We’ve compiled a list of 12 essential books to help you master the art of selling, how to negotiate deals better, a deep dive into various IT technologies, winning at customer success, and what it takes to thrive as an MSP in 2024 and beyond. Grab a good cappuccino, espresso, or Earl Grey tea, and get your bookmarks ready! 

Here’s the TL;DR

1. Simplified Cybersecurity Sales For MSPs 
2. The Pumpkin Plan
3. Package, Price, Profit: The Essential Guide to Packaging and Pricing Your MSP Plans
4. Phoenix Project
5. The IT Business Owner’s Survival Guide
6. Managed Services in a Month
7. The MSP Growth Funnel
8. The MSP Owner’s Handbook: QBR Edition 
9. MSP Secrets Revealed
10. The E-Myth Revisited
11. Never Split the Difference
12. The MSP’s Survival Guide To Co-Managed IT Services

Coffee Table MSP Book Collection: 12 Essential Reads for MSPs and IT Professionals

1. Simplified Cybersecurity Sales For MSPs: The Secret Formula For Closing Cybersecurity Deals Without Feeling Slimy – Jennifer Bleam

Simplified Cybersecurity Sales for MSPs will show you how to sell cybersecurity successfully and get into the mind of a successful salesperson. Win more clients over with this must-have book for MSPs. 

2. The Pumpkin Plan: A Simple Strategy to Grow a Remarkable Business in Any Field – Mike Michalowicz

Mike Michalowicz tells it like it is. Plenty of relatable analogies and witty humor to keep your interest going from cover to cover. The Pumpkin Plan gives you the tools to harvest and plant your business seeds. Discover who the winning customers are and unlock opportunities for long-term sustained growth. 

3. Package, Price, Profit: The Essential Guide to Packaging and Pricing Your MSP Plans – Nigel Moore

Ever wondered how to package your MSP business? Nigel Moore can lend a hand. You’ll learn about what to include and exclude in your plans, various pricing strategies, and how to deal with complex clients. Nigel offers practical tips that you can implement immediately to futureproof your business. 

4. Phoenix Project: A Novel About IT, DevOps, And Helping Your Business Win – Gene Kim & Kevin Behr

Kevin Behr and Gene Kim dive into the story of Bill, an IT manager at Parts Unlimited, who has been tasked with the project of his career, The Phoenix Project. Bill has 90 days to fix the mess that is behind schedule and way over budget. Will he succeed or will his entire department get outsourced? Find out. 

5. The IT Business Owner’s Survival Guide: How to save time, avoid stress and build a successful IT business – Richard Tubb

Richard Tubb is one of the most recognizable names in the MSP industry – bar none. The IT Business Owner’s Survival Guide provides you with all the tools to handle the stressful daily grind. Learn how to put your social media on autopilot and when you should part ways with clients.

6. Managed Services in a Month: Build a Successful, Modern Computer Consulting Business in 30 Days, 3rd Edition – Karl W. Palachuk

30 days. That’s all the time you’ll need to grow a successful MSP business. Karl W. Palachuk will teach you how to create service agreements and service offerings that scale. Whether you’re a newbie or seasoned professional, you’ll gain a ton of insights from this book. 

7. The MSP Growth Funnel: A Complete Guide To Marketing & Selling Managed Services – Kevin Clune

Want to get to know your audience better? Kevin Clune will take you on a buyer’s journey through the four stages of the customer acquisition funnel. From choosing the right content topics to crafting your pitch and ultimately closing the deal, it’s all here.

8. The MSP Owner’s Handbook: QBR Edition – Marnie Stockman Ed.D. & Juan Fernandez

Increasing client revenue. Delivering QBRs. Scaling your MSP business to the next level. Sound good? The MSP Owner’s Handbook will show you how to achieve it all. Marnie “literally” authored the book on Customer Success for MSPs, while Juan scaled an MSP to $20M in six years. Learn from two of the best in the game. 

