It’s time to make public a conversation that has been brewing inside the IT and managed services industry for most of the last year but has largely not broken out of those circles.

Your managed service provider is now a target for hackers because if they can get to them, they can get to you.

This is new.

2019 saw major incidents in places such as Texas and Spain where the clients of managed service providers were breached using the tools the managed service provider used to maintain client networks and keep them secure. There were at least four other significant incidents that have been written about inside in the industry but names have not been named.

This isn’t actually surprising.

2010-2016 saw the rise of ransomware, largely targetting enterprise customers.

2017-2018 saw a major shift away from big companies — who were beefing up security — to smaller companies who were not.

2019 was the year that hackers realized that if they could breach a single managed service provider they could simultaneously breach all of their customers.

Think about that for a second: what is your IT provider going to do if every single customer was hacked at the same time and they can’t use their standard toolset to fix it?

Two years ago you were your own biggest risk, and today it may be your IT provider instead.

Where do we go from here?

I don’t have all the answers, here are some places to start.

  1. You can’t adopt a weak security posture or you’ll still run into trouble. All the advice from the IT industry on using strong passwords, using multifactor authentication and using security-focused firewalls still applies.
  2. Managed IT service providers must make internal security their top priority, it is the only way to secure their customers. Sadly, many focus on revenue-generating customer projects instead of securing their own house.
  3. As an IT industry: we need to take our own medicine. We move fast and sometimes leave things partially done or less than totally secure because we had customer projects. We have to change our stance.
  4. You need to enforce it: It’s up to you to be asking your current and prospective IT vendors the right questions about what they are doing. Such questions include, (1) how do you ensure that hackers don’t have access to your tools, (2) do ALL of your critical accounts have two-factor authentication turned on for ALL employees, (3) are all of your devices encrypted and is this documented, (4) is your firewall as locked down as ours, (5) do you train your employees, regularly, on security, (6) do you carry proper cybersecurity and E&O insurance, (7) have you had any security incidents in the last 3 years?

This is only a start, it is going to get worse, maybe a lot worse, before it gets better.

Bitlocker hard drive encryption is the encryption software that Microsoft builds into every version of Windows 10 Professional. It physically encrypts the data on your computer’s hard drive so that even if your device is lost or stolen no one else can retrieve information off of it.

This is important to your business because most states, including Tennessee, have mandatory disclosure laws for data loss. In short, data you store on your customers is or may have been stolen or hacked, you have to let them know. And that’s not an email or phone call any business owner wants to make.

Encryption is so important in today’s environment that it has become a standard for all of our managed service customers. We turn it on by default for any computers that support it. For computers that do not support it, we recommend upgrading to one that does.

If you want to have a free discussion about cybersecurity and how to better protect your business call or email us today, 865-240-2716 or info@jmaddington.com

I came across a website recently that decried contracts for IT services claiming that they were all written in the interests of the IT provider and out to get small business owners.

Here are three reasons you want to look for companies that not only have, but require, well-written contracts. #2 and #3 are items you should look for in any business contract you sign.

1. They Have Insurance

I can’t stress how important this is to you. Your IT company’s insurance protects you as a client as well, especially if you ever have to bring a claim against them. Any decent insurance in the IT industry requires that the underwritten maintain contracts. No contracts are a sign that they don’t carry proper insurance which leaves you as a business owner holding the bag if things go south.

2. You Lock in Rates

The costs for IT technicians and the costs for companies to carry insurance is only going one direction, up. Contracts allow you to lock in rates at today’s prices instead of tomorrow’s. Without a contract, your IT provider is free to change prices whenever they want.

3. The Contract Protects You

A well-written contract has language in it to protect your business with clauses like:

  1. Mutual non-disclosure agreements
  2. Non-compete agreements
  3. Agreements not to hire each other’s employees
  4. Specific processes for working out issues, if they arise, including court jurisdiction. (i.e., specifying a local court, instead of one in Texas or Deleware even if that is where the business is legally incorporated)

Given that your IT provider has access to nearly 100% of your data is responsible for keeping you secure I can’t imagine a reason you wouldn’t want to sign a well-written contract that protects your interests.

Call us today and we’ll walk you through the ways we protect our customers, but digitally and legally. 865-240-2716

In my last blog post I wrote about a company that lacked internal alignment between their marketing and sales departments. In this blog post we’ll look at what actionable steps might entail for this real-life company.

Step 1: Have a Company Goal

The company ought to have a time-bound specific, measurable goal that guides the entire company.*

For this company, something like, “increase the total number of seats sold through managed service providers by 10% compared to Q2,  by the end of Q3,” would meet our criteria. It is specific (up 10% quarter over quarter), time-bound (end of Q3) and measurable (you either hit 10% or you didn’t).

