In this week’s episode
- You don’t need a beach… you don’t need to be slavered in factor 50… but you DO need a break. This week Paul talks about the new trend of never ending working – and why it’s bad for you
- Also on the show this week, what exactly is a ‘trust badge’ and why should your website have one?
- Plus there’s a brilliant interview with a special guest who has a service that can 1) stop your clients from suffering a totally preventable breach, 2) let your first line techs do third line work, and 3) create a new stream of Monthly Recurring Revenue for you
Show notes
- Out every Tuesday on your favourite podcast platform
- Presented by Paul Green, an MSP marketing expert
- Check out this free web tool to convert logos to grayscale so you can use them on your website as ‘trust badges’
- Sign up for Paul’s entry-level Marketing Accelerator training
- Paul’s special guest was Andrew Eardsley from MSP Easy Tools talking about some hidden security problems in Office 365 (for more on Andrew’s story, listen back to Episode 6)
- Thank you to Robert Bowden from mspaccountant.com for recommending the book Chasing Daylight by Eugene O’Kelly
- On May 11th Paul will be joined by Rebecca Finken talking about what an ‘entrepreneurial operating system’ is and why you need one
- Please send any questions, ideally in audio-form (or any other feedback) to hello@paulgreensmspmarketing.com
Episode transcription
Voiceover:
Fresh, every Tuesday, for MSPs around the world. This is Paul Green’s MSP Marketing Podcast.
Tilda:
Hi, my name’s Tilda and welcome to my dad’s podcast. Here’s what the old man’s got coming up in the show this week.
Andrew Eardley:
We’ve seen quite a few examples. MSPs that didn’t know they were breached, cyber criminals were already in.
Tilda:
Also coming up in the show, why you should put trust badges on your website. I have no clue what those are, but I’m sure my dad will tell you. Also, he’s going to try and flog you a really good training course. And he’s going to bang on a bit about taking holidays. Anyway, I’ve got more important things to do. Here’s my dad.
Voiceover:
Paul Green’s MSP Marketing Podcast.
Paul Green:
“Dad, can I have a Burger King?” “Only if you record some lines from my podcast.” “Oh, do I have to?” “Yes, you do.” Thank you for that Tilda. Welcome to this week’s podcast. And I want to stay on that kind of family theme for our first segment today because I want to talk about holidays. Holidays are so important, aren’t they? And I don’t know about you, but last year, obviously normal holiday plans were disrupted for absolutely everyone. Certainly, we ended up doing a couple of things in the UK instead of going to Disney World, in Orlando, which had been the plan pretty much for the last 18 months or so. And then of course, this year, exactly the same, our plan to go to Disney World, again, scuppered, and we got a couple of holidays in the UK. But I tell you what I realis ed recently, and I’m actually recording this over the Easter break, because I record this podcast around about a month in advance, which is, I haven’t really taken a week off this year.
Paul Green:
Exactly what happened last year. Obviously, it started a bit later last year, but I got from, I think it was from March through to August without taking a proper holiday, a proper week away from the business. And that’s the first time in years that that had happened to me. And even then when we were away, I continued to work because that work-from-home thing became a bit of a work-from-holiday thing. And I’ve done exactly the same this year. In the UK, we had a lockdown which started in, I think it was just before Christmas, and we’re starting to ease out of it now, but it’s not been normal. Things haven’t been normal and I haven’t taken a week off. If this had been a normal year, I’d have taken half term off, I’d have certainly had at least a week off, if not two weeks off, for the Easter holidays.
Paul Green:
And I might dip in and out of a bit of work, but I certainly wouldn’t have worked all the way through like I have done. And I’m not the only one like this. And if you’re in the same boat, you’re not the only one because I was asking some of the MSPs that I work closely with. Have they taken breaks and holidays? People who’ve had the odd day here or there, or a long weekend, but no one’s taking a week or two weeks off. And yet, this is really important. In fact, it’s critical, isn’t it? I know I do my best thinking about the business when I’m away from the business. I always have great ideas on a Sunday morning, or if I’m on holiday, on day two or three, I start to relax and I have some pretty great ideas. And this is really where the drive of the business comes from, it’s from being away from the business, being away from the minutiae. I think that’s the most important thing. Getting away from the minutiae, the day-to-day clutter that gets in your way.
