561: Cyber Security
42:33 Share

Welcome to the How of Business with your host, Henry Lopez, the podcast that helps you start, run, and grow your small business. And now, here is your host. Welcome to this episode of the How of Business. This is Henry Lopez. My guest today is Gary Pica. Gary, welcome to the show. Thank you. I appreciate you having me.

Absolutely. And looking forward to this topic. We haven't covered this topic in quite some time on this show, but cyber threats, cybersecurity threats are an increasingly growing risk for small businesses and many owners, small business owners,

We don't realize just how vulnerable they are, we are. And so Gary Pica, who is a pioneer in the IT services industry, he joins me today to discuss practical cybersecurity strategies that every small business should have in place. We're also going to explore a bit of his very interesting and inspirational entrepreneurial journey.

You can find all of the Howa Business podcast resources, including the show notes page to this episode and learn about my one-on-one and group coaching programs. All of that is at thehowabusiness.com. I also invite you to please consider supporting this show on Patreon. And I invite you to subscribe wherever you might be listening so you don't miss any new episodes. Let me tell you a little bit more about Gary. Gary Pica is a pioneer in the IT services industry, having built a

one of the first managed service providers. You might hear us use the acronym MSP, a managed service provider. He was one of the first to build one of those back in 1996.

Like many entrepreneurs, he faced many early challenges, but he persevered and developed a proven system for predictable growth, exceptional customer service, and high profitability. After scaling his company into a multi-billion dollar business with thousands of clients, he sold it and turned his focus to helping others succeed.

And now is GM of True Methods, which is a leading IT company and cybersecurity firm of Kaseya. Kaseya is how you pronounce it, right? Kaseya, yes. Kaseya, yeah. And we'll talk about that acquisition. But Gary has guided over 2,000 IT service companies to transform their businesses globally.

boosting efficiency, increasing profits, and helping them grow. His insights help business owners turn their IT services into scalable, high-margin companies with consistent revenue. Gary lives in the Philadelphia area, I believe, Gary. Gary, once again, welcome to the show. Yeah, I live in southern New Jersey, right outside of Philadelphia. Go, birds. Excellent. That was a good year for the birds, no doubt. I enjoyed that Super Bowl very much. Yeah.

Excellent. Well, thanks for joining me. Thanks for taking the time to share your knowledge. But I'd like to learn a bit about how you got to where you are today in doing the research. And I think, I don't know where I got this quote. Maybe it was from the bio. Quote, it all started on December 12th, 1996, when I quit my job to build an IT services company. What was your career? What were you doing before you quit your job? Tell me a little bit about that.

So I had a career in sales. I sold everything from copiers to yellow page advertising. And eventually I worked in major national accounts at ADP. So I had a successful sales career. I was making more money than my friends who were accountants. But I just always felt like

I didn't know what it was, but there was something more for me, that there was something else that I needed to do. And I had a friend who had started this IT company and was in a position through a set of circumstances where he needed help. And so I bought into the business and that was the start of it. Like most entrepreneurs, I was unprepared. I'm from Levittown, Pennsylvania.

Which is basically a blue collar area. I never even met anyone who owned a business. Is that right? So there were no influences early in life or ever for that matter that were business owners that you knew at least. No. And even at ADP, I mainly sold to larger companies. So I worked with employees of companies. So I never really dealt with entrepreneurs until I became one and realized what a steep learning curve.

There is outside of whatever the business is, you know, right. Exactly. Business of business, the business of business, which applies to any business, which is, uh, which is critical. What, what, so then what, what do you think pushed you over the edge to go ahead and take this leap of faith risk? What, what was it that you finally maybe had had enough of?

So two things. One, I realized I wanted to accomplish more than just achieving sales goals. I wanted to be able to have like a bigger vision than making for me in sales. It was about making money. And when I had no money, that was a great goal. But as I started to make some money, I wanted something, you know, bigger. I wanted to do something on a bigger scale. And I really, honestly, the logic was,

Okay, let me go try this. The worst thing that could happen is I lose my investment and I'll go back and get a sales job and wallow in that thing that I didn't really want to do. Not that that's a bad job because I have friends who've had amazing career in sales and they're passionate about it. It was right for them. But for me, I figured, ah, and I asked myself that often as an entrepreneur, okay, what's the worst that could happen?

