September 10, 2024 • 42 mins
As an Ops person, the role of IT expert is often part of the job. So how can you ensure your agency’s IT infrastructure is set up for scaling?
That's the focus of our discussion with Dan Timmiss, Technical Director at Kaizen IT Solutions. With over two decades of experience, Dan has helped hundreds of creative agencies optimize and manage their IT setups, from audits to complete IT overhauls and supporting scaling teams.
In this episode, Dan shares essential best practices:
- The importance of implementing single sign-on (SSO) and multi-factor authentication (MFA) for security and ease of access
- How cloud storage can complement on-premise servers if you have heavy media files
- Using mobile device management solutions like Jamf to manage your fleet of computers, including ‘zero touch deployment’ and easy on-boarding and off-boarding
- Seeking security accreditations like Cyber Essentials Plus, CIS Benchmarks or ISO 27001 to help secure contracts with global clients
- How newer services like MDR (managed detection and response) and XDR (extended detection and response) go beyond traditional anti-virus solutions to monitor your systems for threats
- Why to educate your team on ‘social engineering’ scams that could cause financial and reputational harm
Follow Dan on LinkedIn: https://www.linkedin.com/in/dan-timmiss-486ab517/
Follow Harv on LinkedIn: https://www.linkedin.com/in/harvnagra/
Stay up to date with regular ops insights. Subscribe to The Handbook: The Operations Newsletter.
This podcast is brought to you by Scoro, where you can manage your projects, resources and finances in a single system.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Harv (00:32):
Hi all, welcome to the show.
Before we get started, I wantedto mention that I'll be taking
part in a webinar with AgencyHackers on Thursday, 19th
September 2024.
It's all about productivity inthe workspace.
I'll be sharing some tips thatI've seen work really well to
maximize a team's ability to dofocus work and get into flow.
(00:52):
I would love to see you there,so please sign up for that and
get it in your calendars.
Again, that's on Thursday, 19thSeptember, 2024.
You can sign up for free atbit.ly/thehandbook24.
That's bit.ly/thehandbook24.
(01:14):
We'll put a link to that in theepisode notes as well, but do
sign up.
Now, back to the show.
Hi all.
As an Ops person, one of thehats you might find yourself
wearing is IT Expert.
I do think it was taking controlof IT issues once upon a time
that no one else was takingresponsibility for that started
my journey into operations.
(01:35):
I started getting involved ingetting better internet service
brought into the workplace.
I started setting up Macs fornew starters because I disliked
that people would be plonkeddown in front of an iMac with
hundreds of files on the desktopon their first day.
I had the RAM upgraded acrossour entire fleet of computers at
one point to give us a speed andefficiency boost.
And eventually I started gettinginvolved in other aspects of
(01:58):
behind the scenes, which grewand grew and grew until I was
able to make a case for a rolein operations.
If you're looking to scale yourbusiness, then IT is one area
you need to ensure you havefully under control.
In today's episode, we're goingto be looking exactly at that.
The IT considerations an agencyshould have in place in order to
be ready to operate efficientlyat a larger size.
(02:19):
We'll be talking about the areasthat you can proactively address
so that you're not having torush to shoehorn this stuff in
because things start creaking orclients start refusing to work
with you.
Those areas that we're going totalk about today as a preview
are is there ever a reason toswitch from Microsoft 365 to G
Suite?
We're going to be talking aboutdata storage, cloud based versus
(02:41):
on premise servers.
We're going to be talking aboutmanaging your fleet of
computers.
How do you efficiently set upand manage your team's devices?
We're going to be talking aboutdata security.
How do you ensure your data issafe?
And what standards corporateclients might be demanding that
their agency partners alignwith?
Next we're gonna be talkingabout how you can support your
(03:02):
internal teams with IT issues.
There's a lot to cover.
Our guest today is Dan Timmiss.
Dan is the Technical Director atKaizen IT Solutions, an IT
solutions and service providerfor the creative sector.
Over the past two decades, Danhas assisted hundreds of
creative agencies in optimizingand managing their IT
infrastructure, from IToverhauls to team expansions and
(03:25):
relocations.
He has also helped agenciesimplement best practice
solutions for hybrid and remoteworking; ensuring their creative
teams stay connected andproductive regardless of where
they're based.
At Kaizen, Dan's responsible forkeeping on top of new and
emerging solutions andtechnologies and helping his
team understand how to bestadvise and support their agency
(03:46):
and creative clients.
Let's get into the discussion.
Dan, thank you very much forjoining us today.
Our audience, as you know, isagency ops folks and Kaizen have
a lot of clients in that space.
Was that a conscious decision onKaizen's part to specialize on
this market?
Dan Timmiss (04:02):
It was, really.
So Kaizen started as an internalIT company for an agency,
basically.
A large agency, probably about120, 150 or so at the time.
That agency got bought out.
They had their own IT when theygot bought out.
So the IT team were effectivelynot necessarily made redundant,
but they were going to have tobe repositioned.
(04:24):
And they thought, let's startour own IT company.
We'll specialize in Macs, we'llspecialize in media, we'll
specialize in creative industry.
We're very lucky at the time toget funding from the owner of
the agency who was a partner atthat particular time.
Harv (04:39):
Mm hmm.
Dan Timmiss (04:40):
and we just took it from there.
So it kind of was a bit of aconscious decision.
Yeah.
It was made out of the fact thatwe were there already.
Harv (04:46):
Super interesting.
Dan Timmiss (04:48):
Yeah.
Harv (04:48):
Cool.
I didn't know that about yourstory.
So what kind of agencies interms of size do you work with?
Dan Timmiss (04:55):
We look after anyone from kind of one man
band, someone starting offthat's got a MacBook starting
away, all the way up to kind ofa thousand devices, fifteen
hundred devices.
Harv (05:06):
Wow.
Dan Timmiss (05:06):
The largest company that we look after is about four
thousand devices.
It's a huge range of people thatwe look after, I would say the
average is probably gonna beabout a hundred to 150.
So
Harv (05:17):
Okay.
Dan Timmiss (05:17):
a, a normal kind of medium agency size, if
Harv (05:20):
Hmm.
Dan Timmiss (05:21):
Yeah.
Harv (05:21):
Right.
So when we think about agenciesrequirements versus any other
kind of business, is thereanything that makes those
unique?
Dan Timmiss (05:29):
There is, a lot of things that make them unique.
A lot of the times it's thestuff that they work on and the
apps that they work with a lotof time, it's very Mac based.
A lot of the time it'll bethings like creative cloud is
very important in agencybusiness.
Stuff that you don't get inother businesses that you have
to deal with.
Things like fonts are a bigthing.
Things like image management,video management is a big thing.
(05:50):
Stuff that you're not going toget a, an accountant or,
Harv (05:53):
Yeah.
Dan Timmiss (05:54):
like a, an admin office or something like that.
So yeah, it's really importantthat we have to know, all the
tools that agencies are using.
Harv (06:00):
Yep.
And with those apps that you'rementioning and those media
files, heavy files are a bigfactor.
And uh, good internetconnection, no matter where you
are, always, comes into play aswell, just to make sure you can
move that stuff around.
So, I, I suppose it might bethose agencies on the larger end
of the scale, a hundred plusthat might have in-house
resource for IT.
(06:21):
But I wonder if many of theagencies that you deal with have
in-house IT people, or if youend up interfacing more with
operations people directly.
Dan Timmiss (06:29):
We interface with, with kind of everyone, the
larger an agency gets, the morewe recommend there is a lead iT
person in there, whether theyuse us or not.
When you're about 40, 50 people,we can pretty much do
everything.
When you start getting larger; ahundred, 150 people, it starts
getting quite difficult tomanage that amount of devices,
(06:50):
as well as things likeonboarding and offboarding.
Because we can't be there everysecond of every day.
Well, you can be if you want usto be, Yeah.
most of the time we're not therefor every second of the day, you
know, so
Harv (07:01):
Yeah.
Dan Timmiss (07:01):
important for someone on site to, to be able
to know, to answer kind of thesmall niggly questions.
And also it's important for usas a business to have someone on
site who's aware of what'shappening with IT.
Cause a lot of the time, ifyou're kind of 10 or 15 people,
if you're just starting up as anagency, you won't really bother
that much about IT.
You're focused on getting thejob done.
(07:21):
You're focused on the creativeside and you're focused on
helping your clients.
You don't want to be worriedabout the IT stuff, especially
things like the security stuffthat comes down a lot later.
When you get to 150 people, whenyou get to 200 people, it starts
getting quite difficult for, forus to know the full ins and outs
of the business.
So it's really important to havea liaison team within that
(07:44):
business to be able to, to helpwith IT and with ops and with
apps and things like licensingand new hires and, and all that
kind of stuff that a normalbusiness has to deal with.
Harv (07:54):
Good point.
So Dan, when you're coming in tosupport a new agency, I suppose
you need to do a bit of an auditto understand how they work,
what they have in place and whatthey might need.
Does anything interesting comeup in terms of the issues you
see or any red flags?
Dan Timmiss (08:07):
A lot of the times, mate, it's, it can be so
different.
Every agency is different.
Every business is different.
Harv (08:14):
Mhm.
Dan Timmiss (08:14):
I've gone into places before when it's been
absolutely perfect, but thereason that we're coming in is
because the person that wasrunning it has left, they've
gone on to a different position.
Harv (08:24):
Mhm.
Dan Timmiss (08:24):
And i've come into places where people have been
running something and it's It'scomplete chaos and that people
are asking for us and they'resaying it's so chaotic.
We've grown.
We used to be 10 people.
We're now 50 people becausewe've got a couple of big
contracts and all of a suddenwhat was easily handled is not
easily handled anymore.
So I need your help to lookafter it.
Harv (08:44):
Mhm.
Dan Timmiss (08:45):
It's so different, every single one.
But a few of the key pressingpoints we normally see are
things like security.
We get brought into to have alook at a lot.
We get brought in to look at,help with onboarding and
offboarding people because as anagency grows, people just don't
have time to, to deal with newdevices being rolled out or
devices being migrated or movedor, or that kind of stuff.
Harv (09:06):
Mhm.
Dan Timmiss (09:07):
But, yeah, we, we see all kinds of things, all
kinds of messes and all kinds ofgood things when we go into
places.
Harv (09:13):
Okay.
Dan Timmiss (09:13):
But yeah, we always, we, we, we never pull
any punches.
We always kind of lay out areport and be like this is what
you've got.
This is what you want to do.
And people can take it fromthere.
Harv (09:23):
Excellent.
Like I said, in theintroduction, there's five key
areas we're going to be focusingon in the discussion today.
So let's get right into it.
One of the most fundamentaldecisions any agency needs to
make is whether they're going tobe powering their agency with
Microsoft 365, Or G suite.