Paul Green:
When you can get away from that, your brain starts to think about the bigger things. What’s your vision for your life? Where do you want to go in the future? Where do you want to be in 5 to 10 years time? How much money do you want? How much spare time do you want? What do you want to do for fun? What do you want to do with your family? What you want do for meaningful work? And meaningful work is not necessarily ticking off tickets. For many people, it’s doing things that matter, things that you enjoy that matter. So here’s my challenge to you this week. If you haven’t yet taken a proper holiday this year, please take a week off. Now, even if you can’t go anywhere because of COVID restrictions, take a week off and do stuff.
Paul Green:
There must be a building project in your home, or there must be something you can do in your garden, or a renovation to your car. I mean, these are all practical things, but there must be some kind of project that doesn’t involve you having to touch technology, so you have a complete break from technology. Or maybe just you want to get that game and the PS5, which I’m not a gamer, but even I think that looks cool. And maybe you want to play that game for three days in a row and not feel guilty about it because you’re having a holiday. That’s the challenge. Take a week off, I promise you you’ll comeback into your business with new you vigor, with new interest, with new high levels of energy, and you’ll have some great ideas as well.
Voiceover:
Here’s this week’s clever idea.
Paul Green:
So my daughter Tilda admitted at the beginning of the show that she didn’t know what a trust badge is. And I’ve got to be honest, most people don’t know what a trust badge is, so let me tell you. A trust badge is any kind of logo, or some other kind of image that you put on your website. And it has the effect of making you appear to be more trustworthy. It’s a way, if you like, of sucking up credibility from businesses and organisations that you’re associated with. I mean, many MSPs put vendor logos on their website. I see Microsoft Partner and ID Agent, HP Partner, and all that kind of stuff all over the place. I don’t really mean those as trust badges because trust badges only work when the person looking at them as heard of the company. Okay, they’ve all heard of Microsoft, and many of them have heard of HP. But no one, no ordinary person outside of our world has heard of Kaseya or ID Agent.
Paul Green:
And we wouldn’t really expect them to. Ordinary people, it’s just not on their radar. Therefore, putting that kind of trust badge on your website isn’t going to influence them in any way. No, a better form of trust badge is to use media logos. The mainstream media might not have the big audience figures anymore, but it still does have huge credibility. If you’ve been featured in any relevant newspaper, a news blog, I don’t know, radio station, or maybe even a TV station in the last five years or so, you can justifiably get a badge made up, which says, “Featured on…” And then it would be the BBC, or Forbes Magazine, or even your local newspaper. Now, you can only really do this if your appearance in the newspaper is an editorial, so someone has written about you. Doesn’t really count if you’ve paid for an advert in that newspaper. Oh, and no, you don’t need to ask the newspaper, or the blogs, or the radio stations, if you can use their logo this way.
Paul Green:
Now, what I’m about to say isn’t legal advice, but often, it’s better to seek forgiveness than it is to ask permission. Now, if you don’t have any media appearances, then you could always use client logos, as in your clients use their logos. So if you have a specific vertical that you work in, any clients will do, any of them at all. Because of course, everyone in your vertical, they might not know someone else, but they can spot another business like there’s a mile off. But what about for general businesses, if you just operate in a geographical area? Well, in that case, you would pick your best known clients. Who are the prolific networkers in town? Who are the infamous businesses around town? Every town has them. If you have one of those businesses, in fact, you’d have their logo on your page as a trust badge, that would also be the person you’d knock up for social proof. You’d ask them to do a case study or a testimonials video with you.