And then if I can accept that, I'll take that, you know, I'll take that chance. That's brilliant, Gary. I think that's one of the things I ask my clients as well. And it's an important question. What's the worst case scenario here? And if the worst case scenario is you're going to lose the house, the kids won't go to college, we may not be able to put food on the table. Well, then you're going in too big to start. You need to scale that back, right?

But exactly right for most people, especially if they're looking to make that transition from the corporate world. Worst case scenario is just go get another job, right? I mean, I hate to simplify it and nobody wants to fail, but that's really what it's about. Yet that is what holds most people back is that fear of failure, the emotional fear, the embarrassment of it. Yeah. And then the other thing I did was I discovered my first retirement calculator. Yeah.

And I started doing the math as a W-2 employee. And really, no matter how much money I would have made, it's so hard to pay ordinary income on a W-2 income, live a decent lifestyle and raise, I have three kids, you know, raise a family and really be able to accumulate enough, you know, net worth. And that was the other reason that I wanted to build like an asset. And I've built and sold three businesses over 20 years.

And when I look at it, Henry, if I look at like my net worth, I'm going to say that probably 80% of it is either

Tax deferred, I haven't paid tax on it yet. Accumulation on the assets that I did have or capital gains event. Very little of it was through my ordinary income stream, if that makes sense. I know the topic is cybersecurity, but- We're going to get there, but this is so critical as to how you got here and how you got this extra cheese and that transition is so inspirational.

because again, most of us struggle with that. And you're a perfect example. I did the same thing. I transitioned from a sales career and it paid me very well. Right. So that's the great thing about sales. And I don't even have a college degree. So it was a tremendous opportunity, but there were still these ceilings there that once I got past, you know, the basic taking care of the needs and,

I wanted to be in charge of what I achieved. I didn't want a cap. I didn't want to, you know, somebody dictating what I could or couldn't do. That was part of it, what it was for me. But it's not for the faint of heart. It is not. It is not. I have a unique view, but we'll get to true methods next. And I don't want to, you know, I want to get to our topic, but I have a unique view because I have had these peer groups of, you know, owners and leaders of MSPs or I, you know, small businesses. Yep.

For almost 14 years now. And so I've got to watch what they've done, who succeeded, who struggled more. And it's almost been like a Petri dish, you know, mean like a laboratory, right? Very few people get and I've learned so much about success and failure and what holds us back.

one quarter at a time over 15 years with these like brave business folks. So what's it, what's a common denominator that boils up to those who do achieve success over the longterm?

The number, a couple things. One is, and they tie together, they tend to be more self-aware. So they're able to take advice, to be able to realize that they came to us because they haven't gotten the results that they wanted. And rather than hang on, which is what most people do to everything they've done, that hasn't really helped them.

They're more open to say like, you've done what I would like to do. I'm going to take a leap of faith and I'm going to just take it. I'm going to swallow it whole until I master it before I make changes. And they're able to kind of let go. Their self-image allows them to do that where most people's self-image holds them back. They're so tied to every decision they ever made that

that even though it holds them back, they can't let go. It's an amazing struggle that I've seen. Yeah. And I gotta think, yeah, it does. And I gotta think if I understand well what True Methods does to an extent, it takes a leader that's saying, I'm willing to outsource this to you because you have this expertise.

rather than me try to develop or build this or maintain this in-house. Is that fair? Well, kind of. That's what MSPs do for their customers. That's what they do, exactly. But at True Methods, what we do is we have a peer group with a framework of how to build a managed service business.

So they come to us because they want to grow faster. They want more profitability. They want to be a better leader. They want to achieve different goals. They want to help their team achieve goals. And we've been doing it for companies for 15 years. So when they come in, you know, what we ask them to do is, you know, to dive into it and to try to be open-minded. But it's very hard. It's easy to say you're going to do.

But day to day, I find, Henry, that it's very difficult for people to do. Well, listen, it's a challenge because part of what drives us to become entrepreneurs and to the initial success requires us to be that type A personality that can get it all done and will invent it, right? So I think it's hard to make that transition or to acknowledge even from day one, I need to know what my zone of genius is and then get help in those other areas where I have blind spots.

