secure client defences.

Left of Boom is where attackers start researching targets. It’s the reconnaissance stage – where they gather information, decide which attack types to use, and plan when to advance.

These plans don’t have to be meticulous. An attacker in the Left stage might use this period to design phishing emails or analyse the cybersecurity of a website.

For MSPs and cybersecurity experts, Left of Boom is all about prevention. The aim is to lessen or prevent Boom from happening, and if it does occur, to reduce the risk of sensitive data leaking.

That means taking the time to fortify network security, educate client staff, and prepare backups.

What is “Right of Boom?”

Right of Boom is where attackers inflict damage. It defines what an attacker does after they breach a company’s defences.

After Boom, an attacker might steal specific information – such as customer payment details and passwords – or take websites offline and hold critical data for ransom. Once you’re on the Right of Boom, it’s too late to stop a cybersecurity attack.

However, MSPs can strategise for Right of Boom by planning for data recovery and future backups and helping clients navigate compliance and public relations.

How can MSPs address Left and Right of Boom Cybersecurity Threats?

Now we’re clearer on what happens to the Left and Right of Boom, let’s look at some hypothetical strategies MSPs can use to protect their clients on either side.

Left of Boom

Here are some preventative measures MSPs and clients can take to reduce the risk of boom.

General Network Security

The best first defence against most attacks is a robust firewall. MSPs can use them to track suspicious traffic and block unauthorised attempts at accessing a network. Setting up a firewall is likely the first step you will take when arranging a Left of Boom cybersecurity strategy.

Updates and Patches

Updating all client software (no matter how innocuous) helps prevent attackers from abusing loopholes and vulnerabilities in older program versions. 

MSPs should also take time to carefully patch programmes and services that might have previously flagged vulnerabilities. Time is of the essence to limit cybersecurity breaches!

Cybersecurity Education

Educating clients and users on the best security practices and principles can take many shapes and forms. Regardless, training people ensures companies protect data better in the event of a Boom and can add an extra human line of defence.

Data Backups

Regular data backups – ideally in the cloud – ensure companies can always restore critical information should they lose it in a cybersecurity breach or hack. The safest option in Left of Boom is to automate backups and keep hard copies on-site as an extra measure.

Network Segmentation

Segmenting a network, i.e. splitting it into smaller parts, can prevent wide-scale data loss. However, this option might not be suitable for all businesses and clients.

Access Control

Tightening controls through methods such as multi-factor authentication – where network users need to confirm access through multiple devices – can prevent sophisticated attacks. Educating users on healthy password strength and entropy is also good practice.

Auditing and Assessment

Regular auditing of security protocols and protections ensures that a client is always ready to fight against sophisticated attacks. An MSP must, therefore, be ready to regularly check software and security measures they have in place in line with evolving threats.

Right of Boom

At this stage, clients need to focus on recovering from boom – here are a few potential strategies.

Response Planning

Drawing up a response plan means ensuring a recovery process is efficient and effective. For example, a business should have a communications plan set up in the event of a data breach or attack, and clearly outline the steps they need to take if the worst scenario occurs. Testing mock responses is a healthy approach in Left of Boom.

Forensics

Analysing the nature of an attack helps businesses prepare for similar threats in future. MSPs should work to assess the extent of damage caused and where any potential vulnerabilities lie.

Disaster Recovery

Provided backup procedures are followed Left of Boom, MSPs can support clients by restoring cloud data to help them bounce back once a cybersecurity threat disappears. Disaster recovery plans are vital for businesses to return to normal.

Compliance and PR

All businesses should have compliance policies and procedures after a data breach. MSPs can help clients navigate policy and suggest how to communicate with affected parties.

SourcesHow to Organize Your Cybersecurity Strategy into Left and Right of BoomWhat Is Right & Left Of Boom With Cybersecurity?What Is Left & Right Of Boom?Organising Your Cybersecurity Strategy into Left and Right of BoomDefining Left of Boom and Right of Boom“Left and Right of Boom” – Having a Winning StrategyHow to Organize Your Cybersecurity Strategy into Left and Right of BoomCybersecurity Strategies: Left and Right of Boom – What does it Mean? Conclusion

Regardless of whether or not you’ve heard of Left and Right of Boom, you must arrange your cybersecurity prevention and recovery strategies efficiently for all clients. Otherwise, they’re at risk of losing face with their own customers, and in turn, they’ll lose money.

Do you have any Left or Right of Boom strategies of your own? Feel free to share them in the comments below.