Paul Green:
One final thing. I think trust badges look best on a web page when you have grayscaled them. So of course, you could just keep them all the different colors that they are, but I think when you actually turn them into grayscale, it just looks nicer. Has the same emotional impact, but fits in better with the page. And the good news is, you don’t need to go and get Photoshop and do all of that individually on every single page, there are all sorts of tools out there. If you just Google online tool to grayscale image, and you’ll find a dozen of them that you can just upload the logos and it will output grayscale images for you.
Voiceover:
Paul’s blatant plug.
Paul Green:
More than 180 MSPs around the world have now completed my best-selling training course. It’s called The Marketing Accelerator, and in just five weeks, we cover off all the marketing fundamentals to get right in your business. We look at your websites, we look at LinkedIn, how to build audiences and build a relationship with them, and how to commercialise that relationship and turn them into a client. You have direct access to me for the five weeks of the course. It’s very simple and very, very affordable. You see, we jump on a Zoom once a week at the same time and day each week, for five weeks, and we cover that off. You and me, and up to 19 other MSPs because we have limited availability on this program.
Paul Green:
Now, we do do a new one every single month, and the next one starts on the 18th of May. If you can’t make that one, we’ve got one starting on the 23rd of June. Oh, and did I say it was really affordable? It’s only £49 plus VAT, if you’re in the UK, and $69, that’s US dollars, if you’re anywhere else in the world. All the details are on the website, paulgreensmspmarketing.com/accelerator.
Andrew Eardley:
Hello, I’m Andrew Eardley, and I’m an MSP owner just like you. And I’ve also set up another business called MSP Easy Tools.
Paul Green:
And it’s because of MSP Easy Tools I wanted you to be on the show, and thanks for appearing again, Andrew. I think this is your second appearance on the podcast. You were a guest right back at the beginning, back at the end of 2019 I think. I know there’s a lot of fear out there amongst MSPs about cybersecurity and there’s that risk and feeling that, “Oh my goodness. What if we got breached? Or what if one of our clients got breached because of something that we weren’t aware that we weren’t doing?” And you and I were chatting the other day, we were doing a video for my website. And you mentioned that many MSP owners don’t know what they don’t know about Microsoft 365 security. So can you tell us why that is, and give us an idea of some of the things that actually you really should be aware of?
Andrew Eardley:
To be fair, most MSPs have started with servers. Especially Server Guys, you really knew what you were up to. To be blunt, we got pushed into selling, it used to be called Office 365, now Microsoft 365. And you did what you needed to do to know about it, to get the clients up and working, to stop your competitors from taking your clients away. I’m being totally honest, even as a Microsoft Gold Partner, there’s so much in the Microsoft 365 platforms, it’s really difficult to know what’s going on all the time. And one of the big security breach points, we’ve learned, sometimes the hard way, of things that can go wrong. And that’s where we’ve developed MSP Easy Tools to protect you as the MSP.
Paul Green:
Because you still own your MSP. And you and I have known each other for, I think it’s getting on for about four years now, we’ve worked together and you’ve been part of some of the groups I’ve run, and bits and bobs like that. But I remember seeing the journey and watching from a distance, the journey you went on when, as an MSP owner, you developed your own tool set. And then obviously you realised that this was a commercially viable product. And we’ll talk about that towards the end of the interview, but tell us some of the specific security aspects of Microsoft 365 that many people listening might not be aware they even had to be on top of?
Andrew Eardley:
Unfortunately, when Microsoft set up your Office 365 tenants, where you go and create them for the first time, there are lots of things in there that Microsoft don’t set up for you, or they set it up incorrectly. Historically, for example, the global audit log, the unified audit log, isn’t turned on. So you’ve got no way of tracking if something wrong has gone on, who’s doing what at what point. The other thing that’s set by default is POP, and IMAP is still enabled. In this day and age POP3 and IMAP are antiquated, very vulnerable methods for sending emails. It doesn’t require multifactor authentication. As I’m sure you’ve seen many, many times before, your clients will happily give away usernames and passwords for nothing. And then the cybercriminals had got them, even if you have such a MFA because they’re using POP and IMAP, the cybercriminals can send an email as your client.