Yeah, absolutely. Oh, you used a key word there, zone of genius. I think you like Jay Hendricks, the big leap. Yeah, and Sullivan, Dan Sullivan speaks to that as well, I believe. Yeah, I like them both. Big Leap is one of my favorite books. I like to say as an entrepreneur, I think I can order pizza better than everybody else. But what I've learned is,

You're never in, I tell people when they come into our program, you're not in the MSP business. You're in the business of business. It happens to be MSP. It could be pizza or plumbing or anything else. But don't confuse yourself because your knowledge of how to turn a wrench is

or do a skill or fix a computer has nothing to do with business success. They're completely mutually exclusive. And that's, that's hard. Yep. No doubt. So why have you taken this focus at least here? Not that you haven't before, but recently and wanted to come on the show and talk about cybersecurity. Why the focus there, Gary? So, um,

I working with MSPs, it's been the biggest trend that they have had to deal with. I also, I am the business analyst on a cybersecurity podcast for MSPs called the cyber call.

And so with that view, what I've seen is that there's such risk to all businesses, but specifically SMBs. They have the most amount of risk because they have the least amount of resources. And they now have risks, whether they understand them or not, that could be a death sentence in their business, right? It could be the one thing that could happen.

that like Jim Collins says, you survive all mistakes you make that you survive. But there are mistakes you can make in cybersecurity that you wouldn't survive. And I've seen it happen. Yeah. And it's so interesting how small business owners have this misunderstanding or misconception that, well, we're not a target. We're small. So there's nothing they want from us. But that couldn't be farther from the truth. No, in fact, they're more of a target because

Because the bad guys, right? The bad actors have figured out that it's much easier to go after SMEs. So easy. Yeah, exactly. Relatively speaking. The only reason you haven't gotten hit is because there's a bunch of them. And like your door is open, but no one has come down your street yet. Yeah, yet. Exactly right. You know, here's some stats that I pulled. These are just my research from various sources. But in 2023, 41% of small businesses reported experiencing a cyber attack.

And these are rising threats. 60% of small business owners identified cybersecurity threats as a top concern, and yet only 23% felt very prepared, right? So there's this combination of a lot of us bury our head in the sand, that's not going to happen to me, I'm not a big enough fish, I'm not a target, not true. The ones who realize that it is, we don't know what to do about it necessarily, right?

Yeah. And I'll say of that 23% who feel they're prepared, I'll challenge them, you know, as well. And so mainly because the bad actors are so much more mature and they're so much better funded. So whether it's nation states or, or other, you know, well-formed groups, it's,

And they have like almost distribution channels. Like one person just gets the credentials. That's all they do is get good at credentials. And another group of people gain persistent access. And then a third group of people will come in and take it from there and manage the ransom and those kinds of things and deploy the payload. So they're so much more mature than even sometimes the MSPs, right? Yeah, I mean, they're learning so much faster than I could possibly learn how to defend, right? Yeah.

Yeah, and that's why it's important to think about, like the most important concept for an SMB to know is we'll talk about some hygiene things to think about what you should do, but you have to take an assume breach mentality. You have to assume that no matter what you do,

that you can still have an attack. And you have to make sure you're spending time and money on what happens, what we call right of boom. After there's an issue, how do you minimize the impact to it? How do you prepare for what happens? Do you have the right insurance? Do you have backups on a separate network? All the things, like if everything went wrong,

How would you survive in that case? And that's really the starting point. And that's the most important thing. And then we can talk about what makes sense in terms of, you know, putting up more defenses and locking your doors. Yeah, that makes sense. You know, back in my old IT days, we'd call it a catastrophe plan, you know, or some type of a plan if there was some kind of a natural disaster. But you're right. We don't think about it that way, right? And partly probably because we don't, because it's so daunting and scary to think about.

But but it got to think about it not as how am I going to protect myself? I have to do that. But it's inevitable that if I do have something happen, what's my plan? What do I do? What's my plan of action? Is that what you're saying? Yes. What I tell what I told my customers when I had IT companies and what I teach our our our true methods members is with every customer, tell them it's if not when. Right.

And if anybody comes in there, tell them they can spend more to assure them they'll never have an attack. They're either lying or they don't know better because it could come through Microsoft or some other source that we can't stop. Right. Okay. So we've touched on a couple of the examples, but give us a little broader picture. What does this typically look like or commonly look like at least these days for a small business? What are these attacks and cyber threats look like?

So, you know, it's changing, right? Because we have in the recent years, we've moved from pretty much everybody in office behind a firewall. And so protecting the device or the endpoint was number one. And that's still a concern, right? And Kaseya has made some, has done some things last year that have completely changed the landscape from that standpoint. Right.