9. MSP Secrets Revealed: 101 gems of inspiration, stories & practical advice for managed service provider owners – Mark Copeman

Shh, don’t tell anyone you have the marketing and lead generation secrets. Mark Copeman will show you how to treat customers as if you’re going on dates (seriously). You’ll also get the scoop on how to recruit and build the right onboarding program, spread revenue dependency, and become a numbers wizard.

10.  The E-Myth Revisited: Why Most Small Businesses Don’t Work and What to Do About It – Michael E. Gerber

This is one book every MSP and small business owner entrepreneur should own. Michael E. Gerber will guide you through a variety of strategies that encompass people, marketing, management, organizational, and systems. Discover what the Turn-Key Revolution is all about and how it can take your business to the next level.

11. Never Split the Difference: Negotiating As If Your Life Depended On It – Chris Voss & Tahl Raz

Valuable lessons from a former FBI international hostage negotiator that you can apply the same principles to your MSP business. Gain the upper hand when it comes to negotiating client contracts and service agreements. Leverage tactical empathy to understand your clients’ needs and master the art of mirroring and labeling to build trust.  

12. The MSP’S Survival Guide To Co-Managed IT Services: A Crotchety Old Geek’s Road Map on Marketing, Selling and Providing Managed Services to Organizations with Existing IT Staff (CoMITs) – Bob Coppedge

What exactly is CoMITs and why does it matter for you? Bob Coppedge will show you how to market to organizations that have IT departments by bridging the gap between IT employees and MSPs. Learn how to adapt your existing business and tools with CoMITs to simplify your internal IT and foster stronger relationships.

Make these 12 insightful books part of your collection. 

But that’s not all. 

We’ve also curated 11 Valuable MSP YouTube Channels to subscribe to and 14 Essential Podcasts for MSP Success. 

Follow Guardz to stay up-to-date on the latest cybersecurity findings and research to transform your MSP business at any level.

Introduction

In a major development for MSPs, Guardz has announced its successful integration with ConnectWise PSA through the ConnectWise Invent program. This collaboration brings together the Guardz AI-powered, unified cybersecurity platform, and ConnectWise’s leading software solutions, promising enhanced security and operational efficiency for MSPs and their clients.

Certified Integration: A Milestone Achievement

Guardz has completed all necessary security certifications mandated by ConnectWise, ensuring the highest levels of safety and security for this integration. The ConnectWise Invent program, known for its rigorous standards, requires third-party software providers to pass an independent security review to certify their integration.

What is the ConnectWise Invent Program?

The ConnectWise Invent program is an integration collaboration initiative designed to help third-party software providers merge their solutions with ConnectWise’s innovative software. It supports MSPs globally in leveraging cutting-edge technologies to grow their businesses, offering Tier 1 integration support and fostering mutual productivity.

The Benefits of Guardz and ConnectWise PSA Integration

This integration brings several significant advantages to MSPs, enabling them to offer better cybersecurity solutions to their SMB clients.

Streamlined Cybersecurity Management

With the integration, MSPs can seamlessly incorporate Guardz incident data into their clients’ ConnectWise PSA environment. This enables efficient detection, prioritization, and response to security incidents directly from the service board.

Enhanced Threat Intelligence and Automation

By combining Guardz’s actionable insights into emerging threats with ConnectWise PSA’s robust automation and management capabilities, MSPs can proactively identify and address security gaps. This minimizes risks, protects critical assets, and drives operational efficiency.

Empowering MSPs to Grow and Succeed

Dor Eisner, CEO and Co-Founder of Guardz emphasized the significance of this integration: “With everything required to protect a business in one package, this integration allows more MSPs to significantly increase their range of capabilities while cutting their costs and growing their businesses.” This powerful combination of threat intelligence, remediation, and automation equips MSPs with the tools they need to deliver comprehensive security tailored specifically for SMBs.

ConnectWise’s Commitment to MSP Success

Chris Timms, EVP and GM Ecosystems at ConnectWise, expressed excitement about welcoming Guardz to the Invent Program: “Their expertise in security solutions aligns to our mission to enable MSPs with the tools and resources they need to succeed. We look forward to the innovative solutions and value they will bring to our community through the power of the Invent Program.”

