Looking to increase staff and expand operations? Are you having a tough time selling your MSP services to potential clients or retaining existing ones? We’ve assembled a list of 12 inspirational TED Talks every MSP and IT professional should start watching to make better decisions and grow a successful business. Watch them all. We highly recommend it. 

1)  I Was Seduced By Exceptional Customer Service | John Boccuzzi, Jr. 

We begin with retention. If you want to scale business operations, you must retain your existing customer base. John Boccuzzi Jr. will show you the value of having exceptional customer service and why he considers it the greatest form of marketing a brand can have. John explains why so many businesses fail due to poor customer experiences. Don’t be one of them.

2) Never Split The Difference | Chris Voss 

Are you struggling to sell your value and offerings to potential clients? Don’t find yourself in a no-win situation. Hear from a former FBI hostage negotiator with over 24 years of experience in high-stakes negotiations. Learn the art of Tactical Empathy to build meaningful relationships with your clients and convince those prospects of the value you offer.  

3) How to Master Recruiting | Mads Faurholt-Jorgensen 

“Most leaders spend 10% of their time recruiting and 90% correcting recruiting mistakes.” Mads Faurholt-Jorgensen will help you avoid these pitfalls by teaching you what to prioritize when hiring new staff. Learn how to conduct winning interviews and know if the person is the right fit within minutes. Build your team with greater confidence after this educational TED Talk. 

4) How to Write an Email (No, Really) | Victoria Turk

Victoria Turk will show you the fundamentals of email etiquette. Where should you begin when starting the conversation in an email? Victoria will give you the scoop on what you should include in the body of the text to keep potential clients interested. Keep those email conversations going in the right direction with this informative TED Talk. 

5) How to Write an Email That Will Always Be Answered! | Guy Katz 

A well-written email will help you close that contract faster. Every character counts. Guy Katz will teach you how to write an email that always gets answered, including the 5 ingredients for a great email. There are billions of emails sent daily. The majority of them won’t get opened or stand a chance of getting noticed as they are redirected to the spam filter. Guy’s practical advice will help increase your open rates and closed won opportunities in your sales pipeline. 

6) Neuromarketing: The New Science of Consumer Decisions | Terry Wu 

Why should a prospect choose your MSP over your competitors? Dr. Terry Wu breaks down the science of neuromarketing and gives you plenty of insight on how to better understand your clients. Learn how a failed Coca-Cola experiment led to 8,000 angry phone calls a day. Find out what the missing ingredient was to avoid customer churn.

7) Think Your Email is Private? Think Again | Andy Yen

Think your emails are private? Andy Yen will prove you wrong on that theory. Andy discusses the role of encryption in securing email conversations and the importance of protecting user privacy. Without encryption, the content gets transmitted as readable text, which gives a threat actor all the insight they need to steal personal information. Don’t hit that “send” button just yet until you’ve watched Andy’s insightful TED Talk.

8) Behavioral Economics – How to Make it Work for Us | Maciej Kraus

Are you pricing your services correctly? Take the guesswork out of your pricing efforts by mastering behavioral economics with Maciej Kraus. Learn the importance of behavioral science and how it helps your prospects move forward in the buying funnel. Find out what a coffee chain has in common with your pricing models.

9) Your Human Firewall – The Answer to the Cyber Security Problem | Rob May

Rob May talks about how personal data is such a precious commodity and how companies invest in traditional security when the bigger risks are what he dubs the human firewall. Rob talks about unsecured Wi-FI connections while waiting for your latte at Starbucks which could lead to potential man-in-the-middle attacks and data exfiltration. 

Rob also talks about phishing and how easy it is to fall into that trap – a great use case to implement phishing simulations in your organization. 

10)  Data Privacy and Consent | Fred Cate

Dr. Fred Cate will make you rethink what you know about data privacy and data collection. You’ll discover why data privacy is essential, not only for staying compliant with various regulations but also for safeguarding your customers’ identities and sensitive information. A very interesting talk all around. 

