Tuesday, July 27, 2021

CoreDial Names Jason Harper Chief Technology Officer

Received this notice under the door . . .

-- -- --

Accomplished Engineering and Business Leader Will Oversee the Cloud Communications Provider’s Product Management, Software Development and Cloud Services Teams

BLUE BELL, PA — (July 21, 2021) — CoreDial, LLC, a leading provider of cloud communications, video collaboration, and contact center solutions, announced that Jason Harper has been appointed the company’s Chief Technology Officer. In this capacity, he will lead CoreDial’s product management, software development, and cloud services teams to accelerate the company’s growth trajectory as well as its ongoing mission to be the best at enabling the channel to succeed with cloud communications. 

Harper brings a wealth of communications technology expertise and business acumen to CoreDial, including extensive UCaaS and SaaS experience. He is known for creating and implementing communications and analytics solutions that are widely used in both business and consumer settings. Prior to joining CoreDial, Harper served as Vice President of Engineering at GameChanger Media, an independent subsidiary of Dick’s Sporting Goods. In this capacity, he was responsible for developing software, mobile apps, and analytics solutions that are utilized by hundreds of thousands of youth sports teams across the United States.

Before that, Harper was Vice President of Infrastructure Engineering at Vidyo, directing the development of video collaboration services and related networking products. He also served in executive capacities with ShoreTel, managing the softswitch, contact center and billing and OSS operations groups. Along with his development and management roles, Harper is a proven innovator, holding several U.S. patents for bandwidth management and network performance. 

“I’m excited to have Jason join our team here at CoreDial,” said Alan Rihm, CoreDial’s CEO. “He brings with him strong leadership and culture building skills, and I’m confident he will inspire our technology team's continued success as we accelerate our growth in 2021 and beyond. Jason has very relevant subject matter expertise in the cloud communications space, as well as a proven track record of both B2B and consumer software innovation. His background and experience will help us to meet and exceed company product and service objectives going forward, and his leadership style is one that I expect will help us to attract and retain the best product, software, and cloud services talent possible. The team and I couldn’t be more excited about Jason joining us on this journey.”

Harper joins CoreDial on the heels of launching CoreNexa 7.0, its all-in-one voice, video, messaging, and collaboration solution. Designed to unleash the power of the modern workforce, CoreNexa 7.0 enables channel partners to offer a single and highly competitive solution that satisfies the full spectrum of business communications and collaboration needs for businesses of all sizes, verticals, and across in-office, hybrid or fully remote environments. The platform combines reliable HD video, meetings, messaging, virtual room and standout collaboration features with CoreDial’s proven voice and cloud communications services, giving organizations a single solution that meets the next-gen needs of the post-pandemic business landscape.

“I’m delighted to join Alan and his talented team and contribute to the success of the organization,” said Harper. “With the launch of CoreNexa 7.0, it’s an exciting time for CoreDial as a company. I look forward to helping the team innovate and grow the solution even further, and develop new solutions to help our partners maintain a competitive advantage with cloud communications.”

About CoreDial

CoreDial is a leading provider of high-quality and scalable cloud communications, contact center, and video collaboration to more than 32,000 businesses. The company’s solutions are quickly and easily auto-provisioned through its CoreNexa™ platform, which seamlessly integrates with other essential business applications. For small- to medium-size businesses and larger enterprises, CoreDial offers comprehensive, cost-effective, and future-proof communications solutions customers demand. Backed by an industry-leading 99.999% SLA and supported locally by 850+ trained partners, CoreNexa is uniquely positioned to help businesses unleash the power of the modern workforce. www.coredial.com 


Friday, July 23, 2021

Join Me Live at SMB TechFest: Build a Priority-Based Service Department

Topic: Build a Priority-Based Service Department

We use the terms all the time: High, Medium, and Low Priority. But does everyone on your team agree on what these mean and how they affect your service delivery? Do all of your clients understand what you mean when you use these priorities? 

Join me for an all-new deep-dive into defining priority-based service department that is more profitable, delivers higher quality support, and keeps clients happier than ever. Don't miss the tip sheets that accompany this presentation.

Join me July 29th for the Q3 SMB TechFest event:

Build a Priority-Based Service Department

Register FREE as my guest. Click the link below, or the graphic. Your choice. Either way, you win.

I will be in my virtual booth after the presentation - drop by and chat!



Rescheduling Canada and UK Roadshows

 I am very sorry to announce that we are going to reschedule our Canada and UK Roadshows, which were scheduled for August and September. Even the Canadian shows had already been rescheduled from May.

I am a very optimistic person. So, when this pandemic started, I thought it would be done in a month or two. That was sixteen months ago. And then the vaccinations took off pretty well, so I thought the world's doors would open quickly. They didn't.

Now it appears that the Delta variant is sweeping across the globe. Those who are vaccinated have a 90% chance of not being affected. But it is becoming clear that we (the vaccinated) can get, carry, and pass on the variant, even if we are symptom-free. [I'm not a doctor, etc. Don't argue with me. I'm just boiling down what I think we know.]

So I'm once again pushing events out to the future.

I am moving forward with the Providence, RI Roadshow on September 16th at the Hilton Providence.

See the web site for details: https://www.smbroadshow.com/providence-rhode-island/.

AND we're looking at a December event in Las Vegas, NV.

My best guess is that those are the only two shows we'll do this year. So if you are anywhere near Providence in September or Vegas in December, please join us.

The Good News: I Promise GREAT Content!

We will kick off the event with a live Game Show. Great entertainment and networking opportunity. After that, we'll look at some of the biggest challenges and opportunities in the SMB IT space today. And we finish off with a beerfest to celebrate our success and send everyone off with more great networking.

We already have folks signed up for the Providence show. And we'll open Vegas registration soon.

Do yourself a favor: Join Us!

Reminder: Small Biz Thoughts Technology Community Members attend free. Grab the discount code in your dashboard or email Kara or me for directions.

Also: If you think we should bring the SMB Roadshow to YOUR CITY in 2022, drop me a line or put a comment below. We will be doing more cities next year.


Thursday, July 15, 2021

Build a Priority-Based Service Department - Join Me at SMB TechFest

 Join me -

July 29th online for the SMB TechFest Quarterly event.

Register for free at this link: https://www.smbtechfest.com/karl

All New Presentation:

Build a Priority-Based Service Department 

Even after all these years, too many companies are 100% interrupt-driven. That means that they find themselves working on whatever get dropped in front of them. Interruption-based work is always less efficient and less profitable!

But how do you set and implement priorities so that all of your staff, and all of your clients agree on what each priority level means? And how do you build processes to make that system work? And what does it look like from inside your service department?

We'll cover all of that plus give you some sample tip sheets for employees and clients.

No matter what you use for a ticketing system, a rock-solid priority system will help you deliver better service and be more profitable.

Plan to join us online July 29th. And drop by my booth to hang out in the afternoon. More information and registration at  https://www.smbtechfest.com/karl


Wednesday, July 14, 2021

Early Bird Registration is Now Open for the SMB Roadshow in Providence, RI !!!

Mission Control we are ready to blast off!

Early Bird Registration is Now Open 

for the SMB Roadshow in Providence, RI

September 16th

at the Hilton Providence

Please join us for a great LIVE event.

I am posting this notice because we have officially locked down the meeting room, signed the paperwork, and bought the airfare. I can't promise what else will happen (although I'm still hoping to do some other shows this year), but we are 100% ready to blast off in Providence.

More information and registration at: https://www.smbroadshow.com/providence-rhode-island/

This event is four hours of great content, networking, and education . . . followed by a beerfest. The price is only $399 for the first attendee. But you can save $100 right now with the checkout code 


Our theme this year is all about the Absolutely Unbreakable Rules of Service Delivery. We'll start with some networking and then a fun and educational Game Show I designed just for this event.

After that the agenda includes:
  • Running Successfully in the 2020's
  • Post-Pandemic Clientele and Offerings
  • Building YOUR Absolutely Unbreakable Rules
  • Looking Forward to the next normal
  • (and, of course, a trip to the pub)
We all have rules we use to help us be successful in life and in business. I've spelled out some of my most important rules and then we'll help you down the road to codifying the rules that have made YOU successful.