We were chatting before the showand you brought up a good point
that it's usually one of thefirst things a business might
(09:44):
make a decision on and it tendsnot to shift.
But my question is, is there areason why someone might pivot
from one to another or does thattend not to happen very much?
Dan Timmiss (09:54):
It doesn't really tend to happen that often.
The main reason someone wouldpivot is probably down to some
kind of regulation that they'regetting asked to do by a
customer.
So Microsoft can do certainthings regarding security.
Google can do certain thingsregarding, kind of data storage
and that kind of stuff.
We work with small businesseswho two or three people that
(10:15):
have got Microsoft and we workwith large businesses, kind of
four or 500 people that areworking in G suite.
Harv (10:20):
Okay,
Dan Timmiss (10:20):
So it's not like one is preferential to the
other.
It's really a personal choice tothe users and the staff really
more than anything.
Harv (10:28):
And, both of those platforms also come with single
sign on and multi factorauthentication, don't they?
So that's, that's something anagency might want to ensure they
have in place.
Dan Timmiss (10:39):
Yeah.
So single sign on or SSL allowsyou to take one location for
your users and be able to usethat one location to log into
multiple different websites.
So you may have a file storagesystem like Dropbox or Box.
You may have a CRM system, andyou could tie those systems back
to Google or back to 365 andjust use your 365 login to
(11:01):
access all of the systems oryour Google login to access all
the systems.
There's a few benefits, ease ofuse is a big one.
Your users aren't having toremember six different logons
for different places.
Security is another good, goodone.
So things like 365 do fullauditing of the whole user
trail, for example.
So you can employ MFA.
(11:21):
You can do things likeconditional access.
So only someone from thespecific device that,
Harv (11:27):
Mm.
Dan Timmiss (11:27):
that you want to use are going to be able to have
access to it.
Harv (11:30):
Mm.
Dan Timmiss (11:30):
and it just improves your security posture
in general, having SSO turnedon.
Harv (11:36):
Yep.
Dan Timmiss (11:36):
It's a bit of a no brainer.
You do get something called theSSO tax nowadays.
I mean, you've probably run intothis mate, I guess, where you
have to pay extra to, accesscertain SSO features.
Harv (11:48):
Mm.
Dan Timmiss (11:49):
But as you grow bigger as a agency or as a
business, then, sometimes you'repaying for that anyway, to get
the
Harv (11:54):
Mm.
Dan Timmiss (11:54):
additional features.
So SSO is just generally a bitof a no brainer, to be honest.
Harv (11:58):
Yep.
Yeah, it just makes loginseasier, like you said, and
easier to switch off.
If somebody leaves, you flickone switch and disable access
across the board, right?
Dan Timmiss (12:06):
That's right.
So yeah on boarding and offboarding as well.
If you have a new hire, you canjust turn them on in 365 and if
it's all set up correctly, itwill create a user in all your
other places and the same againwith off boarding you turn it
off in one place, turns it offin everywhere.
So yeah.
Harv (12:21):
And, two factor or multi factor authentication, I think
we're all pretty familiar withwhat that is...
Dan Timmiss (12:27):
Yeah, so MFA is pretty much an industry standard
now.
It's using something toauthenticate you.
So not just a password.
I mean, everyone's going to beused to getting codes on their
phone.
Harv (12:38):
Yeah.
Dan Timmiss (12:38):
Or using the authenticator app, maybe.
There's various ways to do it,to, to get a code through now.
Harv (12:44):
Yeah.
All right.
So let's talk about storage.
There was a big move to cloudbased storage during the
pandemic.
I think you kind of alluded tothat a few minutes ago as well.
That's when my past agency wentfrom using on premise servers to
considering platforms likeDropbox, Box.com or Egnyte.
For us, this was becauseproductivity was literally
grinding to a halt.
When we started working fromhome and working with those big,
(13:06):
heavy Adobe files, you know,people, rather than being able
to work on the server, like theywere doing in the office.
They were having to downloadgigabytes worth of files on
their desktop.
And then we'd have to wait agesfor them to upload them back.
So that didn't last very long.
And it became apparent reallyquickly that we need something
else in place.
So, why you might choose onecloud based storage solution
(13:29):
over another could be an episodein itself, so we won't get into
that today.
But do you still see manyagencies with on premise servers
rather than cloud based?
And, are there any upsides toretaining on premise servers
rather than moving to cloud?
Dan Timmiss (13:42):
Agency wise, we do still see a lot of on prem
servers, mainly because of whatyou mentioned, the size of the
files.
Harv (13:49):
Mm.
Dan Timmiss (13:50):
Something like Egnyte is a super popular kind
of business facing one.
And you have to pay, you get acertain amount of storage per
user, then you have to pay forany additional storage over
that.
if you're an agency, if you'vegot a, if you're a large agency,
and you've got a historicalamount of data that you're
wanting to keep, that can soon,you know, massively add up in
any cloud platform.
So what we often see is a bit ofa hybrid solution So
Harv (14:12):
Mm.
Dan Timmiss (14:13):
you would have your work in progress based on your
cloud platform that everyone canaccess wherever they are and
that might be maybe 10 terabytesor so data depending on what you
need to access.
And then your archive data isgonna be probably on premise
Harv (14:26):
Mm.
Dan Timmiss (14:26):
on a NAS box or a server or something like that.
you can back that up to a cloudor you can replicate it to
another NAS box in a, in a datacenter for access, something
like that.
But yeah, it's, it is very mucha hybrid.
We, we kind of push cloudstorage more than anything
because it's so simple andpeople are coming to us saying,
we want to be able to workremotely.
(14:47):
We want easy access and it's sosimple.
Something like Dropbox, youdownload the app, you sign in,
hopefully with your SSO and yourMFA.
And then bang, you've got accessto your work.
You don't need IT to set up aVPN connection or anything like
that.
You've got access to your workstraight away.
So it's, yeah, it's, it's superbeneficial, I think, for
agencies and to have somethingwith a hybrid approach.
(15:10):
So you've got the on prem forthe archive and the WIP being in
the cloud focus system, thenyes, it's an option we see a lot
of places take up on forcertain.
Harv (15:20):
Excellent.
So next we're going to talkabout managing your fleet of
computers.
You know, MDM or mobile devicemanagement is one of those
deeply unsexy terms likeprofessional services
automation, which doesn't reallymake a lot of sense when you
just hear it for the first time.
So a quick definition, Dan, whatis MDM?
Dan Timmiss (15:39):
So MDM is.
I mean, you say it's not sexy, Ido.
I really like it.
It's like my bread and butteryou know?
So MDM is looking after thedevices that you've got, be it
your laptops, your desktops,your phones, your servers.
All it is, is a way of managingyour fleet of Devices from a
single location effectively.
(15:59):
That's the most basic way ofputting it.
By using MDM you can applysettings to it.
You can apply restrictions toit.
You can push out apps to it.
You can push out users to them,that kind of stuff.
It's very much making sure thateverything that you own as a
business or don't own in thecase of BYOD is managed and
(16:20):
secure and it's up to date, forexample, and doing
Harv (16:23):
hmm.
Dan Timmiss (16:23):
what it should be doing.
Harv (16:24):
So BYOD, bring your own device.
And that's where people areusing their own devices and you
might need them to log intocertain things for work.
And you want to protect thatdata.
Dan Timmiss (16:34):
BYOD, we often use in the term of phones.
And so if you've, everyone canaccess their work on their
phone, you can access youremail, you can access your
calendar.
If you've got cloud storage, youcan access your data
effectively.
So being able to manage thosephones when they come in.
So for example, both Google and365, they provide functionality
(16:57):
so you can sign into yourprovider with your phone.
And if you then leave the, thebusiness has the ability to wipe
that data off the phone, not thephone itself, just the company
data.
So you know, for a fact as abusiness that you haven't got
some emails or some data kind oflying around on someone's phone
that's, that's left the businesseffectively.
Harv (17:16):
So you know, MDM gives you a lot of control over the
device, what apps get pushed outand things like that.
And, you know, ops people, a lotof times end up being
gatekeepers for new softwarethat the teams are asking for.
So this can be a really safe wayto kind of push that out because
they can have built in appstores for your agency and
things like that.
So you can block people fromdownloading things from like the
app store or whatever.
(17:38):
But you can control it anddeploy apps through the built in
MDM app stores, which is quiteuseful.
There's another area where Ifound a lot of benefit of this.
I'll, I'll tell you a bit aboutmy experience, just a short
story.
You know, there was a time whenI was starting to set up more
and more of our devices, for newstarters.
And I had a hard drive set upwith all, you know, macOS
(17:58):
installed, all the softwareinstalled, and I'd clone that
into a new computer to make itefficient to kind of set up a
new machine for a new starter.
I, I guess there was a time andplace for that and size of
agency.
And obviously the more we grew,and the fact that I was
responsible for setting upcomputers for our French and
Swiss business entities meantthat that didn't work anymore.
We needed something that wouldwork remotely.
(18:20):
I've also seen agencies manuallysetting up computers for new
starters as well.
Again, that might work at acertain size, but it gets
difficult to manage as you growand you also end up having no
control in either of thosescenarios I've mentioned.
You have no control over thedevices.
People can go and do whateverthey want.
So that's a real benefit.
I think is deployment of newdevices.
(18:41):
I think they call it zero touchdeployment.
Don't they?
Dan Timmiss (18:44):
That's right.
Yeah.
So zero touch the whole idea is,and you can do this with Macs
and you can do it with windowsdevices, is you can send the
device like literally straightfrom the shop to an end user,
and they can open it up and theylog in with their details and
all their apps are there and allthe security settings are there.
You, you get over a certain sizeor you starting having a larger
(19:05):
turnover of people...
you don't want to having to bespending half a day every time
someone new starts having to setup a computer and loading the
apps on carrying around likehard drives and stuff like that,
it becomes like too difficult tomanage.
Harv (19:18):
Absolutely.
Dan Timmiss (19:19):
Whereas if you can do it from the MDM if you can do
it from kind of one of the bigplayers sort of directly you
just say right then all of theseapps go on and they're
automatically updated becausethat's what the MDM does is it
doesn't matter if it gets senton the 1st of January or the
31st of December at the end ofthe year, the right apps are
going to go on at the right timeand it just makes things so much
simpler.
Harv (19:41):
In terms of head count, how big do you think you need to
be for an MDM to be critical inyour view?
Dan Timmiss (19:46):
It depends what, depends what you need it to do
for you.
Harv (19:49):
Hmm.
Hmm.
Mm
Dan Timmiss (19:50):
So, security, if you want it to lock down your
devices from a security point ofview, you might've been asked
for a client, you might be onlythree or four people, but if
you've been asked by a client toparticularly lock down your
devices, you're gonna need anMDM to do it because that's the
only way you can verify thatthey're locked down, you know.
if you haven't been asked to doanything like that from a
security point of view, butyou're, you're growing and you
(20:12):
want the benefits of theonboarding and the offboarding
and things like the security forinternal works as well.
