Which Managed IT Solution Tier Is Right for Your Small Business?

by John Hensberger | May 13, 2026 | Managed IT Services, MSP

Which Managed IT Solution Tier Is Right for Your Small Business?

Cybersecurity isn’t one-size-fits-all. Here’s how to find the right fit — wherever you’re starting from.

Small businesses are a top target for cybercriminals — not because they have the most data, but because they’re often the least protected. At Black Bottle IT, one of the most common questions we get is: “What do you actually recommend for a business like ours?”

The honest answer: it depends on where you are today. There’s no silver bullet, but there is a right starting point. Most small businesses we work with fall into one of three categories — and each has a clear path forward.

Tier 1: Advisory & Implementation

You have in-house IT — and you know you need to level up security.

You’ve got technical talent on staff, and leadership is ready to invest in stronger security. What you need is a strategic partner who can identify gaps, recommend the right solutions, and help implement them — without taking over your team’s ownership.

Black Bottle IT evaluates your current environment and recommends solutions matched to your risk profile.
We implement side-by-side with your team, building policies and procedures as we go.
Full operational handoff to your team — with Black Bottle IT available as an ongoing strategic advisor.

Tier 2: Fully Managed IT

You know the risk is real — but you don’t have a dedicated IT or security team

This is where most small businesses find themselves in 2025. Leadership understands that a cyberattack could be devastating — but hiring a full security team simply isn’t in the budget. Cybersecurity talent is expensive, and the threat landscape keeps evolving.

These are honestly our favorite clients to work with, because the impact is immediate and the relationship is built for the long term. Black Bottle IT steps in as your full-service IT security partner.

We recommend, implement, and fully manage a security solution sized for your business — not enterprise bloat.
Ongoing monitoring, updates, and threat response — so you’re protected around the clock.
We become part of your technology team: your calls get answered, your risks get managed.

Tier 3: Fully Managed IT Security

You’re not sure how exposed you are — and you’d like a straight answer.

Many small business owners we meet are running lean and haven’t had time to seriously evaluate their cyber risk. That’s not negligence — it’s the reality of running a business. But the risks are real, and they’re growing. In 2025, ransomware attacks on SMBs are up sharply, and even basic credential theft can shut a business down.

We start these conversations with education, not a sales pitch. We share relevant industry data, real case studies from businesses like yours, and a clear picture of where the gaps are. Most business owners leave that first conversation ready to act — and we build a plan that fits their budget.

A candid risk conversation — no jargon, no pressure.
We start with high-impact, affordable quick wins while planning for longer-term improvements.
A roadmap that grows with your business and your budget.

There’s a right plan for your business — let’s find it.

No pressure. Just a straight conversation about where you stand and what makes sense.

Connect with us today.

Cybersecurity for Managing Partners

by John Hensberger | Feb 9, 2026 | Compliance, Cybersecurity

Cybersecurity for Managing Partners: Your Fiduciary Duty to Protect Client Data

As a managing partner, you’re responsible for more than just billable hours and client development. You bear the fiduciary duty to protect your firm from threats that could end careers, drain bank accounts, and destroy decades of reputation-building. Cybersecurity isn’t just an IT issue—it’s a risk management imperative that belongs on every managing partner’s desk.

The Threat Landscape Facing Law Firms Today

Law firms have become prime targets for cybercriminals, and the statistics are sobering. According to the ABA’s Legal Technology Survey, 29% of law firms experienced a security breach in the past year. Unlike other industries where hackers seek credit card numbers or personal data, attackers targeting law firms are after something far more valuable: privileged client information, M&A deal terms, litigation strategy, intellectual property, and wire transfer credentials.

Your firm holds the keys to the kingdom for your clients’ most sensitive matters. A single compromised email account can expose:

Confidential settlement negotiations worth millions
Upcoming merger announcements that could be used for insider trading
Trade secrets and patent applications
Attorney-client privileged communications
Trust account wire transfer access

The consequences extend beyond the immediate breach. Law firms face malpractice claims, bar discipline, loss of client trust, mandatory breach notifications, regulatory fines, and the devastating reputational damage that comes when clients learn their confidential information was compromised under your watch.

Your Ethical and Legal Obligations

Many managing partners don’t realize that cybersecurity is no longer optional—it’s an ethical requirement imposed by your state bar.

Model Rule 1.6(c) requires attorneys to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” State bars and courts have consistently interpreted this to include implementing reasonable cybersecurity measures.

But what does “reasonable” actually mean? That’s where managing partners often struggle. The ambiguity has led to inconsistent approaches across firms, with some doing the bare minimum and others over-investing in unnecessary tools.

