Thursday, March 16, 2023

How to Escape the Ransomware Attack Loop

How to Escape the Attack Loop

I recorded a quick interview with Eric Simmons, CEO of Asigra for next week's SMB Community Podcast (see The interview will air Thursday the 23rd. One of the things he mentioned is what Asigra calls the attack loop. 

You might not have a handy name for the Attack Loop, but you've seen it (or at least feared it). Basically, you backup data that includes a lot of bad content, including:

  • Viruses and ransomware
  • Old code with "hooks" that can be used for viruses and ransomware
  • Old code with problems that could be fixed . . . but they're not fixed inside your backup
  • and so forth.

The problem is that a basic data restore will restore all this bad content along with the good. So, even an "air-gapped" backup is not clean because a restore will bring back problems that are inside the backup. The worst case scenario is that a client has a ransomware incident, recovers from backup, and immediately has a repeat incident. Hence the loop.

Today, pretty much all backups have bad content such as ransomware. Asigra notes that about 40% of companies with good backups still end up paying ransomware (see the video on this page:

Scanning During Backup Isn't Enough!

One obvious solution is to scan everything as it moves to backup. That's great. But the backup will still contain time-release attacks, not-yet-discovered attacks, and not-yet-identified malicious code. So, no matter what you do, your backups will always include content you don't want to bring back. 

The solution is to clean the data during recovery. In this way, even an infected backup will result in a clean recovery. And, of course, the older the restore point, the more bad content there is in the backup because older backups occurred before the malicious code was identified.

The world of backup and recovery is always changing, but bi-directional scanning of backups goes a long ways to getting your client out of the Attack Loop.


Note: This is NOT a paid post, but I DO thank Asigra for sponsoring the SMB Online Conference, headed your way in May 2023. See more information at

Also - Please join us April 19th for a webinar with Eric Simmons entitled, "Does Your Backup Protect Your Against the Latest Ransomware Attacks?" Register now at


Tuesday, March 14, 2023

Revised Class - Optimize Your Social Media Marketing and Advertising - Starts March 21st

Optimize Your Social Media Marketing and Advertising - 5W23

Newly Revised for 2023!

Part of the "Social Media Super-Charge" Series for Small Business

Taught By: Karl W. Palachuk

- Five Tuesdays: March 21 - April 18, 2023

This course covers the key elements of designing, planning, and executing a modern social media strategy in the Small Business environment. We cover the use of social media for both marketing and sales.

Most small businesses "use" social media, but don't really have a strategy for using social media effectively. That strategy starts with understanding the strengths and weaknesses of various platforms. And it culminates with a unified approach to branding and how your company presents itself across a variety of platforms. 

This course starts with a business-focused overview of social media marketing and sales. We discuss taking control of your brand and managing how you show up on the web. We present a strategy for creating and managing your overall branding across all social media. Finally, we do a deep-dive into automating and managing your social media presence going forward. 

This course is taught by Karl W. Palachuk, a social media influencer who "touches" over one million people per month. Karl has been using these social media for more than ten years, and has demonstrated mastery across all of the major social media that small businesses need to be successful.

Here are the specifics of what you'll learn, week by week:

Module 1: Introduction, Overview. Marketing vs. Sales

  • The Plan of The Course
  • Take-Aways And Goal-Setting
  • What is Marketing?
  • What is Sales?
  • Developing a Funnel System
  • Schedules – Manual and Automated
  • Which Social Media are Best for You? (Including Reddit, Instagram, TikTok?)
  • The Big, Big, Social Media Strategy

Module 2: Google, Apple, SEO, And Managing Your Company's Meta Data

  • Meta Data Basics
  • Taking “Control” Of Your Google, Apple, and Other Meta Data
  • SEO Reality
  • SEO Checklist
  • Data Maintenance
  • Organizing and Tracking Meta Data
  • Meta Data in the Big Strategy
  • Drill-Down: Choosing Social Media platforms
    • TikTok, Clubhouse, Twitter Spaces, Caffeine, Instagram, Houseparty

Module 3: Graphics Overview And Tools Management

  • Graphics Overview
  • Branding Basics
  • A Storage Strategy
  • Updates, Versions
  • Graphics in the Big Strategy

Module 4 Automating Your Social Media Marketing

  • The Benefits of Automation
  • Pacing – Creation and Publishing
  • Popular Tools
    • Free vs. Paid
    • Focus on Your Prime Social Medium
  • Strategy, Planning, and Tracking
  • Hiring/Outsourcing Assistance
  • Automating Social Media in the Big Strategy

Module 5 When to Pay for Advertising and Tools

  • Free -  A Great Place to Start, and Often the Most Expensive Option
  • Comparing Tools, Features, and Prices
  • Start Small – Don’t Buy Everything You Find
  • Get the Most from as Few Tools as Possible
  • Avoid Trying to Do Everything and Measure Everything
  • Measuring Your Success
    • Social Blade
    • Social Bluebook
    • TubeBuddy
    • HootSuite, etc.
  • Paid Tools in the Big Strategy