You Might Also Be Interested InHow to Keep Smart in Cybersecurity with Your IoT Smart DevicesTubbTalk 135: How to Turn Employees into a Company’s Biggest Cybersecurity AssetUntold Cyber Attack Stories: A Shocking Perspective For MSPs 

The post Championing the Cybersecurity Right of Boom and the MSP Revolution appeared first on Tubblog: The Hub for MSPs.

Dor Eisner is the co-founder and CEO of Guardz, a cybersecurity platform built specifically for MSPs. It takes a consolidated, all-in-one approach so MSPs can automate the detection and response for the specific threats targeting small businesses. These unified security controls are what makes the solution unique.

I sat down with Dor for an exclusive walkthrough of the Guardz dashboard, asking him to talk me through some of the best features for MSPs. You can watch the video of the walkthrough demo below.

A Walkthrough Demo of Guardz Unified Security Controls Tool

Where the Idea for Guardz Came From

Dor explains that he sold his last company, which focused on threat intelligence, three years ago. Part of the work he and his team did involved monitoring the dark web. That involved data scraping, to aggregate and correlate it with the digital footprints of their clients.

“And what we found,” Dor says, “is that the cybercriminals started to democratise their tools. We could see that this would affect the market and have a particular impact on small businesses.”

Knowing that many MSPs support smaller companies, Dor realised that there was a really need for a good tool to monitor the dark web. “There are thousands of tools already, and SMBs don’t know which one to choose. So we created Guardz to be able to support the MSPs support their clients.”

An Overview of the Guardz Security Controls Platform

Everything the Guardz team does is with the MSP in mind. It’s been built as a multi-tenant platform to give a single dashboard overview. And MSPs can onboard as many customers as they want, just at the click of a button.

Guardz deploys in the background to collect user data and asset discovery across browsers, cloud storage and mailbox. Then, it’s aggregated automatically so MSPs can choose multi-tenant view or single. The dashboard displays the critical risk level of each business.

Issues are ranked by severity, and then the AI-driven detection response tool gives greater insight. So, it can show where issues have been resolved, but also identify things that are missing or yet to be dealt with.

The Guardz Phishing Protection Tool

Phishing is one of the most common threats to small businesses, and it’s not enough to try to just protect emails. Instead, Dor explains, Guardz use a multi-layered approach to tackle the problem:

“First, you need to understand the external exposure – the digital footprint of the business. As the IT expert, you need to assess the risk from leaking credentials or  confidential data. Once that’s done, then you can look at scanning inbound emails.

“If you find anything malicious, suspicious or carrying malware, then put it into quarantine. Regular phishing simulation training is essential to raise user awareness, too.”

How to Customise Guardz to Attract New MSP Clients

Guardz has made supporting the MSP users’ growth a priority. “It’s designed as a white-label tool, so you can add your own logo, colours and branding. Because it’s better for your customers to see your name, not ours.

“We’re empowering your brand and security services; we’re just the engine. Guardz works hard in the back end to help you grow your business.” Dor adds that one popular feature is the prospecting tool, which generates the information you need a about a company before you meet with them.

“It takes about 24 hours to carry out a cybersecurity risk report on a potential customer. It shows their internal and external assets, security posture and so on, as well as how they measure against the industry benchmark. And it can even cost out the project to fix any issues.”

Pricing and Package Options for the Guardz Unified Security Controls Solution

Guardz offers a two-week free trial to MSPs, so they can see everything in action without making a commitment. You can quickly sign up online, so there’s no need for a sales call.

There is a starter package, which is pay as you go, per seat, per month. There’s no commitment and it’s a rolling payment. There is also a pro package, which gives a volume discount when an MSP commits to a minimum of 100 users. But of course, it can be scaled up from there.

The Guardz Data Loss Prevention Tool

The Guardz DLP (data loss prevention) tool is lightweight rather than enterprise level. Dor explains: “An enterprise level DLP has to run 24/7, and that’s just not necessary for most SMBs.

“So, we decided on a different approach with Guardz. We monitor all the cloud sharing and storage tools – OneDrive, SharePoint, Dropbox – and track permissions. Then we look for anything unusual in your day-to-day usage.

“If we find anything abnormal, that triggers our automated detection response, which will flag concerning user behaviour. We’re always looking for places where a threat actor can try to take advantage. That might be data exposure or access to your network.”

How to Connect With Dor EisnerGuardzFollow Guardz on LinkedInLike Guardz on FacebookConnect with Dor on LinkedInHow to Connect With MeFollow @tubblog on TwitterConnect with me on LinkedInYou Might Also be Interested inPodcast: Why a Cybersecurity-First Approach Keeps MSPs on Top of Cybersecurity TrendsSpotlight on 2024 Cyber Trends and AI-Powered Email ThreatsPodcast: How to Fight Ransomware Cybercriminals, Secure Data and Protect Your MSP Clients

The post Guardz: Unified Security Controls Built for MSPs Who Manage Small Businesses appeared first on Tubblog: The Hub for MSPs.

