Monday, December 31, 2012

A Little 2012 in Review

Well, this is my 1,144th blog post on this blog. My 180th post for the year. That's almost one every other day.

This blog is only six years old - but my how the world has changed. When I started, I was trying to convince people to adopt the Managed Services model. Now I'm trying to convince them that it's not too late to get into Managed Services.

The biggest story of 2012 for small business consultants is easy to pick out: The Death of SBS. My blog post on that quickly became the most popular blog post of all time on this blog. It has also been the most popular month-to-month until December (when the SOP article on Employee Onboarding barely surpassed it).

The SOP Friday blog series has become very popular, dominating the statistics every month. The most popular articles are
- How Do Services Requests Get Into Your System?
- Massaging the Service Board
- Daily Monitoring of Client Machines

Overall, 2012 has been a fast-paced and exciting year. We shut down the Cloud Services Roundtable and introduced the SMB Online Conference. For the year ahead, we have lots planned. As I mentioned in this morning's weekly email newsletter, we are introducing a major new product that we believe will improve your business. We are also reprising the SMB Online Conference. And, of course, we're holding an SMB Nation Preday event.

For a live analysis of the year gone by and the year ahead, please join me for a live podcast January 9th. It's my annual "State of the Union Address." We'll talk about the Death of SBS, the future of the cloud in the small business space, rebooting your business in 2013, and speculate about what the year ahead will look like.

You don't have to register, but you can post questions for the event between now and then at this page.

Karl's State of the Union Address 2013
Wednesday, January 9th
10:00am Pacific

To attend, visit:

Phone Number: (206) 402-0100
Pin Code: 892431#

For a full list of call-in numbers in the US, UK, Australia, and Canada, click here.

Please join me!

- - - - -

Here are a few more stats from this blog:

The traffic sources for this blog have evolved considerably. By far, the most common referring URL is In other words, it's people wandering around the blog once they get there. That's good because it means people are actually reading stuff.

Top referring site is Google, of course. is also huge. If you're on Facebook and blog, I highly recommend using Networked Blogs. Pinterest has also emerged as a major traffic source this year.

The most amazing stat is the geographic dispersion of the people who read this site. Folks from 121 countries visited this blog in 2012. The most common, in order, are:
- United States
- Australia
- United Kingdom
- Canada
- Germany
- Taiwan
- Russia
- China
- Singapore
- Philippines

The biggest increase has been from Russia and China. In fact, that rate of increase is growing each month.

Finally, here's a sample of the recent keyword searches where this blog performs well (Top five positions on Google at the time of the search):

- Ways to make money consulting

- SBS 2013 release date

- The 3rd smb awards

- standard operating procedure in information technology managed service provider contract

- roles and responsibilities of a service manager

- how to make money in it consulting

- boss wants me to cc everyone

- sbs 2011 end of life

-  checklist blueprint managed services it

- front office roles and responsibilities

I am looking forward to a successful 2013. Join that podcast to find out why!

Happy New Year.
- karlp


Saturday, December 29, 2012

Three Ways to Get a Free Copy of Managed Services in a Month

So . . . the Newly Revised and Updated 2nd Edition of Managed Services in a Month is out!

And it's only $19.95 right now. Soon it goes to $24.95.

Managed Services in a Month -
Newly Revised and Expanded 2nd  Edition
But YOU can get it for FREE! There are three ways to do this:

1. Buy Managed Services in a Month plus ANYTHING else at SMB Books.

Details: Got to Put Managed Services in a Month into your shopping cart. Then add any other item to your cart. Enter the discount code FreeMSIAM. Voila! You get Managed Services in a Month free.

[ed. This offer expired June 2013. See for current deals.]

2. Review Managed Services in a Month on Amazon.

Details: If you have reviewed Managed Services in a Month on Amazon, send me an email and I'll send you the book. Let me know whether you want physical or ebook pdf.

If you have not reviewed Managed Services in a Month on Amazon, go to Scroll down and enter a quick review. You can base in on the old version of the book. Send me an email so I can verify and I'll send you the book.

[ed. This offer expired June 2013. See for current deals.]

3. Create a short video.

Details: See all the details in this blog post. Basically, you create a video, link to, and then post a link on Facebook, Twitter, Linked In, or your blog. Send me a note so I can verify. I'll send you the book.

Let's be honest: I want your money. Even if it's less than $20. But right now I need launch publicity. So I'm willing to give you a free copy if you're willing to put out a tiny effort.

Or you can just buy it. :-)



Friday, December 28, 2012

SOP Friday: Building a Business Plan for Your I.T. Company

Nobody wants to fail, but very few people plan to succeed.

Let's start out with a reality check: Most really smart business owners don't think they need a business plan. Their business is working fine and they know they can get up every day and do it again. The problem is: That behavior got them "here" and will keep them right where they are.

In my coaching practice, I have three clients who are planning to move themselves and their families from one state to another. That takes planning. That takes money. That takes a plan to make sure you don't skip a beat.

Your goals may not be as clear or as big of a challenge. But you should have goals for yourself and your business. You should also have a quick sketch of where your business has been and where it is going.

And your business should operate perfectly consistently with your goals.

I believe that any IT consultant who has gross revenue under $150,000 can double that top line revenue in 12 months. And you don't have to be a super salesman. And you don't have to give up your personal life.

What you DO have to do is to make a plan!

You'll have to work hard. But once you set your sights on your a specific goal, you can achieve it. You'll have to make some strategic decisions. You'll have to take some chances. And you'll have to deliver what you sell. But in the days of managed services, you should be able to manage a lot of workstations and servers by yourself. Adding a dozen more clients will require some help. But that's part of the plan.

Back in 2008 I wrote a five-part blog series on creating your business plan for the new year. You can find those articles here:

Business Plan in a Month, Part One,
Business Plan in a Month, Part Two,
Business Plan in a Month, Part Three,
Business Plan in a Month, Part Four, and
Business Plan in a Month, Part Five.