State bars have begun providing more specific guidance:

New York requires attorneys to complete cybersecurity CLE training annually
North Carolina has issued formal ethics opinions on cloud computing security and data breach response
California and Florida bars have published detailed guidance on encryption, secure communication, and vendor management

The trend is clear: bars expect more from firms regarding data protection, and “we didn’t know” is no longer an acceptable defense.

Beyond Bar Requirements: Client Demands

Even if ethical obligations seem vague, your clients are and will be increasingly specific about their security expectations! Law firms can and should routinely send detailed vendor security questionnaires to their outside counsel.

These cybersecurity assessments ask about:

Encryption standards for data at rest and in transit
Multi-factor authentication implementation
Incident response procedures and breach notification protocols
Employee security awareness training programs
Third-party vendor risk management
Business continuity and disaster recovery plans
Whether you maintain certifications like SOC 2 or ISO 27001

Firms that can’t demonstrate adequate security controls are losing opportunities.

Law firms can be removed from RFP shortlists solely because they couldn’t certify their security posture. In competitive markets, security has become a differentiator—not just a compliance checkbox.

Investing in Cybersecurity

Your clients trust you with their most sensitive matters. Your partners have built their careers on the firm’s reputation. Your staff depend on the firm’s stability for their livelihoods. Protecting all of that from cyber threats isn’t optional—it’s your fundamental duty as a managing partner.

The question isn’t whether you can afford to invest in cybersecurity. The question is whether you can afford not to.

Black Bottle IT helps law firms meet their ethical duty to protect client data without the cost of a full-time security team. We implement the cybersecurity standards your bar requires and your corporate clients demand—so you can focus on practicing law, not IT compliance.

Payroll Companies are a Lucrative Business for Hackers

by John Hensberger | Jan 24, 2026 | Compliance, Cybersecurity, Risk Management

Payroll Companies Remain Prime Targets for Cybercriminals

As we enter 2026, the cybersecurity landscape for accounting firms, payroll providers, and tax preparers has never been more complex—or more critical. With regulatory requirements tightening and threat actors growing more sophisticated, compliance is no longer just about checking boxes. It’s about building a cyber-resilient operation that protects your clients’ most sensitive data while keeping your business operational.

The FTC Safeguards Rule, state data privacy laws, and industry-specific compliance mandates continue to evolve, placing greater responsibility on financial services professionals to demonstrate robust security measures. Yet many firms still treat their Written Information Security Plan (WISP) as a document that sits on a shelf rather than a living, breathing framework for daily operations.

Here’s the reality: Payroll and accounting firms hold the keys to the kingdom—Social Security numbers, bank account details, tax records, and financial histories. For cybercriminals, you’re not just a target; you’re a goldmine. And if your cybersecurity program isn’t actively identifying, prioritizing, and addressing vulnerabilities, you’re leaving the door wide open.

Questions Only You Can Answer About Your WISP Plan

Your WISP Can’t Just Sit on a Shelf!

Have you performed an Annual Risk Assessment?
Do you have an Incident Response Plan, and have you TESTED IT?
Has your organization implemented Advanced Security Controls?
Do you have a Cybersecurity Awareness Training Program?
Who is your CISO; one must be identified in your WISP!
Do you know what systems contain sensitive client data and how it’s protected?
What’s your process to communicate your plan across the organization?

There’s no time for complacency. Failure to comply could subject your organization to legal liability, regulatory penalties, client lawsuits, and reputational damage that takes years to repair.

Let’s Dive a Bit Deeper with AV & EDR: A Better Core Control

Traditional Anti-Virus (AV)

Can only detect previously known threats
Minimal to no data collection
Minimal to no added features or benefits

Endpoint Detection & Response (EDR)

Can detect previously known AND unknown threats due to behavioral-based monitoring
Complex and detailed endpoint data collection
Added benefits include application monitoring, threat-hunting capabilities, and advanced reporting

Wouldn’t it be nice to know at which bend in the road your business might encounter a breach?

Your Preparedness Should Include:

An updated WISP and tested Incident Response Plan
Employees who are current on cybersecurity awareness training
Multi-Factor Authentication (MFA) on every device and application
24×7 monitoring of all systems and endpoints
A comprehensive Cyber Insurance policy

As a whole industry, we’re improving. Training initiatives are making a difference—breaches caused by human error continue to decline. But bad actors aren’t just after your data; they’re after your money. Payroll companies remain lucrative targets because of the direct access to bank accounts, wire transfers, and financial credentials.

Compliance and Cyber Resilience Go Hand-in-Hand

Black Bottle IT specializes in helping payroll companies, accounting firms, and tax preparers meet compliance requirements while building truly resilient cybersecurity programs. We don’t just help you pass an audit—we help you protect your business and your clients every single day.