In the world of cybersecurity, threats are constantly evolving.

Therefore, by throwing a spotlight on 2024 cyber trends, we can adapt our defences and anticipate new emerging threats.

Artificial intelligence will pay a very important part in both threat delivery and threat detection and prevention.

Two recent webinars from Barracuda MSP look at the recent trends in cyber. And they look deeper into how AI is empowering the type of threats we’re seeing that are affecting email.

Spotlight on 2024 Cyber Trends

The first of the two webinars focused on which of the trends we saw in 2023 to watch out for in 2024. This involved looking at the key observations from the Security Operations Centre (SOC) and the key incident statistics.

Presenters:

Eric Russo

Sr SOC Manager, Defensive Security Barracuda MSP

and

Megan Scarlett

Cybersecurity Analysts Manager, Barracuda MSP

 

Key Observations from the SOC in 2023

The six main observations were:

Ransomware at an all-time highRansomware-as-a-Service (RaaS) increases the scope of targetsThreat actors are becoming much more persistentAttack lifecycles are extendedThreat actors are more effectiveSuccessful attacks having higher impact

It means that the overall sophistication of attacks has improved, and had a bigger impact throughout 2023.

2023 Incident StatisticsRansomware attack frequency up 95% since 2022$265 billion estimated total losses from Ransomware in 20234000+ organisations’ data published on dark webAverage ransom amount: $100k/$5 million for smaller/larger organisationsAverage recovery time: 3 weeks per incident

All of this doing a significant amount of damage financially and reputationally.

The Top Three Threats of 2023 According to the SOCThreat One: Ransomware

Ransomware groups are outpacing endpoint protection utilities, with driven by increased demand for RaaS in the dark web.

Attacks are executed using legitimately licenced tools, (such as RMM, remote desktop and VPN).

Ransomware attacks are detrimental to any business. Data is exfiltrated and exposed, and networks are paralyzed. While the costs, both in time and money, to recover are immense.

Advanced endpoint protection managed by a dedicated, security-first team is the best way to mitigate this problem. Maintain regular segregated backups, and ensure cyber insurance cover is up-to-date.

Threat Two: Zero Day and Supply Chain Attacks

The threat of Zero Day attacks have exponentially increased, partly due to more applications in service across the supply chain, meaning greater exposure.

The impact of this is that threat actors have the ability to quickly compromise organisations’ networks at scale, even when other security controls are in place.

This can be mitigated through effective patch management and emergency patching plan for contingencies, with clearly defined roles and responsibilities.

Threat Three: Intrusion Campaigns

Attack surfaces are increasing all the time through gaps such as misconfigured cloud security controls.

Threat actors can quickly move laterally, elevating privileges to establish command and control.

You can be better prepared by conducting external scanning and penetration testing. Always implement MFA, and practice better privilege management. Improve network segregation and regularly review firewall and network access policies.

Takeaways from 2023 Cyber Landscape

Advanced Persistent Actors (APT) are adapting and advancing in sophistication, and growing in numbers.

The volume of attacks an organisation faces on a regular basis is increasing exponentially and security teams are struggling to keep up.

Consumer data exposure is a huge risk, and personally identifiable information (PII) is a pot of gold to threat actors.

A Look Ahead to the 2024 Cyber Trends

Malicious actors will be using artificial intelligence to drive more complex attacks. Utilising malware-friendly large language models (LLMs) like WormGPT and FraudGPT, and providing AI-as-a-Service to other threat actors. Enabling them to attack at scale and without requiring advanced skills in-house.

Some of the types of attacks we’ll see will involve:

AI-Powered malwareGenerative AI phishing campaignsAI-Powered Malware

AI-powered malware is malware code written by an LLM, for example BlackMamba.

The benefits of AI-powered malware include:

Lowering the bar of entry into more sophisticated malware attacksReducing the creation timelineIncluding automated evasive behaviours making initial detection more difficultUsing machine learning to blend in to its deployed environment to appear benignGenerative AI Phishing Campaigns

At the moment, there are usually some easy-to-spot identifiers when we see a phishing email come in to an email inbox. However ,generative AI will overcome many of the language barriers and formatting mistakes to make them much more difficult to identify.

Vishing threats (threats that mimic voice communications) will become more common too as the technology makes faking telephone conversations much easier.

Malicious phishing chatbots will also become more common.