I'm not going to repeat all that here, but focus on the Process of creating a business plan.

Now, if you want a little assist with this project, you might also try Business Plan Pro software. As I said in one of the earlier blog posts, I have used Business Plan Pro . . .. I'm not sure I'd endorse it. After all, it is basically a tool that interviews you and has you do some busy work. When you're done, you get a kludgy business plan, but at least you have one!

For a different approach, you should also take a look at The One Page Business Plan product. Again, just a tool that might be helpful.

Motivation is the killer when it comes to business plans. Everyone says they want to, but don't know how to start. All I can recommend is that you make a commitment and spend a tiny bit of time each day. Don't try to tackle the whole thing in one weekend.

As for excuses: You DO have the time. This time is an investment that will free up lots of time in the future. You DO know how. A business plan is extremely simple. It has a quick look back, a somewhat thoughtful look forward, some goals, and a statement of why you're in business.

Your business plan might not be one page, but it can be extremely small. I revise mine every year and it's eight pages - six of those are financial printouts. I print out P&L (profit and loss) reports for the last three years and the next three years.

When you boil a business plan down to it's absolute basics, it needs to contain just a few things:

- Where we are and how we got here

- Where we're going (overall goals) and how we'll get there

Each of these has a finance component, which can be very simple.

Free Handout for Building Your IT Business Plan

I've created a simple Excel spreadsheet you can use as a starting place if you don't already have one. Go to SMB Books (free stuff) to get it. (It's all the way at the bottom of the page.)

You'll get a zip file with an Excel spreadsheet and three PDF documents (the three pages of the Excel spreadsheet. Poke around and play with that spreadsheet. Make a copy for your own company so you can always go back to the original and look at formulas, etc.

I discuss that spreadsheet in some detail in the longer blog posts.

So that's the piece that will get you started on the financial side. But a business plan is a lot more than that. I always tell my coaching clients: Your business exists to help you reach your personal goals. That's what small business is all about.

So you can't just go to work every day and do what you did yesterday. You need to make decisions based on whether they advance your goals - business and personal. This is an extremely powerful way to look at the world!

I ask you to take this seriously. Take 15-20 minutes every day to stop and think about your personal and professional lives. Sounds simple, but it's not. The hardest part is sitting down to do this.

If you can fill out this tiny form with meanful answers, you've got a business plan:

- - - - -
1. What is your company mission statement

2. What are your three primary goals for the next calendar quarter?

3. What are your three primary goals for the year as a whole?

- - - - -

Do not do this fast. Work on it every day and review over and over. Again, from the earlier blog post:

"Don't do hasty goal-setting in the week between Christmas and New Years. Goal-setting is arguably the most important thing in your life, and your business."

You can absolutely reach your goals - if you have a plan. No one stumbles their way to amazing achievements. (Yeah, bring up some one in a billion exception. But we both know that my point is still valid.)

If you don't have a plan to convert to managed services, it won't happen. If you don't have a plan to formulate your cloud service offering, it won't happen. If you don't have a plan to get ten new clients, it won't happen. If you don't have a plan to double your revenue, it won't happen.

You get the point.

So go get a tiny little 1/2" binder and print out the pieces you have:

- A Mission Statement
- Three specific, measurable goals for the next quarter
- Three specific, measurable goals for the next year
- Financial overview for the last three years
- Very rough first take on projected financials for the next three years

The easiest part should be the finacial reports. Oddly enough, most people set up their goals next (quarterly and yearly). But you really need to start with the mission statement.

Why, why, why, why, why are you doing any of this?

Building Future Business Plans

The really good news is that next year's business plan will be a lot easier to complete. Your past financials will simply move up a year. The projections for the next three years will be a little clearer after you spend a year with a plan.

And your mission statement probably won't change much year to year. If it does, you need to spend more quiet time fine-tuning your personal and business goals. Mission statements should be long term commitments about WHY your business exists.

So that leaves goals. As you can imagine, you're going to need to set up new goals each quarter to keep that piece current. And after a year, you'll see how quarterly goals roll up into your annual goals. It's like steering a ship. No matter how big the ship, you can move it a little at a time until it's heading where you want.

Motivation Again

In the comments to the old blog post series, and in numerous emails, it is very clear that people have a hard time just getting started with this. I don't know how to make you stop and do this.

Maybe you need to get one or two friends together and commit to each other that you'll build business plans in a month. In fact, you can then help review each other's plans for a "reality check" on numbers and goals.

I really believe this is approximately the most important thing you need to do right now. Everything else, no matter how important it is, is pointless unless it advances your mission and goals. And you might have a gut feeling about your mission and goals, but that's pretty vague.

If you can't articulate WHAT you want to do and HOW you're doing to do it, then you need to keep polishing the business plan.

A partner of some kind is extremely helpful here. It could be a spouse, an employee, or another business owner. Anyone who is willing to help will do. Explain to that person what you want to do with your business and why you want to do it. They need to be totally honest with you. If you can successfully describe these things to someone else, then you have a plan.

Write it down and make it happen!

Comments welcome.

- - - - -

About this Series

SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.

Find out more about the series, and view the complete "table of contents" for SOP Friday at

- - - - -

Next week's topic: How to Maximize Billability of Technicians


Check Out the #1 Best-Selling book on Managed Services ever!

Managed Services in A Month
by Karl W. Palachuk

3nd Edition - Newly Revised and Updated with TEN new chapters

Paperback - Ebook - Audio Book

Unlike some books with old copyrights that sell for $60 or more, this book is 100% up to date and is only $29.95.

Now includes information on making cloud services part of your managed service offering!

Learn More!

Friday, December 21, 2012

SOP Friday: Helping Clients with Audits - Security and Insurance

Several years ago, our largest client was a company that works with extremely secure information for Fortune 100 companies. The kind of information that makes the news when it gets leaked. So, obviously, the information much be secured.