-- -- -- 

You may also be interested in the other courses in the Social Media Super-Charge Series for Small Business:

Deep Dive Into Facebook, YouTube and LinkedIn 

1. YouTube - Setup and Optimizing for Marketing

2. YouTube - Video Upload and Tagging

3. Facebook - Setup and Maximizing Results

4. LinkedIn - Setup

5. LinkedIn - Optimizing for Sales

Super-Charge Your Social Media Marketing

1. Twitter 

2. Blogging 

3. Podcasting

4. Email Marketing and Newsletters

5. Super Charge: The Magnifying Effect

-- -- --

Delivered by Karl W. Palachuk, blogger and author of the very popular Relax Focus Succeed blog at

Includes five weeks of webinars with related handouts, assignments, and "office hours" with the instructor. All classes are recorded for download. All classes include suggested "homework" that is totally action-focused and intended to move your company's marketing forward.

This course is intended for business owners and managers. It is particularly useful for Sales Managers and Marketing Managers.


Thursday, March 09, 2023

NSITSP webinar - Cyber Insurance Deep Dive 2023 – April 26, 2023

A note from NSITSP . . .

NSITSP is proud to announce our first member-focused educational webinar:

Cyber Insurance Deep Dive 2023 with Brian Mahon, Certified Cyber Insurance Counselor.

Brian’s company – Insurance for MSPs – is a Vendor Parter of NSITSP. This is a totally non-sales educational program. It is open to everyone: Members and non-members alike.

Wednesday, April 26
9:00 AM Pacific Time (Noon Eastern)

Register free at

Insurance is a HUGE issue today. And whether you like it or not, MSPs (and their clients) are directly affected by changes in the insurance industry.

The battles over ransomware, cybersecurity, and financial liability are critical. In fact, they are potentially deadly for IT Service Providers. Bad decisions regarding insurance can put you out of business.

How can you afford insurance today? What should you be buying? And what can you do to make sure you’re supporting your clients properly? Join this webinar for a closer look at what cyber insurance is, how it works, and how it differs from Technology E&O (Errors & Omissions) insurance. And more!

Special guest, Brian Mahon, is a Certified Insurance Counselor, and innovation enthusiast. Brian has served innovative companies in the technology and life science industries since 2017. After a few years of helping entrepreneurs and CFOs at small, medium, and large companies with their risk management programs, he realized his favorite clients were all MSPs! In March of 2022, he graduated from Chubb and Carnegie Mellon’s Cyber COPE Insurance Certification program and launched He works day to day as an advisor at a top 100 independent insurance agency, EHD Insurance in Lancaster, PA.

Sign up today:


Note: If you're not a member of the National Society of IT Service Providers, today is a good day!


Wednesday, March 01, 2023

Sample Sub-Contractor Agreement - Exclusive Content

Just posted inside the Small Biz Thoughts Technology Community! 

Sample Sub-Contractor Agreement (contract)

Delivered as a Word docx file.

See the Community New Post 



One of the things I predicted in my State of the Nation address is January is that sub-contracting among IT folks was going to become a lot more common. This is due in part to the labor scarcity, but also as part of the natural evolution of our space.

If you're not a specialist a [signage | telephones | security | web development | conference room AV | etc.], one option is to learn it all. Another is to do what you tell your clients to do: Hire a specialist.

But, of course, you don't want to hire this person. You want to find someone who can bring their skillset to the job for a reasonable price, and let them make you look good to your client.

I am getting more and more requests for a sample sub-contractor agreement. I have been using a variation of the basic agreement in Service Agreements for SMB Consultants. But I have also been putting together a dedicated document. 

Note - as always - Have any document you sign be reviewed by your attorney. My attorney probably doesn't live in your state. So as you adopt this document for your use, please make sure that it's valid and enforceable in your state (territory, etc.)!

This is a sample agreement (contract) for outsourced labor. You can use this to sub-contract for tech support services as well as any outsourced labor you hire (video production, web development, marketing services, etc.).

To use this document, there are three steps. First, remove my branding and add your own. Second, customize the document for the specific project and pricing. Third, send this to your attorney (or at least LegalShield or a similar service) just to make sure it's legal and effective in your state, region, country, etc.

This agreement includes the core elements you need to verify that the sub-contractor is a sub-contractor and not an employee. It also includes a non-disclosure agreement and a clause to prevent the client from poaching employees from the contractor.

It is important that you don't unintentionally create an employer/employee relationship because you were not careful about how the relationship is crafted!

This document is FREE to anyone who is a member of the Small Biz Thoughts Technology Community. For non-members, the price is only $1,199 - and includes a full year of membership!