Andrew Eardley:
It keeps coming back to when things go wrong, who do they blame? They don’t blame themselves, do they? The first thing to do is point their fingers at you. You’re the MSP, we’re paying you £1.50 a month for IT support, and you’re responsible for absolutely everything, which really bugs me by the way, but that’s another conversation. These are just some of the basic things that we spot, but there are so many times, we look after MSPs from all across the world, it’s horrifies me sometimes when they run their security reports and they find the gaping holes, in not only their own tenants that they’re looking after, but when you go and take over another MSP’s business. You’ve won a new client, you run the security reports on their Office 365 platforms, and there, you can see the gaping holes that are in them. And also the fact that the cyber criminals are already in. We’ve seen quite a few examples over the last year, three MSPs that didn’t know they were breached, cybercriminals were already in, and they just didn’t know about it because they didn’t know what cybercriminals were up to.
Paul Green:
So the criminals were in the MSP system or they were in some of their client’s systems?
Andrew Eardley:
No, they were in the MSP systems. They were only looking at the web interface to look at their Office 365 platform that they manage for themselves and their clients. Unless you know what you’re doing with PowerShell scripting, you cannot detect that the cybercriminals are in. They are already sending emails and monitoring your emails. And as I say, we’ve seen this three times in the last year.
Paul Green:
I’m not a tech and I’m terrified by this. I guess it’s because I’m in this world so much. But wouldn’t it be good if we could get the end clients to be as interested in this kind of conversation as they are in watching TV or playing games?
Andrew Eardley:
What you have to do with that, and this tool worked really well for me, and I say it’s a tool, it’s an Excel spreadsheet. It’s a security disclaimer that we built and I’m happy to share with you. But basically, it reemphasises the fact that actually, as the MSP, you are not responsible for their cybersecurity. You are responsible for implementing their security requirements, you’re responsible for telling the client what needs to be done, but actually, the only person that’s responsible for their security, not just in Office 365, but across their entire IT system, is the owner of that business. They are responsible for it. You’ve all heard the term, “You can lead a horse to water but you can’t make it drink.” I guarantee, talking to the MSPs today, Paul, they have spoken to their clients about their cyber security, they’ve spoken to them about the security tools they should be having. But I’ll guarantee, the vast majority will, as soon as they see there’s a cost associated, the end clients will say, “Don’t want it.”
Andrew Eardley:
Now, that’s perfectly fine, as long as you’ve got a sign disclaimer saying that you’ve shown them that, you’ve talked to them about the problems, the security issues, you’ve recommended it. So there’s a security disclaimer form I’ve got, and as I say, happy to share it. You make sure you sit in front of the right person. You then go through all the security things that you were recommending. And you say to the client, “Mr. Client, I’m happy for you to say you don’t want it. That’s perfectly fine. I’m going to tell you what it’s going to cost and what the implications are. If you don’t want it, just sign off saying you don’t want it. And when we get to the bottom of this big form about making sure your system’s secure, I’m going to ask you to sign, yet again, that you fully understand that you are solely responsible, Mr. Client, for anything that you’re not putting in place.”
Andrew Eardley:
When I’ve got that document signed. I can sit happy as the MSP, knowing that when that client gets breached, not if, but when they get breached, because they haven’t followed my security recommendations, when that client comes to sue me, or threatens to sue me. All I’ve got to do is waive this form in front of him and say, “Well, I told you about this. You didn’t want to pay the cost. It’s up to you.”
Paul Green:
I absolutely love that approach. That’s such a simple solution to a potentially thorny problem. Tell us more about MSP Easy Tools. Give us the brief story of how you invented it and what it does now, and the other benefits to MSPs that take it, apart from obviously the massive cybersecurity benefits.