From the beginning, these folks needed very high standards on email security, web site security, database security, and all the network security stuff we were used to dealing with. Please note that Manuel (president of my company at the time) had worked in I.T. at Bonneville Power Administration. Think nuclear power. I was once the Site Manager for PC Software Support at HP's Roseville plant.

We were not strangers to security or audits.

But this client brought us some serious challenges.

This client was constantly responding to security audit requests. As a result, they turned to us. Very often, they would forward to us a 200 page questionnaire about network security. Most of it was pretty mundane (e.g., encryption level of SSL certs and when they expire). But some stuff was pretty interesting.

For example:

Dual Firewalls
One insurance company wanted two firewalls configured as in the illustration in order to limit access to their data from outside the company LAN. They did not trust using a VLAN on the same firewall that touched the Internet. Luckily for us, these were nice, high-end Watchguard firewalls.

One company (our client's client) required a hardware VPN between the client and us so that all traffic, including RMM agent, moved between us on a secure line.

Roof Access
One company required that access from the roof of the commercial building be padlocked and monitored via alarm company. This is so someone cannot be lowered to the roof via helicopter and gain access to the building.

Building-Wide Facilities
One company required that facilities (electrical closet, Internet access panels, etc.) be monitored by alarm company.

One company asked that data be encrypted while at rest on the client folders or database. So, data arrived encrypted, needed to be decrypted to import to database, then re-encrypted. Once client data has been imported into the database, the source data must be encrypted.

Programmer Access
One insurance company required that the programmer have access to the code only and should be restricted from viewing any of the client data.  The client lead programmer had access to all software databases. This cannot be changed without a significant change in processes. The programmer was made a full time member of client’s staff, passed a security check, and signed all non-disclosure agreements.

Independent Audits
One company required that an independent third party (other than KPEnterprises) perform an network security audit of the processes and documentation implemented by KPE.

The first time we went through one of these audits, I think it took about four hours to cover the basics and two hours to take care of some of the esoteric stuff. Then we had some documentation and remediation to do. Followed by meetings and meetings. All billable. It was easily 25 hours total at full price.

The second time we went through an audit, we had most of the answers already in some form. We mostly copied and pasted from the earlier audit. I don't recall exactly, but maybe a couple hours for the audit and report, plus a few hours for remediation, and a few hours for meetings.

After that, we rarely had remediation and we could pump out the audit and report in two hours flat (plus any meetings that we requested).

Who Requests An Audit?

Every industry is different. But secure data has some common characteristics across industries. See the diagram on "Who Requests an Audit?" Most audits are requested directly by our client's client. Sometimes it's that end-client's insurance company that needs the audit.

Second, in our experience, is our client's insurance company. This is normally their Liability company, but it might also be Errors & Omissions. Knowing that the client is subject to a variety of regulations and has liabilities regarding the protection of end-client data, the insurance companies want to minimize their risk.

Third, there are government agencies. This is more of a threat than an ongoing activity. While our client was subject to certain government regulations (and feared an audit), they were never actually audited by a government agency.

With some industries, government audits or reports are much more regular. More and more, financial and medical businesses are under increased government regulation. It's actually a pretty good idea to consider creating a niche in one of these industries.

The Forms
I wish I could give you a form, or list of questions. But the only examples I have are from HUGE companies with massive legal departments willing to enforce their non-disclosure agreements very strongly.

(Having said that, I have a project on the back burner to find a way to obtain and release this information without tying it to a specific company.)

One great place to start looking at the kinds of questions you'll find in a big-company audit is When you look at their list of items to be aware of, just turn every tiny thing into a question. Then consider how you would answer it.

As a general rule, there are a LOT more regulations and security audits for companies with fifty or more employees. And, again, there are a lot more audits for companies that are working with or sub-contracting for major corporations.

Fortune 100 and Fortune 500 companies are not all alike. Technology audits are most common for companies that are exchanging data or processing sensitive data for these big companies. For example, if you have a client that works with medical transcriptions, credit card applications, or personnel data, they may have a few "big fish" clients.

Once you have either acquired a big 200-page form or figured out what you think a number of the questions are, you can begin offering an auditing service to your largest clients. OR you can pay some money for the exam prep and get certified in CISSP, CAP, SSCP, or CSSLP by starting at That training includes 98% of what you need to provide all the audits your clients could ever want.

The Business Model
A few notes about going into the "auditing" business.

First, it is really easy. I'm sorry for all the folks selling certs, but it's not difficult. It's just tedious and you have to be extremely precise. But most of the questions are along the lines of "Is there a backup plan? Describe it in detail." So if you're addicted to documentation, you're good to go.

Second, the key clients for this are 50+ employees serving at least a few Fortune 500 companies. This is just a great combo of needs and resources. These folks see the audit as "time off task" and a pain in the neck. The result: They are willing to simply pay money to make the problem go away.

Third, once you do one super-monster audit, you'll have almost all the verbiage to complete the next one. If you're been doing your job, then there is a documented process for passwords, backups, remote access, encryption, file storage, etc. Writing all that out in detail will help you to create even better documentation for all of your clients!

Fourth, if you decide to add professional security audits to your portfolio, you'll need to do a lot more than "get by" with an audit or two. This world changes fast, so you'll need to commit to perpetual education. But if you do that, you will have very little competition. Unless you live in one of the top ten metropolitan areas of the U.S., you might find that only one or two people in your area have the training to perform such audits. That makes it a great niche.

Fifth, this business really is perpetual. Most clients who need a high-level audit also need one or two additional audits. And they need these repeated on some schedule (annual, biennial, etc.). Not only that, but clients talk to other people in their field. So if you're "the" place to get a great audit, then you get a referral. And an audit within the same field is even easier the second time!