And, yeah, we normally seepeople jump on board if they're
not being asked to do it orforced to do it, if you will,
from about 20 users or so, 15 to20 users is where it gets to the
point where you think, hang on,we need to be making sure our
(20:32):
machines are audited.
We need to be able to make sureif something gets stolen on a
train, we can remote wipe it,for example.
Harv (20:39):
Yeah.
Dan Timmiss (20:39):
We need to make sure that people can log in if
someone's out of the office andsomeone else needs to hop onto
the machine that they can log inwith the credentials and that
kind of thing.
So yeah, it's about 15 to 20people.
I mean, if you talk about thebig players, there's things like
Jamf is a big player in the Macworld.
We've got things like likeKandji, obviously Microsoft and
Intune are a big player in thePC world.
(21:01):
There's Mosyle, who's a prettybig player now.
They were in the education spaceand they've moved over to
business in the last few years.
Harv (21:09):
Okay.
Dan Timmiss (21:09):
can actually get Mosyle.
Mosyle is effectively free under30 people.
So if you've got under 30devices, you can go and sign up
to that as a business and, andeffectively start straight away
on their standard platform.
Harv (21:21):
Yeah.
You know, one of the benefitsthat you mentioned there was
offboarding and we didn't reallytouch on that, but yeah, when
somebody leaves, being able toreset your device and get it
back to factory settings, Ithink it was a huge benefit.
So you're not manually having towipe things and stuff like that.
Dan Timmiss (21:35):
We look after a business, just talking about a
that, we look after a business.
And they have...
It's one of the largerbusinesses that we look after
and they have an onboardingoffboarding process, which is
done entirely by their staff.
So they will ring up and theywill say, I'm leaving or I'm
moving department.
My Mac is going to a anotherperson.
And what we do is we presentthem an option in self service.
(21:57):
And it'll be reprovision my Macand this option in the
self-service app on their, ontheir Mac wipes the device and
gets it ready to be rebuilt forthe next person.
So the IT don't even have to doanything.
It's entirely user led.
And all they do is they walk upand they give the machine to
their next person.
They open it up, they sign inand they're ready to work.
It's wiped, the data's beenwiped clean and it's all up and
(22:19):
running.
And, and, and that's all managedby, by an MDM.
That's all managed by Jamf.
That one in particular, butyeah.
Harv (22:25):
Yeah, I, I use Jamf at my past agency.
So I did some training with Jamfwhen I brought it into the
agency.
So I got orientated with thebasics.
Is that something you see a lotof your clients do, or do they
tend to leave it in your hands?
Dan Timmiss (22:38):
It's, it's a bit of both.
It's really much a bit of both.
It depends on the size of theclient.
If we're working with peoplethat have also got IT people on
premise, we tend to recommend,people do a bit of light
training.
One of the things that Jamf doreally well is when you take out
a contract with them, they dowhat they call a jumpstart.
Which is kind of a, anonboarding for staff of the
(22:59):
business.
The thing is an MDM is only asgood as the people that are
using it.
It's just a framework for thedevice.
It's not a, a catch all.
You can't enroll your device inan MDM and it's secure and
perfect and it can onboard andoffboard and all that kind of
stuff.
Jamf and the other providersdon't want to sell you something
if you can't use it because thenit's going to come up for
renewal and you're just going tobe like, well, it's not doing
(23:20):
what it was supposed to bedoing.
So we're just going to get ridof it.
You know, so yeah, we wouldalways recommend training.
Jamf are really good.
They've got a number of courses,they call them like the Jamf
100, the Jamf 200.
If people have got an in-houseIT team, they do the Jamf 200
and that kind of sorts them outfor the day to day.
As you get bigger, like we saidbefore, it's always important to
have someone on the, on the coldface, knowing what they're doing
(23:42):
with the systems that they'vegot, you know.
Harv (23:44):
Yeah.
I did the jumpstart with Jamf.
I think for an ops director'spoint of view, having an
understanding of how it workslets you dip in and you might
not be the one that wants to setup all the infrastructure and
make sure everything is likeconfigured properly, it's
probably too complicated.
But being able to know wherethings are so you can go check
something or, you know, looksomething up is super useful.
(24:06):
So I think that's why somebodymight want to just get a bit of
exposure to those tools.
Dan Timmiss (24:11):
It's good to know as well, from a business point
of view, what's actuallypossible with the tool set.
Harv (24:17):
Yeah.
Dan Timmiss (24:17):
Cause you could come to us and say, I want this
to happen, or I want that tohappen, knowing that the product
could make it happen.
Harv (24:24):
Mm hmm.
Dan Timmiss (24:24):
And then we go away and write a script or something
or put something in place tomake it possible, you know
Harv (24:32):
Exactly.
Dan Timmiss (24:33):
And that's where we come in.
We take the burden off peoplehaving to do it.
We're happy for other people todo it, but people are busy, if
people weren't busy, then wewouldn't have a job because
everyone would be spending theirentire time kind of fixing
machines and stuff.
Harv (24:47):
Absolutely.
Okay, so let's move on totalking about security, Dan.
Before we get intoconsiderations, have you seen
any agencies fall victim to asecurity breach due to poor IT
practices?
Dan Timmiss (24:58):
The main security breaches I have seen in kind of
the last three years, most ofthem come down to kind phishing.
A lot
Harv (25:05):
Okay.
Dan Timmiss (25:06):
A of them come down to people getting an email or
getting a text message fromsomeone that they think is a
trusted member of staff saying,can you fill this in or can you
wire this money to this account?
Harv (25:19):
Mm.
Dan Timmiss (25:21):
they wire some money there and it's, and it's a
scam and I've seen it quite afew times.
There was one I remember thatwas a particularly large amount.
I think they lost maybe about£70-£80 thousand.
Harv (25:31):
Oh, wow.
Dan Timmiss (25:32):
And it was a very complicated phishing scam that
had gone over a course of a fewweeks and, and it was this, this
other company, their email hadeffectively been hacked.
And they were talking to theagency and it was like the
agency didn't even know thatthey weren't talking to the
company that they thought itwas.
Harv (25:50):
Oh, no.
Dan Timmiss (25:50):
And this company turned around and they were
like, Oh, yep.
Our bank account has changed.
Can you send us the money tothis new bank account, the
invoice that you owe us orsomething like that?
They sent it, wasn't them,someone else, and they'd been
caught out.
Harv (26:02):
Mm hmm.
Dan Timmiss (26:04):
And that's the kind of stuff we see all the time.
So while it's very important tolook after things like viruses,
especially if you're on PCs,social engineering stuff is very
much the thing that a lot ofpeople need to look out for now.
Harv (26:16):
Mm.
Very, very good point.
And you know, touching on that,there was a time when people
used to think that Macs didn'tget viruses, but that's
definitely no longer the case,if it, if it ever was.
Dan Timmiss (26:26):
Macs definitely get viruses and crucially Macs can
pass on viruses.
So we don't see many agenciesthat are only Macs or only PCs.
A lot of the time, it'll be ahybrid mix of both.
It might not be many PCs in aMac focused environment, but
they'll tell you what, theaccounts team will often be on
PCs, some of the admin staffwill be on PCs, some developers
(26:48):
might have two devices, one Mac,one PC, for testing, that kind
of stuff.
And even if it's a PC, a viruson a Mac, all it needs is that
to be sent via email or sent viaDropbox or AirDrop or something
like that to a PC, and thenthat's it.
The PC's got it and yeah.
Harv (27:04):
So, in, in terms of preventing that, you know, can
you just touch on what you cando to protect your devices
there?
Dan Timmiss (27:10):
So, yeah, antivirus is still super important.
But, some of the stuff that wesee now are things like MDR and
XDR.
So MDR is managed detectionresponse and XDR is extended
detection response.
So instead of it looking forkind of normal viruses, like
looking for a signature of afile that might be at fault,
they are looking for anomalieson the device.
(27:31):
So say a script has been run,which wouldn't normally have
been run, or a piece of remotesoftware has been downloaded.
What you hear about a lot issomeone will be on the phone and
they'll get a scam call and thescam caller might pretend that
they're IT and the first thingthey'll say is oh can you
download this remote softwaretool and they'll download the
tool and by default this remotesoftware tool isn't a virus so a
(27:55):
normal virus scanner won't pickit up they'll just think oh it's
just a normal tool but it's justa normal tool.
Something like MDR will realize;it'll put two and two together
and it'll be like this No one'sever used this remote software
tool in this company before.
Why is it suddenly on thismachine?
Why is this machine suddenlyopened an app.
Why is it suddenly gone to abanking website and it's got
(28:15):
this remote software tool on it.
Do you know what I mean?
So they're looking for behavior.
And what these tools can do isthey can then lock your machine
down.
They can automatically stop thenetwork traffic.
They can automatically shut downthe machine, on the basis of the
fact something's out of theordinary is going wrong, we need
to fix it.
A lot of them with things like24 seven.
So they will ring someonenominated in the business and
(28:37):
they will say, Harv's machinehas just been took off the
network because we noticed theseanomalies and then you have to
go and investigate it and tryand figure out what's going on
with it.
Harv (28:46):
Okay.
Dan Timmiss (28:46):
But that's really the next step of kind of
protection.
Harv (28:50):
Interesting.
Yeah, I haven't heard of thatbefore.
So that's really interesting tohear.
Dan Timmiss (28:54):
Yeah.
Harv (28:54):
Another thing you talked about a moment ago was phishing,
you know, training your team tobe on the lookout for dodgy
emails or emails that don't lookdodgy or text messages that they
can fall for.
In fact, I've recently comeacross, In the past year, Google
has a free training tool aroundphishing and I loved it.
And so I put it into ouronboarding for new starters so
(29:14):
it was one of the activitiesthey would have to do in their
first week to go through thattraining program and make sure
they understand, and are on thelookout for that.
So do check that out, you canjust Google,"Google phishing
quiz" and, and find that.
Beyond phishing, then Dan, whatkind of other areas do we need
to think about when it comes tosecurity?
Dan Timmiss (29:33):
I mean, when it comes down to security, a lot of
the things come from certainaccreditations people need.
So if you're in the UK, you mayhave heard of Cyber Essentials
or Cyber Essentials Plus.
So that's something that thegovernment put in place to try
and raise awareness of cybersecurity within a business.
And we do that for a lot ofpeople, help them get through
(29:56):
cyber essentials and cyberessentials plus.
The difference is one is aquestionnaire that you kind of
have to fill out and raiseawareness as a business.
And the second one, is basicallyyou have a team of people come
in and actually check yourdevices to make sure you're,
you're doing what you say you'redoing effectively.