Extended Detection and Response (XDR) to Mitigate 2024 Cyber Trends

In order to mitigate some of these AI-powered threats, you could deploy an open extended detection and response solution.

This provides sophisticated technologies backed up by a specialist SOC.

You fight AI with AI, using anomaly detection and machine learning algorithms, while employing automated remediation.

XDR is crucial to detect intrusion in real time, preventing threat actors from getting a foothold in your network.

Full Attack Lifecycle

A typical attack occurs across a number of stages, each of which can be detected by a XDR solution.

Phishing via emailDownloading the malware payload/lateral movement/elevating privilegesExfiltrating the data via FTP or PowerShell for exampleEncrypting systems and demanding ransom

2024 Cyber Trends Security Best Practice

Some of the ways to make sure your security posture is in the best condition it can be include:

End user security awareness training (SAT)Inventory of all connected devicesMaintain security patches for any and all operating systemsContinuous monitoring across all major attack surfacesUnderstanding your business risk toleranceHave in place an incident response plan, processes and playbook

The New Normal: AI-Powered Novel Email Threats

In the second webinar from Barracuda, Richard Tubb and Nishant Taneja took at in-depth look at another 2024 cyber trend: how AI is playing a part in today’s email threats.

How SOCs were seeing more and more sophisticated ways AI was being used to enhance phishing attempts, and what technologies are being developed to better detect and isolate these threats.

Speakers:

Richard Tubb

The IT Business Growth Expert, Tubblog

and

Nishant Taneja

Sr Director of Product Marketing, Barracuda Networks

How Are Cyber Criminals Leveraging AI to Bypass IT Security?

Email is still the primary risk surface for threat actors, and phishing the number one means of attack. Email is the doorway into our systems and data, and obtaining user credentials has become easier thanks to generative AI.

Cyber criminals are using Gen AI to generate targeted phishing campaigns, using social engineering to make attacks more specific to the individual targeted.

Gen AI has made phishing much easier to scale, and removed the language barrier for criminals targeting businesses all over the world.

2024 Cyber Trends: Top Ways Criminals Are Using AIPhishing (including QR code phishing)Malware GenerationDeepfakesContent LocalisationAccess and Credential Theft

These AI generated attacks tend to come with better evasion too.

Whereas phishing emails have been easier to spot in the past, AI-powered phishing emails are much more difficult to discern.

Some of the tactics they’re employing include impersonating parties their victims have already had previous transactions with. This allows them to act like they’re continuing the conversation to catch them off-guard.

Generative AI can help attackers profile their victims before initiating their attack, giving them the opportunity to personalise their phishing attempts.

How Can We Detect and Protect Against These Novel AI-Powered Threats?

We need to deploy AI to fight AI, as basic gateway protection is no longer sufficient.

The earlier in the attack chain that AI can be used in detecting the threat, the better. If we can identify suspicious or anomalous behaviour before a breach occurs, the better our chances at preventing threat actors from stealing data, locking out systems and submitting a ransom.

The earlier in this chain that AI can help, the better:

Step1: Account CredentialsStep2: Network CompromiseStep3: Lateral MovementStep4: Data ExfiltrationStep5: Ransom DemandWhat Steps are Barracuda Taking to Help MSPs to Detect AI Threats Earlier?

A lot of technologies out there are aimed at the enterprise level. They’re often not multi-tenanted, and so aren’t suitable for MSPs.

Barracuda have a lot of experience in the field of cybersecurity, and today attacks are much more complex – often touching multiple attack vectors.

Therefore, to help MSPs, they need to take a depth of field approach to cybersecurity and cover a wide range of disciplines for maximum efficacy.

Barracuda’s security profile flexibly covers:

Microsoft365 (spam protection, malware threats, phishing, account takeover, log monitoring, etc.)Secure Perimeter (zero trust, secure SD-WAN, firewalls, DNS security, IoT, etc.)Application Security (API security, DDoS and Bot protection, etc.)Data Protection – (application-based, software-only, cloud-to-cloud)Endpoint Management – (RMM, Antivirus, Managed EDR, etc.)User Training and Education (security awareness, threat advisories, personalised staff training)Sales Tools – (email threat scanner, vulnerability manager, white label sales collateral, etc.)

It all looks like a lot to manage for an MSP, which is why partnering up with a Security Operations Centre (SOC) gives you the extra resources and a quicker time to resolution when managing incidents and alerts.

Questions About AI-Powered Security

 Q1: How Does AI Effectively Prevent Unauthorised Access?

AI can start getting to work, actively looking for suspicious behaviour, before a breach occurs. It can also take actions to quarantine, respond and remediate, given the workflows protocols that we set it.