SOP - Standard Operating Procedure
Unlike general technology consulting, security auditing is a pretty well defined area. In general consulting, you are likely to stumble on almost any technical issue out there. But with security audits, there really is a limited field. The questionnaire might be 200 pages, but 195 of those pages will be the same from client to client.

The first key to success in this field is to go get your clients. That is, you need to figure out who needs an audit and make sure they know you exist. They might not have a request from Exxon, Walmart, or GE on their desk. But if they expect to see one in the next 12 months, they will keep your information and call you when they need you.

Niche, niche, niche.

The second key to success is to continually improve your "verbiage" for answering the questions. The goal for you is to help your client pass the audit. So you need to find the right words that make it look like they are absolutely above reproach. Once you have the golden words, save them for the next audit.

Of course, you need to be brutally honest if the client needs to make improvements. And, with luck, you'll get some work out of that. But even with areas of improvement, you can save the good descriptions for use on the next audit.

The third key to success is that you probably need to do these yourself. Or maybe you have one superstar tech who can do audits. But you CANNOT just hand this off to an entry level technician. So audits need to be done by the senior techs.

In the end, doing security audits is just another niche. And the better you are at your niche, the fewer competitors you have. And, the better you are, the more you can charge!

If you decide this niche is for you, it might be useful to build a keyword-based database or spreadsheet so you can find and re-use verbiage as needed. Again, you need to customize each response. But there's no point in starting over from scratch.

Comments welcome.

- - - - -

About this Series

SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.

Find out more about the series, and view the complete "table of contents" for SOP Friday at

- - - - -

Next week's topic: Building a Business Plan for Your I.T. Company


Check Out the #1 Best-Selling book on Managed Services ever!

Managed Services in A Month
by Karl W. Palachuk

3nd Edition - Newly Revised and Updated with TEN new chapters

Paperback - Ebook - Audio Book

Unlike some books with old copyrights that sell for $60 or more, this book is 100% up to date and is only $29.95.

Now includes information on making cloud services part of your managed service offering!

Learn More!

Tuesday, December 18, 2012

End of Year Sale - And $2 Shipping - at SMB Books

Want a legitimate end of year expense? How about some Education!

We've got a big 20% Off coupon code for you. See below.

But first, we've lowered shipping costs on ALL products: now offers $2 shipping on any product to anywhere in the world!

This is a permanent change, just in time for the Christmas season. Beginning immediately, you will only pay $2 USD to ship any item in our catalog.

Best-Selling Managed Services in a Month . . . Ships for $2

The Network Migration Workbook - 3 pounds! . . . Ships for $2

Best-Selling Service Agreements for SMB Consultants . . . Ships for $2

The Managed Services Sales Superstar 2-book Combo . . . Ships for $2

The Erick Simpson 2-book bundle on Managed Services . . . Ships for $2

The Ultimate Technology Consulting Starter Kit - Six Books! . . . Ships for $2
- Service Agreements for SMB Consultants by Karl W. Palachuk
- Managed Services In A Month by Karl W. Palachuk
- The Business Startup Checklist and Planning Guide by Stephanie Chandler
- The E-Myth Revisited by Michael E. Gerber
- Relax Focus Succeed by Karl W. Palachuk
- Leap! 101 Ways to Grow Your Business by Stephanie Chandler

ANY book, CDs, or DVD set you choose ships for only $2 at

 - - - - -

Now for that big 20% discount code.

First, go to

Second, add as many items as you want to the shopping cart.

Third, enter the code YearEnd2012
... and you'll receive 20% off your entire order.

No limit on the size of your order. 20% off everything, including already-discounted items!

It's that easy. Two ways to save. Check it out now at

Sales Ends on New Years.


Friday, December 14, 2012

SOP Friday: Employee On-Boarding

All too often, we hire a new employee and then don't give any thought to what happens when they actually show up for work. Now, I don't think a new employee should be 100% up to speed and profitable on the first day, but they SHOULD feel welcome and feel like they're joining a company that knows what it's doing. And they should not feel like they are in the way because no one knows what to do with them.

It's pretty easy to create a positive first-day-on-the-job experience. But you need to put some effort into it.

There are actually three phases of the new-employee on-boarding process: Before they show up; the first day on the job; and the training portion of their first few months on the job.

(Note: Nothing in this post will address the hiring process. I've addressed that elsewhere. See Hiring Your First Employee, Hiring Process, Hiring vs. Outsourcing Technicians, or just search my blog for the term "Hiring.")

So . . . you've agreed to hire someone. It's good for everyone if you can actually be prepared to bring that person onboard. Here are the three major stages of the on-boarding process.

Before The First Day

Of course you need a New Hire Checklist. But more than that, you need to print out eleven documents in total (see the graphic):

1. New Hire Checklist
2. "Week One Week Two" plan for training and orientation
3. Welcome 2 KPE - Employee Orientation
4. Confidentiality Agreement
5. Memo on confidentiality
6. Employment Terms memo
7. Emergency Contact form
8. Drug Free Workplace Policy
9. KPE Property sign-out form
10. Federal tax form W4
11. Federal immigration form I-9

Some of these are just forms (#3 - #11). #1 is the master checklist to make sure all of these get completed, along with other on-boarding activities. #2 is a detailed plan of action for the first two weeks of employment. It includes information on training, setting goals for the quarter, etc.

In other words, item #2 takes a good deal of effort. You have to prepare this before the day the new hire shows up. Note that, in the graphic, there are three different versions of document #2. There are different two-week plans for technicans, administrative assistants, and sales people.

The New Hire Checklist includes things like this:
- Business Cards Ordered
- Company logon / email created
- PSA Account created
- RMM Account Created
- Payroll Information prepared
- Keys required     Yes / No
- Order Phone (if needed)

- etc.

Of course this will be different for your company. Customize as needed.

First Day of Work

On the big day, plan to give the new employee a tour (no matter how small your office is), followed by a half hour or so of filling out paperwork.

I think the titles of most of the forms above make sense. Here are a few notes.