Andrew Eardley:
We started building these tools probably nine years ago when we migrated 150 small business servers. SBS 2011, SBS 2008, to Office 365, or Microsoft 365 now. And at the same time, we did that over a three-year period. And we learned hell of a lot in those three years. We were actually working very closely with Microsoft at the time. They were helping us to gain accreditation. And we kept running into problems that Microsoft either couldn’t or wouldn’t help us with. So when that happened, we went to the marketplace, we went to see if we could buy the fix, buy the solution. And one of two things happened, either it was way too expensive or it didn’t exist. So as much as we didn’t want to, we ended up developing all the tools for ourselves. Now, fast forward to probably a year after I met Paul Green, we went and joined his Mastermind group once a month. I’d drive the 150 miles from where we were based in Staffordshire down to Milton Keynes.
Andrew Eardley:
And we were there to talk about marketing. But much to Paul’s disgust, and he used to stop us quite regularly, we normally only talk during lunchtime. But we’d end up talking about IT problems. But every time other guys talked about the problem in Office 365, I’d turn around and say, “I’ve got a tool for that, I’ve got a report for that. I don’t have that problem anymore.” We got on really well with the guys at the Mastermind group, and it didn’t take them very long to turn around and say, “Andrew, can we have those tools please?” Now, they were written specifically for my MSP. So they were very secure, but they’re only secure for us. We could see all the data inside of it. What we ended up doing, very quickly, was completely rewriting the software.
Andrew Eardley:
We moved it so all we can see is numbers now. And then the second thing, again, with a bit of advice from Paul, because he is full of lots of good advice, we separated our MSP completely from MSP Easy Tools. It’s now two totally separate businesses and hopefully, within the next year or so, the MSP that I currently manage, that will be sold.
Paul Green:
Offers in a sealed envelope, please. So tell us how we can get in touch with you, Andrew, learn a bit more about MSP Easy Tools, and critically, also unlock a secret pricing deal that you and I have agreed.
Andrew Eardley:
Oh, that’s easy, Paul. First thing, go to mspeasytools.co.uk. Scroll down a little bit, and it’s a green button that says Book Demo. It’s much faster and much easier, other than spending hours scrolling through the website, just to have a chat with me. And if you want to unlock that special price, all that you have to do is tell me that you’ve listened to Paul Green, and that you’ve come through this podcast.
Voiceover:
Paul Green’s MSP Marketing Podcast. This week’s recommended book.
Robert Bowden:
Hello. My name is Robert Bowden from mspaccountant.com. The book I recommend is Chasing Daylight by Eugene O’Kelly. Eugene O’Kelly was a former head of KPMG Accountants who was diagnosed with a terminal illness. And in effect charted his journey from finding out, to unfortunately passing away three and a half months later. It’s one of those books that’s profoundly moving, but it also gives you the insight of somebody who did run an organisation, and clearly cared about his business as well as his family element of that. And it was just very thought provoking novel to read.
Voiceover:
Coming up next week.
Rebecca Finken:
I’m Rebecca Finken and I’m going to be on the podcast next week. And I want to share with you why every MSP needs an operating system, not for running the computers, but for running the business.
Paul Green:
We’re also going to be talking about LinkedIn and whether you should use LinkedIn’s Sponsored InMail feature to send cold messages to people you aren’t yet connected with. And we’re going to be talking about creating content for your website and for your other marketing channels. Most MSPs I meet don’t really like bashing away at the keyboard, writing new content. It’s okay to bash away at the keyboard for other things, but writing new content isn’t something they enjoy. Next week. I’ve got a five step process, an easy way for you to create content without ever having that stress of pushing keys on the keyboard yourself. I’ll tell you all about it and loads of other great stuff, next week. See you then.
Voiceover:
Made in the UK, for MSPs around the world, Paul Green’s MSP Marketing Podcast.