The Integration Process

Integrators in the ConnectWise Invent program work closely with the ConnectWise API team to create integration roadmaps, ensuring comprehensive support throughout the development process. Upon certification, they gain access to a wealth of valuable resources, tools, and additional benefits designed to support their growth and success.

Conclusion

The integration of Guardz with ConnectWise PSA marks a significant advancement in the cybersecurity landscape for MSPs and SMBs. By leveraging the strengths of both platforms, MSPs can now offer enhanced security solutions, streamline their operations, and protect their clients more effectively.

Key Takeaways:

• Importance of Cybersecurity for SMBs: Small to medium-sized businesses are particularly vulnerable to cyber-attacks and data leaks.
• Role of MSPs: Managed Service Providers (MSPs) are crucial in fortifying cybersecurity defenses for their clients.
• Guardz Solutions: Guardz offers comprehensive protection against data leaks through advanced monitoring and detection systems.

In a staggering cybersecurity breach, over 10 billion passwords were stolen and leaked, highlighting the critical need for enhanced data protection measures. This incident underscores the vulnerabilities that both large organizations and small to medium-sized businesses (SMBs) face in today’s digital landscape. Managed Service Providers (MSPs) play a pivotal role in safeguarding their clients against such breaches, ensuring robust security protocols are in place.

The Incident: What Happened?

In one of the largest data breaches recorded, cybercriminals have stolen and leaked a massive trove of passwords—over 10 billion of them—on the dark web. This colossal breach, reported by cybersecurity experts, is a stark reminder of the persistent and evolving threat of cyber-attacks.

RockYou2024

Using the BreachForums criminal underground forum, Cybernews researchers have uncovered the largest collection of stolen and leaked credentials ever discovered. This compilation, known as RockYou2024, contains an astonishing 9,948,575,739 unique passwords, all in plaintext format. The RockYou2024 credentials database adds approximately 1.5 billion new passwords to the earlier RockYou2021 database, which featured 8.4 billion passwords. A total of 4,000 large databases of stolen credentials, dating back at least two decades, are believed to be responsible for these passwords from 2021 through 2024.

What Do We Know About the Incident So Far?

1. Scope and Scale:
   • The breach involved the theft and subsequent leaking of more than 10 billion passwords, affecting a vast number of online accounts globally.
   • This dataset includes passwords from multiple services, spanning years of cyber-attacks and data breaches.
2. Sources of Compromised Data:
   • The leaked passwords appear to have been compiled from various data breaches over the years, indicating a collection effort by cybercriminals to amass a significant amount of compromised credentials.
3. Method of Dissemination:
   • The stolen passwords were distributed on the dark web, making them accessible to other malicious actors and further increasing the risk of exploitation.

      4. Detection and Response:

• Cybersecurity experts detected the upload and issued warnings to organizations and individuals to take immediate action.
• Security professionals are urging users to change their passwords and enable multi-factor authentication (MFA) to protect their accounts.

The Impact on Businesses

The implications of this breach are far-reaching, particularly for businesses of all sizes. Here’s a closer look at the potential impact:

1. Increased Risk of Account Takeovers:
   • With such a large number of passwords exposed, businesses are at heightened risk of account takeovers, where cybercriminals use stolen credentials to gain unauthorized access to company accounts.
2. Data Privacy Concerns:
   • The exposure of passwords can lead to significant data privacy issues, especially if the compromised accounts contain sensitive customer information or proprietary business data.
3. Financial and Reputational Damage:
   • The breach can result in substantial financial losses due to fraud, legal penalties, and the cost of remediation efforts.
   • Businesses may also suffer reputational damage, losing customer trust and potentially facing a decline in market position.
4. Operational Disruption:
   • Responding to the breach and securing affected systems can cause significant operational disruptions, impacting productivity and business continuity.

