What managed IT actually looks like for a small business

Most small businesses I work with around Milwaukee don't have an IT department. They have a guy. Sometimes the guy is a salaried staff member who's "good with computers." Sometimes it's the office manager. Sometimes it's the owner's nephew. For years, that arrangement is fine. Until it isn't.

The break point is usually one of three things: somebody clicks on a phishing email, a server dies on a Friday afternoon, or the internet provider swaps out the modem and now nothing works.

I get those calls a lot. We had one last month where a client's FortiGate firewall stopped routing traffic after Spectrum dropped in a new static IP. Twelve people couldn't work. Their "IT person" was a part-time bookkeeper who'd been rebooting the router when things slowed down. That's not a knock on her. She's good at her job. Her job just isn't networking.

This is the gap that managed IT services for small businesses are built to fill. Not because every business needs a full-time CIO, but because most don't need one and still need the work done.

What does the work actually look like? Roughly this:

• Day to day, somebody answers the phone when the printer won't scan to email. (After most ISP changes, it's because the new modem handed out a new internal IP and the SMTP relay settings on the printer still point at the old one.)
• In the background, somebody is watching the endpoints. Patching them. Making sure the EDR isn't screaming about something at 2am while everyone's asleep.
• Backups actually run. And get tested. The number of small businesses I've onboarded who had "backups" that hadn't completed successfully in eight months would surprise people.
• Cybersecurity stops being a thing the owner googles after reading about ransomware in the news. Multi-factor is on. Conditional access is configured. Phishing simulations go out so the staff sees a fake one before they see a real one.
• And once or twice a year, somebody sits down with the owner and says: your domain controller is on Server 2016, that's end of life, here's what we do about it.

That last one is the part most "tech guys" skip. The patch and the password reset are the visible parts of IT. The invisible part is planning. Knowing when a piece of equipment needs to be retired, when a license model is about to change, when the way your team works has outgrown the tools they're using. That work doesn't show up until you don't do it, and then it shows up all at once.

I'll say the quiet part out loud. Not every small business needs a managed IT contract. If you're a four-person firm running everything in Microsoft 365 with no local server, you can probably get by paying somebody hourly when something breaks. That's a real answer and I tell people that when it applies.

But once you cross roughly twenty employees, or you start storing customer data that's regulated, or you're running line-of-business software that has to actually work on Monday morning, the math shifts. Hourly help is reactive by definition. By the time you're calling, the thing already broke. A managed contract is the opposite trade. You pay a flat amount every month, somebody is watching things on your behalf, and the goal is for fewer things to break in the first place.

That's the whole pitch. There isn't a secret sauce.

If you're around southeast Wisconsin and the spreadsheet of "things our IT guy was supposed to do" is getting longer instead of shorter, that's usually the signal it's time to talk to someone.