But really now more of the attacks are user-based, right? They're user-based, they're identity-based rather than endpoint-based. So now you have to protect on those two fronts, both the endpoint and the user, right?

A defined endpoint from a non-technical perspective. The endpoint would be your device, your laptop, your PC, whatever you're accessing your applications and business on. A point of sale terminal, a laptop, somebody's computer, somebody's device that has access to the network, whatever it might be. As opposed to the user, it's me and it's my identity that I log on to Office, that I log on to a line of business app.

And that's really where we see the Verizon breach report, which is the biggest study every year on security. And the majority of what you see is around phishing, vishing, different types of...

you know, end user attacks to gain credentials. Right. So they use- That's the game name of the game. They're trying to get my credentials to sign on to my network, to sign on to the bank account, to sign on to whatever.

Exactly. And then once they're in, like they don't go in and all of a sudden start stealing things. They stay there quietly. They're planning, planning, planning, waiting for the opportunity. Yes. Yeah. And they move like they'll move side to side. They'll have lateral movement where they'll keep looking and they'll do more research. They'll find out about the company's financials, what they might afford to pay. They can see what their most important systems are.

And then what they'll do is, and this is important change that also happened. They used to just lock your computers and you have to pay to unlock them. But now what they'll do before they lock them, they will see if they can get your data. Right. Right. They'll actually trick your data. Hold that, hold that.

Ransom as well, hold it. Hijack it. Hijack it. So that way, even if you get them decrypted, figure out how to reload, they still have leverage over you because they have your private information. Right. It used to be the basic, unlock your computer. Now you can unlock it all you want, but I still got what's valuable to you and I'm not going to give that to you unless you pay me. Yes. And so a couple of things people can do, right? Some basic things.

One is start with the endpoint. They can make sure that they have, at least from a tool standpoint, that they have all the key tools. And the big change that happened last year, Kaseya released an offering called Kaseya 365 Endpoint that basically takes all the key tools to manage, secure, and protect an endpoint and put it into one price, one offering, one price. And the key thing about that was before this,

Most MSPs, if you ask them, do they have an MDR, which is basically it's software and services that kind of looks after your system. They wouldn't have it at all their customers because not all their customers would buy it. So now what Kaseya has done is packaged it in. So now every single SMB can have managed detect and respond MDF.

This is Henry Lopez briefly pausing this episode to invite you to schedule a free coaching consultation with me. I welcome the opportunity to chat with you about your business plans and offer the guidance and accountability that we all need to achieve success. As an experienced small business owner myself, I understand the challenges you're experiencing and often it's about helping you ask the right questions to help you make progress towards achieving your goals.

Whether it's getting started with your first business or growing and maybe exiting your existing small business, I can help you get there. To find out more about my business coaching services and to schedule your free coaching consultation, please visit thehowabusiness.com. Take that next step today towards finally realizing your business ownership dreams. I look forward to speaking with you soon.

So from a layman's perspective, in layman's terms, what are some of the things that it's doing at that endpoint to keep that you or help that user not get phished or whatever the case might be? What are some of the examples there? There's other things that keep you from getting phished. What MDR does, it will block some things, but mainly it's looking for things

that are anomalies in any way and sending alerts to a team of threat hunters to know immediately if something isn't right. - It's more about not necessarily preventing the access, but immediately or as quickly as possible identifying that somebody's in.

Yes, it does both. I'm sure it does both, right? Primarily, other things also protect. This is the tool that also is making sure that if anything fails, that it's able to identify it as quickly, immediate, and in some cases, automatically shut it down, shut down the...

The threat. Got it. I see. To stop the spread and shutting it down. What other tips have you seen for small business owners? And mostly my audience is micro small business owners. So keeping that in mind, what are some practical, affordable tips that you've seen implemented well that can help with some of this?