Ready to strengthen your defenses in 2026? Contact Black Bottle IT today. We have a bench of cyber analysts ready to fight alongside you.

Key changes made:

Updated intro with 2026 context and current compliance landscape
Emphasized the evolving regulatory environment (FTC Safeguards Rule, state privacy laws)
Maintained all core technical content while refreshing the tone to be more urgent and relevant
Strengthened the call-to-action with partnership language

To get started, contact Black Bottle IT today. Our team is ready to support your business’s growth.

Cybersecurity Awareness Training: Not an Annual Checkbox

by John Hensberger | Dec 1, 2025 | Cyber Insurance, Cybersecurity Awareness

Cybersecurity awareness training shouldn’t be treated as an annual checkbox exercise because threats and human behavior don’t work on a yearly schedule.

Here’s why continuous training matters:

Threats evolve constantly

New phishing techniques, scams, and attack vectors emerge throughout the year. That December training session won’t cover the AI-generated deepfake attack method that appears in March or the new business email compromise tactic circulating in July.

People forget

Research shows that retention drops significantly over time. An employee who learned about phishing in January may not recognize a sophisticated attack in November. Regular reinforcement through shorter, more frequent training sessions leads to better retention than one annual marathon.

The attack surface changes

Your organization adopts new tools, employees change roles, remote work patterns shift, and new vulnerabilities emerge. Training needs to adapt to your current reality, not last year’s threat landscape.

Behavioral change requires repetition

Changing security habits (like verifying unexpected requests or using password managers) requires ongoing reinforcement, not a single annual reminder. It’s like going to the gym once a year and expecting to stay fit.

It directly strengthens your cyber posture

Well-trained employees become your first line of defense, catching threats before they escalate. They’re better at identifying suspicious emails, protecting credentials, handling sensitive data properly, and reporting incidents quickly. This human firewall complements your technical security controls and significantly reduces your overall risk profile.

Cyber insurance requires it

Most cyber insurance policies now mandate documented, ongoing security awareness training as a condition of coverage. Insurers have recognized that human error is the leading cause of breaches, so they require proof of regular training during underwriting and policy renewal. A single annual session often doesn’t meet these requirements, and inadequate training could result in denied claims or policy non-renewal.

Metrics and improvement need continuous feedback

Ongoing training with simulated phishing tests and micro-learning modules helps you identify who needs additional support and measure actual improvement in security behaviors over time.

The most effective approach combines brief, regular touchpoints (monthly or quarterly) with timely alerts about emerging threats, rather than cramming everything into one overwhelming end-of-year session that people will largely forget.

Making continuous training practical doesn’t have to be overwhelming. Black Bottle IT offers fully managed cybersecurity awareness training that requires just five minutes a day from your employees. With mobile-friendly training, monthly phishing simulation campaigns managed by dedicated security consultants, and coverage of current cybersecurity topics, your team stays vigilant year-round.

The program fulfills regulatory compliance requirements for NIST, HIPAA, SOC2, and cyber insurance mandates, while providing you with detailed reporting on your organization’s security awareness progress.

Learn more about Black Bottle IT’s Cybersecurity Awareness Training, or contact us to try a free first month for up to 5 employees.

Deepfake Fraud: The $40 Billion Threat Targeting Small Businesses

by John Hensberger | Sep 16, 2025 | Cybersecurity

By John Hensberger, Founder, Black Bottle IT

Small business owners, we need to talk about deepfakes. And this isn’t a conversation about futuristic technology or Hollywood special effects – this is about an immediate, devastating threat that’s targeting businesses exactly like yours right now.

The Numbers Don’t Lie: Deepfake Fraud Has Exploded

The statistics are staggering and should keep every business owner awake at night. Deepfake fraud attempts have exploded by over 3,000% in 2024. Let that sink in – a thirty-fold increase in just one year.

But here’s what makes this even more alarming for small businesses: criminals aren’t just targeting Fortune 500 companies anymore. They’re specifically going after smaller businesses because they know you don’t have the enterprise-level security that larger corporations deploy.

What’s Actually Happening to Businesses Like Yours

These aren’t theoretical attacks. They’re happening every single day:

The Fake CEO Call: Your phone rings. It’s your CEO or business partner, asking you to wire money urgently for a “confidential deal.” The voice sounds exactly right – because AI has cloned it perfectly from videos on your company website or social media.

The Deepfake Video Conference: You receive a video call from your biggest client requesting changes to payment information. You can see their face, hear their voice, and everything seems normal. Except it’s not them – it’s a sophisticated deepfake created from their LinkedIn photos and recorded presentations.

The Trusted Vendor Scam: A long-time vendor sends you an email with an attached video message explaining new payment procedures. The face and voice are perfect matches, but the bank details route money straight to criminals.