The Crucial Role of MSPs in Data Protection

MSPs are essential in helping SMBs navigate the complex world of cybersecurity. With limited resources and expertise, many SMBs struggle to implement effective security measures on their own. MSPs provide the necessary support and solutions to protect sensitive data and prevent breaches. Here are several ways MSPs can enhance their clients’ cybersecurity:

1. Regular Security Assessments: MSPs conduct comprehensive security audits to identify vulnerabilities and recommend appropriate measures.
2. Proactive Monitoring: Continuous monitoring of networks and systems helps detect and mitigate threats before they cause significant damage.
3. Incident Response Planning: MSPs assist in developing and implementing incident response plans to swiftly address any security breaches.

How Guardz Can Assist SMBs in Protecting Against Data Leaks

Guardz offers a suite of tools designed to help SMBs protect themselves from data leaks by identifying and mitigating potential weaknesses across various aspects of their digital presence.

Web Browsing Protection

• Malicious Site Detection: Guardz helps prevent users from accessing malicious websites that could compromise their security.
• Phishing Prevention: Advanced algorithms identify and block phishing attempts, protecting users from fraudulent schemes.

Email Security

• Phishing Detection: Guardz’s email security solutions detect phishing attempts, ensuring that malicious emails are flagged and blocked.
• Suspicious Mailbox Rules: Guardz monitors for suspicious mailbox rules that could indicate an attempt to leak private data.

Cloud Posture Management

• Exposure Detection: Guardz identifies publicly exposed files in cloud storage, preventing unauthorized access to sensitive information.
• Vulnerability Assessment: Regular assessments ensure that the cloud infrastructure is secure and free from vulnerabilities.

Cloud Data Protection

• Public File Detection: Guardz’s tools scan for any publicly exposed files in cloud storage, ensuring they are secured and access is restricted.

Security Awareness and Phishing Simulation

• Training Programs: Guardz offers training programs to educate employees on recognizing and responding to phishing attempts.
• Simulation Exercises: Regular phishing simulations help employees stay vigilant and improve their ability to detect real threats.

External Footprint Management

• Open Port Detection: Guardz scans for open ports that could be exploited by attackers, ensuring they are secured.
• Vulnerability Scanning: Regular scans identify externally exposed vulnerabilities that could lead to data leaks.

Darknet Monitoring

• Stolen Data Identification: Guardz monitors the darknet for any stolen credentials or data, alerting businesses if their information has been compromised.
• Immediate Action: Upon detecting stolen data, Guardz helps businesses take immediate steps to mitigate the impact and secure their systems.

Practical Tips for Businesses on Password Health

In light of the recent breach, maintaining strong password hygiene is more important than ever. Here are some practical tips for businesses to ensure password health and security:

1. Use Strong, Unique Passwords:
   • Encourage employees to create strong, unique passwords for each of their accounts. A combination of uppercase and lowercase letters, numbers, and special characters is recommended.
2. Enable Multi-Factor Authentication (MFA):
   • Implement MFA for all accounts to add an extra layer of security. This requires users to provide two or more verification factors to gain access to an account.
3. Regularly Update Passwords:
   • Set policies for regular password updates. This reduces the risk of long-term exposure if passwords are compromised.
4. Educate Employees:
   • Conduct regular training sessions on the importance of password security and how to recognize phishing attempts and other cyber threats.
5. Use a Password Manager:
   • Encourage the use of password managers to securely store and manage passwords. This helps in generating strong passwords and reduces the likelihood of password reuse.
6. Monitor for Compromised Credentials:
   • Utilize services that monitor the dark web and other sources for compromised credentials. This allows for quick action if employee credentials are found to be compromised.
7. Implement Account Lockout Mechanisms:
   • Set up account lockout mechanisms after a certain number of failed login attempts to prevent brute-force attacks.
8. Implement a Data loss Prevention tool : 
   • Guardz connects to data in the cloud and secures several vectors of attack while exposing the risks of intentional and accidental data exfiltration.

Conclusion

The recent 10 billion password breach serves as a stark reminder of the ever-present threats in the digital world. For SMBs, partnering with an MSP and leveraging advanced security solutions like Guardz is crucial in protecting sensitive data and preventing costly breaches. By addressing vulnerabilities in web browsing, email security, cloud posture, and more, Guardz provides comprehensive protection that SMBs need to stay secure in an increasingly dangerous cyber landscape.