Form #3 - New Employee Orientation - includes click-by-click instructions for logging into your network, checking Web Mail, logging into the PSA, logging into the RMM, setting the alarm system, remote access, etc. Basically, you should give the new employee a "cheat sheet" for all the things they need to know.

On confidentiality: Every employee should sign a non-disclosure agreement stating that they will keep all of your company data - and your clients' data - secure and confidential. We put a copy of this in the employee's file, give them a copy, and we put a copy in a separate folder where we keep all non-disclosure agreements (in case a client asks). On the employee's last day, we give them a copy of this agreement with a reminder that they need to keep this information confidential.

If you've got company T-shirts or mugs, make sure you give the new employee one.

Training / Probationary Period

In addition to all of that, you need to prepare a 30-60-90 day plan of action. It doesn't have to have a lot of detail. But you should lay out all the training and goals you want to establish for this employee.

The first week, the new employee should go to lunch with a different person or group each day. This helps them meet their co-workers, company managers, etc. And, to be honest, it gives your staff a chance to give the newbie a different perspective on how your company operates.

During this period, you need to have a plan for introducing the new employee to all of your employees, all of your clients, and as many Standard Operating Procedures as you can.

You should have some kind of formal training process for your tools (PSA and RMM). In addition, if you require a certification from CompTIA, Microsoft, Cisco, etc. you need to have a training program for that.

On top of all that, you should set some "quarterly" goals for the new employee so that both of you know what is expected and how well the employee is progressing.

Note that I refer to this as the probationary period. Your Employment Terms Memo should state very clearly that there is a 90 day probationary period (or whatever works for you). This allows you to agree to some very clear goals with the new employee. It also prevents surprises if you should need to lay off the employee before the 90 days are up.

There are many pieces to the hiring puzzle. With a little effort and preparation, you can create a great on-boarding experience for your new employees. It will also be good for your company in the long run because you'll know that every employee has the same basic training and introduction to the company.

Comments welcome.

- - - - -

About this Series

SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.

Find out more about the series, and view the complete "table of contents" for SOP Friday at

- - - - -

Next week's topic: Helping Clients with Audits - Security and Insurance


SMB Books, Audio Programs, and More 

100% Small Business I.T. Focused 
- Technical - Business - Marketing - 
- Managed Services - Cloud Computing - 
- Network Migrations - Sales - 

All these resources and more. 

SMB Books is THE resources for the small business IT consultant who wants to move up to the next level. 

Friday, December 07, 2012

Earn a FREE Copy of the New Managed Services in a Month Book (Limited Time Offer)


Want to earn a FREE copy of the latest edition of

Managed Services in a Month?


Here's all you have to do:

1. Create a video endorsing the book Managed Services in a Month. Your endorsement can be based on the first edition.

Your video must display the URL with a link to this site.

2. Upload your video to You Tube or another video sharing site.

3. Promote your video on Facebook, Twitter, LinkedIn, Pinterest, or your blog.

4. Fill out the form below so we can verify your work.


That's it! We'll send you a free copy of the new edition.

Limited Time Offer: More info Here.

Why Are We Doing This?

Managed Services in a MonthThis is obviously a lame publicity stunt. Here's the idea:
- Google loves video.
- Video plus in-bound links are juicy good SEO!
- I hope this campaign will result in dozens (or hundreds) of in-bound links to my site.

Most people won't do this!

Let's be honest, you might not want to spend all that effort to save $24.95 plus shipping. That's cool. I understand.
But it will be fun and you get some karma points as well.

Giving Away Books is a Good Investment

If I bought $500 of Google ads plus $500 worth of Facebook ads, I would sell some books. But if I gave away $1,000 worth of free books, I will sell books AND have a whole bunch of in-bound endorsements.


So think about it. This offer won't last forever!

How to add my URL to your video:

Thank You!

- Karl


SOP Friday: Hiring vs. Outsourcing Technicians

(Nothing in this article changes my long-standing advice that an administrative assistant should be your first hire.)

One of the decisions you need to address when you are a very small company is the question of hiring "W2" employees vs. hiring contractors (1099 employees). When you get larger, there is no question that you will have W2 employees. When you first start out, you simply can't afford that. So when is each appropriate and how do you make the transition?

One note on the terminology: Is the U.S. tax code, a W2 is a form that employers give to their employees at the end of the year. It lists all the wages paid for the year as well as the taxes withheld, and all other deductions that were taken from the employee's base pay. We sometimes refer to these as "W2" employees. In this article, I will simply refer to these folks as employees.

Contractors or outsourced help are paid without withholding taxes and other deductions. Businesses are required to file a "1099" form to report how much they have paid to workers who are paid in this manner. Businesses are required to file a 1099 for any person to whom they have paid $600 or more during the year. I will refer to these folks as contractors.

Hiring Your First (Tech) Employee

One of the classic struggles for small businesses is hiring your first employee. Employees cost a lot of money! Depending on your tax rates, plus workers compensation and other employee-related expenses, it costs about $1.25 to $1.50 for every dollar earned by an employee. So, for example, an employee who earns $17/hour will cost the employer about $25/hour.

If you make a commitment of 20 hours a week (or 30 or 40), you quickly realize that labor will always be your largest expense. A $25/hr expense times 40 hours is $1,000/week. And PLEASE note that you need to pay this from your profit. You cannot calculate your first employee's expense based on your revenue. You need to have enough excess profit to pay that $1,000/wk - because it's every week. Week after week. And if you're not billing the work, or you're not signing new managed service agreements, that $1,000 gets harder and harder to pay.

If you don't have the excess profit to pay this expense, you might find yourself taking the money from your own income and making it the employee's income. That might be fine as a temporary expense. But you need to be aware of it beforehand so you can adjust your personal budget.

And also note: It is very common for a company to make no more profit with an employee than they did with just the sole proprietor. Any employee needs some management. Coordinating with someone else takes time from service delivery and marketing. You might end up doing more work for more clients, but taking home the same profit at the end of the year.