Learn about the Do’s and Don’ts of Managing Sensitive Data in the Cloud here.

11) SEO Matters | Ira Bowman

You can’t grow a successful MSP business without visitors coming to your website. Having visibility in Google’s search results can give you a competitive edge in the market. Just how much? Ira Bowman mentions the fact that Google owns 92-94% of search engine traffic. 

As an MSP, if your site isn’t on the first page, you’re missing out on the majority of potential clicks which ultimately translates to lost revenue. Ira will fill you in on all the SEO details to gain more search visibility and how to run campaigns that convert. 

12) 3 Ways to Make Better Decisions — by Thinking Like a Computer | Tom Griffiths

Decision-making doesn’t have to be complex, especially when you start thinking like a computer. Take a neural journey with cognitive scientist Tom Griffiths on how you can apply the logic of computers to decipher basic setbacks and accelerate business goals with little to no friction.

Stay inspired by following Guardz to learn more about the latest MSP findings and research to transform your business. 

Do You Know Where Sensitive Data Resides?

Do you know where all sensitive data resides within your organization, or more importantly, where it resides in your customers’ clouds? Those unauthorized access controls, excess permissions, inactive users, or misconfigured S3 storage buckets could be exposing terabytes of critical data by the minute. 

Research showed that more than 30% of cloud data assets contain sensitive information. But that’s where the problem begins for a busy MSP. Without clear visibility into where sensitive data resides or how it’s being accessed, securing it becomes nearly impossible, often resulting in a massive breach. 

That’s why we put this checklist together on The Do’s and Don’ts of Managing Sensitive Data in the Cloud. But first, do you know who has access to what?

Securing Data in the Cloud: Who Has Access to What? 

According to research conducted by Microsoft Security in their 2023 State of Cloud Permissions Risks Report, found that over 45% of organizations have AWS access keys that have not been rotated for at least months. The report also found that 40% of identities are inactive in AWS environments.

Let that sink in for a moment. 

How can MSPs determine who has access to which type of data across multiple cloud platforms and ensure it remains secure? 

Now factor in third parties. 

Third parties may have unmanaged access permissions that are out of your scope. Any of those permissions can provide a backdoor for attackers to exfiltrate sensitive data. 

And the risks aren’t only limited to cloud environments…

MSPs must constantly worry about shadow IT, where employees use unauthorized cloud services and other SaaS applications without the consent or knowledge of IT. This is a big problem. 

Those unauthorized cloud accounts and user roles can bypass security protocols (assuming they’ve been implemented) and leave your attack surface completely vulnerable. Even the most “harmless”-looking Chrome extension, such as Grammarly, can bring about major security threats since it has access to documents that contain financial transactions, proprietary information, and other PII. 

Once you agree to those terms, your data becomes vulnerable to those third parties. Those terms of service are often long, complex, and difficult to fully understand, making it easy for employees to overlook the risks associated with granting access.

Sure, data privacy laws have become more strict, but they can’t protect you from the risks posed by unauthorized access if you don’t know where sensitive data resides. 

Data at Rest vs. Data in Transit

In order to secure data, you first need to have a better understanding of the different types of data. 

Data at rest refers to data that is stored and not actively being transmitted or processed, such as in databases, file servers, or cloud storage. 

Data in transit or in motion, on the other hand, refers to data that is being transmitted from one location to another, such as emails or cloud-based API calls. 

All data, whether at rest or in transit, should be secured using strong encryption. This prevents unauthorized access to stored files on servers or cloud services (data at rest) and mitigates risks such as Man-in-the-Middle (MITM) attacks during transmission (data in transit).

The Do’s and Don’ts of Managing Sensitive Data in the Cloud [Complete Checklist]

Access permissions should be limited by default. But this is the part that gets tricky for MSPs.

Why?