As always, we have plenty of handouts and time for Q&A.

Join us and take your business to the next level.

BIG discounts available. Obviously, there's the early-bird discount. If you register now, you save $100 with the discount code above.

But Small Biz Thoughts Technology Community members save even more - they get in Free of Charge with the code posted inside the Community. Members, get your code here: https://www.smallbizthoughts.org/member-account/coupons-and-discounts/.

Not a member? No problem! Join today and save big on this roadshow, all of our 5-week classes, and thousands of dollars worth of other benefits.

We've been off the road too long. PLEASE join us live in Providence for a great event.

Your satisfaction is always guaranteed.


Monday, July 12, 2021

Transforming into a Profession - Next Step: Community Zoom Meeting

 I've posted several times about transforming our industry into a profession. I've been pleased to see several people get engaged.

Now it's time to start actually meeting and figuring out some action steps to move toward the new reality. So we're holding a Zoom meeting, Open to anyone who's interested.

The Future of IT - Organizing Meeting

There is no "presentation" here. I have a few ideas, but I've been spelled them out in blog posts, white papers, and a webinar. Now I want to start a conversation around the challenges and opportunities we face.

In some sense, we have plenty of time. Governments and major corporations tend to work slowly. But in another sense, time is short. When "incidents" happen, action tends to take place rather quickly. When that happens, we will either be at the table or not. 

What does it take to be at the table? We need to establish ourselves as a part of the discussion that cannot be ignore. In addition to representing our industry, we also need to represent our small- and medium-sized clients Like us, they are being acted upon, without a seat at the table.

Please register for this meeting. That way, we can send you a link to the recording even if you miss it. But I very much prefer that you attend and contribute your ideas. Here's the info:

Zoom Meeting
The Future of IT - Organizing Meeting

Wednesday, July 21st

9AM Pacific / Noon Eastern

Register at: https://bit.ly/it0721 so you'll get a reminder.


. . . And I'll see you on July 21st.


Saturday, July 10, 2021

First Lesson of Windows 11: There's No Such Thing as AYCE

 Many of you have heard me rant against the concept of "All You Can Eat." Of course there's no such thing as all you can eat. Why does a restaurant have rules for AYCE? Because it's a policy designed to be abused.

I get about one email per month from someone who has screwed themselves by offering an AYCE managed service offering. One of the hardest lessons learned is about to be repeated. Microsoft is setting the stage (Don't get me wrong. I don't blame Microsoft for the policies of MSPs who fall into this  trap.)

Introducing Windows 11 - To be delivered free of charge!

Sounds great. Now picture this. I have 20 desktop computers and 35 laptops. All are on Windows 10 and they vary from one year old to five years old. All will (as far as we know) be eligible for free upgrades to Windows 11. Yay.

But Windows 11 will not be installable on old, insecure hardware. Are my machines equipped with Trusted Platform Module (TPM) chips? I don't know. You (my MSP) probably don't know. So, job one is:

Run the update tool that will someday be posted here:


. . . on all 55 machines for FREE. Meaning, you won't charge me to do this because I have an all I can eat contract. Thank you.

Can these chips be installed with a motherboard plug-in of some kind? Go find out. And don't charge me. Then, if the work needs to be done, do it. I'll pay for the chips. You provide labor for free because I have an all I can eat contract. Thank you.

Finally, we're ready to upgrade the machines we can. Let's say it's 25 machines ready to upgrade. You'll patiently sit through that upgrade to make sure it's smooth. Time twenty-five machines. Plus any driver updates and troubleshooting. I'll pay ZERO for that labor because I have an all I can eat contract. Thank you.

But, Karl, All You Can Eat Doesn't Mean All You Can Eat!

Oh? What does it mean?

And you'll forgive me if I dig out your marketing material, read through your web site, and review my contract. Seems to me that All I Can Eat is very self-explanatory. 

Okay. You're tired of hearing this. Great. Then stop using that term. It's misleading to clients and other managed service providers. It's a lie.

To have a viable business model, you need to draw very clear lines around what's included and what's extra. That way, you and your clients can be on the same page about what they're paying for. And, as a bonus, you can be profitable. I'm a huge fan of that.

Recently I posted a video on What is an MSP and What is Not an MSP:

If your business is service-focused and client-focused, then you probably put a very big emphasis on keeping the client's systems UP and working, as well as efficient. You help them get the absolute greatest value from their investment in technology. That's a maintenance-first approach.

And, therefore, your offering has to be around maintenance and maximizing the value of each client's investment. Adds, moves, changes, are extra.

[Side note: The only real reason to offer a false "All You Can Eat" offering is to attract clients who do not see value in your services and would rather not pay you for everything they get. I don't think you want to attract those people as clients.]


Thursday, July 01, 2021

Proposed Legislation: IT Service Provider Registration and Compliance Act

Legislation and regulation are coming to our industry - fast. You no longer get to ignore this issue or put your head in the sand and pretend it's not happening. It's happening. Now you can choose to get involved and influence your future, or simply do nothing and let the legislators and bureaucrats decide your future.

Obviously, I encourage you to get involved.

For a little background, please see the download here: http://bit.ly/kp9pillars

- That is a collated version of the "9 Pillars" discussion in previous posts.

I did a webinar on this document and proposed legislation related to it. The webinar recording is here:


If you want to get involved in this discussion please fill out the form here: 

What's Next?

Well, unfortunately, I think we need to accept that we will be regulated and we need to figure out how to use that fact to improve our business - and the industry as a whole.

Below is the text of some proposed legislation. A formatted version is available at https://bit.ly/itsp-leg

(No registration or email required. Just click and download.)

Basically, the goals of this proposal are:

1) Create a statewide (province-wide) database of IT Service Providers (ITSPs) and Managed Service Providers (MSPs) with a government agency.

 - - This database would be publicly searchable.

2) Defines ITSPs and MSPs. Basically, for this discussion, ITSPs provide small amounts of labor, break/fix labor, and specialty labor. They do not manage the entire client infrastructure or provide backup and disaster recovery services. MSPs are defined as providing those higher-end services.

3) Require all registered providers (ITSPs and MPS) to report cyber security incidents for any client with whom they have a contract.

4) Require that all services of $5,000 or more by a registered provider must sign a contract between the client and technology provider. If a client refuses to sign such a contract, they limit the amount money that can be claimed in an "errors and omissions" action.

5) Require that MSP offer comprehensive security services, including backup and disaster recovery. If a client declines these services, they may not hold the service provider liable for any security breeches or related ransomware damages. In addition, the client's insurance company may refuse to cover such incidents if the client has refused these services.

6) MSPs are required to provide appropriate maintenance and patching of all software.

7) Require reporting of all cyber security incidents and payments.

The ultimate goal of this legislation is to return some sanity to both the insurance industry and the SMB tech support industry. Insurance companies should be in support of this because it attempts to make two big changes:

1) Get more clients to actually secure their systems. 

It will do some good on the prevention side, and a great deal of good on the recovery side. Whether we prevent cyber security incidents, or simply get clients back in business quickly without paying ransoms, the clients are more profitable and insurance payouts are reduced dramatically.

2) If clients cannot or will not pay for appropriate security, the insurance companies are not required to cover these incidents. 

Ultimately, we cannot force companies to secure their data. But, insurance companies and technology consultants should not bear this burden when the client does not take the actions required to secure their systems.

Overall, I believe this makes the insurance industry and the IT industry natural allies on this front.

This is a starting place!

I am not a lawyer, a legislator, a lobbyist, or an insurance broker. So there's no way this proposed legislation is perfect. But it's a place to start the discussion.

Eventually, I would love to see something along these lines introduced in every state and province in North America. And beyond that as well. I was happy to see people from Germany, the UK, and Australia on my webinar about this.

I am gathering some volunteers. So if you are interesting in helping to fine-tune the discussion, or help in any way, please fill out that form. We will try to organize some meetings soon. I know everyone is crazy busy. But regulation and legislation are coming, whether you participate or not. And it will be very sad if we are subject to legislation written by and for large corporations who do not face our challenges or even risk going out of business due to these challenges.

Please join us today.

-- -- --

Now, here's the text of that proposed legislation.