Furthermore, the AI can identify areas to focus on for user training.

In partnership with the SOC, trends that you find affecting one of your client sites can fuel the intelligence across all of your sites.

Q2: How Can AI-Drive Email Security Reduce Alert Noise and Limit False Positives?

It’s a fine balance between being transparent and reducing the amount of traffic that comes the MSP’s way.

The idea is that by using machine learning, and fine tuning it through the SOC, the number of false positives should be reduced. Which, in turn, should reduce the alert fatigue for the MSP, while improving the efficacy of the product.

Q3: Privacy – How Can We Ensure AI and Machine Learning Technology Keeps Customer Data Private? 

It’s important that the technology must be able to demonstrate that their AI uses aggregated data, and not have access to individuals emails, to protect their privacy.

The data modelling must be compliant with GDPR, or other regional regulations if you’re operating outside the UK.

Barracuda MSP Webinars on 2024 Cyber Trends

To watch both webinars on demand, please follow the registration links below:

Barracuda MSP Webinar: Top 2023 Cyberthreats to Watch for in 2024

Barracuda MSP Webinar: The New Normal: AI-Powered Novel Email Threats

Get the new eBook: Securing Tomorrow: A CISO’s Guide to the Role of AI in Cybersecurity 

Spotlight on 2024 Cyber Trends Final Thoughts

2024 cyber trends put AI, especially generative AI, in the forefront for both threat actors and security professionals.

With the tools to increase the scale and sophistication of cyber attacks, coupled with more mature chains and greater attack surfaces, MSPs are looking more and more to externally managed security operations centres to protect their networks and the networks of their clients.

Barracuda MSP are constantly reviewing novel threats on the landscape, especially phishing, and are looking at using AI to intercept them.

Extended detection and response backed up by a dedicated SOC are recommended as part of your depth of defence strategy in 2024.

Are you concerned about AI-powered phishing attacks affecting your business? How are you preparing for the kind of threats we’re anticipating in 2024?

We’d love to hear about it in the comments.

You Might Also Be Interested InThe Top Two Most Powerful Trends for MSPs in 2024Bonusode: The AI-Files: A Synthesised Message From Richard Tubb (Almost!) to MSP ListenersTogether is Better: A Powerful Message for World MSP Day 2023

The post Spotlight on 2024 Cyber Trends And AI-Powered Email Threats appeared first on Tubblog: The Hub for MSPs.

Dan Adams is the chairman of New England Network Solutions, a Massachusetts-based MSP, and he’s also the founder of Up-Skill, a media and e-learning service for IT professionals aiming for career success.

Dan is also the author of “The Tech Nerd’s Guide to Career Success: Seven Proven Lessons to Unlock Your Growth in an IT Services Company”. He explains why he was inspired to write a book and who it’s for.

An Interview with Dan Adams What Inspired Dan to Write His Book on IT  Career Advice

Dan explains the transition he went through from engineer to business owner and then chairman. “As the chairman I sit in on high-level meetings. But when you’re running a business, you have responsibility. You feel that you have to solve the problem.

“Once I was the chairman, I could take a step back and see what was really going on. The managers have a different view to the staff. I started to spot patterns. And I realised that there were a lot of employees who don’t feel as fulfilled as they hoped.

“So I saw there was information and insight missing that would benefit every single person within the business. And at that point it was like a crusade. These people deserved to succeed; they just needed some guidance.

And from there, “The Tech Nerd’s Guide to Career Success: Seven Proven Lessons to Unlock Your Growth in an IT Services Company”, was born.

The Disconnects Between the Roles an MSP Owner Takes on

As a person matures and progresses up the career ladder, there are different roles and responsibilities they take on. As they face a problem, they view it with the knowledge they’ve gained up to that point.

But, says Dan, you need to take a step back and look at it from another side. And see it again from a new angle. “So there’s a metamorphosis at each stage and we can get caught at a specific point and can’t move on.

“The higher you go, the more you’re able to understand that this is a business. It’s not just about tech support. But those lower down the ladder don’t have that view, and that’s what creates a disconnect. And it’s not always easy to reconcile the different roles within a business.”

How Engineers Think Versus How MSPs Think

For some people, they reach a point where they realise that the skill they have – in this case, engineering – can be turned into a business. “You aspire to build a successful business.

“But because you’re leveraging your skill, you tend to concentrate on using that. You forget the business part and the big picture gets put to one side. Eventually, you realise you’ve got your priorities wrong. You may be providing decent customer service as well as great tech support, but that’s it.