Main Takeaways:

• Enhance Security with Device Posture Checks: Understand the importance of device posture checks in securing endpoints and preventing unauthorized access.
• Manage Unmanaged Devices and BYOD: Learn how to handle the challenges of Bring Your Own Device (BYOD) policies and the surge in unmanaged devices.
• Regulatory Compliance and Preventive Measures: Discover how device posture checks aid in regulatory compliance and act as a preventive measure against data breaches.

As the world continues to go digital, the number of devices accessing corporate networks has surged dramatically. MSPs are tasked with securing not just corporate-issued devices but also personal devices used by employees and executives. A startling statistic reveals that 97% of executives access work accounts on their personal devices, introducing numerous vulnerabilities.

The challenge for MSPs is substantial: how to protect sensitive information on devices that may not be visible or directly controllable. This blog delves into the crucial role of device posture checks in fortifying security, especially in an era where remote work and Bring Your Own Device (BYOD) policies are prevalent. We will explore how these checks function, their benefits, and their application in enhancing overall cybersecurity.

How many devices are you responsible for securing? 

Probably a lot more than you would think, and not just limited to employees. 

A recent report found that 97% of executives access work accounts on personal devices.

But how can you protect what you don’t know or can’t keep track of on personal devices that access the corporate network from an unsecured endpoint? 

In this blog, we’ll explore the most vulnerable points of entry for attackers, the—endpoints, and how device posture checks can help add a security shield against these threats.

What is a Device Posture Check?

A device posture check (DPC) is a security assessment process that evaluates the current state and health of a device to determine if it complies with security policies.

Device posture checks enable you to define security rules before granting access to any sensitive resources. A DPC can also help you identify unknown devices in the network by assessing their configurations and if any suspicious behavior has been detected. 

Device posture checks are essential for securing remote access beyond the traditional office perimeter, where sensitive data resides in the cloud.  

Research found that more than 40% of data breaches can be traced back to unsecured endpoints. Without visibility into device health and device posture, an organization leaves many points of entry readily accessible for an attack. 

Managing Unmanaged Devices and BYOD in the Cloud

Access management is a complex never-ending security game. 

Data taken from a recent study found that the average enterprise has more than 1,000 SaaS apps, with 17% of those being rogue apps that are not managed by IT. 

But how you can secure what isn’t visible on the surface? 

Access permissions that haven’t been revoked can cause you a lot of trouble down the line. This applies to employees no longer with the organization or third-party contracts that either weren’t renewed or terminated altogether.  

BYOD usage exploded during the pandemic but has made remote security a prime concern for IT professionals. Despite the growing concerns, many companies have still not fully adopted BYOD policies. An IT report found that 47% of companies allow employees to access their resources on unmanaged devices. 

Think that’s bad? 

Now, factor in the sheer volume of unmanaged devices in an enterprise and the number of potentially compromised endpoints, and you have a lot to worry about. Without establishing defined policies and access segmentation, every endpoint becomes a prime target for a data breach.

And it gets even worse. 

Consider the number of stale user accounts and credentials floating around public cloud environments, just waiting to be exploited. This means that any endpoint can be breached at any given moment. We’re not even talking about the constant battle of updating the latest OS configurations and critical updates that need to be installed.  

Implementing strong authentication mechanisms such as MFA helps as a proactive measure but it doesn’t fully mitigate the risks associated with unmanaged devices and compromised endpoints. 

That’s where a DPC comes into the security picture. 

Device Posture Checks Use Cases 

Device posture checks can benefit organizations in several ways. 