Proposed: IT Service Provider Registration and Compliance Act

Drafted under the auspices of the Small Biz Thoughts Technology Community. www.smallbizthoughts.org.

Note: “The [Appropriate Agency]” in this draft legislation should be replaced by the state police, cyber crimes task force, or whoever is the most appropriate agency in the state.

IT Service Provider Registration and Compliance Act

AN ACT of the Legislature relative to registration with the Secretary of State by IT service providers and managed service providers; to provide requirements for doing business; to provide for definitions; to provide for time limitations on the reporting of cyber incidents; to provide for limitations on liability; and to provide for related matters.

Be it enacted by the Legislature of the State of_________________, [appropriate statute code] is hereby enacted to read as follows:

1. IT Service providers and managed service providers

A. The purposes of this Chapter are:

(1) To create a registration for IT service providers and managed service providers doing business in this state.

(2) To provide access for the general public to obtain information on IT service providers and managed service providers.

(3) To require IT service providers and managed service providers to report cyber security incidents and the payment of cyber security-related ransom.

(4) To define limits of liability related to cyber security and IT services

B. Definitions

As used in this Chapter, the following words and phrases shall be defined as follows:

(1) "Cyber security incident" means the compromise of the security, confidentiality, or integrity of computerized data due to the exfiltration, modification, or deletion that results in the unauthorized acquisition of and access to information maintained by a client of an IT service provider or managed service provider, as defined in this Chapter.

(2) "Cyber security-related ransom" means a type of malware that encrypts or locks valuable digital files and demands a ransom to release the files.

(3) The [Appropriate Agency] means .

(4) “IT Service Provider” means any individual, sole proprietor, partnership, corporation, limited liability company, or any similar entity or combination of entities that provides technology consulting services on an as-needed or hourly basis to companies, not-for-profit organizations, or public agencies at the state or local level in the state of ___________.

(5) "Managed Service Provider" means any individual, sole proprietor, partnership, corporation, limited liability company, or any similar entity or combination of entities that manages and maintains the information technology infrastructure or end-user systems on an ongoing basis to companies, not-for-profit organizations, or public agencies at the state or local level in the state of ___________ .

(6) “Provider” means either an IT service provider or managed service provider, as defined above.

(7) “Client” means any company or individual that engages the services of a provider.

C. Requirements for doing business

(1) A provider shall not provide IT related services in this state unless the provider has registered with the Secretary of State and remains in good standing.

(2) Beginning [ Date ] , each provider that offers IT related services in this state shall file an application for initial registration with the Secretary of State consisting of the provider's name, address, telephone number, contact person, designation of a person in this state for service of process, and provide a listing of all officers, all directors, and all owners of ten percent or more of the provider. Additionally, the provider shall file a copy of its basic organizational documents, including but not limited to articles of incorporation, articles of organization, articles of association, or partnership agreement.

(3) The Secretary of State may charge a filing fee to maintain related records, not to exceed one hundred dollars ($100.00) for each filing period.

(4) A registration shall be effective for thirty-six months, unless the registration is denied or revoked. Sixty days prior to the expiration of a registration, a provider shall submit a renewal application on a form or web site prescribed by the Secretary of State.

(5) The Secretary of State shall maintain a publicly-searchable database of all registered providers along with the beginning and ending dates of their registration, and all important information from the provider’s application, and information related to cyber security incidents and cyber security-related ransom payments as defined in this Chapter. 

(6) Each registrant shall notify the Secretary of State of any material change in the registration information no later than sixty days after the effective date of such change.

2. Contracts between Providers and Clients

A. Contract Requirements

(1) Clients who engage a provider for services totaling less than five thousand dollars ($5,000.00) in a calendar year are not required to sign a contract for services. Clients who do not sign a contract for services shall not hold any provider liable for errors or omissions in an amount greater than the total dollar amount paid to provider in the previous twelve months.

(2) Clients who engage a provider for services totaling five thousand dollars ($5,000.00) or more in a calendar year shall sign a contract for services that is consistent with this Chapter and explicitly incorporates the provisions of this Chapter.

(3) Providers are required to inform prospective clients of the requirements of this Section.

B. Backup and Maintenance Minimum Requirements

(1) Any client who engages a provider for services and signs contract or agreement for services shall agree to pay for provider to create, maintain, and test data backups for all critical client data and IT services, except as described in this Section.

(2) If client chooses to not pay for provider to create, maintain, and test data backups, client shall sign a waiver releasing provider of liability under this Chapter. Any client who chooses not to engage provider to create, maintain, and test data backups, shall not hold provider liable for errors or omissions related to any cyber security incident or cyber security-related ransom during the period of their contract.

(3) Provider shall include in all contracts the creation, maintenance, and testing of data backups for all critical client data and IT services.

(4) Provider shall include in all contracts the maintenance and patching of all software and operating systems defined in the client between client and provider.

C. Notification of cyber incidents and payment of cyber ransoms

(1) To the extent a provider has knowledge of a cyber incident that impacts a client, the provider shall notify the [Appropriate Agency] of the cyber incident within sixteen business hours of discovery of the incident. The [Appropriate Agency] shall transmit this information to the Secretary of State within twenty-four hours.

(2) If a provider is aware of a cyber incident that impacts client and the provider or client makes a payment of ransom, to the extent the provider has actual knowledge of the payment, the provider shall report the payment of the ransom to the [Appropriate Agency] within ten calendar days of the payment. The [Appropriate Agency] shall transmit this information to the Secretary of State within twenty-four hours.

(3) A provider who submits a notification pursuant to this Section shall include in the notification the name of the client.

(4) Providers shall include the requirements of this Section in all contracts with clients. Both providers and clients shall be required to comply with the provisions of this Section to the extent the contract between the provider and the client explicitly incorporates the provisions of this Chapter.

-- -- --

Comments, questions, and feedback welcome.

- Karl P.


Tuesday, June 29, 2021

Deep Dive Into Facebook, YouTube and LinkedIn – All New Class!

 All New Class for 2021!

Deep Dive Into Facebook, YouTube and LinkedIn – 5W24

Taught By: Karl W. Palachuk

Five Tuesdays

  • July 6 - August 3 - Register Now
  • All classes start a 9:00 AM Pacific

Part of the "Social Media Super-Charge" Series for Small Business

This course covers three of the largest and most important social media in great detail. In all cases, we present a thorough training on getting the most of these applications. And, for each, we talk about how that specific medium fits into your overall sales and marketing strategy.

This course takes each of the platforms in turn, but constantly reminds you to create an overall approach to branding and social media. Each platform has "secrets" and best practices that most casual users never see. We provide these secrets and best practices as a series of checklists. Some are specific to individual postings; some are based on a weekly or monthly schedule; and some have a larger, strategic approach.

Most small businesses "use" social media, but don't really have a strategy for using social media effectively. That strategy starts with understanding the strengths and weaknesses of various platforms. And it culminates with a unified approach to branding and how your company presents itself across a variety of platforms.

This course is taught by Karl W. Palachuk, a social media influencer who "touches" over one million people per month. Karl has been using these social media for more than ten years, and has demonstrated mastery across all of the major social media that small businesses need to be successful.