Because an MSP may not be fully aware of how many permissions and identities are circulating within cloud environments. When was the last time your team conducted a comprehensive review of user permissions and roles across all cloud platforms? 

A month ago? A year? Longer?  

Now multiply those accounts, permissions, and identities when dealing with multiple clients simultaneously, and it’s not so hard to imagine that a data breach is only a single account login away. Research taken from Google Cloud’s 2023 Threat Horizons Report found that 86% of data breaches involve stolen credentials.

So, yeah, the threats are very real. No need to fall into that trap. 

Below are the most common cloud risks, along with best practices you can implement to prevent them and secure sensitive data.

But there’s a better way to manage sensitive data in the cloud. 

Keep All Sensitive Cloud Data Secured with Guardz 

Who has cloud access permissions to critical data? Don’t wait until an account gets compromised to find out. 

Guardz examines all digital assets within the customer cloud environment by scanning files and folders for excessive sharing permissions, misconfigurations, and other types of risky user behavior that can lead to a breach.

Prevent compromised credentials with Guardz cloud DLP and unified cybersecurity platform. 

See where all sensitive data resides across your organization and client cloud environments. 
Speak with one of our experts today.

The holidays are over, and you know what that means? Your inboxes are full of emails. 

But some of those emails might contain malicious links or files disguised to appear from trusted colleagues or even the C-suite within your organization. Can you tell the difference between a business email compromise (BEC) attack and a legitimate email from your CEO?

In this blog, we’ll dive into what a BEC is, the different types of BEC attacks, and how MSPs can spot them effectively before they reach their employees’ or clients’ inboxes. 

What is Business Email Compromise (BEC)? 

A business email compromise (BEC) is a type of social engineering attack where scammers look to defraud targeted employees. What makes a BEC unique is that the messaging and tone appear to come from legit senders, typically from the CEO or other high-ranking executives.

What makes these emails even more effective is their sense of urgency, designed to pressure employees into taking immediate action. For example, a common BEC might contain a message from the CFO asking for a wire transfer to “pay a vendor invoice.” Without proper employee training, such as routine phishing simulations, an unsuspecting employee might comply without verifying the request or sender details. BEC attacks accounted for 14% of all impersonation attack activity in corporate inboxes

The open rates for these emails are alarmingly high. A study found that 28% of BEC emails are opened by employees with 15% of those emails receiving a reply.

BEC attacks have cost organizations over $50B in losses within the past decade. 

AI Making BEC Attacks Harder to Detect

Scammers have begun leveraging Generative AI in their emails with striking accuracy and high success rates.

BEC attacks skyrocketed 20% YoY in Q2 2024 thanks to the advancements in AI-based technology. Scammers can now mimic the precise tone and writing style of C-level executives quite convincingly. 

The finance department in particular remains a prime target for BEC attacks as they have the authority to approve wire transfers, pay invoices, and handle sensitive financial information. AI-generated BEC emails use familiar language that a CFO or controller might mistake for a legitimate payment request. 

BEC emails can bypass traditional security filters as they are personalized to the recipient and appear to come from a trusted source within the organization. Attackers also leverage obfuscation techniques such as URL spoofing, HTML tag manipulation, payload encryption, and embedding links within images to evade email security filters. 

Types of BEC Attacks

Here are 5 types of BEC attacks: 

CEO Fraud: Attackers impersonate the role of a C-level executive, generally the CEO, asking for an urgent transfer of funds or sensitive information. Attackers spend a great deal of effort researching the company, even the CEO’s writing style and typical communication patterns on social media platforms and PR/media sites. This helps them craft targeted emails using the CEO’s tone, terminology, and phrasing.

Account Compromise: Attackers gain unauthorized access to a legitimate employee’s email account, typically through phishing, and leverage the information to send fraudulent requests, such as payment approvals to colleagues or partners.