My personal experience was along these lines. In 2000 I was so busy I couldn't see straight. I hired someone full time. We went through a training period, which was not intended to be profitable. Then we caught up on the work in short order. Then we added one big client who consumed a bunch of time.

Then I realized that I was spending all my time keeping my employee fully occupied. I was doing sales. But he couldn't work enough hours to feed both of our families. I had basically turned over 90% of the work. What I needed to do was to double the workload and do 50% of it.

Paul was an awesome employee and a good friend. But I had to let him go because I couldn't sustain the deal.

I don't recommend hiring a full-timer right off unless you've got a new, big client who will pay for most of that expense.

Hiring Part Time Employees

Next, I hired someone on an as-needed basis. The basic deal was: If I bill the client for your time, I pay you for your time. This worked well. My goal was 10-20 hours a week. I found someone who was strictly a beginner and strictly desktops. No server work. No Exchange. No firewalls. Just Windows and Office.

So this guy was an employee, but did not have regular hours. Just like they do at McDonald's, Staples, and all the big stores. Eventually I had enough work to give someone a sustained 20 hours per week. So now I had a half-time employee. I could count on him being available at least 20 hours and he could rely on at least that much income.

This was sustainable. It was fair to everyone. I didn't get an employee with an MCSE this way, but I got a Microsoft Certified Professional who was willing to work for a living.

When Tech #1 got to a sustained 25-30 hours/week, I hired a second part-time tech. I wanted to make the first tech full time, but it just couldn't happen. One person can only run around and scratch out so many hours. I could get more billable hours from two 20-hour techs than from one 40-hour tech.

Eventually they both grew to be full-time positions. After that we normally hired full time techs because we had a little more flexibility in scheduling with each new hire, so we could get lots of work done with everyone running in a different direction.

Hiring Sub-Contractors

The other way to go is to hire contract labor (when working on a client job, these are sub-contractors).

With contract labor, you give them a flat fee or flat hourly rate. They are completely responsible for the taxes, etc. You absolutely must have a contract with these people. Why? Because the government will come after YOU for all their taxes, social security, federal unemployment, state unemployment, etc.

Thanks to [insert virtually every large technology company] ripping off their employees and treating employees as if they are contracts, the IRS has written specfic rules to define who IS and IS NOT an employee. Start here:

There are specific criteria for determining whether someone is legally a contractor or an employee. I discussed this in the book Service Agreements for SMB Consultants because you need to spell these criteria in your service agreements. Well, you also need to spell them out with your contractors. You can clarify the items Uncle Sam is looking for and avoid future problems.

A few key points:

1) They are not an employee. You pay them money and they are responsible for taxes, insurance, mileage, meals, etc.

2) You need to figure out fair pricing. Fair is whatever the two of you agree on. Having said that, you want to come up with a proposal that you can offer up.

Based on discussions with the folks at SMBTN, we do a 30/70 split. Here's how that works. If you brought the work (it's your job) and they bring the labor (the sub performs the work), then you keep 30% and they keep 70%.

So, if you charge $100/hr, then it's pretty simple. You pay them $70/hr.

Now, if you have to work together, they need some training, they need assistance, etc., then you might drop this to $60/hr. But I wouldn't go below that.

If they're really just not worth $60/hr, go find someone who is.

The next step in your evolution is to simply state a price and pay it as an hourly. So you might pay $60/hr until you're sure they'll work out, then move to $65 and $70.

One of the best ways to find talent is to join the local IT Pro User Group. I have hired (and been hired by) many people in the local Sacramento IT Pro group. When I need an extra three people that I am sure can follow a checklist, I call members of my group.

Hiring Strategy

So this is more of a discussion about business strategy than an actual SOP (Standard Operating Procedure). But, really, you should decide what you want to do regarding employees and contractors. I'm amazed at how many arrangements I've heard of out there.

Of course you need to adjust wages for your area. But the fully burdened cost of an employee is probably going to be solidly in the 1.25-1.50 range we talked about before. Keep that in mind.

Contractor give you flexibility, but you need to have them available when you need them. So that's a point for employees.

Also remember that anyone with less than 35-40 hours/week is probably going to be looking for another job on the side or a fulltime job. So even if they're "loyal" to you, they might disappear. You can't blame someone for wanting to be fully employed!

Comments welcome.

- - - - -

About this Series

SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.

Find out more about the series, and view the complete "table of contents" for SOP Friday at

- - - - -

Next week's topic: Employee Onboarding

Check Out the #1 ranked Managed Services book at Amazon:

Managed Services in A Month
by Karl W. Palachuk

2nd Edition - Newly Revised and Updated with NINE new chapters

Shipping January 2013
Order Managed Services in a Month NOW for only $24.95.

Order Today!

Wednesday, December 05, 2012

The Knowledge Lives in the Price

My friend Josh Liberman wandered into Sacramento a few days ago. Somehow, we found ourselves at a bar. Anyway . . .

As computer nerds, we were swapping stories about our industry, changes ahead, and the general state of competence in our field. Josh told me a great story that is all too common in our industry.

I'm sure you've heard a variation of the story. I'm sure you've TOLD a variation of the story. But the lesson Josh drew from it really stands out.

The Story

A prospect decided to save a bunch of money by hiring a trunk-slamming amateur. That guy screwed up the job. So the prospect called Josh in. Josh quickly fixed the problem and showed the client how it should have been done in the first place.

The client asked: "How did you know that when the other guy didn't?"

The Lesson

Josh responded, "That other $115 is where the knowledge lives."

I loved that line so much I wrote it on the back of the bar tab!

Why are you worth $150/hr? Why do you get the "big bucks?" Why does the client need to listen to your advice? Because you know what you're doing!