Here are the specifics of what you'll learn, week by week:

Week 1: YouTube - Setup and Optimizing for Marketing

  • “Google Properties” And Webmaster Tools
  • Planning Your YouTube Strategy
  • One Email; Multiple Brands
  • Graphics and Branding
  • Creator Studio
  • Channel Settings
  • Next-Level Branding
  • Social Media Link
  • Custom URLs
  • Paid Membership Channel?
  • Monetizing

Week 2: YouTube - Video Upload and Tagging

  • Video Uploading Checklist
  • End Screens and iCards
  • Thumbnails
  • Tags/Keywords
  • Scheduling, Captions, and Chapter Headings
  • Longer Videos
  • Link to Adwords Account
  • Analytics and Reports
  • YouTube in the Big Strategy

Week 3: Facebook - Setup and Maximizing Results

  • Facebook Personal and Business
  • Graphics Revisited
  • Pages and Groups
  • Rules for Group Management
  • Successful Posting / Cross-Posting
  • YouTube in the Big Strategy

Week 4: LinkedIn - Setup and Effective Use

  • LinkedIn Basics
  • Three Levels of Connections
  • The Greatest Profile Opportunity in Social Media
  • Details and Options
  • Overwhelm, Minimalist, or Super Niche?
  • Sharing
  • Fake Profiles Can Teach You a Lot
  • Graphics and Branding
  • Custom URL
  • Premium Options

Week 5: LinkedIn - Optimizing for Sales

  • Email Marketing – and Abuse
  • Recommendations – Giving and Getting
  • Posts, Articles, “Blogging” and Syndicating
  • Groups
  • Activities and Notifications
  • All-Star Status
  • Super Search
  • LinkedIn in the Big Strategy

-- -- --

You may also be interested in the other courses in the Social Media Super-Charge Series for Small Business:

Optimize Your Social Media Marketing and Advertising – 5W23 (On-Demand Class)

1. Introduction, Overview. Marketing vs. Sales

2. Google, Apple, SEO, and Managing your Company's Meta Data

3. Graphics Overview and Tools Management

4. Automating Your Social Media Marketing

5. When to Pay for Advertising and Tools

Super-Charge Your Social Media Marketing (Scheduled for September 2021)

1. Twitter

2. Blogging

3. Podcasting

4. Email Marketing and Newsletters

5. Super Charge: The Magnifying Effect

-- -- --

Delivered by Karl W. Palachuk, blogger and author of the very popular Relax Focus Succeed blog at www.relaxfocussucceed.com.

Includes five weeks of webinars with related handouts, assignments, and "office hours" with the instructor. All classes are recorded for download. All classes include suggested "homework" that is totally action-focused and intended to move your company's marketing forward.

This course is intended for business owners and managers. It is particularly useful for Sales Managers and Marketing Managers.

Only $299

Register Now

A Few Details . . .

  • Each course will be five one-hour webinars
  • There will be handouts and "homework" assignments
  • If you wish to receive feedback on your assignments, there will be instructor office hours
  • Class webinars will be recorded and made available to paid attendees only.
  • All calls start at 9:00 AM Pacific Time

Questions? Email concierge@smallbizthoughts.com


Monday, June 28, 2021

D&H Launches “Education Community”

D&H Launches “Education Community,” Delivering Expert Insights, Product Knowledge, & Assistance with ECF Funding

D&H is Bringing Together Education Industry Authorities and Manufacturers to Address Evolving Needs, Including Support for Complex Programs Like the Emergency Connectivity Fund and E-rate

HARRISBURG, PA – June 24, 2021 – D&H Distributing, a major provider of SMB, mid-market, and consumer technologies to the North American channel, announces it has launched a new partner engagement group, The D&H “Education Community.” A selection of nearly 60 solution providers with a major focus in the K-12 and higher education markets. D&H assembled these partners to address the increasingly complex needs and opportunities in the education vertical. The group will address the ongoing demands of learn-from-home and on-campus environments, providing resources, guidance, and insights to empower partners to rise to these opportunities. 

The community meets quarterly with industry-leading experts from the education field, curated by D&H, to brainstorm on how to best serve this rapidly evolving marketplace—one of the hardest hit by 2020’s pandemic shut-downs. It will help these partners navigate complex government programs such as the new Emergency Connectivity Fund (“ECF”), approved March of 2021, in addition to the traditional E-rate Universal Service Fund. D&H is developing specific materials, training, and access to resources, helping partners through these processes. Such funding can deliver ample opportunities for channel partners to upgrade connectivity for their education end-users. 

So far, D&H has presented the newly-formed Education Community with a webinar from John Harrington, CEO of the E-rate consulting firm Funds for Learning, entitled “2021 State of Education: Funding, Programs & Qualifications.” This session is now available on-demand or at dandh.com/education. Partners can access additional resources and funding updates on D&H’s education landing page. The distributor also arranged for an exclusive presentation in June from Microsoft and Lenovo for a group of D&H education VARs, which provided predictions on future needs and how partners can adjust their current business models in preparation, plus info on Microsoft’s latest education devices. The Education Community also met with a CTO from a large urban school district in Pittsburgh to discuss the changing parameters of the classroom. 

“We’re positioning ourselves and our partners as thought leaders in this vertical, strategically incorporating the viewpoints of leaders in the field. This will empower us to better assess how classroom requirements are changing,” said D&H’s Vice President of VAR Sales Peter DiMarco. “This group will pose big-picture questions like ‘What will the landscape look like in three years?’ Or, ‘What will the next big technology for the classroom be?’ With the right resources and insights, we can forecast those crucial, impending needs.” 

For instance, D&H was one of the earlier distributors to advocate Chromebooks for the K-12 classroom—now a staple for computer labs across the country. D&H has become the go-to distributor for these deployments, offering suites of devices, DaaS subscriptions, life-cycle management, and Chrome management software. The distributor wants to identify the next generation of innovation for this sector, whether that’s AI, multi-function electronic whiteboard displays, 3-D printing and scanning, high-performance WiFi to accommodate hybrid learning—or something not even launched yet. D&H is honored to help its partners drive advances in digital learning, helping to provide access to impactful curriculum to all students regardless of economic status.

Members of The Education Community receive exclusive benefits such as discounts on White Glove services including asset tagging, laser etching, and enrollment services. Members can also receive five hours of in-depth ProAV Solutions Design services with a CTS Design Engineer, for projects ranging from virtual classrooms to full-blown gaming arenas. Both offers extend through December 2021. Manufacturer-driven programs and incentives will be updated monthly and will run for varying timeframes.

Additional benefits include free helpdesk support from Funds for Learning through 2021, including E-rate application assistance. And D&H offers a menu of Professional Services for education environments including Wi-Fi pre-configuration, connectivity assessments, and deployment services. D&H provides ongoing training via its cutting-edge Solutions Lab, including the recent session “Microsoft Education: Empowering Students and Teachers Today for a World of Tomorrow,” on-demand at dandh.com/solutionslab; in addition to its Partner Services customizable marketing collateral.

Brainstorming Unique Strategies

D&H has been able to execute inventive action plans, such as the green shipping policies that education solution provider Twotrees Technology (Wichita, Kansas) provided for customers during their push to accommodate remote learning. When Twotrees purchased more than 2,000 Chromebooks for a large district, D&H was able to significantly consolidate packaging, minimizing waste, conserving materials, and alleviating the district’s requirement to dispose of literally thousands of laptop boxes. 

“Green shipping is a simple service, but a much needed one. Such a tremendous volume of Chromebooks, all packaged individually with cardboard and Styrofoam, can create the equivalent of a whole dumpster full of trash for districts to deal with—all while they’re trying to pivot to online learning,” noted Twotrees Manager Susie Smith. “Yet this is only a small part of what’s involved in getting so many devices into the hands of school districts. D&H has been a strong and reliable partner in providing the expertise, logistics, and hands-on offerings such as White Glove services that allow us to effectively migrate education users to these new connectivity environments.”

“We’re seeing commitment from manufacturers and partners on this initiative, in addition to positive responses from end-users in the field,” added DiMarco. “They’re deriving value from D&H’s Education Community, and are impressed with the support and innovative thought we’re applying to the challenges that educational institutions face right now. This is a moment of opportunity for the channel. It also addresses a dire need for our country’s K-12 and higher-ed student and faculty communities as they rebound from 2020. We’re proud to contribute to that effort.”

D&H solution providers who are interested in the Education Community can contact Rhonda Hebbard, rhebbard@dandh.com. Partners can visit www.dandh.com/education, or see the distributor’s Facebook and Twitter feeds, https://www.facebook.com/DandHDistributing/ and @dandh. Call 800-877-1200 to speak to an account representative. 

About D&H Distributing 

D&H Distributing supports resellers and MSP partners in the corporate, small-to-midsize business, consumer, education, and government markets with endpoints and advanced technologies, as well as differentiated services. D&H is ready to fill new market needs created by the recent consolidation in the marketplace. As the company enters its 104th year, its vendors and partners can be confident in its ability to provide a wealth of enablement resources, multi-market expertise, credit options, and consultative services. D&H is agile in response to the needs of its VAR and MSP partners, demonstrating resilience through decades of industry mergers and market disruption, overcoming everything from wars and recessions to pandemics. 