And we find that really helpfuland you get a lot of people,
thinking, well, we're fine.
(30:16):
We are secure.
And then all of a sudden they dothe questionnaire or they do the
CE+ think, oh, actually we needto put in additional things in
place, be that things like MDMor, things like phishing
training or something like that.
There's also things like the CISguidelines, which is something
that we try and help peopleadhere to.
And these are a set ofguidelines set by a business in
(30:37):
the US that look at number ofdifferent security features on
each device and providerecommendations for it.
it might be things like makingsure that your screen locks
after a certain amount of timeof inactivity, for example, or
that the logging is turned on inthe device in the event of a
breach or a failure, you can goback and trace and actually see
(30:57):
what happened.
And CIS provide guidelines forloads of things for windows and
for servers and for Macs, formobile devices, network
appliances.
So we like to try and apply asmany of those guidelines and
that's something that businessesalso get asked.
So, a lot of your, listenersmight have seen this or heard
about this, but, clients comingto people saying like, do you
(31:20):
have accreditation or do youabide by any baselines?
And these baselines would bethings like the CIS baseline.
And they can say, yep, we lookat our devices.
We have our MDM management inplace.
We apply certain settings toadhere with CIS guidelines and
that's a big tick in a lot ofclients books and a lot of
security, like functionality.
(31:40):
You can take it further.
So you can go for things like,ISO 27001, which is like a
security framework for largercompanies and that's a lot more
audited and a lot more, there'sa lot more, a lot of moving
parts in regards to that.
It's not just devices.
It's, it's all data and policiesand that's kind of stuff.
I mean, Kaizen are, ISO 27001audited, and I'm the lead
(32:02):
auditor for that and it's, Iwould say it's a pain, it's a
pain going through it, but thebenefits it gets in the amount
of security and it just upliftsthe business when you're going
through something like that andit really really helps, you
know.
Harv (32:15):
Yeah, I think sometimes you start working with these
kind of corporate brands orinternational brands.
And for them, it's a reallyimportant requirement and they
will refuse to work withagencies that don't have that
qualification.
So that's probably the triggerthat results in them kind of
pursuing that.
Dan Timmiss (32:31):
That's correct, that's correct I mean we work
with businesses who do work forAmazon.
And Amazon will come in and theamount of security which is
asked for, by Amazon for abusiness to work with them can
be really, really high.
We work with people who do workwith credit card companies like
Visa and Amex and that kind ofstuff.
And they have to have infiniteamount of restrictions in place.
(32:53):
And you have to go throughvarious audits every year and
questionnaires to be filling in.
But a lot of the times if you'vedone something like ISO 27001,
or if you've done, CE+ forexample, there'll be a box right
at the beginning.
It'll say, Are you 27001accredited?
And you say, Yes, we are.
Ignore the rest of thequestionnaire, because the rest
(33:15):
of the questionnaire isbasically asking you about stuff
that, you've already donebecause you've got that
accreditation.
So Right.
it may be something that peoplewant to do to avoid hassle later
on.
If you're trying to bid for acontract and you get the
questionnaire through and youhave to spend countless hours
working through a securityquestionnaire, whereas you've
already done this prior and youcan just say, yes, we already
(33:37):
have 27001.
Big tick to the corporateclient, you know, I mean, it's a
good way of um doing it.
And to be fair, the smaller thebusiness is, the easier it is to
get 27001 accreditation, becausethere's less moving parts to
deal with.
You might not have a lot of thethings that it's covering.
You may only need to coverdevices and data, and you're not
(33:58):
needing to cover a lot of themore complicated HR stuff if
you're only a small company, youknow?
Harv (34:04):
And before we move on from security, I suppose having a
data breach plan of some kind isimportant.
what does that usually entail?
Dan Timmiss (34:12):
A data breach plan is going to be something like,
if you're getting gettingattacked or if you found out you
got attacked or if you getransomed or something like that
even with all the securitythings in place you end up,
being in that situation.
It's, it's just having the planin place to, to how to deal with
it.
Robust backups a key, you know,whether that's to a cloud
location or a different locationentirely.
(34:33):
Things like, a businesscontinuity plan.
So we're talking about securityhere, but anything can happen.
I mean, COVID, like everyone'sbusiness continuity plan had to
kick in.
When everyone was said to workfrom home, you know, and it's
important to have a plan inplace to be able to say, right,
okay, something major hashappened, flood, fire.
(34:55):
Outbreak, that kind of stuff.
How does the business keepfunctioning?
Both from a data point of view,from a, from a people point of
view, from a security point ofview, and, and how to get the
work out as well.
Cause at the end of the day,your deadlines might not stop
just because you've had a firein the building or something
like that, you know, it's likethe worst thing to happen is, if
(35:16):
there is some kind of disasterto not get paid because you've
not be able to, fulfill yourcontractual agreements, for
example, not to put a downer onthings, but yeah, it's, it's
super important for somethinglike a, a data breach plan or a
business continuity plan.
So we can continue to work, youknow, however it goes down.
Harv (35:33):
Yeah, definitely.
Things a bit more easier, Isuppose, now that we're all so
used to working from home.
It's likely not to completelygrind to a halt like when we
were all based on premise, butstill super important to have.
Dan Timmiss (35:45):
And yeah, that leads us back to the kind of the
cloud storage stuff as well, youare avoiding things that can be
part of your business continuityplan to say you have distributed
cloud storage and everyone canjust go and work from home,
you've got a fast internet athome, that kind of stuff.
So the premises aren'tnecessarily required and it
massively reduces your risk, youknow.
Harv (36:07):
Excellent.
All right.
So the last area we're talkingabout is your agency's IT
support infrastructure.
Kaizen refers to itself as amanaged service provider.
What does that actually mean?
Dan Timmiss (36:18):
So an MSP is basically a kind of company that
will provide everything to dowith IT.
So our core business is, is ITsupport.
So we help people, effectively.
That's that's our core business,but as well as helping people,
it used to be some person and acomputer, maybe a server, maybe
a router, and that was theentire business, but it's not
(36:40):
the case of that anymore.
There's cloud services, there'sstorage, there's MDM, there's
security.
We effectively become thesecurity team for a lot of
people as well.
If you're a small business,you're not going to have your
own IT team.
You're not going to have yourown security team.
That's for certain.
You don't get your own securityteam until you start getting to
over 150 people, maybe 200people when you start having the
(37:03):
resource to be able to putpeople dedicated to just looking
at security.
So we will be that team for themas well.
We resell everything.
So, and we're like whole ofmarket.
So like we're talking about 365and Google, it doesn't matter to
us.
What we want is it to be theright fit for the business, you
know?
(37:23):
And we partner with everyone.
So what we try and do isunderstand the businesses that
we're working with and providethe best solution for them.
Harv (37:31):
So your outsourced IT partner, managing everything
from like, you know, tickets andissues people are having for
troubleshooting toadministrating accounts and
systems and the infrastructureitself.
Yeah.
Dan Timmiss (37:44):
I think our thing is kind of, we will be your in
house IT department, in housesecurity department, in house
procurement department,onboarding, offboarding.
Things like, what's the bestfinance software to move to, or
we're migrating to a newdatabase software.
What can you recommend?
What do you see in other, otherclients is what we see all the
time.
Because we work with so manypeople, we can turn around and
(38:06):
say, oh, well, so and so havejust put in this new system and
it's working really well.
Harv (38:10):
Excellent.
So your headquarters is inSheffield, but tell us a bit
about how you can supportcustomers across the country.
Is there a very much of arequirement these days to even
be on site?
Dan Timmiss (38:21):
There is still a requirement to be on site.
It's nice to be face to facewith people.
And it's nice to visit acustomer's site.
And it's nice to, nice to talkto people, you know.
We do things where we haveengineers on site for maybe a
day a week or a day everyfortnight or something like
that.
And what we tend to see is stuffthat people won't tell us,
(38:42):
they'll be like, it's such aminor problem, I'm not going to
bother Kaizen with that problem.
But then if someone's on site,it's like, Oh, you just have a
look at this for us, please?
And it'll be something small,but it's really important for us
to fix those small things andmake, people happy.
Even the smallest thing can kindof bug the hell out of you, you
know, I mean, it's, it can bereally annoying sometimes.
remotely we can do pretty mucheverything.
(39:05):
You still need to do installs.
You still need to delivermachines, laptops, servers.
Harv (39:09):
Yeah.
Dan Timmiss (39:09):
If someone's internet goes down, we've got to
send someone on site to, to fixthat internet.
We can't do that remotely.
It's super important.
I mean we've got just as manyengineers in London as we do at
Sheffield.
So and we cover nationwide, youknow we cover scotland and all
the way to liverpool, newcastleand bristol.
I think brighton, we've gotsomeone in that we look after
(39:30):
it.
We've also got some staff in theUS now because we're taking on
agencies that will have USbranches.
So it's important for us to beable to cover those hours as
well.
Harv (39:40):
Absolutely.
So, if people want to reach outto yourselves or they want to
speak to yourselves about theirown agency or issues for advice,
where can they find you?
Dan Timmiss (39:49):
They can find us, go to our website.
It's www.kaizenit.co.Uk.
It's K A I Z E N I T dot co dotuk.
All our contact details are onthere.
You can contact us through ourwebsite.
You can find the phone number onthere.
Just give us a call.
We're happy to talk to anyonethat's got any issues, whether
they want a piece of software orthey want a full blown contract
(40:10):
and IT support.
Harv (40:12):
Excellent.
That's great.
Dan, that was really, reallyhelpful and, I think, listeners
are going to get a lot ofbenefit from that.
So thank you so much for joiningus today.
Dan Timmiss (40:20):
No problem.
Thanks for having me on mate.
Have a good one.
Harv (40:23):
So some fantastic advice there from Dan on how to ensure
all your bases are covered whenit comes to IT and making sure
that you're ready to scale.
When I was agency ops director,I documented the full suite of
tools we used in our agencyhandbook with a page for each
platform along with a short noteon what that platform was, who
it was for, how logins for theplatform worked; whether
(40:45):
everyone had a log in, or if itneeded to be requested, or if
there was a shared login.
I also included on that page afew FYIs on usage.
Next, the first place the teamwas instructed to ask for
troubleshooting questions withany of their tools was the Slack
help channel to see if anyone inthe organization could offer
advice.
If the issue was particularlytechnical, then Ops would step
(41:08):
in to see if we could advise onthe solution.
And finally, if it wasn'tsomething we could solve quickly
internally, the person wouldraise a ticket with our IT
partner.
So hopefully lots of inspirationfor you to think about your own
agency today.
If you've got any feedback orideas for topics, or if there's
something that you're dying toshare with the agency ops
community, I'd love to hear fromyou.
(41:28):
Please DM me on LinkedIn.