• Improve Regulatory Compliance: Protecting sensitive data is a top priority. Compliance penalties are quite expensive too. Device posture checks help ensure that all devices accessing the corporate network meet established security standards and comply with regulatory requirements. A DPC enables you to block access for untrusted devices and accounts by enforcing security policies and rules. Compliance becomes a more streamlined process when you know which devices have been authenticated. A DPC can also check device compliance over time to keep up with an infinite number of new devices and users that are added to the network daily. 
• Prevent Unauthorized Access: Not every device should be granted access to the corporate network. Sounds fairly obvious, right? Not quite. MSPs are responsible for managing multiple enterprise clients who might enlist dozens of third-party admins to grant access permissions to users. But, what happens when an employee leaves the organization and their access hasn’t been revoked? Or a third party who’s contract has been terminated, yet still has access to shared Drive folders? Device posture checks enable you to limit access to employees and third-party contractors entirely based on user roles and permission sets. By the way, it pays to invest in cyber insurance coverage too. Having cyber insurance can help protect you from liability in a breach dispute and is highly recommended for all MSP and small business owners.
• BYOD (Bring Your Own Device) Management: The pandemic helped fuel the work from home and anywhere remote model. Employees began using their personal devices to connect to the corporate network but also to visit potentially dangerous websites loaded with malware. That “anti-virus update” they accidentally installed could lead to a massive breach and trickle further if weak passwords and company accounts are left open. This shift to BYOD ushered in a new wave of remote cyber threats that range from man-in-the-middle (MITM) attacks to advanced phishing attacks and Ransomware as a Service (RaaS). Device posture checks provide you with the tools to enforce BYOD security policies and ensure that only secure devices are permitted to access the network. 

Endpoint Secured: Prevent Common Device Threats with Guardz 

Security begins at the endpoint. 

Guardz provides complete device posture checks and managed device protection as part of a comprehensive Endpoint Security solution. The Guardz platform detects outdated operating systems (OS) and continuously monitors endpoints to prevent common threats. Map device resources and enforce security policies companywide. 

Provide your clients with the assurance they need, whether you’re securing BYOD for remote workers in the cloud or on-prem. Leave no device or endpoint vulnerable to an attack. Secure your endpoints with Guardz. Get a demo today to learn more.

Awareness templates & Automation

We are thrilled to announce an upcoming feature that will improve the efficiency of your awareness campaign management.

What’s New?

Configure and deploy awareness campaign templates for monthly, bi-monthly or quarterly campaigns, providing a truly “set and forget” experience.

• Global Campaign Setup: Easily set up campaign templates for all your customers at once. You can select all companies or specific companies.
• Default Campaigns: Start with 12 predefined monthly campaigns, which can be customized in frequency, content and language.
• Flexible Scheduling: Choose from predefined frequencies, set start dates and manage the order of campaigns.
• Comprehensive Tracking: Monitor the status of each campaign, including completion rates and user engagement, directly from the Awareness Page.

Business Review – Printable version

The Security Business Review is now available in its white and printable version.
You can access it by navigating to Reports -> Security Business Review -> Report History.
This option is available for newly generated reports.

CSV Export for Issue Details

What’s New?
You can now easily export detailed information for each issue, including all detections, to a CSV file. This is perfect for sharing with members who don’t have direct access to the system.

Where to Find: Within the issue drawer, a new button for exporting issue details to a CSV file was added.

In addition, issues of the same type can be exported from the issue table.

This update enhances issue tracking and resolution capabilities, providing critical information in an easily accessible format.

ServiceNow Integration

Exciting news! Guardz has now integrated with ServiceNow, bringing you a seamless way to manage security incidents. With this integration, any issue identified by Guardz can automatically create an incident in ServiceNow, ensuring your security workflows are more efficient and effective.

Setting up this integration is a breeze. You’ll be able to map customers in Guardz to those in ServiceNow, define a sync strategy, set prioritization and more to fit your workflow needs. This integration is designed to make your life easier by automating the incident creation process, allowing you to focus on what matters most—keeping your customers secure.

We’re always looking to improve and support your needs, so let us know what other integrations you’d like to see next!

Coming Soon:

Email Whitelisting for Specific File Types
We’re going to enhance email filtering to block or allow specific file types (such as WAV) per customer and add additional management options under Security Controls -> Email Protection.

Issue handling: Add ignore reason
Users can add a reason when ignoring an issue, providing evidence for compliance checks, and documenting important decisions. The “Ignore” button will open a popup to enter a timeframe and reason, and these details are included in CSV exports for better tracking and accountability.