Attorney Impersonation: There is almost nothing quite as intimidating as receiving a legal letter from an attorney in your inbox. One common form of BEC involves scammers posing as lawyers, requesting immediate payment for services, and sending attachments that appear to be official documents the recipient might recognize.

Data Theft: Data is pure gold to an attacker. They can resell stolen information, such as passwords, accounts, credentials, and financial data, on the dark web for quick profit returns. 

Scammers may also use the stolen information later on for identity theft or to launch more targeted spear phishing campaigns.

False Invoice Scam: Attackers leverage compromised email accounts of legitimate vendors or suppliers to send fake invoices for services. To the untrained eye, these types of BEC emails are increasingly difficult to detect, especially for a busy financial controller who is managing a large number of unpaid invoices with balances due to a variety of vendors. The billing details will go to a fraudster’s bank account and may go unnoticed until the vendor actually reports the missed payment or threatens legal action. 

4 Ways to Spot a BEC

Here are a few red flags to be aware of the next time you log into your corporate inbox:

1. Suspicious Email Header: Look for inconsistencies in the email header, such as unusual “Reply-To” or “From” addresses or email routing anomalies. BEC emails often contain disguised headers to hide their malicious offerings. Always verify the legitimacy of the sender. Check for DKIM, SPF, and DMARC authentication to ensure that the addresses come from trusted domains.

2. Poor Grammar & Typos: BEC emails often contain misspellings, grammatical errors, and excessive punctuation, such as multiple exclamation marks (!!!) at the end of a sentence, designed to create a sense of urgency and prompt an employee to take immediate action. Poor grammar is a classic sign of a phishing attempt. Take the time to go over the email thoroughly.

3. Email Context: Pay close attention to the body of the email itself. Any message asking you to “re-confirm” your personal details is a huge red flag. These keywords are usually accompanied by requests for processing a wire transfer or other financial transaction, such as an “unpaid supplier invoice” or “overdue balance.” Needless to say, you should never enter any sensitive financial details or PII without approval.
4. Timing: Scammers try to catch people off guard, and the best time to do so is during a holiday such as Thanksgiving or Christmas, when phishing attempts peak. Scammers also time BEC emails for Fridays, when employees are more relaxed heading into the weekend and less likely to report suspicious emails.

Avoid responding to “urgent” emails received on a Friday without verifying the sender. If the email appears to be from the CEO or another executive, confirm its legitimacy through a direct message on Slack or a quick phone call. That extra step can help prevent a massive breach. 

And as always, whenever in doubt, just don’t open the email. 

Prevent BEC Attacks and Bolster Email Security with Guardz 

Guardz’s unified cybersecurity platform leverages advanced machine learning and AI to monitor email activity, detect suspicious patterns through detailed email header analysis, and automatically enforce DMARC policies.

With Guardz’s auto-remediation tool, malicious emails are intercepted and either deleted or marked as safe before they can reach your employees’ or clients’ inboxes. 

Take a proactive approach to email security and BEC prevention with Guardz. 

Speak with one of our experts today.

As the new year unfolds, MSPs face opportunities to grow their businesses, build stronger client relationships, and stand out in an increasingly competitive market. In a recent fireside chat hosted by Guardz, we had the privilege of learning from Bob Burg, award-winning speaker and co-author of the best-selling book The Go-Giver. Bob shared powerful insights from his book and how its five laws of success can be applied to help MSPs thrive in 2025 and beyond.

Main Takeaways for MSPs

1. Deliver value that exceeds expectations to build lasting client loyalty.

2. Scale your impact by reaching and serving more clients without sacrificing quality.

3. Build trust by prioritizing your clients’ needs and becoming a true partner in their success.

4. Embrace authenticity to differentiate yourself in a crowded market.

5. Stay open to collaboration, opportunities, and feedback to drive growth.

These principles, rooted in The Go-Giver philosophy, offer a roadmap for MSPs looking to create meaningful impact while growing their business. Let’s dive deeper into each law and its relevance to MSPs.