“So the MSP needs to think about being a business owner and the wider obligations of that. An engineer only focuses on utilising their skills. So business savvy has to be your North Star. You’re running a business, and that should always be your priority.”

Dan’s Four Success Quadrants for IT Career Success

The four success quadrants are covered extensively in the training that accompanies Dan’s new book. These four, he says, will lead to career success. “These are necessary in IT in order to succeed.

“First, tech skills, and then people skills. We all need to get along with people. If you want to advance up the ladder, you need more than just engineering talent. Thirdly – professionalism. Are you on time? Do you document properly? Finally, you’ve got business acumen. That’s about making a profit, being successful as a business owner.

“Of course, everything revolves around professionalism. But if you don’t do it in a way that brings in a margin, then you can’t pay yourself and you go out of business. Those four quadrants lead to career success or business growth. And a mistake can destroy the organisation.”

How MSP Owners can Encourage Their Engineers to Learn from Dan’s Advice

Dan’s book isn’t written for MSP owners, he explains, but for their engineers and other employees. “The lessons will resonate with you because you run a business. But it’s your engineers who need to learn them now.

“The power comes when everyone knows the same rules. But as a busy MSP owner, you don’t have the time to explain it to your engineers. So instead, you need to distribute this book to all of your teams.

“It then becomes the catalyst for conversations on what your business actually stands for. There’s a manager study guide for each of the seven lessons outlined in the book. And it’s up to the leader to guide staff through the questions and activities. And then you know that everyone knows the rules.”

What the MSP Community Means Professionally and Personally for Career Success

Dan says that MSP owners can often feel alone, isolated and overwhelmed. So it’s good to be connected to others carrying the same burdens, even if they don’t have all the answers.

“The sense of community is very helpful, and life’s too short to struggle through those challenges on your own. And it’s not just limited to the business side of it, but the personal aspect too.

“We need connection and emotional support. You might feel like you’re friends with your team, but they still view you differently. Being part of a community with other leaders is so powerful. I strongly encourage every MSP owner not to go it alone. Find the peers you can lean on and allow them to lean on you too. You need to share things sometimes.”

How to Connect With Dan AdamsNew England Network SolutionsUp-SkillEmail DanHow to Connect With MeSubscribe to TubbTalk RSS feedSubscribe, rate, and review TubbTalk on iTunesSubscribe and rate TubbTalk on SpotifyFollow TubbTalk on iHeartRadioFollow @tubblog on TwitterMentioned in This EpisodeOperating system: UnixOperating system: Windows for WorkgroupsOperating system: Windows NTOperating system: Novell NetWareCommunication tool: AppleTalkMicrocomputer networking system: ARCNETSoftware company: cc:MailWord processing tool: WordPerfectSpreadsheet programme: Lotus123MSP peer group: HTG EvolveInterview with Erik Thorsell: Why are You Building an MSP Business, Really?Dan’s book: The Tech Nerd’s Guide to Career Success. Seven Proven Lessons to Unlock Your Growth in an IT Services CompanyBook: Bob Burg: The Go GiverBrian O’Connell from Service LeadershipInterview with Dan Scott of IT Nation: How to Grow Your Business in an MSP Community Like IT NationTed Hulsy of Snap Tech ITMSP peer group: The Tech TribeMSP peer group: CompTIAMSP peer group: IT NationBook: Michael Gerber: The E-Myth RevisitedYou May Also be Interested inAdvice on Pursuing a Career in ITIs Your Service Desk Losing Money Because of Bulldog Engineers?Podcast: How to Build a Modern MSP for Business Growth and Success

The post TubbTalk 145: The Tech Nerd’s Ultimate Guide To IT Career Success appeared first on Tubblog: The Hub for MSPs.

Tubbservatory Round-Up – Tools and Resources for Your MSP

Every week, Richard enthusiastically hunts down must-have resources, curating a vibrant selection tailored for IT Managed Service Providers (MSPs) aiming to stay on the cutting edge.

Step into the Tubbservatory – your lively video featuring carefully chosen articles, podcasts, and events, creating a treasure trove for fellow IT entrepreneurs.

Get ready for the Tubbservatory Round-Up #25, your January 2024 edition! As we joyfully wave goodbye to the old year and eagerly usher in a brand new one, we’ve pulled out all the stops to compile this month’s episodes for your viewing delight, all set for you to enjoy at your convenience.

Dive into the links to these valuable resources at the end of this post, ushering in the exciting beginning of a brand new year!

This month’s topics include: Cybersecurity, Cyber Insurance, Peer Communities, Businesses Growth, Upserving & Mental Health.