I'm atlinkedin.com/in/harvnagra.
If you're appreciating theseconversations, please leave us a
rating on Apple or Spotify.
And please do share this podcastwith your friends and colleagues
so they can benefit as well.
And lastly, if you haven'tsigned up for the handbook
newsletter, please do so.
Every second week, we send outthe newsletter, and it goes into
(41:50):
a personal experience I've hadaround one of the recent topics
in the Handbook podcast.
And it summarizes the keytakeaways from the guest
interview, so you've gotsomething to reference.
You can sign up for that atscoro.com/podcast, scroll down
and you'll find the form toregister there.
And with that, our episode comesto a close.
I hope you have a great week andwe'll see you back in the next
(42:12):
episode.
Thanks very much.
Hi all, welcome to the show.
Before we get started, I wantedto mention that I'll be taking
part in a webinar with AgencyHackers on Thursday, 19th
September 2024.
It's all about productivity inthe workspace.
I'll be sharing some tips thatI've seen work really well to
maximize a team's ability to dofocus work and get into flow.
(00:52):
I would love to see you there,so please sign up for that and
get it in your calendars.
Again, that's on Thursday, 19thSeptember, 2024.
You can sign up for free atbit.ly/thehandbook24.
That's bit.ly/thehandbook24.
(01:14):
We'll put a link to that in theepisode notes as well, but do
sign up.
Now, back to the show.
Hi all.
As an Ops person, one of thehats you might find yourself
wearing is IT Expert.
I do think it was taking controlof IT issues once upon a time
that no one else was takingresponsibility for that started
my journey into operations.
(01:35):
I started getting involved ingetting better internet service
brought into the workplace.
I started setting up Macs fornew starters because I disliked
that people would be plonkeddown in front of an iMac with
hundreds of files on the desktopon their first day.
I had the RAM upgraded acrossour entire fleet of computers at
one point to give us a speed andefficiency boost.
And eventually I started gettinginvolved in other aspects of
(01:58):
behind the scenes, which grewand grew and grew until I was
able to make a case for a rolein operations.
If you're looking to scale yourbusiness, then IT is one area
you need to ensure you havefully under control.
In today's episode, we're goingto be looking exactly at that.
The IT considerations an agencyshould have in place in order to
be ready to operate efficientlyat a larger size.
(02:19):
We'll be talking about the areasthat you can proactively address
so that you're not having torush to shoehorn this stuff in
because things start creaking orclients start refusing to work
with you.
Those areas that we're going totalk about today as a preview
are is there ever a reason toswitch from Microsoft 365 to G
Suite?
We're going to be talking aboutdata storage, cloud based versus
(02:41):
on premise servers.
We're going to be talking aboutmanaging your fleet of
computers.
How do you efficiently set upand manage your team's devices?
We're going to be talking aboutdata security.
How do you ensure your data issafe?
And what standards corporateclients might be demanding that
their agency partners alignwith?
Next we're gonna be talkingabout how you can support your
(03:02):
internal teams with IT issues.
There's a lot to cover.
Our guest today is Dan Timmiss.
Dan is the Technical Director atKaizen IT Solutions, an IT
solutions and service providerfor the creative sector.
Over the past two decades, Danhas assisted hundreds of
creative agencies in optimizingand managing their IT
infrastructure, from IToverhauls to team expansions and
(03:25):
relocations.
He has also helped agenciesimplement best practice
solutions for hybrid and remoteworking; ensuring their creative
teams stay connected andproductive regardless of where
they're based.
At Kaizen, Dan's responsible forkeeping on top of new and
emerging solutions andtechnologies and helping his
team understand how to bestadvise and support their agency
(03:46):
and creative clients.
Let's get into the discussion.
Dan, thank you very much forjoining us today.
Our audience, as you know, isagency ops folks and Kaizen have
a lot of clients in that space.
Was that a conscious decision onKaizen's part to specialize on
this market?
Dan Timmiss (04:02):
It was, really.
So Kaizen started as an internalIT company for an agency,
basically.
A large agency, probably about120, 150 or so at the time.
That agency got bought out.
They had their own IT when theygot bought out.
So the IT team were effectivelynot necessarily made redundant,
but they were going to have tobe repositioned.
(04:24):
And they thought, let's startour own IT company.
We'll specialize in Macs, we'llspecialize in media, we'll
specialize in creative industry.
We're very lucky at the time toget funding from the owner of
the agency who was a partner atthat particular time.
Harv (04:39):
Mm hmm.
Dan Timmiss (04:40):
and we just took it from there.
So it kind of was a bit of aconscious decision.
Yeah.
It was made out of the fact thatwe were there already.
Harv (04:46):
Super interesting.
Dan Timmiss (04:48):
Yeah.
Harv (04:48):
Cool.
I didn't know that about yourstory.
So what kind of agencies interms of size do you work with?
Dan Timmiss (04:55):
We look after anyone from kind of one man
band, someone starting offthat's got a MacBook starting
away, all the way up to kind ofa thousand devices, fifteen
hundred devices.
Harv (05:06):
Wow.
Dan Timmiss (05:06):
The largest company that we look after is about four
thousand devices.
It's a huge range of people thatwe look after, I would say the
average is probably gonna beabout a hundred to 150.
So
Harv (05:17):
Okay.
Dan Timmiss (05:17):
a, a normal kind of medium agency size, if
Harv (05:20):
Hmm.
Dan Timmiss (05:21):
Yeah.
Harv (05:21):
Right.
So when we think about agenciesrequirements versus any other
kind of business, is thereanything that makes those
unique?
Dan Timmiss (05:29):
There is, a lot of things that make them unique.
A lot of the times it's thestuff that they work on and the
apps that they work with a lotof time, it's very Mac based.
A lot of the time it'll bethings like creative cloud is
very important in agencybusiness.
Stuff that you don't get inother businesses that you have
to deal with.
Things like fonts are a bigthing.
Things like image management,video management is a big thing.
(05:50):
Stuff that you're not going toget a, an accountant or,
Harv (05:53):
Yeah.
Dan Timmiss (05:54):
like a, an admin office or something like that.
So yeah, it's really importantthat we have to know, all the
tools that agencies are using.
Harv (06:00):
Yep.
And with those apps that you'rementioning and those media
files, heavy files are a bigfactor.
And uh, good internetconnection, no matter where you
are, always, comes into play aswell, just to make sure you can
move that stuff around.
So, I, I suppose it might bethose agencies on the larger end
of the scale, a hundred plusthat might have in-house
resource for IT.
(06:21):
But I wonder if many of theagencies that you deal with have
in-house IT people, or if youend up interfacing more with
operations people directly.
Dan Timmiss (06:29):
We interface with, with kind of everyone, the
larger an agency gets, the morewe recommend there is a lead iT
person in there, whether theyuse us or not.
When you're about 40, 50 people,we can pretty much do
everything.
When you start getting larger; ahundred, 150 people, it starts
getting quite difficult tomanage that amount of devices,
(06:50):
as well as things likeonboarding and offboarding.
Because we can't be there everysecond of every day.
Well, you can be if you want usto be, Yeah.
most of the time we're not therefor every second of the day, you
know, so
Harv (07:01):
Yeah.
Dan Timmiss (07:01):
important for someone on site to, to be able
to know, to answer kind of thesmall niggly questions.
And also it's important for usas a business to have someone on
site who's aware of what'shappening with IT.
Cause a lot of the time, ifyou're kind of 10 or 15 people,
if you're just starting up as anagency, you won't really bother
that much about IT.
You're focused on getting thejob done.
(07:21):
You're focused on the creativeside and you're focused on
helping your clients.
You don't want to be worriedabout the IT stuff, especially
things like the security stuffthat comes down a lot later.
When you get to 150 people, whenyou get to 200 people, it starts
getting quite difficult for, forus to know the full ins and outs
of the business.
So it's really important to havea liaison team within that
(07:44):
business to be able to, to helpwith IT and with ops and with
apps and things like licensingand new hires and, and all that
kind of stuff that a normalbusiness has to deal with.
Harv (07:54):
Good point.
So Dan, when you're coming in tosupport a new agency, I suppose
you need to do a bit of an auditto understand how they work,
what they have in place and whatthey might need.
Does anything interesting comeup in terms of the issues you
see or any red flags?
Dan Timmiss (08:07):
A lot of the times, mate, it's, it can be so
different.
Every agency is different.
Every business is different.
Harv (08:14):
Mhm.
Dan Timmiss (08:14):
I've gone into places before when it's been
absolutely perfect, but thereason that we're coming in is
because the person that wasrunning it has left, they've
gone on to a different position.
Harv (08:24):
Mhm.
Dan Timmiss (08:24):
And i've come into places where people have been
running something and it's It'scomplete chaos and that people
are asking for us and they'resaying it's so chaotic.
We've grown.
We used to be 10 people.
We're now 50 people becausewe've got a couple of big
contracts and all of a suddenwhat was easily handled is not
easily handled anymore.
So I need your help to lookafter it.
Harv (08:44):
Mhm.
Dan Timmiss (08:45):
It's so different, every single one.
But a few of the key pressingpoints we normally see are
things like security.
We get brought into to have alook at a lot.
We get brought in to look at,help with onboarding and
offboarding people because as anagency grows, people just don't
have time to, to deal with newdevices being rolled out or
devices being migrated or movedor, or that kind of stuff.
Harv (09:06):
Mhm.
Dan Timmiss (09:07):
But, yeah, we, we see all kinds of things, all
kinds of messes and all kinds ofgood things when we go into
places.
Harv (09:13):
Okay.
Dan Timmiss (09:13):
But yeah, we always, we, we, we never pull
any punches.
We always kind of lay out areport and be like this is what
you've got.
This is what you want to do.
And people can take it fromthere.
Harv (09:23):
Excellent.
Like I said, in theintroduction, there's five key
areas we're going to be focusingon in the discussion today.
So let's get right into it.
One of the most fundamentaldecisions any agency needs to
make is whether they're going tobe powering their agency with
Microsoft 365, Or G suite.
We were chatting before the showand you brought up a good point
that it's usually one of thefirst things a business might
(09:44):
make a decision on and it tendsnot to shift.
But my question is, is there areason why someone might pivot
from one to another or does thattend not to happen very much?
Dan Timmiss (09:54):
It doesn't really tend to happen that often.
The main reason someone wouldpivot is probably down to some
kind of regulation that they'regetting asked to do by a
customer.
So Microsoft can do certainthings regarding security.
Google can do certain thingsregarding, kind of data storage
and that kind of stuff.
We work with small businesseswho two or three people that
(10:15):
have got Microsoft and we workwith large businesses, kind of
four or 500 people that areworking in G suite.
Harv (10:20):
Okay,
Dan Timmiss (10:20):
So it's not like one is preferential to the
other.