Right now, as I write this, I am working with two prospects who will probably become our next two clients. One is the all-too-common story about the incompetent amateur who kinda mostly sorta set up a Small Business Server. No working backup. No anti-virus. Exchange hasn't been set up. RWA not configured. Everyone has the same password. etc.

No documentation. Zero. Nada.

And then the guy disappeared.

Is that guy worth $150/hr? NO!

The second prospect was oversold. WAY oversold. A $5,000 enclosed rack with built-in air conditioner holding a storage server, two 24-port switches, and three UPSs capable of powering the entire office for a month. For nine (9) users. It's a non-profit, so of course they bought through . . . NOT! The prospect had never heard of Tech Soup.

And when the client calls, they ask her "Who are you?" and "What kind of system do you have?"

Bad or no documentation. Often wrong or outdated.

Is that company worth $150/hr? NO!

This prospect totally knows that she has been over-sold. And she wants to save money going forward. But she is smart enough to know that she needs a different $150/hr technician - NOT a cheaper $35/hr technician.

I rant from time to time about the need for professionalism in our business. A good, qualified technician should have no problem charging $125-$150/hr. Eventually, clients will realize that they are wasting money hiring amateurs.

Does anyone REALLY think a $35/hr technician is competent enough to trust your business to?

The knowledge lives in the other $115.

Think About a Firewall . . .

Some clients believe that they can do our job because they can buy some cheap crap at Office Depot and when they plug in the cables, the lights go on. At some level, they know they are "getting by" with cheap equipment. But they must know in their hearts that it's really not the same as good equipment.

You can argue that the difference between a $600 firewall and a $700 firewall is mostly profit somewhere along the line. But when you compare a $69 firewall from the clearance table to a $700 firewall with a three year warranty, you HAVE to know that one is better than the other.

And the same is true with the $3,000 firewall.

There are differences between junk, good, better, and best.

The same is true with technicians. You might not be able to tell the difference between a $140/hr tech and a $150/hr tech. But you can guarantee without further investigation that there's a huge difference between the $35/hr tech and the $150/hr tech.

The best part is: The $150/hr tech is always cheaper. He will bill for fewer hours. The work will be done right. So there's very little re-work. Jobs are done within the price estimated. Other things don't mysteriously break when something is fixed.

Have you ever noticed that $35/hr technicians bill for everything - including their incompetent bumbling as they break one thing after another and take ten hours to do a job that should take one? They never give a "professional courtesy" discount when something takes longer than estimated.

There is no professional courtesy because there is no professionalism.

That other $115 is where the knowledge lives.


Tuesday, December 04, 2012

New Podcast: HIPAA Compliance Certification

I had a great chat with Scott Barlow from Reflexion the other day.

A few people had mentioned Reflexion's HIPAA training. So I thought I'd ask Scott what it's all about.

We had a great interview - about 20 minutes. It is extremely educational.

I am going to get this certification by the end of the year! Seriously. If you work with anyone in the medical professions, including insurance, you should get this training.

Unbelievably low priced . . . and you can resell it to your clients.

Get all the details on this Interview with Scott Barlow on HIPAA training over at the SMB Community Podcast site.


Saturday, December 01, 2012

Nominations Now Open for 3rd Annual SMB 150 Awards

Hey Guess What?

I am going to be a judge for the next SMB 150 Awards!

Nominees are encourage to photoshop themselves into a picture with me and post on Facebook. It won't influence my vote, but it might be fun!

The Official Announcement from SMBTN and SMB Nation regarding the 3rd annual SMB 150 awards:

SMB Technology Network (SMBTN) and SMB Nation have announced that nominations are now being accepted for the 3rd annual SMB 150 awards.
This endeavor is a hybrid voting contest where nominated candidates seek the public recognition of professional peers, customers and like-minded SMB influencers for their accomplishments and achievements. It all reaches a peak with the awards ceremony at the 7th annual SMB Nation Spring "V3" conference on February 24, 2013 at Microsoft Redmond!
What is it?
This is an independent contest from two trusted community organizations that seeks to recognize and reward both well-known and unsung SMB heroes. This is accomplished by both a voting and judging process:
  • Nominate your SMB peers that you RESPECT and believe deserve to be part of this process and enjoy industry recognition.
  • You may also self-nominate.
  • Only one (1) nomination is necessary per person. The nomination process is NOT the voting process.
SMB Leadership Voting Categories
  • Experts
  • Leaders
  • Media
  • Partners
  • Vendors

  • Public vote. This is a popular vote starting December 17th for one-month. This accounts for 40% of the total award calculation.
  • Judges. We have assembled several well-respected industry experts who are above reproach and not eligible for the contest to cast confidential ballots for top SMB 150 nominees. This account for 60 percent of the total award calculation.
How it works.
Nominations are accepted from December 1st to December 15th 2012
Past nominees are AUTMATICALLY RENOMINATED and DO NOT NEED to resubmit your candidacy. This saves you one-step and allows you to focus on your elect efforts.
Important Dates:
  • Voting opens December 17th and closes January 18th 2013
  • Winners are announced January 21st 2013
  • Award ceremony occurs the evening of February 24th 2013 at the SMB Nation Spring "V3" show at Microsoft Redmond.
More Information:
  • SMB 150 winners may attend the SMB 150 award ceremony complimentary and guests may attend with a nominal $99 award pass. Includes group and individual professional photo for your publicity use.
  • SMB 150 winners receive a certificate suitable for framing and digital "badges" for use on websites, e-mails, etc.
  • BONUS: SMB 150 winners may attend the full three-day SMB Nation Spring "V3" for a 50 percent discounted conference admission ticket.
  • BONUS:  SMB 150 nominees will receive a complimentary SMBTN Community membership and SMB 150 winners will receive a 50 percent discount toward an optional SMBTN Business membership.
  • Visit the SMB 150 site to complete the nomination process.
  • Visit the SMB Nation Spring "V3" site to learn more about the February 23-25, 2013 conference
  • Learn more about SMBTN at
  • Learn more about SMB Nation at

- - - - -

We had a lot of fun with the last contest. I hope you all consider nominating yourselves or others - and then campaigning on their behalf.