Tubbservatory: The January 2024 Round-Up Video

Tubbservatory Round-Up #25: January- Week 1

 

#1 Level Up Your Defense in 15 Minutes

Want to know how to level up your Cybersecurity defenses in 15 minutes?

If you’ve not checked out the Neighbourhood Watch Program from Cybersecurity experts Huntress, then you’re missing out!

Huntress’ Neighbourhood Watch gives any MSP a Not-For-Resale (NFR) license to Huntress Managed EDR to proactively protect your internal endpoints, Huntress Security Awareness Training to strengthen your team’s cyber acumen, and Huntress newest addition, MDR for Microsoft 365 to defend against business email compromise attacks.

Frankly, you’d be crazy not to jump all over this offer, which is open to all MSPs.

#2 Bot Defense Guide For Developers, Kubecon Interview, Hashicorp Vault Tutorial & More…

If you missed them, 2023 was the year that James Steel of Akamai Linode took the Managed Service industry by storm with his monthly videos!

Steel’s latest video includes a Bot Defense Guide For Developers, a Kubecon Interview, a Hashicorp Vault Tutorial & More

Not only are these videos fun, but help Technology Providers keep their fingers on the pulse. Subscribe today!

#3 Cyber Insurance with Laura Wilkinson

Talking of the cloud, where does an MSPs liability extend to with their client’s and cloud providers.

Well, Cyber Insurance expert Laura Wilkinson of Techinsure educates MSPs as to the requirements for cyber insurance in her latest video.

Thanks for sharing, Laura!

#4 An MSP Peer Group Designed To Maximize Your MSP’s Potential

You may know I’m a huge fan of peer communities for MSPs. I truly believe they can accelerate your businesses growth.

So I was excited to hear that MSP legend Gary Pica is launching his TruPeer MSP Accountability Programme in Europe!

Thanks to Oliver Mackley of Kaseya for bringing my attention to this awesome new MSP resource.

#5 Empowering the Modern Managed Service Provider

And finally, huge news for those of us in Europe as Pax8 have announced their big Pax8 Beyond EMEA event!

Pencil October 14th-15th 2024 in your diary, and get ready to head to Berlin, Germany where Pax8 promises to put on the biggest Managed Services event in Europe!

Further details to come soon!

Tubbservatory Round-Up #25: January – Week 2

 

#1 Announcing the Stars of the MSP Universe

We kick off this week with a celebration of the winners of the annual SuperOps MSP Awards!

Amongst the winners was Amanda Stewart of Illuminate IT for Female MSP Contributor of the Year, Mark Dodds of Compex IT for the MSP vertical award, Jordan at BV Tech for One Man MSP of the Year, and Joe Burns with not one, but two awards for Reformed IT.

Well done everyone who won — an amazing start to 2024!

#2 My Predictions for the MSP World in 2024

What does 2024 hold in store for the Managed Service world?

Well, industry expert Rick Yates has looked into his crystal ball and shared his predictions for the MSP world in 2024!

MSPs partnering with Security experts, and the rise of managed Security Operations Centres are just two predictions from Yates.

#3 Creating a Feedback-Rich & Respectful Workplace

If you’re looking to build a better workplace environment for your MSP in 2024, then I’d recommend taking a look at Norm Smooklers free guidebook on creating a feedback-rich & respectful workplace.

Improving and simplifying a workplace’s feedback system increases respect, trust, engagement, psychological safety, and productivity, says Smookler.

#4 How to Sell Azure Solutions

Microsoft Azure is expected to explode in demand in 2024, but how should MSPs look to sell Azure solutions?

James Marshall of Microsoft has provided this excellent guide on How to Sell Azure Solutions. Highly recommended.

#5 Adventures in Marketing

And finally, February 8th 2024 is the date for the annual Adventures in Marketing event in Edinburgh, Scotland!

This is a full-day event celebrating the fun, adventurous and exciting side of marketing your business.

Tickets are still available, and I hope to see you there!

Tubbservatory Round-Up #25: January – Week 3

 

#1 Conversational Managed Security Services for MSPs

We kick this week off with an excellent eBook entitled Conversational Managed Security Services for MSPs.

The eBook, produced by Barracuda MSP explains:-

The opportunities that exist for MSPs to offer security servicesHow to move your MSP business towards offering managed security servicesThe different types of services you can offer under the managed security umbrella

This eBook is free to download, and definitely worth reading!

#2 Tech Giants

If you’ve not caught Gemma Telford’s excellent Tech Giants interview series, then it’s worth checking out!

Telford shares she started Tech Giants to celebrate some of the great people she has worked with in the channel over the last 20 years, and if you want to hear insights from some of the smartest folks in our industry, I’d highly recommend checking the interviews with David Tulip of Network Group, Stephen Kelly of Tech Nation, and Jason Beal of Barracuda.