The company works to expand the competencies of its partners in areas such as cloud services, ProAV, collaboration, UCC, mobility, esports, digital displays, smart home automation, video surveillance, digital imaging, and server networks across a range of markets. Its value proposition includes highly lauded training opportunities and partner engagement events, dedicated Solutions Specialists, certifications, professional marketing resources, and an expanding digital Cloud Marketplace. 

The distributor is headquartered in Harrisburg, PA, in the U.S. and Brampton, Ontario, in Canada with warehouses in Atlanta, GA; Chicago, IL; Fresno, CA; and Vancouver, BC, Canada. Call D&H at (800) 877-1200, visit www.dandh.com, or follow the distributor’s Facebook and Twitter feeds, https://www.facebook.com/DandHDistributing/ and @dandh.


Wednesday, June 09, 2021

Exclusive Webinar: Transforming Our Industry Into a Profession

Transforming Our Industry Into a Profession

 A webinar for SMB IT consultants.

Recently, I have blogged about the Nine Pillars of moving our industry from where we are to a true profession. This includes a discussion of the challenges we face, and some ideas about how we can answer them.

I've collected the blog posts into one single PDF. You can download it here:


(No registration required. No email. Just download.)

I hope you'll take a little time to download that and post any questions or comments on my blog (or email me).

And then I hope you'll register for my webinar on this topic on June 30th. Here are the details:

Transforming Our Industry Into a Profession

with Karl W. Palachuk

A discussion of the biggest challenges facing the SMB IT industry, and some thoughts on what we need to do about it.

June 30, 2021 

This webinar was recorded.

The video is here: https://www.youtube.com/watch?v=Ev7kwfohi-8

Note: This is absolutely NOT a sales pitch of any kind. I'm interested in engaging in a discussion to change the nature of our business, help you to be more successful, and address some of the greatest challenges we've ever faced.

Please join me June 30th.

And I would greatly appreciate it if you would repost this invitation for others in your professional circles.

Thank you.


Sunday, June 06, 2021

Manifesto for a Modern IT Consulting Industry - Part 5

On The Transformation of an Industry into a Profession

This is Part 5 in a series on transforming our industry into a profession. Here are the previous installments:

Transformation of an Industry into a Profession - Part 1. Profit. Maintenance-Focused Support.

Part 2. Education. Core Values / Statement of Ethics.

Part 3. Ransomware and How We Handle It.

Part 4: Legislation and Insurance

To recap the nine pillars, very quickly:

The First Pillar: Profit

Profit is not the only measure of success, but it is a necessary one.

The Second Pillar: Maintenance-Focused Support

Backup and Maintenance are the foundation of all IT service.

The Third Pillar: Education and Certification

Education and certification are central to professionalism and continual renewal.

The Fourth Pillar: Core Values / Statement of Ethics

Ethics and principles ultimately define an industry and build the path to the future.

The Fifth Pillar: Defending client systems 

Defending client systems and data is an ethical imperative.

The Sixth Pillar: Response to our greatest challenges

A strong profession begins with a consistent, effective response to our greatest challenges.

The Seventh Pillar: Regulation and Protection

Recognition as a profession includes both statutory requirements and limits on liability.

The Eighth Pillar: Cooperation and Alliance with the Insurance Industry

A mature profession works with other professionals to safeguard ourselves and our clients.

All of which brings us to the future - which we'll need to create. 

Whether or not you agree with the definition of Managed Services or professionalism that I've outlined here, one thing is true: There is a never-ending flow of people entering our industry. And, as far as we can tell, that will go on forever.

Again, when I talk about "this" industry, I mean SMB IT - not enterprise. Not big business.

For about the first fifty years of our industry, there were two common ways that people got into SMB IT. Either they worked for a larger organization and decided to get out while they could, or they started out as a tinkerer and fixer who figured out how to make a living with IT. It took a long time before SMB IT shops started having employees.

Most people who haven't been in the industry for more than fifteen or twenty years may not know that multi-tiered companies  (with at least two layers of management) are a very recent phenomenon in small business IT. And since this aspect of our industry is so new, there is no established apprenticeship process.

In most industries, there is a somewhat standard path from newbie to seasoned professional. And we have a bit of this. But our industry has not defined paths for new entrants to gain experience and education that lead to specific job titles. The closest we've come is a series of technology-specific exams. Take a few exams on SQL Server and you can become a SQL administrator.

Ultimately, such technology-specific paths can never become professional paths. I have Microsoft certifications that go back to Windows 3.1 in 1995. A handful of that knowledge is still useful, but virtually all of it is time-bound and obsolete. Even the MCSE and Small Business Specialist certifications that were so valuable to my company ten and twenty years ago are just proof of knowledge once possessed.

If a modern IT business is maintenance-first and focused on a "managed service" model of service delivery, then we should be able to define requirements for both the specific technology of today and the more general business model for delivering that technology successfully and profitably.

The Ninth Pillar: Building a Path to the Future

A successful industry must build a path for newcomers to grow and thrive, constantly creating the next generation.

One of the ongoing problems I mentioned in the first part of this series is that IT professionals continue to sell based on the promises of managed service, but they continue to deliver break/fix. This happens, in large part, because they don't embrace the managed service business model. Perhaps they're unaware of what it entails; perhaps they just like the recurring revenue and don't really understand how to do all that maintenance-first profitably.

When industries are not professional, people just sort of "fall into" a certain job or business. Because they didn't take a path to the industry, each person comes from different experiences and education. They might be very, very skilled at what they do, but there's very little in common that could become the basis for a larger, professional approach to the industry as a whole.

Time and time again, when we find ourselves talking about books that changed our business and made us more successful, people say things like, "I wish I had found this when I first started my business." I heard that exact comment last week on a call. The book (not surprisingly) was The Emyth Revisited by Michael Gerber. I'm proud to say I've heard the same thing about Managed Services in a Month.

What we need is not a definitive library that everyone should read, but a general acceptance that there are some core concepts that define our profession. And here I begin to see the profession as something defined by some core business knowledge on top of the current technical knowledge.

Here's an analogy: Accounting. Lots of people figure out how to run QuickBooks, balance a checkbook, and keep track of income out expenses. They are amateur accountants. With enough practice in a specific area of accounting, they might become really good amateurs. But without proper training, they will not become professionals.

Accounting professionals take a certain course of training. They don't necessarily all read the same book. Each takes an Accounting 101 course that has SOME primary reading material and delivers the core concepts that introduce the student to the profession. Some of that knowledge is how-to, but it also includes a bit of ethics and a lot of practical advice.

Following this analogy, I am not advocating that a specific book or existing class be required for our discipline. I am advocating that some level of education on business philosophy for IT be included in training for our profession. We will always need technical training, but that will always become obsolete over time.

The non-technical training should define the current business models one might choose from. Break/fix and managed IT are both good, solid, profitable options. And anyone managing a professional IT consulting business should understand what each of these means, as well as the consequences of embracing one model over the other.

Finally, let's look beyond the technician. We all acknowledge that we've reached the point where we'd like to find an attorney who has worked with managed service providers before. They simply understand our business a little better. And we'd love to find an accountant who has worked with IT professionals before. And, in the 2020's, we're realizing that it's great to find an insurance agent who has worked with IT professionals. 

When you look at it from that perspective, there are many element of our industry that are different from the rest of the service industry. We have specific challenges and skillsets. We have good, better, and best ways of operating our businesses and delivering services.

Now let's look internally. It would be great to hire an office manager who has worked with IT professionals - especially in managed services. It would be great to fine a service manager who understand the managed service model. The same is true with sales people, administrative assistants, and (of course) technicians.

We are now at the point of our professional evolution that someone could enter a managed service business and find that there's an advantage to understanding our business model, and competing business models. One great way to acquire that knowledge is through formal training. 

We need to embrace formal training in IT services and managed services as an important path to creating great job candidates and building successful businesses. And, through that process, we will continue to grow as a true profession.

-- -- --

This has been a lengthy series. Thank you to anyone who has read most or all of it. I would sincerely like to discuss next steps with anyone who wishes to move this profession forward. Agree or disagree: Let's have a conversation.