It's really a personal choice tothe users and the staff really
more than anything.
Harv (10:28):
And, both of those platforms also come with single
sign on and multi factorauthentication, don't they?
So that's, that's something anagency might want to ensure they
have in place.
Dan Timmiss (10:39):
Yeah.
So single sign on or SSL allowsyou to take one location for
your users and be able to usethat one location to log into
multiple different websites.
So you may have a file storagesystem like Dropbox or Box.
You may have a CRM system, andyou could tie those systems back
to Google or back to 365 andjust use your 365 login to
(11:01):
access all of the systems oryour Google login to access all
the systems.
There's a few benefits, ease ofuse is a big one.
Your users aren't having toremember six different logons
for different places.
Security is another good, goodone.
So things like 365 do fullauditing of the whole user
trail, for example.
So you can employ MFA.
(11:21):
You can do things likeconditional access.
So only someone from thespecific device that,
Harv (11:27):
Mm.
Dan Timmiss (11:27):
that you want to use are going to be able to have
access to it.
Harv (11:30):
Mm.
Dan Timmiss (11:30):
and it just improves your security posture
in general, having SSO turnedon.
Harv (11:36):
Yep.
Dan Timmiss (11:36):
It's a bit of a no brainer.
You do get something called theSSO tax nowadays.
I mean, you've probably run intothis mate, I guess, where you
have to pay extra to, accesscertain SSO features.
Harv (11:48):
Mm.
Dan Timmiss (11:49):
But as you grow bigger as a agency or as a
business, then, sometimes you'repaying for that anyway, to get
the
Harv (11:54):
Mm.
Dan Timmiss (11:54):
additional features.
So SSO is just generally a bitof a no brainer, to be honest.
Harv (11:58):
Yep.
Yeah, it just makes loginseasier, like you said, and
easier to switch off.
If somebody leaves, you flickone switch and disable access
across the board, right?
Dan Timmiss (12:06):
That's right.
So yeah on boarding and offboarding as well.
If you have a new hire, you canjust turn them on in 365 and if
it's all set up correctly, itwill create a user in all your
other places and the same againwith off boarding you turn it
off in one place, turns it offin everywhere.
So yeah.
Harv (12:21):
And, two factor or multi factor authentication, I think
we're all pretty familiar withwhat that is...
Dan Timmiss (12:27):
Yeah, so MFA is pretty much an industry standard
now.
It's using something toauthenticate you.
So not just a password.
I mean, everyone's going to beused to getting codes on their
phone.
Harv (12:38):
Yeah.
Dan Timmiss (12:38):
Or using the authenticator app, maybe.
There's various ways to do it,to, to get a code through now.
Harv (12:44):
Yeah.
All right.
So let's talk about storage.
There was a big move to cloudbased storage during the
pandemic.
I think you kind of alluded tothat a few minutes ago as well.
That's when my past agency wentfrom using on premise servers to
considering platforms likeDropbox, Box.com or Egnyte.
For us, this was becauseproductivity was literally
grinding to a halt.
When we started working fromhome and working with those big,
(13:06):
heavy Adobe files, you know,people, rather than being able
to work on the server, like theywere doing in the office.
They were having to downloadgigabytes worth of files on
their desktop.
And then we'd have to wait agesfor them to upload them back.
So that didn't last very long.
And it became apparent reallyquickly that we need something
else in place.
So, why you might choose onecloud based storage solution
(13:29):
over another could be an episodein itself, so we won't get into
that today.
But do you still see manyagencies with on premise servers
rather than cloud based?
And, are there any upsides toretaining on premise servers
rather than moving to cloud?
Dan Timmiss (13:42):
Agency wise, we do still see a lot of on prem
servers, mainly because of whatyou mentioned, the size of the
files.
Harv (13:49):
Mm.
Dan Timmiss (13:50):
Something like Egnyte is a super popular kind
of business facing one.
And you have to pay, you get acertain amount of storage per
user, then you have to pay forany additional storage over
that.
if you're an agency, if you'vegot a, if you're a large agency,
and you've got a historicalamount of data that you're
wanting to keep, that can soon,you know, massively add up in
any cloud platform.
So what we often see is a bit ofa hybrid solution So
Harv (14:12):
Mm.
Dan Timmiss (14:13):
you would have your work in progress based on your
cloud platform that everyone canaccess wherever they are and
that might be maybe 10 terabytesor so data depending on what you
need to access.
And then your archive data isgonna be probably on premise
Harv (14:26):
Mm.
Dan Timmiss (14:26):
on a NAS box or a server or something like that.
you can back that up to a cloudor you can replicate it to
another NAS box in a, in a datacenter for access, something
like that.
But yeah, it's, it is very mucha hybrid.
We, we kind of push cloudstorage more than anything
because it's so simple andpeople are coming to us saying,
we want to be able to workremotely.
(14:47):
We want easy access and it's sosimple.
Something like Dropbox, youdownload the app, you sign in,
hopefully with your SSO and yourMFA.
And then bang, you've got accessto your work.
You don't need IT to set up aVPN connection or anything like
that.
You've got access to your workstraight away.
So it's, yeah, it's, it's superbeneficial, I think, for
agencies and to have somethingwith a hybrid approach.
(15:10):
So you've got the on prem forthe archive and the WIP being in
the cloud focus system, thenyes, it's an option we see a lot
of places take up on forcertain.
Harv (15:20):
Excellent.
So next we're going to talkabout managing your fleet of
computers.
You know, MDM or mobile devicemanagement is one of those
deeply unsexy terms likeprofessional services
automation, which doesn't reallymake a lot of sense when you
just hear it for the first time.
So a quick definition, Dan, whatis MDM?
Dan Timmiss (15:39):
So MDM is.
I mean, you say it's not sexy, Ido.
I really like it.
It's like my bread and butteryou know?
So MDM is looking after thedevices that you've got, be it
your laptops, your desktops,your phones, your servers.
All it is, is a way of managingyour fleet of Devices from a
single location effectively.
(15:59):
That's the most basic way ofputting it.
By using MDM you can applysettings to it.
You can apply restrictions toit.
You can push out apps to it.
You can push out users to them,that kind of stuff.
It's very much making sure thateverything that you own as a
business or don't own in thecase of BYOD is managed and
(16:20):
secure and it's up to date, forexample, and doing
Harv (16:23):
hmm.
Dan Timmiss (16:23):
what it should be doing.
Harv (16:24):
So BYOD, bring your own device.
And that's where people areusing their own devices and you
might need them to log intocertain things for work.
And you want to protect thatdata.
Dan Timmiss (16:34):
BYOD, we often use in the term of phones.
And so if you've, everyone canaccess their work on their
phone, you can access youremail, you can access your
calendar.
If you've got cloud storage, youcan access your data
effectively.
So being able to manage thosephones when they come in.
So for example, both Google and365, they provide functionality
(16:57):
so you can sign into yourprovider with your phone.
And if you then leave the, thebusiness has the ability to wipe
that data off the phone, not thephone itself, just the company
data.
So you know, for a fact as abusiness that you haven't got
some emails or some data kind oflying around on someone's phone
that's, that's left the businesseffectively.
Harv (17:16):
So you know, MDM gives you a lot of control over the
device, what apps get pushed outand things like that.
And, you know, ops people, a lotof times end up being
gatekeepers for new softwarethat the teams are asking for.
So this can be a really safe wayto kind of push that out because
they can have built in appstores for your agency and
things like that.
So you can block people fromdownloading things from like the
app store or whatever.
(17:38):
But you can control it anddeploy apps through the built in
MDM app stores, which is quiteuseful.
There's another area where Ifound a lot of benefit of this.
I'll, I'll tell you a bit aboutmy experience, just a short
story.
You know, there was a time whenI was starting to set up more
and more of our devices, for newstarters.
And I had a hard drive set upwith all, you know, macOS
(17:58):
installed, all the softwareinstalled, and I'd clone that
into a new computer to make itefficient to kind of set up a
new machine for a new starter.
I, I guess there was a time andplace for that and size of
agency.
And obviously the more we grew,and the fact that I was
responsible for setting upcomputers for our French and
Swiss business entities meantthat that didn't work anymore.
We needed something that wouldwork remotely.
(18:20):
I've also seen agencies manuallysetting up computers for new
starters as well.
Again, that might work at acertain size, but it gets
difficult to manage as you growand you also end up having no
control in either of thosescenarios I've mentioned.
You have no control over thedevices.
People can go and do whateverthey want.
So that's a real benefit.
I think is deployment of newdevices.
(18:41):
I think they call it zero touchdeployment.
Don't they?
Dan Timmiss (18:44):
That's right.
Yeah.
So zero touch the whole idea is,and you can do this with Macs
and you can do it with windowsdevices, is you can send the
device like literally straightfrom the shop to an end user,
and they can open it up and theylog in with their details and
all their apps are there and allthe security settings are there.
You, you get over a certain sizeor you starting having a larger
(19:05):
turnover of people...
you don't want to having to bespending half a day every time
someone new starts having to setup a computer and loading the
apps on carrying around likehard drives and stuff like that,
it becomes like too difficult tomanage.
Harv (19:18):
Absolutely.
Dan Timmiss (19:19):
Whereas if you can do it from the MDM if you can do
it from kind of one of the bigplayers sort of directly you
just say right then all of theseapps go on and they're
automatically updated becausethat's what the MDM does is it
doesn't matter if it gets senton the 1st of January or the
31st of December at the end ofthe year, the right apps are
going to go on at the right timeand it just makes things so much
simpler.
Harv (19:41):
In terms of head count, how big do you think you need to
be for an MDM to be critical inyour view?
Dan Timmiss (19:46):
It depends what, depends what you need it to do
for you.
Harv (19:49):
Hmm.
Hmm.
Mm
Dan Timmiss (19:50):
So, security, if you want it to lock down your
devices from a security point ofview, you might've been asked
for a client, you might be onlythree or four people, but if
you've been asked by a client toparticularly lock down your
devices, you're gonna need anMDM to do it because that's the
only way you can verify thatthey're locked down, you know.
if you haven't been asked to doanything like that from a
security point of view, butyou're, you're growing and you
(20:12):
want the benefits of theonboarding and the offboarding
and things like the security forinternal works as well.
And, yeah, we normally seepeople jump on board if they're
not being asked to do it orforced to do it, if you will,
from about 20 users or so, 15 to20 users is where it gets to the
point where you think, hang on,we need to be making sure our
(20:32):
machines are audited.
We need to be able to make sureif something gets stolen on a
train, we can remote wipe it,for example.
Harv (20:39):
Yeah.
Dan Timmiss (20:39):
We need to make sure that people can log in if
someone's out of the office andsomeone else needs to hop onto
the machine that they can log inwith the credentials and that
kind of thing.