So we mentioned the endpoint having those tools, but also on the user, there's tools, things like there's a product called SAS alerts that Kaseya acquired. I call that cloud detect and respond. It does the same thing that an MDR does, but it'll do it for like office 365, which is what most people today is one of their prime tools that they use. So make sure you're covered on both. And I would say,

You probably want to try to find an IT provider to do and manage this for you. Yeah. Like it's hard for any small business. I mean, honestly, today, most businesses up to from zero all the way up to 500 employees in some point or another are outsourcing some or all of their cybersecurity just because you need someone who's doing it for multiple customers. Right.

has that experience. And they've got the technology, the knowledge, the experience, they're staying ahead of it. And then, you know, to use the term, I think we were going with the hygiene. What are some tips that you recommend to, you know, if I'm a small organization or maybe even just me as the owner to help avoid some of those scams? So having training,

Right. So, uh, having your like phishing training, phishing simulations, there's software platforms out there. Um, that Kaseya's is included in their 365 user, but you want to be able to use, um, security awareness training would be the number one thing. And you're continually training your users and then you can run phishing simulations to see whether, um,

Um, they, they fall for it or not, or they, they understood what they were supposed to be looking for those types of things. Yeah. That's probably one of the most important things you can do. And then on the other side, um, is making sure that you have a good disaster recovery plan. Yeah. Disaster recovery. That was the term I was searching for earlier, a disaster recovery plan. Um, what, um, you know, for a small business you've touched on it, but what, what are some of the key components that need to be in that disaster recovery plan?

So one of them is really a business analysis. Like,

If you look at even a small business, they use many different applications. They may don't have to secure or back them all up in the same way. Like which are the ones you can't live without? I see. And spend the most money securing those. And also you're willing to like, you know, you should have like multi-factor authentication everywhere. Right. And so make sure that the most important apps are backed up properly, secured properly, secure.

They have the best plan. Do your best with everything else. But sometimes if you treat everything with the same level of urgency, you know, even like when people have an event, a security event, and they haven't done this, they say, well, what do you need to have up first? And they say, well, everything. Well, we can't do everything. And they start fighting between themselves. So that's part of the planning is identifying what's mission critical that needs to come up first. Yeah.

Yep. So identifying the value of your targets, what it would do to your business and securing and backing and having them prioritized in a plan. I've always been curious about this because I haven't had to deal with it personally, but are there times when people have no choice but to pay the ransom?

Yeah. I mean, look, no one likes to pay the ransom. The government doesn't want you to pay a ransom, but yes, there, I have seen many scenarios where it made sense for a company, you know, to pay the ransom many times it's because again, they, they didn't, they didn't have the right cyber protection. So they weren't able to catch that exfiltration, the data.

Or they didn't have a way of means of backing it up, like the combination of those things. And just the risk is so high, they would do almost anything in order to be able to get that decryption key. If it's one of your clients, what do you guys usually advise if it does happen to one of your clients? What do you usually advise as far as to what to do next? So...

Prior to that, we're always advising that they have cyber insurance. Okay. And as part of that, that they have, you know, an incident response retainer, a company that would do the incident response so that once an event happens and they make that call, it's really the incident response people. Critical.

who are telling you kind of what to do. If there's negotiations, they would do the negotiations because it's a skill, right? Hopefully it never happens to me as an IT provider because I'm so good, but they deal with it every day. Right. And so they're professionals at it. You know, what to say to your employees, what not to, what to say in the press, what not to. Yeah.

So really that's the key is to have the right team so that the minute something happens, if you have a plan, you have insurance and you have a incident response team, you're in a really great spot. And many times the insurance company will line you up for it. So it's like, even if you're a very small two person company, you can get that. Yeah.

Gary, what other best practices or anything along those lines have I not asked you about that you wanted to share as it relates to cybersecurity? Again, from a small business owner's perspective, what else? So I would think about

any like private information that you hold, like information about people, data about people is really an issue. Like that's the most important thing. And make sure, is there any compliance or regulations in your industry? Because many times people miss this.

And they have compliance and regulation in their industry, and they don't really understand it fully, right? Like HIPAA, let's say. Yeah, like HIPAA, FINRA. But now states are starting to do that, right? I see. So make sure you are completely aware.

that you might be under, or like sometimes it's not even you, you do business with a customer and that customer does business with the DOD. And through that chain, you may have responsibilities that you wouldn't know until there's a lawsuit.

And so really be aware of those things, make the right relationship with an MSP that you feel comfortable with. They can guide you through the things that I'm talking about today and realize that

You can't outsource your responsibility. You can outsource knowledge, experience, tools, but it is always your responsibility. It's your business and it's no one else's responsibility to be educated and to make good choices. Well said, well said. All right. So tell us more about what Two Methods does and, you know, kind of your ideal client. Give us the high level explanation of that, if you would.

