Which verticals do you see emerging for MSPs in 2016? Will it be more of the same?
Best posts made by GlennBarley
-
Top MSP verticals in 2016
-
RE: Who to Connect with and How to Manage Multiple Networks on Social Media
@scottalanmiller We talked about this at our user conference. I think the best example that I can give as to why this is important is from a Celtics game that I went to earlier this year. We were delayed getting in because of an issue with the security scanners and missed the opening tip off. I tweeted at the Celtics that I was frustrated and they immediately got back to me with a direct message offering me a seat upgrade. My frustration was immediately relieved and we watched the game from the floor.
This wouldn't have happened if they weren't monitoring their social media accounts.
-
RE: holy crap FB is annoying
@Dashrender Have you created a business page on Facebook? This might be better for what you're trying to do.
-
VIDEO: Vulnerability in Intel Utility Allows Malware Attacks
A serious flaw in the Intel Driver Update Utility allows for man-in-the-middle attackers to install malware on user devices. Meanwhile, a Linux kernel vulnerability has been patched. To hear more, just play the video!
Transcription
Hey everyone welcome back for another edition of IT Rewind. Today is our 64th episode, the same number as former Green Bay Packer, Jerry Kramer. On today’s episode we take a look at an Intel flaw that allowed for possible man in the middle attacks. You’ll hear about this story and more right now on IT Rewind!
An Intel software utility called the “Intel Driver Update Utility” was found to contain a serious flaw that could allow for man in the middle attackers to install malicious malware on user devices. The vulnerability stems from a failure to encrypt HTTP connections that are used to check for driver updates. The tool was designed to provide an easy way to find the latest drivers for chipsets, graphics cards, wireless cards, desktop boards, NUC mini PC’s or the Intel Compute Stick. Since the discovery of the flaw in November, the issue has been fixed and a new version of the tool was released on Tuesday. Those who use the Intel Driver Update Utility are advised to download the latest version immediately.
Another serious vulnerability has been patched, this time involving Linux. The patch is for a critical Linux kernel flaw that affects versions 3.8 and higher and extends to two-thirds of Android devices. The vulnerability exists in the keyring facility, which encrypts and stores login info, encryption keys and certificates. The vulnerability was discovered by a startup called Perception Point. Yevgeny Pats, CEP of Perception Point said, quote – “It’s pretty bad because a user with legitimate or lower privileges can gain root access and compromise the whole machine. With no auto update for the kernel, these versions could be vulnerable for a long time. Every Linux server needs to be patched as soon as the patch is out.” End quote.
Before we go we’d like to give a shout out to Kaeli O’Connell who was featured in this week’s Employee Spotlight. Kaeli is an Interactive Web Marketing Associate here are Continuum and was nominated for her ability to rapidly grow within her team. Do you have a recommendation for next week’s Employee Spotlight? If you know of an employee that has been going above and beyond lately, leave a comment below, or tweet @FollowContinuum using the #EmployeeSpotlight.
That’s all the time that we have for this week’s episode of IT Rewind, As always, read the full stories that we covered today and other tech stories by clicking on the links below.
Of course, you can always find us on Twitter, Instagram and Vine at FollowContinuum. We’re also on Facebook, LinkedIn, Spiceworks, YouTube and Periscope.
Take it easy.
-
Accounting for Client Change Requests & Prevent Scope Creep
If you're an MSP with clients on fixed-fee managed service agreements, you've likely been faced with the issue of "scope creep," or unexpected changes in a project's scope. You know the situation well. One of your clients loses an employee, you have to configure a new user account or you're called upon to install applications you hadn't previously discussed. The trouble is that you don't know how to charge for each move, add or change (MAC). You either aggravate clients by surprising them with an additional bill, or you take on the work without any additional compensation. In both cases, scope creep stalls business growth by damaging client relationships, disrupting workflow and reducing margins. How do you then avoid it? Fortunately, as a former MSP who worked for All Covered, I have some experience navigating this conversation with customers.