1. The Law of Value: Deliver Beyond Expectations

“Your true worth is determined by how much more you give in value than you take in payment.”

For MSPs, this principle is a cornerstone of success. Clients don’t just want IT services; they want solutions that make their lives easier and their businesses more secure. Delivering beyond expectations means going the extra mile, whether through proactive monitoring, personalized support, or educational resources.

Application for MSPs:

• Offer tailored cybersecurity training for your clients to empower their teams.

• Regularly update clients on emerging threats and how your services mitigate them.

• Surprise clients with added value, such as a complimentary security assessment or system upgrade.

By consistently exceeding client expectations, MSPs can build loyalty, encourage referrals, and set themselves apart from competitors.

2. The Law of Compensation: Scale Your Reach

“Your income is determined by how many people you serve and how well you serve them.”

Scaling an MSP business isn’t just about adding clients—it’s about serving more businesses effectively. This requires creating systems and solutions that allow you to maintain high service quality as your client base grows.

Application for MSPs:

• Develop scalable solutions like automated monitoring, patch management, or AI-powered threat detection.

• Partner with vendors to offer bundled services that address multiple client needs.

• Implement client tiers, allowing small businesses to access critical services at affordable rates while upselling advanced options to larger clients.

The more clients you serve with excellence, the greater your impact—and income.

3. The Law of Influence: Build Trust and Prioritize Clients

“Your influence is determined by how abundantly you place other people’s interests first.”

Trust is at the heart of every successful MSP-client relationship. Clients rely on MSPs to safeguard their businesses from cyber threats and keep their operations running smoothly. Prioritizing their needs isn’t just good ethics; it’s good business.

Application for MSPs:

• Conduct quarterly business reviews with clients to discuss their goals and align your services with their priorities.

• Be proactive in identifying potential issues and presenting solutions before clients even notice a problem.

• Always communicate transparently, even when delivering difficult news about potential vulnerabilities or breaches.

When MSPs prioritize their clients’ success, they build trust and position themselves as indispensable partners.

4. The Law of Authenticity: Stay Genuine

“The most valuable gift you have to offer is yourself.”

In an industry where technical expertise is a given, authenticity can set your MSP apart. Clients want to work with people they trust and feel a connection with, not just a faceless company.

Application for MSPs:

• Share your story—how your MSP started, your mission, and what drives your team.

• Highlight client success stories to showcase the real-world impact of your work.

• Foster genuine connections with clients by understanding their challenges and celebrating their wins.

By being authentic, MSPs can build deeper relationships and foster loyalty that lasts.

5. The Law of Receptivity: Embrace Partnerships and Feedback

“The key to effective giving is to stay open to receiving.”

Success is a two-way street. To grow, MSPs must remain open to new opportunities, collaborations, and client feedback. This principle encourages a mindset of constant learning and adaptability.

Application for MSPs:

• Partner with cybersecurity providers, insurance firms, or other vendors to offer comprehensive solutions.

• Actively seek client feedback and use it to refine your services.

• Stay open to opportunities for professional development, whether through industry events or certifications.

When MSPs embrace collaboration and feedback, they position themselves for continuous growth and innovation.

Bringing It All Together: The Go-Giver MSP

At its core, the Go-Giver approach is about creating value, building relationships, and staying authentic in all aspects of your business. For MSPs, adopting these principles means more than just growing your bottom line—it means becoming a trusted partner to your clients, standing out in a crowded market, and making a meaningful impact.

As you head into 2025, consider how these laws can shape your strategies and help your MSP thrive. At Guardz, we’re here to support you every step of the way, offering tools and insights to help you deliver value, build trust, and grow your business.

Ready to apply the Go-Giver principles to your MSP? Let’s make 2025 a year of growth and success!

Watch the full webinar here: https://youtu.be/aAs5uhyeY-E

Stay tuned for more resources and webinars designed to empower the MSP community.