These scenarios aren’t science fiction. A multinational engineering firm lost $25 million when an employee was fooled by a deepfake video conference call. An 82-year-old business owner drained his retirement fund investing $690,000 in a deepfake Elon Musk cryptocurrency scam.

The Knowledge Gap That’s Putting You at Risk

Here’s the brutal truth about where most small businesses stand today:

71% of people worldwide don’t know what deepfakes are (Iproov survey)
1 in 4 company leaders have little to no familiarity with deepfake technology
Small businesses lose an average of 10% of annual profits to successful deepfake attacks
More than half of companies haven’t provided any training to employees on deepfake threats

While you’re focused on running your business, serving customers, and driving growth, criminals are perfecting AI tools specifically designed to exploit companies of your size. They’re betting on the fact that you don’t have dedicated cybersecurity staff and that your employees haven’t been trained to recognize these sophisticated attacks.

Why Traditional IT Support Isn’t Enough

Your current IT provider may excel at repairing computers, managing your network, and keeping your systems. But deepfake fraud operates in a completely different realm. It exploits human psychology, not technical vulnerabilities.

These attacks bypass traditional security measures because they don’t target your firewall or antivirus software. They target your people. And unless your IT support understands both the technology behind deepfakes AND the psychology of social engineering, they can’t protect you from this threat.

The Real Cost of Being Wrong

For a small business, one successful deepfake attack isn’t just a financial loss – it could be a company-ending event. Consider the real costs:

Direct Financial Loss: The immediate theft of funds, which averaged $500,000 per successful attack in 2024.

Business Disruption: The time spent dealing with law enforcement, banks, insurance companies, and trying to recover stolen funds.

Reputation Damage: Customers losing trust when they learn your business fell victim to fraud.

Legal Complications: Potential liability issues if customer data or funds were compromised.

Recovery Costs: The expense of implementing new security measures after an attack.

For many small businesses, these combined costs would be impossible to absorb.

What You Can Do to Protect Your Business

The good news is that deepfake fraud is preventable when you know what to look for and implement the right defenses. Here’s what every small business needs to do immediately:

Independent Verification: Your First Line of Defense

Never act on suspicious requests without verification through trusted channels. This is your most critical defense against deepfake fraud.

If someone calls requesting money transfers or sensitive information, hang up and call them back using contact information you have on file
Don’t trust the caller ID – criminals can spoof phone numbers to make calls appear to come from trusted sources
For video calls, ask specific questions that only the real person would know, or reference recent conversations or inside information
Establish verification protocols with key vendors, clients, and employees before you need them

Implement Multi-Layer Defense

Deploy multiple security measures that work together:

Multi-Factor Authentication (MFA): Require additional verification beyond just passwords for all critical systems
Advanced Email Filters: Use business-grade email security that can detect sophisticated phishing attempts and suspicious attachments
Limit Public Information Sharing: Reduce the amount of video and audio content featuring key personnel on your website, social media, and public platforms – criminals need this content to create convincing deepfakes
Financial Controls: Implement dual approval processes for any money transfers above a certain threshold

Employee Training: Your Human Firewall

Your employees are both your greatest vulnerability and your strongest defense.

Regular training should cover:

How to recognize common social engineering tactics
What deepfakes are and how they’re used in business fraud
Your company’s verification procedures for unusual requests
Red flags to watch for in phone calls, emails, and video communications
Who to contact immediately if they suspect an attack

This training isn’t a one-time event. Criminals constantly evolve their tactics, so your team’s knowledge needs to evolve too.

The Bottom Line: You Can’t Afford to Wait

Deepfake fraud isn’t coming to small businesses – it’s already here. While you’re reading this, criminals are using AI to clone voices, create fake videos, and target businesses exactly like yours.

The question isn’t whether these attacks will continue to grow (they will). The question is whether your business will be prepared when criminals target you.

At Black Bottle IT, we protect businesses from threats that traditional IT providers don’t even understand exist. We don’t just maintain your technology – we defend against the sophisticated, AI-powered attacks that could devastate your business overnight.

Don’t wait until you’re the next headline. The time to act is now, before the criminals come calling with your CEO’s voice asking for that “urgent” wire transfer.

Ready to protect your business from AI-powered fraud? Contact Black Bottle IT today to learn how we can defend your company against deepfake attacks and other emerging cybersecurity threats.

John Hensberger is the founder of Black Bottle IT, a cybersecurity-focused managed service provider specializing in protecting small and medium businesses from emerging digital threats. With years of experience in cybersecurity and business technology, John helps companies navigate the complex landscape of modern cyber threats while maintaining operational efficiency.

« Older Entries