Step 1: Know Your Clients and Indicators of Change Requests
First and foremost, to avoid scope creep in managed IT services, you have to take the time to get to know each customer. You should be able to predict which clients will require more MACs based on the information you gather, such as:the company's growth plans, both in hiring and acquiring new business
the health of the business overall - is it profitable?
whether the client is bound by compliance regulations
the state of employee turnover
Each of these situations can affect the level and amount of requests you receive. If, for instance, your client has a history of high employee churn, that should signal you to expect future MAC projects like changing user access and adding new users (if they plan on hiring) to accounts.Pro tip:
One of our partners has created a custom ticket list view in his professional services automation (PSA) tool consisting of keywords associated with these one-off projects, like "setup," "upgrade," "terminate," "disable," and "replace." Creating a similar view will help you get a gauge for how many of these tasks you're typically asked to complete.Step 2: DOCUMENT MACs in Your MSP Agreement
It's also worth knowing the majority of these requests surface with newly acquired clients. Many MSPs don't understand that it takes a good six or seven months to sustain profitability, enter cruise control and not have to juggle a million support tickets. Considering that scope creep is a threat from the moment you begin onboarding a new client, you'll want to get to them early enough to establish clear guidelines.Scope creep usually occurs when expectations aren't solidified in writing. In other words, you have to document these additional spends in your contracts. Notice how getting to know your clients and their IT environments precedes this step. That's because you can't determine how much work a client will be without getting to know each on an individual basis. Only once you've done this should you move forward with drafting a contract. To refresh you on what should be included in your Master Client Services Agreement (MCSA), here's a list of policy items to cover:
Scope of Services
Payment
Authorized Contact Person
Access to Premises
Warranties; Limitations of Liability
Termination
Uptime; Reporting; Remedies
and more!It is under Scope of Services - also known as Scope of Work (SOW) - that you should clearly articulate that you will support your clients' environments as they exist today at a fixed fee. The number you quote to one client may be different than what you bill another, depending on the volatility of their environment. Adjust your pricing to include the projects you foresee having to complete, and build this figure into the agreement, clearly stipulating how this will alter th cost if performed.
Once you've had meaningful conversations with clients and understand how much of your services they'll need, you can prevent unwanted surprises down the line by adding these additional projects to your MSP agreement. That way, customers can't complain that they didn't know they were going to get billed for that printer add request they submitted a month later, helping you maintain client satisfaction. At the same time, you'll be able to manage client demands and know how best to deploy your techs for each site. Win win.
But should ALL projects be added to the scope of the agreement?
I usually advise MSPs to draw the line for bigger projects like server refreshes or infrastructure upgrades - i.e. server migrations, network upgrades, new firewall installations, new office openings and replacing servers that unexpectedly crash. These are the kinds of change requests that happen every once or few years and so should be excluded from the scope of your agreement.Pro Tip:
I recommend standardizing your documentation and sales conversations around the phrase, "separate billable projects" to classify these heavier lifts. Avoid using terms like "additional fee" or "added expense," which make your services seem like a hidden cost. -
What is the Difference between a Fully-Managed Help Desk and Network Operations Center (NOC)?
Original Source: MSP BLOG
It can be difficult to manage technical support and front-line user supportinhouse, so many MSPs look to third-party options and offerings to help absorb some of these tasks. When doing so, it's important to know the difference between an outsourced Network Operations Center (NOC) and Help Desk in a fully-managed - meaning support is integrated with your IT management platform - business model. So what is the main difference? A fully-managed help desk is where all the end-client interaction takes place, whereas a fully-managed NOC provides back-end maintenance, problem resolution and support for the MSP.
Let’s examine both solutions more closely.
Understanding How a Fully-Managed Help Desk Works
A help desk solution isn't just another version of a NOC, and if you’re running an inhouse help desk operation because you think it is, you’re missing the opportunity to grow your margins. A third party help desk solution is designed to outsource those time-consuming tasks your technicians are stuck performing on a daily basis.
Any of these sound familiar?