Key Takeaways from My Experience

• Preparation is Power: Having an Incident Response (IR) playbook is a game-changer during a crisis.
• Customer-Centric Thinking: Detecting and addressing customer data impact should always be the first priority.
• Collaboration and Communication Matter: Transparent communication and teamwork are essential for navigating an incident effectively.

Looking back at my career, one defining moment stands out—my first cybersecurity incident. It was chaotic, terrifying, and overwhelming. For a moment, I truly believed my career might be over. But it wasn’t. That experience, as daunting as it was, taught me lessons that shaped me into the professional I am today.

Here are my key takeaways from that intense and transformative experience.

1. Have an Incident Response Playbook

If there’s one thing I’ve learned, it’s that preparation makes all the difference. When a cyber incident strikes, panic is a natural reaction. But panic doesn’t help you manage the situation—having an Incident Response (IR) playbook does.

In my case, the IR playbook was like a lighthouse in the storm. It laid out a roadmap with predefined steps, clear roles, and specific actions. Knowing who to call and what to prioritize helped me focus on resolving the issue instead of being consumed by the chaos.

This experience taught me the importance of creating a well-thought-out plan for handling emergencies. It’s a safety net that allows you to act with clarity when everything else feels uncertain.

2. Detecting Customer Data Impact is Crucial

Amid the crisis, my first thought was: What does this mean for our customers? Determining whether customer data had been accessed or compromised was my top priority. Understanding the scope of the breach was essential to plan our response and communicate effectively.

This isn’t just a technical necessity—it’s a personal and professional responsibility. Knowing that your actions directly impact the trust people place in you can feel heavy, but it’s also empowering. It keeps you focused on doing what’s right, even in high-stakes situations.

3. Communication and Collaboration are Key

One of the biggest surprises during my first incident was realizing how much of the response depended on teamwork and communication. Handling a cyber event isn’t just about technical expertise; it’s about how well you can coordinate across teams and communicate with leadership.

I learned to work closely with IT, legal, PR, and customer service teams to form a cohesive response. Being transparent with management about what we knew—and didn’t know—was crucial in maintaining trust and enabling informed decision-making.

This experience taught me that effective communication is as important as technical skills during a crisis. It fosters trust and ensures everyone is aligned and working toward a shared goal.

4. Growth Comes from Post-Incident Reflection

Once the incident was under control, I knew the work wasn’t over. I took time to review what had happened, how we had handled it, and where we could improve.

The post-incident analysis was invaluable—it helped me refine my approach, improve our systems, and build stronger defenses. For me, this was a moment of growth. It was a reminder that every crisis, no matter how overwhelming, can teach us something valuable if we’re willing to learn.

5. Mental Resilience is Just as Important

Perhaps the most unexpected lesson was the importance of mental resilience. Dealing with a cybersecurity incident is exhausting, both mentally and emotionally. It’s easy to feel overwhelmed, but I learned the value of staying calm and composed under pressure.

Seeking support from peers and mentors helped me navigate the crisis without burning out. Over time, I’ve come to see resilience as a skill—one that grows with every challenge you face.

Final Thoughts

My first cybersecurity incident was a trial by fire, but it also became a defining moment in my career. It taught me the importance of preparation, the power of collaboration, and the need to put customers first. 

Today, as the CISO of Guardz, I draw on these lessons every day. At Guardz, we work hand-in-hand with MSPs and their teams to provide the tools and guidance they need to secure small businesses. It’s a responsibility we take seriously, knowing that MSPs are often the first—and sometimes only—line of defense for their clients. 

Ultimately, MSPs are entrusted with the security of many small businesses and, by extension, the livelihoods and trust of countless individuals. It’s a tremendous responsibility but also a shared mission we’re proud to support. Cybersecurity is rarely easy, but it’s always meaningful. Every challenge, every incident, and every lesson makes us stronger and better prepared to protect what matters most.