#3 Ask an MSP Expert: How Can I Use ChatGPT for Prospecting?

How can MSPs use ChatGPT for prospecting?

That’s the question that Kendra Lee answers in the latest “Ask an MSP Expert” article on SmarterMSP.

This is a short but powerful read that should help any MSP use ChatGPT to help their sales

#4 Lawrence Technology Services

If you’re looking to feed your technicians with great content, then look no further than Tom Lawrence’s YouTube channel.

Tom and the team at Lawrence Systems have been sharing high-quality, in-depth video guides for technicians for many years now, featuring everything from how-to guides to tool reviews.

Make sure to subscribe!

#5 Where IT Infrastructure Meets Innovation

And finally, a heads-up that Cloud Expo Europe takes place in London on 6-7 March 2024.

If you’re looking to shape your cloud strategies or navigating the ever-evolving cloud technology landscape, then this event may be for you.

Registration is now open!

Tubbservatory Round-Up #25: January – Week 4

 

#1 Why You Need to Ditch LinkedIn as Your Content Platform

Here’s why you need to ditch LinkedIn as your content platform!

Content marketing legend Mark Schaefer shares his thoughts in this powerful article, where he argues LinkedIn should not be your primary content platform, but a distribution system.

I couldn’t agree more with Mark, and as always, Tubblog – the Hub for MSPs remains my home, with videos like Tubbservatory being distributed to LinkedIn and other social platforms.

#2 Dawning of a New Era for IT Consultants

If you missed it, MSP legend Karl Palachuk hosted his annual State of the Nation address for the Managed Service industry, and it’s now available to view on-demand.

In the address, Karl addressed his thoughts on The Dawning of a New Era for SMB IT Consultants, Private Equity in the SMB IT consulting space and much more.

This is an essential view for anybody in the Managed Services industry.

#3 Overlooked Revenue Opportunities for MSPs

Are you overlooking revenue opportunities with your existing MSP client’s?

That’s the topic I cover in my latest guest article for Domotz.

My number one piece of advice? Create an upserving matrix. Find out more in this article.

#4 My Word for 2024 is…Authenticity

Will AI mean we lose our authentic selves?

Authenticity is the word of the year for Jason Kemsley of Uptime, and Jason says you should think about your authenticity too.

#5 Huntress EMEA 2024 – Clocking up the KM to support Mental Health

And finally, one man is using his attendance of MSP events to get fit and raise money for charity!

Nick O’Donovan of Huntress has vowed to run 5k for every Managed Services event he attends in 2024, and raising money for the charity Mental Health Ireland too!

You can sponsor Nick at his JustGiving page, and knowing how much he travels, Mr. O’Donovan is going to do a lot of good as he runs in 2024! 

Links to the Resources Mentioned in this Round-Up

From Week 1Level Up Your Defense in 15 MinutesBot Defense Guide For Developers, Kubecon Interview, Hashicorp Vault Tutorial & More…Cyber Insurance with Laura WilkinsonAn MSP Peer Group Designed To Maximize Your MSP’s PotentialEmpowering the Modern Managed Service ProviderMentioned in Week 2Announcing the Stars of the MSP UniverseMy Predictions for the MSP World in 2024Creating a Feedback-Rich & Respectful WorkplaceHow to Sell Azure SolutionsAdventures in MarketingWeek 3Conversational Managed Security Services for MSPsTech GiantsAsk an MSP Expert: How Can I Use ChatGPT for Prospecting?Lawrence Technology ServicesWhere IT Infrastructure Meets InnovationWeek 4Why You Need to Ditch LinkedIn as Your Content PlatformDawning of a New Era for IT ConsultantsOverlooked Revenue Opportunities for MSPsMy Word for 2024 is…AuthenticityHuntress EMEA 2024 – Clocking up the KM to support Mental Health

How You Can Help

And there you go, wrapping up Tubbservatory Round-Up #25 as we enter a new year!

Do you have something amazing to contribute? Whether it’s a remarkable tool or an awe-inspiring resource, we’re eager to hear from you! Share your insights in the comments below, and let’s keep nurturing the open exchange of knowledge. Your input is greatly appreciated!

You Might Also be Interested inRemanufacture-as-a-Service as a More Sustainable Alternative for MSPsTubbTalk 138: How to Become the Go-To Threat Operations Expert for MSPsWebinar: Chilling Cybersecurity Horror Stories from the Professionals at Huntress

The post Tubbservatory Round-Up #25 – January 2024 appeared first on Tubblog: The Hub for MSPs.