Top 5 Problems That a Third Party Help Desk Can Take Off Your Hands:
Email recovery and reordering of folders
Printer installation
Account management of new users or leaving users
Permission requirement of accounts
Password issues - from forgetting to expiring
Think about each time one of your techs has had to drop what they were doing to perform one of these jobs. Have they had to recover a client’s email or do a password reset? What else could they have been doing with that time? With an outsourced help desk, when a client calls upon you for a low-level request, your techs don’t have to field those problems and questions. Instead, you can direct your clients to this third party call center, staffed with skilled technicians equipped to absorb these time-consuming tasks. What are the benefits of this?Better for Business Growth
First, let’s consider your bottom line. As a growth-driven MSP, you want to increase profit margins. One of the advantages of an outsourced help desk is that you can redeploy your techs to focus on more strategic revenue-driving projects, such as deepening client relationships and helping to support the onboarding of new ones.Reduce Tech Turnover
Techs are redeployed in a way that helps them develop their careers, grow their skillset, accomplish more meaningful work and increase job satisfaction overall. Your techs are able to get their life back when they don’t have to work absurd overnight or weekend hours. One thing to note is that fully-managed outsourced help desk solutions offer that round-the-clock client support you need.Impress Clients with Proactive Service
Normally, techs are short-staffed and struggle to resolve the volume of tickets that come through, which leads to negative customer experiences – you don’t want clients having to wait for issues to be resolved. Tying back to what we said about higher margins, if all your techs are able to do is keep afloat with lower-level tickets, they’ll be unable to support new clients and you’ll struggle to grow your business.Bringing It All Together
Fully-managed help desk solutions act as the single point of contact helping to connect end users with IT administrators. Furthermore, they help impress your clients with proactive service, as well as offer your existing team after-hours support. The repurposing of your techs will give them a better quality of life, while simultaneously exceeding client expectations.So Then What Does a NOC Do...?
Integrated with your remote monitoring and management (RMM) solution, a fully-managed NOC is designed to provide back-end maintenance, problem resolution and support, so that the MSP can respond to issues as they arise and ensure client uptime. You can look at a NOC as a separate entity that works as an extension to your IT team, but works behind the scenes and is never in direct contact with your end users.
In a lot of ways, the advantages of a NOC mirror those of a help desk.
Provide After-Hours Support So Your Staff Doesn’t Have to
With 24x7x365 coverage, the RMM agents you’ve deployed to client sites are tracked by a fully-managed NOC. This team actively monitors the health of customer networks on your behalf, so clients don’t have to worry that their service will be down when they come back in on Monday.Allow your Technicians to Focus on Revenue-Producing Projects
Again, coupled with the proactive monitoring of your RMM tool, your techs don’t have to rush to put out fires. The team of highly certified NOC technicians takes care of this on the back-end so your staff can think about long-term projects and growth.Grow Your Accounts without Growing Your Payroll
A NOC mitigates the loss of employee churn. If you lose a tech, you neither have to scramble to cover their workload nor hire a new person to backfill that position. That also means you don’t have to invest company time and resources in training and onboarding that new hire, which can be a significant expense in both time and money.So what’s different about a fully-managed NOC, other than the fact that there are more hands on deck?
Access High-Level Tech Support without Breaking Your Budget
A NOC lets you take on more projects because you’re not constrained to the skillset of your current IT staff – you don’t have to refuse a project because your tech doesn’t have a certain certification. At the same time, those techs now have more time to go receive more certifications!Examples of more advanced project work you can offload to a NOC that's integrated with your RMM solution:
Remediating backup failures
Ensuring sufficient bandwidth for applications
Fixing disk safe problems on servers
Migrating Exchange servers to another platform -
RE: Which of These 3 MSP Pricing Strategies is Right for You?