So yeah, it's about 15 to 20people.
I mean, if you talk about thebig players, there's things like
Jamf is a big player in the Macworld.
We've got things like likeKandji, obviously Microsoft and
Intune are a big player in thePC world.
(21:01):
There's Mosyle, who's a prettybig player now.
They were in the education spaceand they've moved over to
business in the last few years.
Harv (21:09):
Okay.
Dan Timmiss (21:09):
can actually get Mosyle.
Mosyle is effectively free under30 people.
So if you've got under 30devices, you can go and sign up
to that as a business and, andeffectively start straight away
on their standard platform.
Harv (21:21):
Yeah.
You know, one of the benefitsthat you mentioned there was
offboarding and we didn't reallytouch on that, but yeah, when
somebody leaves, being able toreset your device and get it
back to factory settings, Ithink it was a huge benefit.
So you're not manually having towipe things and stuff like that.
Dan Timmiss (21:35):
We look after a business, just talking about a
that, we look after a business.
And they have...
It's one of the largerbusinesses that we look after
and they have an onboardingoffboarding process, which is
done entirely by their staff.
So they will ring up and theywill say, I'm leaving or I'm
moving department.
My Mac is going to a anotherperson.
And what we do is we presentthem an option in self service.
(21:57):
And it'll be reprovision my Macand this option in the
self-service app on their, ontheir Mac wipes the device and
gets it ready to be rebuilt forthe next person.
So the IT don't even have to doanything.
It's entirely user led.
And all they do is they walk upand they give the machine to
their next person.
They open it up, they sign inand they're ready to work.
It's wiped, the data's beenwiped clean and it's all up and
(22:19):
running.
And, and, and that's all managedby, by an MDM.
That's all managed by Jamf.
That one in particular, butyeah.
Harv (22:25):
Yeah, I, I use Jamf at my past agency.
So I did some training with Jamfwhen I brought it into the
agency.
So I got orientated with thebasics.
Is that something you see a lotof your clients do, or do they
tend to leave it in your hands?
Dan Timmiss (22:38):
It's, it's a bit of both.
It's really much a bit of both.
It depends on the size of theclient.
If we're working with peoplethat have also got IT people on
premise, we tend to recommend,people do a bit of light
training.
One of the things that Jamf doreally well is when you take out
a contract with them, they dowhat they call a jumpstart.
Which is kind of a, anonboarding for staff of the
(22:59):
business.
The thing is an MDM is only asgood as the people that are
using it.
It's just a framework for thedevice.
It's not a, a catch all.
You can't enroll your device inan MDM and it's secure and
perfect and it can onboard andoffboard and all that kind of
stuff.
Jamf and the other providersdon't want to sell you something
if you can't use it because thenit's going to come up for
renewal and you're just going tobe like, well, it's not doing
(23:20):
what it was supposed to bedoing.
So we're just going to get ridof it.
You know, so yeah, we wouldalways recommend training.
Jamf are really good.
They've got a number of courses,they call them like the Jamf
100, the Jamf 200.
If people have got an in-houseIT team, they do the Jamf 200
and that kind of sorts them outfor the day to day.
As you get bigger, like we saidbefore, it's always important to
have someone on the, on the coldface, knowing what they're doing
(23:42):
with the systems that they'vegot, you know.
Harv (23:44):
Yeah.
I did the jumpstart with Jamf.
I think for an ops director'spoint of view, having an
understanding of how it workslets you dip in and you might
not be the one that wants to setup all the infrastructure and
make sure everything is likeconfigured properly, it's
probably too complicated.
But being able to know wherethings are so you can go check
something or, you know, looksomething up is super useful.
(24:06):
So I think that's why somebodymight want to just get a bit of
exposure to those tools.
Dan Timmiss (24:11):
It's good to know as well, from a business point
of view, what's actuallypossible with the tool set.
Harv (24:17):
Yeah.
Dan Timmiss (24:17):
Cause you could come to us and say, I want this
to happen, or I want that tohappen, knowing that the product
could make it happen.
Harv (24:24):
Mm hmm.
Dan Timmiss (24:24):
And then we go away and write a script or something
or put something in place tomake it possible, you know
Harv (24:32):
Exactly.
Dan Timmiss (24:33):
And that's where we come in.
We take the burden off peoplehaving to do it.
We're happy for other people todo it, but people are busy, if
people weren't busy, then wewouldn't have a job because
everyone would be spending theirentire time kind of fixing
machines and stuff.
Harv (24:47):
Absolutely.
Okay, so let's move on totalking about security, Dan.
Before we get intoconsiderations, have you seen
any agencies fall victim to asecurity breach due to poor IT
practices?
Dan Timmiss (24:58):
The main security breaches I have seen in kind of
the last three years, most ofthem come down to kind phishing.
A lot
Harv (25:05):
Okay.
Dan Timmiss (25:06):
A of them come down to people getting an email or
getting a text message fromsomeone that they think is a
trusted member of staff saying,can you fill this in or can you
wire this money to this account?
Harv (25:19):
Mm.
Dan Timmiss (25:21):
they wire some money there and it's, and it's a
scam and I've seen it quite afew times.
There was one I remember thatwas a particularly large amount.
I think they lost maybe about£70-£80 thousand.
Harv (25:31):
Oh, wow.
Dan Timmiss (25:32):
And it was a very complicated phishing scam that
had gone over a course of a fewweeks and, and it was this, this
other company, their email hadeffectively been hacked.
And they were talking to theagency and it was like the
agency didn't even know thatthey weren't talking to the
company that they thought itwas.
Harv (25:50):
Oh, no.
Dan Timmiss (25:50):
And this company turned around and they were
like, Oh, yep.
Our bank account has changed.
Can you send us the money tothis new bank account, the
invoice that you owe us orsomething like that?
They sent it, wasn't them,someone else, and they'd been
caught out.
Harv (26:02):
Mm hmm.
Dan Timmiss (26:04):
And that's the kind of stuff we see all the time.
So while it's very important tolook after things like viruses,
especially if you're on PCs,social engineering stuff is very
much the thing that a lot ofpeople need to look out for now.
Harv (26:16):
Mm.
Very, very good point.
And you know, touching on that,there was a time when people
used to think that Macs didn'tget viruses, but that's
definitely no longer the case,if it, if it ever was.
Dan Timmiss (26:26):
Macs definitely get viruses and crucially Macs can
pass on viruses.
So we don't see many agenciesthat are only Macs or only PCs.
A lot of the time, it'll be ahybrid mix of both.
It might not be many PCs in aMac focused environment, but
they'll tell you what, theaccounts team will often be on
PCs, some of the admin staffwill be on PCs, some developers
(26:48):
might have two devices, one Mac,one PC, for testing, that kind
of stuff.
And even if it's a PC, a viruson a Mac, all it needs is that
to be sent via email or sent viaDropbox or AirDrop or something
like that to a PC, and thenthat's it.
The PC's got it and yeah.
Harv (27:04):
So, in, in terms of preventing that, you know, can
you just touch on what you cando to protect your devices
there?
Dan Timmiss (27:10):
So, yeah, antivirus is still super important.
But, some of the stuff that wesee now are things like MDR and
XDR.
So MDR is managed detectionresponse and XDR is extended
detection response.
So instead of it looking forkind of normal viruses, like
looking for a signature of afile that might be at fault,
they are looking for anomalieson the device.
(27:31):
So say a script has been run,which wouldn't normally have
been run, or a piece of remotesoftware has been downloaded.
What you hear about a lot issomeone will be on the phone and
they'll get a scam call and thescam caller might pretend that
they're IT and the first thingthey'll say is oh can you
download this remote softwaretool and they'll download the
tool and by default this remotesoftware tool isn't a virus so a
(27:55):
normal virus scanner won't pickit up they'll just think oh it's
just a normal tool but it's justa normal tool.
Something like MDR will realize;it'll put two and two together
and it'll be like this No one'sever used this remote software
tool in this company before.
Why is it suddenly on thismachine?
Why is this machine suddenlyopened an app.
Why is it suddenly gone to abanking website and it's got
(28:15):
this remote software tool on it.
Do you know what I mean?
So they're looking for behavior.
And what these tools can do isthey can then lock your machine
down.
They can automatically stop thenetwork traffic.
They can automatically shut downthe machine, on the basis of the
fact something's out of theordinary is going wrong, we need
to fix it.
A lot of them with things like24 seven.
So they will ring someonenominated in the business and
(28:37):
they will say, Harv's machinehas just been took off the
network because we noticed theseanomalies and then you have to
go and investigate it and tryand figure out what's going on
with it.
Harv (28:46):
Okay.
Dan Timmiss (28:46):
But that's really the next step of kind of
protection.
Harv (28:50):
Interesting.
Yeah, I haven't heard of thatbefore.
So that's really interesting tohear.
Dan Timmiss (28:54):
Yeah.
Harv (28:54):
Another thing you talked about a moment ago was phishing,
you know, training your team tobe on the lookout for dodgy
emails or emails that don't lookdodgy or text messages that they
can fall for.
In fact, I've recently comeacross, In the past year, Google
has a free training tool aroundphishing and I loved it.
And so I put it into ouronboarding for new starters so
(29:14):
it was one of the activitiesthey would have to do in their
first week to go through thattraining program and make sure
they understand, and are on thelookout for that.
So do check that out, you canjust Google,"Google phishing
quiz" and, and find that.
Beyond phishing, then Dan, whatkind of other areas do we need
to think about when it comes tosecurity?
Dan Timmiss (29:33):
I mean, when it comes down to security, a lot of
the things come from certainaccreditations people need.
So if you're in the UK, you mayhave heard of Cyber Essentials
or Cyber Essentials Plus.
So that's something that thegovernment put in place to try
and raise awareness of cybersecurity within a business.
And we do that for a lot ofpeople, help them get through
(29:56):
cyber essentials and cyberessentials plus.
The difference is one is aquestionnaire that you kind of
have to fill out and raiseawareness as a business.
And the second one, is basicallyyou have a team of people come
in and actually check yourdevices to make sure you're,
you're doing what you say you'redoing effectively.
And we find that really helpfuland you get a lot of people,
thinking, well, we're fine.
(30:16):
We are secure.
And then all of a sudden they dothe questionnaire or they do the
CE+ think, oh, actually we needto put in additional things in
place, be that things like MDMor, things like phishing
training or something like that.
There's also things like the CISguidelines, which is something
that we try and help peopleadhere to.
And these are a set ofguidelines set by a business in
(30:37):
the US that look at number ofdifferent security features on
each device and providerecommendations for it.
it might be things like makingsure that your screen locks
after a certain amount of timeof inactivity, for example, or
that the logging is turned on inthe device in the event of a
breach or a failure, you can goback and trace and actually see
(30:57):
what happened.