I am honored to be part of this industry. And as it makes its inevitable way to becoming a profession, I look forward to assisting in any way I can.

Please post comments and questions. And stay tuned for a few proposals to apply these nine pillars going forward.


Wednesday, June 02, 2021

Manifesto for a Modern IT Consulting Industry - Part 4

It's Time for IT Consultants to Take a Step Up

This is Part 4 in a series on transforming our industry into a profession. Here are the previous installments:

Transformation of an Industry into a Profession - Part 1. Profit. Maintenance-Focused Support.

Transformation of an Industry into a Profession - Part 2. Education. Core Values / Statement of Ethics.

Transformation of an Industry into a Profession - Part 3. Ransomware and How We Handle It.

Part 4: Legislation and Insurance

For context, please see the previous posts. The first six pillars for an IT profession are: Profit; Maintenance-Focused Support; Education and Certification; Core Values and Ethics; Defending client systems; and Response to our greatest challenges.

Basically, we've been building a collection of actions that can help us all take a big step up from being an industry to a profession. The biggest problem we have is not ransomware per se: Our biggest problem is liability. We are stuck between evil programmers and insurance companies.

There are four major players in the SMB IT equation: 

  • You
  • Your Client
  • The Government
  • Insurance Companies

By "you" I mean the SMB (small and medium business) IT consultant. You might call yourself an IT pro, a reseller, a VAR (value added reseller), a managed service provider, or other name. By "you" I do NOT mean large, enterprise-level consultant or IT-outsourcing companies.

Why the distinction? Well, there are three primary reasons. First, those very-large outsourced IT companies are really in a very different business. They are generally large, well-funded, with layers of management. And, to be blunt, they can take care of themselves.

Second, those large outsourced IT organizations do not have the same service model. As a rule, they sell IT-as-a-service to very large organizations, including companies with offices all over the country or all over the world. My first consulting gig involved working for one of these mega-corporations. Every year, the company buying tech support would put out bids worth many millions of dollars. And every year, IT outsourcing companies would bid to provide the most support for the lowest amount of money.

As a bit of a side note: Such companies tend to provide overall horrible support. They are the stuff of Dilbert cartoons and TV sitcoms about IT consultants. Their service model is almost opposite of SMB IT in all ways.

Third, those large outsourced IT organizations place very little (or no) value on the client relationship. Someone in the sales department cares about getting the client to renew a contract. Someone in management wants to meet performance targets so they get their bonuses. But pretty much everything else in the organization is designed to beat the metrics and close tickets without regard to making the actual end-user clients happy.

Yes, that's all my opinion. And one might say it's inaccurate. But I'd be happy to have that argument on stage in front of ten thousand users supported by those companies. 

My point here is that SMB IT is different and distinct. We are not in the same profession as those folks. Even mediocre IT consultants at the small end of the market are almost obsessed with customer service. To be honest, we don't talk about this as much as we should - just for bragging rights - because we are all hyper-focused on keeping clients happy. In fact, if you go back to Pillar number one, profit is often sacrificed in favor of customer service. 

So, there's you. And then there's your client. Again, by definition, we are in the SMB market. As a rule, we don't support 30,000 desktops across fifty different offices. We tend to support between one and one thousand users in one to five offices. There are outliers, but the 1-500 seat clients probably make up ninety percent of all our clients. I'm sure Jay McBain or someone at Forrester knows the number. But you understand who your clients are.

Next there's the government. And, for most of us, that's a state- or provincial-level government. There are few federal or national level laws governing what we do. So far, most of the national level regulations have been around privacy data and financial data. But more laws and regulations are coming.

Most regulation and legislation is a step closer to home. State and provincial governments are actively looking around to see what they can do. Eventually, these things will work their way up to the national level, but for now we are seeing lots of proposed legislation at the state level. This is common with many areas of law, so we're gradually seeing a very normal evolution of regulation.

Basically, it's our turn. 

Legislators read about companies and state agencies being attacked and brought down by ransomware and other cyber attacks. Of course, most legislators are from professions other than technology, so they have only a passing knowledge about what's actually going on. But it's their job to defend their constituents, their districts, and the tax payers' interests. So legislation is inevitable.

Finally, there are insurance companies. Believe it or not, insurance companies are more or less caught in the middle as we are. They wrote policies for problems they could foresee and measure (e.g., business interruption due to hard drive failure, or backup failure). They were not prepared for the massive growth in ransomware payouts in the last few years. Numbers are all over the place, but here's one: Bitdefender's Consumer Threat Landscape Report shows a 485% increase in ransomware in 2020.

Insurance companies are scrambling to respond. The requirements for a ransomware payout are becoming stricter. And insurance companies are pushing training for their clients. I have been pleasantly surprised at all the resources my insurance company makes available to me for cyber security training.

With this framework in mind, let's look at the seventh and eighth pillars for turning our industry into a profession.

The Seventh Pillar: Regulation and Protection

Recognition as a profession includes both statutory requirements and limits on liability.

I am a "minimalist" when it comes to regulation. I have a Master's Degree in Political Philosophy, so I could write a book on the appropriate role of governments in civilization. But sometimes you just have to face reality. And right now, for our industry, legislation is coming. The number changes every day, but I believe twenty-one states have proposed legislation that affects our industry.

We have a very simple choice to make on this front: Either jump in and try to influence the regulation as it comes, or do nothing and let that regulation happen to us. Given that choice, I strongly advocate jumping in and participating in the conversation.

Remember: Legislation goes both ways. That's why companies spend the effort to lobby governments. Given the Pillars I have addressed so far, we can identify some "gives" and some "gets" that might be included in government regulation.

[For this discussion, I will talk in terms of a US State legislative body. Similar processes would need to be followed in Canada, the UK, the EU, Australia, etc.]

First, and foremost, the SMB IT industry should be identified as a legitimate profession. That means there are some requirements. It also means there are some protections. The simplest way to be identified by name is require that a specifically identifiable group be registered with an appropriate state agency. Depending on the state, this might be the Secretary of State, Secretary of Commerce, Consumer Affairs, the Contractor's License Board, or some other entity. Each state is different.

Give: We register with the state. There would probably be a small fee for this.

Get: The state should maintain a database of registered IT Service Providers.

Second, the state may then regulate the industry. Specifically, I foresee that a state would require that all companies who do business with a registered IT Service Provider be required to sign a contract, enforceable by the state. This contract would then require that backup services be offered under every contract. And, of course, it would require that cyber security incidents be reported to a specific state agency or regulatory body. Again, this then becomes publicly accessible data.

Give: The state regulates us. This puts some limits on what we must offer.

Get: We have contracts with all clients, no matter how small, and there is an enforcement mechanism with the state government.

Third, the state should provide a way for a client to opt out of data recovery services, but also provide that doing so relieves the registered IT Service Provider from liability or responsibility related to a cyber security incident. Note: It should not be easy to opt out of backup and disaster recovery services. But if the client just plain refuses to buy such services, the IT Service Provider is not responsible for the consequences.

Give: We have to offer the services and educate the client enough that they understand what it means to opt out of such services.

Get: If there is a cyber security incident and the client has opted out of the appropriate protections, we cannot be sued by the client or their insurance company. (Note, also, that the insurance company can use this same legislation to deny or limit cyber security coverage to the client.)

We need to get ahead of this issue. We need to participate in our own well-being. There could be lots of details, of course, regarding the size of deals that must be bound by this legislation. But at least we'll all be playing the same game and everyone will know what the rules are.

The Eighth Pillar: Cooperation and Alliance with the Insurance Industry

A mature profession works with other professionals to safeguard ourselves and our clients.

Insurance rates are skyrocketing, primarily because the insurance companies don't have any choice. On the issues of addressing ransomware, cyber security, and insurance payouts, we find ourselves very much aligned with the insurance industry.

After all, insurance companies have seen ransomware payouts go from a few hundred dollars to several million in just a few years. Attacks are serious, sophisticated, and very highly focused. Insurance companies want to provide reasonable protection to us and to our clients. But when you go up against the essentially unlimited resources of the Russian government, it's hard to figure out how to win.