@Breffni-Potter I understand. You want to hear the praise of Continuum OFF of our website. We'd love to hear that as well. I'll share these sentiments with Mary who sits 3 feet away from me
-
Throwback Thursday - Old Malware Threats
Full blog at: MSP Blog
1. BonziBuddy (1999) - My Own Brush with Malware
OK so maybe he doesn't rank with the rest of the big malware names of the day, but who else remembers that purple gorilla from Hell named BonziBuddy? As I learned in my earlier years, this desktop agent was anything but a pal. Sure, he wormed his way into all our hearts with his charming juggling tricks and musical numbers like Bicycle Built for Two, but these were cheap ploys to gain our trust. Make no mistake, he was no Clippy. There was and will only ever be one Clippy, and he mysteriously vanished into thin air. All mourning for digital office supplies aside, BonziBuddy was originally advertised to Microsoft users as a sidekick available to help with Internet browsing. Instead, after his release into the wild in 1999, Bonzi Foe terrorized PCs, flinging poop (no, not actually though it's not hard to imagine when we have a poop emoji on our phones) and crashing programs.
Sadly, I learned this the hard way when I gave the McCoy family computer the swine flue of viruses after downloading the adware as a child. A step up from my collection of animal figurines, my friendship with Bonzi started out strong. He performed backflips for me, and I giggled and continued to click for more. Then one night, after he took everything he wanted, Bonzi turned on me and didn't even have the decency to return his friendship bracelet. All of a sudden, our computer kept freezing and required a major clean-up. Now widely recognized as malware of yesteryear, BonziBuddy taught a young Mary that all downloads have consequences. After that, I was much more discerning of online scams. The same can't always be said for your clients, can it? Teach them how to identify malware warning signs, detect foul play, and then help establish security policies and procedures that can be tested regularly!
Now that I've got that out of my system, let's continue our stroll down malware memory lane with these other more notable bugs...
2. ILOVEYOU (2000)
Suffice it to say users weren't feeling the love when they were hit with this computer worm, one of the first big email malware of its kind, back in 2000. Also commonly known as Love Letter, the email appeared to come from a secret admirer with its "ILOVEYOU" subject line. Like many phishing email schemes perpetuated today, the worm infected computers through a malicious email attachment. The file attached in the original version, LOVE-LETTER-FOR-YOU.TXT.vbs, masqueraded as a TXT file, but was actually script the hackers used to attack those who opened it. The vbs extension was not visible to email recipients because at the time, Windows hid all file extensions by default. Just like attackers do now, the masterminds behind the ILOVEYOU virus exploited a system vulnerability to gain access to computers. So what was the damage? In 10 Worst Computer Viruses of All Time, Jonathan Strickland cites McAfee, sharing the various ways the worm infected victims. A few examples include the virus copying itself and hiding in several folders on users' hard drives, downloading a password-stealing application and adding new files to victims' registry keys. All in all, Love Letter cost $10 billion in damages, and what's more? The two believed to be the original perpetrators of the bug - which originated in the Philippines - were never charged.
3. Code Red (2001)
This next virus was named after the Mountain Dew beverage the two eEye Digital Security employees were drinking when they discovered it fifteen years ago. Like the ILOVEYOU virus, Code Red hackers exploited an existing system weakness - this time within the OS - to carry out their attack. Targeting computers with Microsoft IIS web server installed, the computer worm took advantage of a buffer overflow problem in Windows 2000 and Windows NT. Essentially, once a machine reached its buffer capacity, it would start to overwrite adjacent memory. Once launched, the Code Red worm executed code from within the IIS server and was virtually undetectable on hard disks because it was able to run solely on memory. So how did it behave? Once a computer was compromised, Code Red attempted to make a hundred copies of itself. Due to a bug in programming, however, it actually infected many more devices, maxing out CPU loads and exhausting system resources. The worm even launched a distributed denial of service (DDoS) attack on the White House, attempting to crash its web servers by flooding them with simultaneous traffic requests from infected computers. According to HONGKIAT's 10 Most Destructive Computer Viruses, Code Red impacted one to two million IIS servers, alarming given that there were around six million at the time. It's not surprising then that the virus resulted in two billion dollars lost in productivity.
See the rest of the list -
RE: Would You Rather...
@NattNatt I struggled to find a reason for that too..
-
RE: Ringside Seats to the Apple/FBI Battle
@scottalanmiller said:
"We don't require the people who manufacture paper shredders to have a chip that records and scans that document so it's recoverable,"
Not yet...