So my whole life is trying to make small business leaders more successful. They happen to all share one thing in common. They all own men and service providers. So we have men and service providers from, you know, one or two employees all the way up to hundreds of employees that are part of a peer group that we run. We have 800 members around the world. We put you in groups of 10 other people, similar size and complexity in non-competing markets that

and really provide a framework for how you organize and deliver services, how you package and price, how you sell, how you do business planning, benchmarking, all of those things. And I started building this 15 years ago. And then four years ago, my company was acquired by Kaseya. So now we do it as part

of Kaseya and we have all the resources of the top software company in the MSP industry. And it's both...

you know, a service offering, if you will. And there's also a technology platform that I, am I understanding that correctly? Or what is the offering? Yeah, the offering is the peer group service. And so we have technology that enables it. And then all of our, the majority of our MSPs also use the Kaseya cybersecurity and management platform.

uh tool stack kaseya 365 so that's kind of like the basis to cost effectively be able to add all the protections that every small business would need and uh who's the ideal client like what size are we talking about the based on your pricing that it's the best fit for

So from a Kaseya standpoint, any provider, any business can use the Kaseya software. From our peer group standpoint, again, we have companies that just have a couple people in them all the way up to some of the top equity-backed MSPs and everything in between. Interesting. Interesting.

Okay. Book recommendation. I'm always looking for a book recommendation. Is there a book that comes to mind that maybe you've read recently that you would recommend? I read recently the book Die With Zero by Bill Perkins.

And it was really interesting because it basically, I'll give you the two minute, the minute version. It has you look at life from a different point of view, which is an optimization equation. And the levers of that equation are time, money, and health.

And it explains that you don't always get them in life at the same time. It's hard to have all three at the same time and how you can make a different points in your life, how you can make decisions in a way that you can optimize, uh, you know, that life equation. Interesting. Very interesting. I hadn't read this book. How, how do you think you've kind of applied that or how has it influenced, uh, the way you run a business? So what I would say is, um,

I'll start with how I approach life. What it's done for me is, you know, I grew up as a saver. I've been saving my whole life. And there comes a time there's a balance between saving and spending on experiences while you're young and while you're healthy. Like the advice that I give my kids who were in their 20s and early 30s is,

Yeah, yeah.

It's such a contract, Gary, that we were indoctrinated in, which is the employee who will eventually retire mentality, isn't it? Yeah, and...

And as entrepreneurs, I call it, they have a drag race mentality, which is they're running a drag race. They're just going to put, you're going to give up everything and put the pedal to the metal. And then they realize it's not a drag race. It's a marathon. And they get to a certain point in their life and they miss things with their kids. They missed experiences. They didn't take care of themselves and they could have done all those things. And if you know how to run a business properly can even be further ahead. And so this is kind of the theme of what we try to teach entrepreneurs.

I tell business owners, they come to us because they want to run a better business. That's not really why we're here. That's a result. We want them and their teams to optimize their lives. And part of that is, to do it, they all need to run more profitable businesses. It happens to be one of the things they need to do. And that's why Kaseya has been so supportive of this mission. Right. Why did you decide to sell to Kaseya?

We had built some software for virtual CIOs called My IT Process and really got to the point where I had to make a decision how much more I wanted to invest rather than having someone like ASEA that has, you know, 27 or 28 other software products they have built

a thousand people on their sales team for distribution. They have developers in best in class, you know, development centers around the world. And was it better with them to fulfill its destiny and allow me to do the thing that I love to do, which is to build my peer groups. And obviously they've left you alone enough to do that because you've been there all this time since you sold, right? That's not common.

No, no. Most entrepreneurs don't stay. I certainly didn't the first time I sold my first business. But Kaseya really, they care about MSPs and they have completely left me alone and supported me just to really completely do what I love to do. And that is change lives through business. Fantastic. Fantastic.

All right. Is there anything that we didn't touch on related to cybersecurity that you wanted to share for that small business owner who's listening today?

Anything else that you wanted to share there? No, just, I would say, look for a managed service provider that specializes in whatever size business you are. And I would ask them whether they use the Kaseya stack, you know, cause you know that if they're using the Kaseya 365 approach, that they're going to cover endpoint and user with all the key things. It's a, it's a good code to know that that's a good first step. That's definitely one thing to look for. And what you're saying is that if they're using the Kaseya stack and

It's best in class. And that tells you that they're going to have you covered, at least from that perspective. Yeah, it's best in class and it's complete. I think you've touched on it, but tell me again, what would be one thing you want us to take as small business owners on this topic of cybersecurity? If there's one thing you want us to leave this conversation with, what would that be? That this is a threat to your business, whether you're aware of it or not.