If we partner with the insurance industry, we can propose solutions that limit liability when client cannot or will not protect themselves. If we had a system like the one described above, it would allow us to be properly insured. Our clients would fall into three categories: 1) Not regulated, 2) Opted into backup and disaster recovery services, and 3) opted out of backup and disaster recovery services. 

Those not regulated would also not be allowed to come after us or the insurance company. One obvious example of this: A client who only buys a phone system from you, the total cost is under a specified threshold, and they are not required to have a backup and disaster recovery system with you. So they might have one with someone else, but not your company.

Those who are regulated have a relationship now regulated by law. If they opt into backup and disaster recovery services, the insurance company and you both accept liability and insurance rates can be set. If they opt out of backup and disaster recovery services, then both you and the insurance company are protected from lawsuits that might arise from a cyber security incident.

I'm not a lawyer, a legislator, or an insurance agent. There are lots of details to be worked out. But I believe there's a big picture in which the IT Service Provider industry and the insurance industry have a lot of common ground and some powerful reasons to work together.

As with any professions, there may be times when we're on opposite sides of an issue and times when we're on the same side. In this case, I believe there is great value in being on the same side and partnering up to protect more small businesses, create a reasonable balance of liability, and keep insurance rates at a reasonable and sustainable level.

-- -- -- 

Next time: Building a Path to our Professional Future

Please post comments, questions, etc.!

-- -- -- 

Here are links to the entire series:

Part One - Profit and Maintenance-Focused Support

Part Two - Education and Core Values 

Part Three - Ransomware and How We Handle It

Part Four - Legislation and Insurance

Part Five: Building a Path to the Future


Tuesday, June 01, 2021

Say Hello to Gradient, the World’s First Intelligent PSA Data Hygiene Solution Designed for MSPs

I received this press release from Gradient MSP on their new offering.

- - - - -

Say Hello to Gradient, the World’s First Intelligent PSA Data Hygiene Solution Designed for MSPs

Offered at no cost to MSPs, Gradient’s freemium software seeks to give back and “level up” the IT channel by providing actionable cleaning recommendations that help drive smarter business decisions, solve administrative challenges and create a better experience for everyone. 

CALGARY, Alberta, June 1, 2021 – The wait is over. The highly anticipated arrival of Gradient MSP’s new and intelligent Professional Services Automation (PSA) data hygiene solution for Managed Service Providers (MSPs) is here. Click to view demo. 

Available now to MSPs worldwide at no cost, the freemium software from Gradient MSP breaks new ground in the channel, taking the first step in bringing forward a wave of knowledge that stands to benefit the entire IT channel ecosystem. 

Developed by channel veteran and entrepreneur Colin Knox, the Gradient platform enables MSPs to make better business decisions by generating and optimizing granular, clean and actionable data derived from the tools they use to manage their business. Once set up, the software sifts through the core records in the PSA and analyzes them, identifying any dirty records that are distorting the true view of the business.

“MSPs typically have a substantial amount of dirty data hiding within their PSAs — outdated or erroneous records, for example, which can dramatically impact how the MSP runs their business, both from an operational and financial standpoint, as well as how they engage with their team and their customers,” said Colin Knox, CEO, Gradient MSP. “Our intelligent data hygiene solution is unique to the industry in that it gives MSPs the power to make better, more informed decisions because they have a clear and realistic picture of what is actually happening in their business.”  

To keep it simple and easy to use, the Gradient platform integrates with leading PSA solutions from ConnectWise, Datto, Kaseya, Syncro and Tigerpaw, with additional integrations coming online soon. “Using data to make better business decisions and plan for the future is not a tactic reserved for the enterprise or for companies with money to burn,” notes Knox. “With the introduction of the Gradient platform, we’ve made data hygiene actionable and affordable for the MSP—and in return, given rise to a healthier and smarter channel ecosystem.”

“Bringing data hygiene to MSPs of all sizes really speaks to our mission to help raise the entire MSP industry,” Knox adds. “We love MSPs, but we know that data management is often a challenge.  Automating administrative burdens, and bringing about data equality in the MSP space, is the core of the data hygiene module, and the next modules we’re releasing as well.”

“Gradient has helped us clarify our data,” says Patrick Murphy, Vice President, ISG Technology. “This has allowed us to have true knowledge of our business, as well as a voice to state the facts since I no longer have to wade through all the excess irrelevant data in my PSA.”

Pricing and Availability

Gradient MSP’s data hygiene solution is available now and at no charge to MSPs. Learn more at https://www.meetgradient.com.

About Gradient MSP

Established in 2020, Gradient MSP offers the IT channel ecosystem a data intelligence solution built to help MSPs work smarter and serve better by learning from the data they already have in play from PSA platforms. Founded by technology and business entrepreneur Colin Knox, Gradient solves for one of the IT channel’s biggest challenges and greatest opportunities, making data analytics actionable. Available at no cost, Gradient’s data hygiene module is designed to empower all MSPs, regardless of size, cleaning data in real time to allow for clear and accurate insights about their business and their customers. In return, MSPs can make smarter business decisions, elevate the experience and grow more profitably. To learn more, visit https://www.meetgradient.com



Monday, May 31, 2021

Manifesto for a Modern IT Consulting Industry - Part 3

Manifesto for a Modern IT Consulting Industry - Part 3

It's Time for IT Consultants to Take a Step Up

This is Part 3 in a series on transforming our industry into a profession. Here are the previous installments:

Transformation of an Industry into a Profession - Part 1. Profit. Maintenance-Focused Support.

Transformation of an Industry into a Profession - Part 2. Education. Core Values / Statement of Ethics.

Part 3: Ransomware and How We Handle It

A great deal of this discussion about our industry, and where we want to take it, is triggered by the crises of ransomware, how we respond to ransomware, and how governments and insurance companies are responding to ransomware. And so far "we" don't have a response. Lots of vendors are selling lots of solutions. But none of them is really a solution: Each is a small fix for a small piece of a big, big problem.

As with so many things in technology, our response to problems consists of a big toolbox filled with various sizes of Band-Aids. But very little effort is put into taking a step back and looking at the big, big picture. 

Here's a great example: Identity theft or credit theft. On more than one occasion I have posted photos of my drivers license or credit cards online. People come screaming out of the woodwork because these things contain lots of information that can be used to "steal" my credit, open accounts in my name, etc.

But I don't care for a simple reason: I have made this information useless. Try to open an account in my name. You can't. Try to buy a house in my name. Try to take over my car registration. Try to use my credit cards. You can't.

You see, there are different ways to look at problems like this. "The data" genie is out of the bottle. I grew up in an era when my social security number was my student ID. I think it was published in the school directory. The birth dates and death dates of my parents are public information. My ex-wife worked for the State of California during roughly 1,000 incidents where all of our private information was stolen and sold on the dark web.

Your information is just as secure. So you are no more or less secure if you post your drivers license online. But you can take steps to make that information useless. You don't have to throw up your hands and say, "Oh well. If they want to break into my stuff, they will." And yet, that defeatist attitude is exactly what virtually everyone in IT says to one another - including MSPs, VARs, vendors, distributors, and even security companies.

I have written this many, many times over the last five years, but it's still true: There is absolutely no excuse for ransomware to take down a business or government agency today. The first time I created real-time data-mirroring between offices in Southern California and Northern California, the setup was about $100,000 and monthly monitoring and maintenance was about $10,000. I was happy to do it.

That exact site could be backing up to a BDR with images in the cloud for a fraction of that cost today. (I hope they are.) What was once nearly impossible and extremely expensive has become simple and very reasonably priced.

The question is no longer whether we can secure all data but whether we are willing to. And that "we" clearly includes the client. Next time, we'll talk about insurance and government regulation. Clearly, if a client cannot afford to be protected, the IT Service Provider should not be held liable for the results of a ransomware attack. And, clearly, if a client can afford but refuses to pay for the appropriate systems, then the IT Service Provider should not be held liable for the results of a ransomware attack. But that's next time.

Now let's look at the next two pillars for our emerging industry: Defending client systems and our consistent response to attacks.

The Fifth Pillar: Defending client systems and data is an ethical imperative.