Step 2: Communicate it

The second step is to make sure that everyone knows what this goal is. Communicate it at leadership meetings, company meetings, emails, every week in your Slack channel. Discuss the company’s progress towards it.

Step 3: Align Goals

After everyone knows and understands the goal make sure that they are on the same page as each other. Does sales know their target? Do they know what well-qualified leads look like to them? Does marketing know what well-qualified leads look like to sales? Does engineering know what product features to be in production for marketing to go after those leads?

I’m going to guess that in our real-life company this is where things first went off track: Mike (marketing) either didn’t know or didn’t care who Rob (sales) needed to close sales. As a result, Mike booked calls for Rob that not only led to no-sale; Mike wasted Rob’s time that Rob could use to talk to prospects that might actually switch.

Step 4: Align Rewards and Consequences

it’s clear that Mike is rewarded based on calls booked regardless of whether they were well-qualified leads or not. I’d recommend to Mike’s leadership that he be rewarded based on the overall company goal: tie everybody’s quarterly bonus to that goal and let Rob and Mike get together on their own to figure out how they are going work to achieve it.

If that’s too much for you to swallow, Mike could at least be rewarded based on calls booked with qualified leads. Based on the company goal, a qualified lead might be defined as, “a managed services provider with 250 or more seats that is ready to commit to change to a new tool provider before the end of Q3.”

Mike’s company could also combine those, either way, they’d find a greater degree of alignment than they have today.

Of course, if they stuck with the first suggestion the natural consequences would also line up: Mike & Rob would both waste time and miss bonuses if they didn’t work together. No manager needed to get between them to tell them that bad prospects (me) need to be saved for a different time.

Business alignment is one of those things that speakers and leaders often talk about in platitudes but don’t give anything actionable. This is a short blog with a story of non-alignment that also gives some actionable steps at the end.

I have an open-door policy with prospective vendors: if you want to sell me something I’ll give you 15 minutes, no questions asked. Mike (business development aka marketing) recently took me up on this. Mike works for a company that sells tools every company in my industry uses. My company has the tools Mike’s company sells from another company and I am very happy with the performance and price, which I let Mike know ahead of our phone call. Mike still wanted to go ahead.

The scheduled phone was with Rob (inside sales) not Mike. As soon as I let Rob know that I had the same tools he was selling and was happy with those tools you could feel the emotion leave the conversation as Rob wanted to get me off the phone as quickly as possible.

What happened?

I didn’t let Rob off the phone right away.

I asked some questions – I am insatiably curious.

Turns out Mike is evaluated/compensated on booking calls, Rob is evaluated/compensated on booking customers. Mike was fully incentivized to get me on a phone call regardless of if I would switch. Rob was fully incentivized to get me off when he knew I was a poor prospect.

This is what lack of alignment is: departments have goals that differ from each other and do not ladder up to the primary company goal. In this case, the lack of alignment led to direct conflict between departments that are part of the same process and pipeline.

What do you do about it?

First, have a clear company goal. If you don’t have one today, get one. Yesterday. (Resources: Measure What Matters, Life In Half a Second)

Second, communicate that goal to everyone in the company. Over and over, this is a multi-channel all-the-time effort from the CEO on down.

Third, align department goals with the company goal. Peers (i.e., department heads) need to know what each other’s goals are to make sure that they are not in conflict.

Fourth, align department and employee incentives with the overall goal and punish behavior that is not in line. (Punishment can be the natural consequences, not discipline).

My next blog post will go over what that would look like for Mike & Rob’s company.

The South China Morning Post, one of the continent’s premiere English newspapers, has an article out this week via Bloomberg on the Yuan’s (CNY) value against the US Dollar (USD) over the next 12 – 15 months. Why should you care?

Read more

Managed Services can help prevent phishing fraud

A university just paid $12m to a fraudster. Prevention would have been easy. Read more

There is nothing more valuable in the world than time.

There is nothing more valuable that any of us have than time. 15 minutes can be a lot, it can also be life changing, for us and for others.

Read more

Illustration for 2018 windows update pause, Knoxville managed services news

Following “isolated” reports of users’ files being completely erased during upgrades Microsoft announced a “pause” of the Windows 2018 Fall Update. Microsoft has gone so far as saying that if you have a copy of the upgrade already, you should delete it instead of installing it.

Read more

Managed services and technology can impact a business and allow for incredible growth

At JM Addington we’re all about making existing businesses better at what they do.

Read more