So you need to get educated and you need to take responsibility for it. And you need to put the right relationship in place, you know, because you're not going to be able to learn everything other than what the threat is, but the solution to it, you're going to need some help. Yeah. Well said, you know, that that's a, that's such a key takeaway. And then the point you made about,

It's not when it's if, and we must have a plan in place. I think that's huge because that's, I don't know that even I necessarily looked at that way. You know, I think we tend to look at these things as well. How do we prevent it? Well, you got to do that. But the reality is that, uh, all, all your efforts might be for not, it still might happen. Yeah. And then if I could, could I share just one more thing, non-security related? Um,

you know, related to my passion of helping, you know, entrepreneurs and, you know, small business people. What, if I had to sum up everything I've learned through my own experiences and all the, you know, leaders that I've coached and mentored for, for so many years, is that you have to first take full responsibility. Like you're,

You are where you are, whether you like it or not, because of all the decisions that you've made. And so many times I see people who tell me they've been in business for 10 years to get to a million dollars in business. But when I ask them what success looks like in two or three years, they say they're going to be three million. And I always ask them, well, what's going to change?

Because that's dramatic. So something's going to have to dramatically change starting with you. And the answer that I get, unfortunately, is never dramatic. And so they're hoping that things change, but they really don't know what good looks like. Find people who have done successfully what you would like to do, right? Join a peer group, go to a conference. You're not going to figure it out looking at your laptop. And most of the answers that we need

are already out there. Somebody else has probably figured them out. And then once you do that, realize that your job needs to change every year because the role of a $500,000 revenue leader is different than a million, different than 5 million, 10 million. And your job is to always be offloading the things that that next level doesn't do. Right.

And if not, you're just going to grow until you're as busy as you can get. Yeah. And it seems like that ties back to the common trait you mentioned of self-awareness, because I have to be self-aware enough to understand that, accept that responsibility, and be willing to evolve. And that's, I think, to your point of why we see so many business owners, they plateau

And then the company gets stalled because they're stalled from a mindset perspective. Yeah, look, I know more about business based on I sit on boards, I've sold companies, I've acquired companies. I know more about business than I ever have. But more than that, I know how much I don't know more than I ever have. Do you know what I mean? And you got to have both. You've stayed humble on that. And that keeps you curious and wanting to learn. Yes.

And then particularly to learn from others. Yeah. And to me, that's what passion and enthusiasm is about in a career, right? That you, you have commander over the business. You're able to share those goals with people around you. They're committed to the same goal and you feel like you're making a difference because you're

You know, I've hired hundreds of employees in my career. And in many ways, none of them wanted the same things out of life that I did. They're more mentally healthy, I'd like to say, than me. But we all share one thing. We all want to be part of something that's bigger than just us. And we want to know that what we do matters. Yeah.

I mean, it's at the heart of partly why, as we said, we're entrepreneurs. We, we, we, we don't want a ceiling put on us by somebody else in particular. And so that's, that's what it's about. But we end up then putting our own ceilings on ourselves, our own limitations on ourselves. If we're not self-aware enough to avoid that. And read a lot. Got to read a lot. Yeah. Got to take it in.

Almost every great business leader I met is a reader. Avid reader. Agreed. That's one of the reasons I ask that question in every interview is curious is what book recommendations people have. This is awesome, Henry. You're really great. Thank you. I appreciate that. Appreciate you sharing your greatness with us. Where do you want us to go online to learn more? Yeah, just go to Kaseya.com is the best place to go and check out all the amazing things that Kaseya is doing, including our peer groups.

Excellent. Gary, thanks for taking the time to be with me to share and inspire and being here on the show today with me. I appreciate it. Awesome. Thank you. This is Henry Lopez. Thanks for joining myself and Gary here on this episode today. I release new episodes every Monday morning. You can find the show anywhere you listen to podcasts, including the Howa Business YouTube channel and my website, thehowabusiness.com. Thanks again for listening.

Thank you for listening to The How of Business. For more information about our coaching programs, online courses, show notes pages, links, and other resources, please visit thehowofbusiness.com.