I know a lot of people are not comfortable with the discussion of ethics and what's ethical. But I am. Maybe it's my "Arts and Sciences" education. But I think that professions do have some ethical requirements. For example, financial advisors should put their clients' financial interest first; they should not overcharge their clients; they should not steal from their clients. 

All of that is actually based on a clear difference in knowledge. When you know more than your clients, you have the opportunity to recommend "solutions" that don't really increase security. And you have a great deal of power to remove yourself from taking the blame when things go wrong. 

See the last post on an industry code of ethics.

In the first installment, I made the case that basic maintenance and backup are central to our profession. Here I would take that up a notch. I believe we are obligated to defend our clients' data once they have engaged us. And a huge piece of this is based on that same differential of knowledge. 

I've heard people make fun of clients who think that their data are automatically backed up because it's in the cloud, or with Microsoft. Similarly, they laugh about clients who think that mirrored drives or a RAID array are backups. 

But here's the hard cold reality: If we want to be a profession instead of a collection of really smart people who all just happen to work in the same industry, we have to draw a line and take responsibility when the client cannot make correct decisions for themselves. If a client doesn't understand backup, and you do, you have an obligation to look after their interests. When a client doesn't understand security and you do, you have an obligation to look after their interests. 

Your clients will never know what you know or understand what you do. They are professionals at dentistry, or law, or finance, or whatever. They trust you. They rely on you. They turn to you and ask, "What should I do?" You are morally obligated to give them good advice. Ultimately, what we do in this business is to help clients make good decisions about technology.

The funny thing about this discussion is that so many people immediately put it all back on the client: They refuse to secure their systems; they refuse to pay for it; they don't believe they're in danger. But that doesn't excuse you from your moral obligation.

This goes beyond you and the client. The "client's data" is often not the client's information to leave unsecured. The client's data probably includes their clients' information, medical records, financial information, intellectual property, etc. Your client has no right to wave their hand and decide that such information can be open to compromise.

We're seeing more and more compliance legislation all the time. It all boils down to this: Left to their own devices, many people will not secure their own systems or their clients' data. And further, compliance legislation acknowledges that society has a stake in securing that data - even if a specific company doesn't want to.

As an IT service provider, you don't have any choice. You are part of this mix. The players are you, your client, the government, and insurance companies.

So, protecting and defending this data is an imperative. What do you do when the client simply refuses to comply, for whatever reason?

Today, the best you can do is to have them sign a waiver of liability. But it is unclear whether such waivers are enforceable. As you probably know, almost every contract has limits on liability that are simply ignored. When lots of money is at stake, companies sue. Insurance companies sometimes pay out. And then they sue to recover their money. I'm not aware of any contract that has actually prevented a lawsuit.

And no matter what you do, you're still in the mix. Whether we like it or not, we need to work with governments and insurance companies on a formal process for removing ourselves from the mix. 

It begins with acknowledging that creating data security systems and business continuity are imperative. Then, the client needs to be educated, to the extent that's possible. But remember: Some clients will never understand or accept the danger.

In the world of finance, there's a thing called a sophisticated investor. A sophisticated investor is someone who has lots of experience and knowledge in a variety financial dealings. So, for example, you might only be invited to consider a certain investment opportunity if you can document that you are a sophisticated investor.

We experience a similar thing in technology. If you're reading this, you're probably a sophisticated technology consultant. You know and understand certain things at a level that most of your clients will never reach. So how do you educate them sufficiently so they can make an educated decision to not protect their data?

Ultimately, you cannot force any client to buy into a business continuity solution or to protect themselves from ransomware, extortionware, etc. Today you have three options when a client refuses to protect themselves: 1) Take the risk that you'll get caught up with them, their problems, and their insurance company. 2) Walk away and let someone else take the risk. 3) Stay and try to limit your liability.

There should be a formal process whereby you educate the client. And, if they choose not to protect their data, there should be a formal process - recognized in law - that removes you from liability.

This process cannot be haphazard. It needs to be a formal process. The insurance companies need to go along with it. And I expect they will, if it's done right. After all, the reason they're raising rates through the roof is that they're paying out massive ransoms because so many systems are simply not protected. 

We will return to this topic next time.

The Sixth Pillar: A strong profession begins with consistent, effective responses to our greatest challenges.

In 2020, the world of compliance took a huge step in the right direction. And somehow, almost no one noticed. Every time I mention that the US Department of Health and Human Services has blessed the use of NIST CMMC for attaining and documenting HIPAA compliance, I get several requests for links.

[Okay. Just to get this out of the way, here are the links to start with:

- https://www.hhs.gov/hipaa/for-professionals/security/nist-security-hipaa-crosswalk/index.html

- https://www.hhs.gov/sites/default/files/cybersecurity-maturity-model.pdf

- https://www.hhs.gov/sites/default/files/nist-csf-to-hipaa-security-rule-crosswalk-02-22-2016-final.pdf ]

This is one example of the kind of thing we should be doing on several fronts. HIPAA (the Health Insurance Portability and Accountability Act) originally had no clear guidelines. It had no standards that could be built into a checklist. There was no way to document compliance. And, oddly enough, compliance could not be achieved without documentation.

As a result, "compliance" was simply determined by who sued or brought an action against a healthcare provider or IT professional. Finally, the DHHS move in 2020 made it possible to define compliance, create checklists, and demonstrate compliance. The documents above literally map CMMC actions to HIPAA requirements.

This is a great model that we can repeat in other areas. Again, with one eye on the government and the other on insurance companies, we can develop procedures that define appropriate responses. The basic formula is this:

  1. Define the challenge. For example, stop viruses and phishing attacks from allowing data to be compromised, encrypted, and exfiltrated.
  2. Define a set of actions and processes that define professional best efforts with regard to the task at hand.
  3. Define procedures and checklists which, when implemented, will meet the requirements for best efforts.
  4. Document the execution of these processes and procedures, and be willing to be judged by this documentation.

In a perfect world, we don't need the government to be involved in any of this. But, so far, our industry has spent more effort passing the buck and selling Band-Aids than solving the biggest challenges we have. We each come up with a set of different procedures, software, and services. And when it doesn't solve the problem, we confidently tell each other, and our clients, "There's no way to stop everything."

I go back to my original statement: There is absolutely no excuse for ransomware to still be a problem today. But instead of getting our arms around it and addressing the big picture problems, we spend our time playing whack-a-mole and making sure we're not the ones being sued for millions of dollars.

I see three obvious ways that action will be taken in the next few years. First, we can continue our uncoordinated attempts to apply patches here and there. This will result in the government taking action that solves some problems for the government but probably doesn't solve the actual problem. Remember: government agencies are getting hit at least as much as private businesses. They'll do "something" in response, even if it's not the best thing.

Second, the insurance industry will draft legislation and it will spread across the globe. This is actually the most likely response since the insurance industry is already well funded, well organized, and very experienced with lobbying. I assure you, their response will serve them very well. You will not find yourself relieved of any liability if the insurance industry writes the rules without input from IT service providers.

Third, we as a profession can begin to address the big problems with standardized processes and procedures that address the needs of our clients, government agencies, and the insurance companies. This approach might include getting some of these processes and procedures written into government regulations or legislation. It would involve engaging the insurance industry in discussions about what they need, and the role we play.

To be honest, a coalition of the IT service industry and the insurance industry may be the most powerful thing we can do. We could actually draw some lines around the obligations companies have to protect data, the liability that goes with that, the requirements for best efforts to protect that data, and the documentation required to verify where liability lies.

In many ways, we have accidently taken on liability for our clients' behavior by the response we have to security challenges. And now it's time to limit that liability and define the terms under which it can be lifted off of us and placed back on the client.

The only way to eliminate liability altogether is to eliminate risk altogether. Between ourselves, our clients, and the insurance companies, I believe we can define processes and procedures to reduce risks considerably, and therefore reduce liability as well.

I'm not saying it would be easy. But it could be done.

-- -- -- 

Next time: Legislation, Insurance, and Building a Long Term Path to Professionalism

-- -- -- 

Here are links to the entire series:

Part One - Profit and Maintenance-Focused Support

Part Two - Education and Core Values 

Part Three - Ransomware and How We Handle It

Part Four - Legislation and Insurance

Part Five: Building a Path to the Future