I sat with President of GoTech IT, Chris Gotstein, to dig into the challenges facing his growing business and hear his thoughts on the MSP cybersecurity landscape. With increasing compliance requirements and a lack of small business security awareness, Chris knows that providing effective, affordable services helps everyone succeed. These are his key takeaways.
Chris Gotstein: I started GoTech IT Solutions back in 2013. I had a small office in the Upper Peninsula (UP) of Michigan and then about six years later, I opened another office down in Milwaukee, Wisconsin where I'm currently located.
We provide managed IT services to small businesses in the Milwaukee area and in the central UP with an emphasis on the manufacturing sector, accounting firms, and financial advisors. We're also starting to work with construction companies, plumbers, and electricians. We've found a good niche with these service-type businesses and manufacturing because they rely on having working systems all the time and need them to be secure and compliant.
With new FTC regulations coming out, both our accounting and financial advisor clients are seeing more compliance scrutiny. We're able to provide the correct solutions to meet and exceed the compliance requirements that they have.
CG: A lot of research to see what we need in place to make sure clients are compliant because it's changing all the time. We have multiple systems, taking an “onion” approach to cybersecurity with multiple layers.
We're leveraging Todyl to help with a lot of that compliance. As we get further along in the evolution of compliance, we need more controls. We need systems that both protect our clients but also record and report on each control to prove we're doing everything correctly. We have policies to back up all the compliance requirements, and we use the Todyl GRC module to simplify it.
CG: Mostly a place to start. With compliance, we’ve wondered, “Okay, where do we even begin? What policies and tools do we need to have in place?”
Todyl GRC helps lay it all out for us. We check boxes according to the clients’ compliance regulations and it gives a list of what we need to do. Then, we can drill down into each control to plan how we'll meet the clients’ needs. It’s made our lives a lot easier because now we're just focusing on implementation and getting our clients compliant, not worrying about each individual rule. It's already built for us and Todyl maintains it and keeps it up to date.
CG: Jeez… There's a lot of challenges. The biggest is probably convincing small business owners that they need security. When we talk to prospective clients, we try to keep things as down to earth as possible, but they still don't understand that they are a target.
Customers often say, “I'm too small, nobody wants my data or cares about my business.” That's not true. There's value to what you're doing. If there wasn't, you wouldn't be in business. Don't tell me that your data, product, or service isn't valuable enough that somebody doesn’t want to steal from you.
We as an industry and the media in general don’t do a good job of reporting small incidents. The FBI doesn't even look at anything under $250,000. Even a $10,000 incident can wipe out a small business, but nobody seems to care, say anything, or help.
It’s challenging to convince a business owner that these things can, and most likely will, happen to them without protections in place. Sometimes, I look at their infrastructure without security or even MFA and wonder, “How have you not gotten hacked? How much will you lose when an incident happens?”
That keeps me up at night. People aren't aware of the vulnerabilities in their own business.
CG: First is the all-inclusive agent. It lowers the footprint on workstations so we’re as efficient as possible. I don't want eight agents, all doing something different and sucking resources for our clients. The single, modular agent means we can add things where we need them.
Todyl GRC… honestly, it's the most comprehensive and simplistic compliance module I've seen. It's not overly complicated. I don't have to spend weeks getting things set up. I can simply activate the module and start going through each control. I'm getting to work right away instead of spending hours learning the process and how the system works. We just implement it, and we're good to go.
The price point also works out well for us and for our clients, and the fact that Todyl continues to develop the product is huge.
CG: Thankfully, we haven’t had a major one yet. We've been using Todyl SASE for about 2 years now, and it’s stopped malicious websites and links dead in their tracks. Giving our clients additional protection wherever they go is a game changer for us.
CG: We, as an industry, talk about packaging and pricing nonstop. In the last couple of years, I've had the mindset of serving just one best-in-class package to our clients.
Talking to clients and prospects, however, it became clear we needed more flexibility with our services. With Todyl, I can activate modules where I need them without rolling out a whole new client or agent.
I sell tiered packages now. My base package includes Todyl EDR and SASE, or maybe just Todyl EDR, and that's it. My middle pack is SASE, EDR, and a couple of other modules, and then I can also layer compliance on top at any point along the way.
The fact that I can activate things and package them separately to work best for the client and help them grow into compliance is huge. Normally, we would be charging upwards of $1000 a month for compliance. With Todyl, I can package it for $100 a month. It gets our clients the compliance and protection that they need at a price they can afford.
CG: It’s been a lot of “no news is good news.” I don't know if I've ever had a client say, “The level of protection you've given us is second to none.” Most clients see the value we bring because we communicate what we're doing with them.
We can show them our protections and the value of them with reports. Once we start deploying more compliance controls, there may be stuff they may not fully understand, but it's a robust report, a robust program they realize is worth paying for. They know they’ll be compliant and get the protection they need.
Our reports are eye-opening to the end user. They may not say they appreciate it directly, but there's definitely some wide eyes when they're looking at them.
CG: Pick a tool that not only works well for your clients, but for your own pricing and your business. Everyone says that techs love tools. I was guilty of it myself. We had 10 different tools to do 10 different things, and sometimes we had 10 different tools to do 5 different things, and they overlapped.
Todyl’s flexibility and modularity help meet and exceed the needs of our clients. Plus, Todyl invests so much back into developing new tools and features. Those are the things I look for. I've gone through a ton of vendors who either add things that aren’t useful to an MSP whatsoever or get bought up by larger companies and we never hear from them again.
Todyl has a really good product. It fits our pricing and our package models. It allows me to give value to our clients that is affordable to them, but it's also all in one package, one pane of glass. When it comes to cybersecurity solutions, the more things that are integrated and talking to each other, the easier it is to track down problems. With Todyl, I can see everything.
CG: For us, it was one of the easier products to get into. We got a ton of support getting on board and understanding the product. Todyl Support has been great. When we put a ticket in, we get a response pretty darn quick.
Ultimately, the product just works. Sure, we've had some headaches with it; all software has problems. But I will say, for the problems that we’ve had, Todyl identified them, worked with us, and got it fixed within a couple of weeks. That's unheard of with larger vendors; things just don't get fixed in a timely fashion. Todyl cares about us and continues supporting us, not only by providing a good solution, but by fixing the problems that come up along the way. It speaks volumes compared to other vendors.
And the price is right. We have the modular support to activate whatever we want so I can minimize the amount of time my guys are spending in a tool. It just works, which is what I want. And, when there is a problem, we have a quick resolution to get it taken care of.