Friday, November 30, 2012

SOP Friday: Disaster Recovery - Simple Restores

What is a disaster? 

For a business, it's pretty much anything that causes a widespread stoppage of business. That might mean a server down, or Exchange down, or the company's commerce web site down. In this article we're going to look at a specific scenario.

Most small businesses only need to deal with three basic types of business interruption: 1) Utility outage (power outage, internet outage); 2) Server crash (some critical function on the primary server renders it unusable); or 3) building-wide disaster (fire, hazmat spill). A fourth, less likely scenario would be a region-wide disaster. This would include major floods, major hurricanes, major earthquakes, etc.

Please Note: When you create a disaster recovery procedures, it must exist as a set of written documents. Everyone in our business wants to put everything in an electronic format. Please don’t argue with me on this. This is disaster preparedness, fergoodnessake. Let’s say the emergency is a power outage. Or a failed hard disc. Or a fire. Or a flood. Or a hazmat spill that requires the neighborhood to be evacuated.

Get the picture? In an emergency of almost any kind, the kind that would require you to implement this plan, you won’t have access to the plan in electronic format! It is totally fine to have the plan exist primarily in electronic format, but there should be a printed version for the day the lights are out and the water is rising.

What is a Simple Restore?

There are many kinds of disaster recovery. In the most complicated and expensive, the goal is to completely recreate the failed network in every detail. This doesn't work well in small businesses. If your old system had three year old server and 50 machines ranging from Windows 7 to XP, you are very unlikely to recreate that environment exactly.

A second type of disaster recovery focuses on active directory. The goal is to bring back the server, with all the data and all of the network SIDs for machines and users. It does not require the exact hardware that existed before, but focuses on the most important pieces of the network, which could easily be on new hardware.

The third most common type of disaster recovery involves simply "getting your data back." That includes total server recovery in some cases. Two examples of this are very common: Recovering from a failed hard drive and restoring an entire server from tape or disc. These are simple restores.

Rule #1: Go Slow!

Disaster recoveries are always stressful. No matter how good your system is or how often you've tested it, there's always a chance that something went wrong with the last backup. Or the backup software won't load.

And then there's human error. You might over-write newer data with older data. You might not write-protect a restore medium, and it might get written to as soon as your mount it because the next backup job is waiting for it. Stuff happens.

Think. Think. Think. Go slow. Be careful. Be methodical. Know what you know. And once you completely master the technology in front of you and the resources available to you, your chances of success go way up.

Rule #2: Make a Plan

Please do not show up, slap in a new hard drive and then start to think "What should I do first?" You've already done first. Or maybe you did second or third and skipped first altogether.

A plan - a checklist - is critical to success because it guarantees that you will do everything you need to do, and in the order you need to do it. It also makes sure you don't skip the "small" steps that make life easier in the long run. For example, we like to label hard drives before we put them in the system. This allows us to note exactly where they were as we take them out. No matter how much switching and swapping takes place, we can get the system back to where it was when we showed up on the scene.

You also want to mark the old (bad) hard drive. We take a large permanent marker and make a big X across the top of the drive. Then we write BAD and the date it was removed from service.

If you are using a cloud-based D.R. system, how do you notify them that you need to execute the D.R.? And how do you actually bring that data down to an empty hard drive? What's the plan? What's the checklist?

Rule #3: Use a TSR Log
(and Document Everything You Do)

A Troubleshooting and Repair (TSR) log should be started as soon as you begin logging time on the service request. You should make a note with each important action step you take, and you should make a note at least once every 15 minutes. The TSR log will help you document everything you do and will help you troubleshoot in case something goes wrong.

These three rules will give you a high level of success - and confidence in your process.

Simple restores are just was stressful as any other disaster recovery. They are "simple" only in the fact that you're doing two basic things: 1) Fix the system, and 2) Reload the data. But those two things can be rather big and troublesome on their own, so "simply" doing them might not be simple at all.

The other thing that's nice about simple restores is that you can hand them off to lesser-qualified technicians.


That's right. Once you have the checklist down, you can have it executed by anyone. This is a bit scary until you realize how good it makes YOU. You have to be crystal clear about making sure they understand the dangers and the basic process. They need to verify that a backup job is not waiting for a medium. They need to label all the drives, including the new one and the old one. They need to be able to identify the correct media to restore from.

When you can guide them through the pitfalls and pleasures of data restore while they're on site and you are not, then you know you have a great checklist.

Rule #4: Improve Your Process

When you are finished with any "emergency" data recovery, you should take stock of what went wrong - or could have gone better. Did you know how to do a bare metal restore with this specific backup system? If a medium was bad, did you know the next best restore point, where it was located, and have it available?

Lots of people (myself included) preach that you do not have a backup until you test your restore. Similarly, you do not have a disaster recovery until you test your D.R. That means you have to learn each system you have in place well enough to actually execute a recovery. The time to learn this is before disaster strikes, not after.

So whatever needs improvement, make a note. Whatever you needed and didn't have on hand, make a note. All all these notes to the TSR log and then use them to update the checklist. What's the last item on the checklist? "Update this checklist."

Hurricanes, floods, and fires are real. So are hard drive crashes. You need to know what you need to know before you need it!

Comments welcome.

- - - - -

About this Series

SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.

Find out more about the series, and view the complete "table of contents" for SOP Friday at

- - - - -

Next week's topic: Hiring vs. Outsourcing


Still the best Quick-Start Guide to Managed Services: 

by Karl W. Palachuk 

Now only $39.95 at SMB Books!

Ebook or Paperback

Learn More!

Tuesday, November 27, 2012

Will You Take a Quick Survey For Me? 30 Seconds, I Promise

I'm doing a wee bit of market research.

Will you please fill out this form?

Thank you!