And CIS provide guidelines forloads of things for windows and
for servers and for Macs, formobile devices, network
appliances.
So we like to try and apply asmany of those guidelines and
that's something that businessesalso get asked.
So, a lot of your, listenersmight have seen this or heard
about this, but, clients comingto people saying like, do you
(31:20):
have accreditation or do youabide by any baselines?
And these baselines would bethings like the CIS baseline.
And they can say, yep, we lookat our devices.
We have our MDM management inplace.
We apply certain settings toadhere with CIS guidelines and
that's a big tick in a lot ofclients books and a lot of
security, like functionality.
(31:40):
You can take it further.
So you can go for things like,ISO 27001, which is like a
security framework for largercompanies and that's a lot more
audited and a lot more, there'sa lot more, a lot of moving
parts in regards to that.
It's not just devices.
It's, it's all data and policiesand that's kind of stuff.
I mean, Kaizen are, ISO 27001audited, and I'm the lead
(32:02):
auditor for that and it's, Iwould say it's a pain, it's a
pain going through it, but thebenefits it gets in the amount
of security and it just upliftsthe business when you're going
through something like that andit really really helps, you
know.
Harv (32:15):
Yeah, I think sometimes you start working with these
kind of corporate brands orinternational brands.
And for them, it's a reallyimportant requirement and they
will refuse to work withagencies that don't have that
qualification.
So that's probably the triggerthat results in them kind of
pursuing that.
Dan Timmiss (32:31):
That's correct, that's correct I mean we work
with businesses who do work forAmazon.
And Amazon will come in and theamount of security which is
asked for, by Amazon for abusiness to work with them can
be really, really high.
We work with people who do workwith credit card companies like
Visa and Amex and that kind ofstuff.
And they have to have infiniteamount of restrictions in place.
(32:53):
And you have to go throughvarious audits every year and
questionnaires to be filling in.
But a lot of the times if you'vedone something like ISO 27001,
or if you've done, CE+ forexample, there'll be a box right
at the beginning.
It'll say, Are you 27001accredited?
And you say, Yes, we are.
Ignore the rest of thequestionnaire, because the rest
(33:15):
of the questionnaire isbasically asking you about stuff
that, you've already donebecause you've got that
accreditation.
So Right.
it may be something that peoplewant to do to avoid hassle later
on.
If you're trying to bid for acontract and you get the
questionnaire through and youhave to spend countless hours
working through a securityquestionnaire, whereas you've
already done this prior and youcan just say, yes, we already
(33:37):
have 27001.
Big tick to the corporateclient, you know, I mean, it's a
good way of um doing it.
And to be fair, the smaller thebusiness is, the easier it is to
get 27001 accreditation, becausethere's less moving parts to
deal with.
You might not have a lot of thethings that it's covering.
You may only need to coverdevices and data, and you're not
(33:58):
needing to cover a lot of themore complicated HR stuff if
you're only a small company, youknow?
Harv (34:04):
And before we move on from security, I suppose having a
data breach plan of some kind isimportant.
what does that usually entail?
Dan Timmiss (34:12):
A data breach plan is going to be something like,
if you're getting gettingattacked or if you found out you
got attacked or if you getransomed or something like that
even with all the securitythings in place you end up,
being in that situation.
It's, it's just having the planin place to, to how to deal with
it.
Robust backups a key, you know,whether that's to a cloud
location or a different locationentirely.
(34:33):
Things like, a businesscontinuity plan.
So we're talking about securityhere, but anything can happen.
I mean, COVID, like everyone'sbusiness continuity plan had to
kick in.
When everyone was said to workfrom home, you know, and it's
important to have a plan inplace to be able to say, right,
okay, something major hashappened, flood, fire.
(34:55):
Outbreak, that kind of stuff.
How does the business keepfunctioning?
Both from a data point of view,from a, from a people point of
view, from a security point ofview, and, and how to get the
work out as well.
Cause at the end of the day,your deadlines might not stop
just because you've had a firein the building or something
like that, you know, it's likethe worst thing to happen is, if
(35:16):
there is some kind of disasterto not get paid because you've
not be able to, fulfill yourcontractual agreements, for
example, not to put a downer onthings, but yeah, it's, it's
super important for somethinglike a, a data breach plan or a
business continuity plan.
So we can continue to work, youknow, however it goes down.
Harv (35:33):
Yeah, definitely.
Things a bit more easier, Isuppose, now that we're all so
used to working from home.
It's likely not to completelygrind to a halt like when we
were all based on premise, butstill super important to have.
Dan Timmiss (35:45):
And yeah, that leads us back to the kind of the
cloud storage stuff as well, youare avoiding things that can be
part of your business continuityplan to say you have distributed
cloud storage and everyone canjust go and work from home,
you've got a fast internet athome, that kind of stuff.
So the premises aren'tnecessarily required and it
massively reduces your risk, youknow.
Harv (36:07):
Excellent.
All right.
So the last area we're talkingabout is your agency's IT
support infrastructure.
Kaizen refers to itself as amanaged service provider.
What does that actually mean?
Dan Timmiss (36:18):
So an MSP is basically a kind of company that
will provide everything to dowith IT.
So our core business is, is ITsupport.
So we help people, effectively.
That's that's our core business,but as well as helping people,
it used to be some person and acomputer, maybe a server, maybe
a router, and that was theentire business, but it's not
(36:40):
the case of that anymore.
There's cloud services, there'sstorage, there's MDM, there's
security.
We effectively become thesecurity team for a lot of
people as well.
If you're a small business,you're not going to have your
own IT team.
You're not going to have yourown security team.
That's for certain.
You don't get your own securityteam until you start getting to
over 150 people, maybe 200people when you start having the
(37:03):
resource to be able to putpeople dedicated to just looking
at security.
So we will be that team for themas well.
We resell everything.
So, and we're like whole ofmarket.
So like we're talking about 365and Google, it doesn't matter to
us.
What we want is it to be theright fit for the business, you
know?
(37:23):
And we partner with everyone.
So what we try and do isunderstand the businesses that
we're working with and providethe best solution for them.
Harv (37:31):
So your outsourced IT partner, managing everything
from like, you know, tickets andissues people are having for
troubleshooting toadministrating accounts and
systems and the infrastructureitself.
Yeah.
Dan Timmiss (37:44):
I think our thing is kind of, we will be your in
house IT department, in housesecurity department, in house
procurement department,onboarding, offboarding.
Things like, what's the bestfinance software to move to, or
we're migrating to a newdatabase software.
What can you recommend?
What do you see in other, otherclients is what we see all the
time.
Because we work with so manypeople, we can turn around and
(38:06):
say, oh, well, so and so havejust put in this new system and
it's working really well.
Harv (38:10):
Excellent.
So your headquarters is inSheffield, but tell us a bit
about how you can supportcustomers across the country.
Is there a very much of arequirement these days to even
be on site?
Dan Timmiss (38:21):
There is still a requirement to be on site.
It's nice to be face to facewith people.
And it's nice to visit acustomer's site.
And it's nice to, nice to talkto people, you know.
We do things where we haveengineers on site for maybe a
day a week or a day everyfortnight or something like
that.
And what we tend to see is stuffthat people won't tell us,
(38:42):
they'll be like, it's such aminor problem, I'm not going to
bother Kaizen with that problem.
But then if someone's on site,it's like, Oh, you just have a
look at this for us, please?
And it'll be something small,but it's really important for us
to fix those small things andmake, people happy.
Even the smallest thing can kindof bug the hell out of you, you
know, I mean, it's, it can bereally annoying sometimes.
remotely we can do pretty mucheverything.
(39:05):
You still need to do installs.
You still need to delivermachines, laptops, servers.
Harv (39:09):
Yeah.
Dan Timmiss (39:09):
If someone's internet goes down, we've got to
send someone on site to, to fixthat internet.
We can't do that remotely.
It's super important.
I mean we've got just as manyengineers in London as we do at
Sheffield.
So and we cover nationwide, youknow we cover scotland and all
the way to liverpool, newcastleand bristol.
I think brighton, we've gotsomeone in that we look after
(39:30):
it.
We've also got some staff in theUS now because we're taking on
agencies that will have USbranches.
So it's important for us to beable to cover those hours as
well.
Harv (39:40):
Absolutely.
So, if people want to reach outto yourselves or they want to
speak to yourselves about theirown agency or issues for advice,
where can they find you?
Dan Timmiss (39:49):
They can find us, go to our website.
It's www.kaizenit.co.Uk.
It's K A I Z E N I T dot co dotuk.
All our contact details are onthere.
You can contact us through ourwebsite.
You can find the phone number onthere.
Just give us a call.
We're happy to talk to anyonethat's got any issues, whether
they want a piece of software orthey want a full blown contract
(40:10):
and IT support.
Harv (40:12):
Excellent.
That's great.
Dan, that was really, reallyhelpful and, I think, listeners
are going to get a lot ofbenefit from that.
So thank you so much for joiningus today.
Dan Timmiss (40:20):
No problem.
Thanks for having me on mate.
Have a good one.
Harv (40:23):
So some fantastic advice there from Dan on how to ensure
all your bases are covered whenit comes to IT and making sure
that you're ready to scale.
When I was agency ops director,I documented the full suite of
tools we used in our agencyhandbook with a page for each
platform along with a short noteon what that platform was, who
it was for, how logins for theplatform worked; whether
(40:45):
everyone had a log in, or if itneeded to be requested, or if
there was a shared login.
I also included on that page afew FYIs on usage.
Next, the first place the teamwas instructed to ask for
troubleshooting questions withany of their tools was the Slack
help channel to see if anyone inthe organization could offer
advice.
If the issue was particularlytechnical, then Ops would step
(41:08):
in to see if we could advise onthe solution.
And finally, if it wasn'tsomething we could solve quickly
internally, the person wouldraise a ticket with our IT
partner.
So hopefully lots of inspirationfor you to think about your own
agency today.
If you've got any feedback orideas for topics, or if there's
something that you're dying toshare with the agency ops
community, I'd love to hear fromyou.
(41:28):
Please DM me on LinkedIn.
I'm atlinkedin.com/in/harvnagra.
If you're appreciating theseconversations, please leave us a
rating on Apple or Spotify.
And please do share this podcastwith your friends and colleagues
so they can benefit as well.
And lastly, if you haven'tsigned up for the handbook
newsletter, please do so.
Every second week, we send outthe newsletter, and it goes into
(41:50):
a personal experience I've hadaround one of the recent topics
in the Handbook podcast.
And it summarizes the keytakeaways from the guest
interview, so you've gotsomething to reference.
You can sign up for that atscoro.com/podcast, scroll down
and you'll find the form toregister there.
And with that, our episode comesto a close.
I hope you have a great week andwe'll see you back in the next
(42:12):
episode.
Thanks very much.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!