Chris Sirianni has been running managed IT services for small businesses for over fifteen years. His perspective, shaped by hundreds of client relationships and countless crisis calls, offers practical wisdom for any business owner trying to navigate technology decisions.
We sat down with Chris to discuss the patterns he sees, the mistakes businesses make, and what actually matters when it comes to IT.
On the Biggest Mistake Small Businesses Make
"They wait until something breaks. Every time. I get the call when the server is down, when the ransomware has already encrypted everything, when the key employee quit and nobody knows the passwords.
"The businesses that do well are the ones who treat IT like they treat their accounting—something that needs regular attention, not something you ignore until there's a crisis. You wouldn't skip filing taxes for three years and then panic in April. But that's exactly how most small businesses handle their technology."
On What "Managed Services" Actually Means
"There's a lot of confusion about what MSPs do. Some businesses think we're just the people you call when the printer stops working. And sure, we do that. But that's like saying a doctor is just the person who writes prescriptions.
"The real value is in prevention and planning. Monitoring systems before they fail. Keeping software patched and updated. Having backup systems that actually work when you need them. Knowing your network well enough to spot when something is wrong.
"The break-fix model—where you call IT only when something breaks—is always more expensive in the long run. You're paying for emergencies, which cost more than maintenance. And you're accepting more downtime, which has its own costs."
On Evaluating an MSP
"Ask about response time and what that actually means. 'We respond within an hour' could mean an automated email acknowledgment or an actual human working on your problem. Get specific.
"Ask about their backup testing. Do they actually restore from backups to verify they work? How often? If they can't give you a straight answer, that tells you something.
"Ask what happens if they get hit with ransomware. It happens to IT companies too. Do they have their own business continuity plan? If they're not protecting themselves, how are they going to protect you?
"And talk to their other clients. Not the references they hand you—ask for a list of clients in your size range and industry, and reach out directly. The references they choose are obviously happy. You want the unfiltered picture."
On the Cloud
"The cloud solves some problems and creates others. Moving to cloud services can make a lot of sense—you get redundancy, professional management, and predictable costs. But it's not magic.
"I see businesses move to the cloud and then assume they don't need to worry about IT anymore. That's backwards. You still need access management. You still need backup for the data in those cloud services—the cloud provider's availability doesn't mean your data is backed up. You still need someone who understands how these services connect and where the gaps are.
"The cloud changes the details of IT management. It doesn't eliminate the need for it."
On Security and Small Businesses
"The mindset I fight against constantly is 'we're too small to be a target.' That's exactly wrong. You're a target because you're small.
"The sophisticated attacks that make the news—nation-state hackers, elaborate social engineering—those target big organizations. But the bulk of attacks are opportunistic. Automated scanning looking for vulnerabilities. Phishing campaigns sent to millions of addresses. Ransomware that spreads wherever it can.
"Small businesses are actually more vulnerable because they have fewer resources to defend themselves. No dedicated security team. Less training for employees. Older systems that don't get patched. The attackers know this.
"The good news is that basic security hygiene stops most attacks. Regular updates, good password practices, employee training, proper backup. You don't need advanced threat detection—you need to do the basics consistently."
On the Relationship Between Business and IT
"The best client relationships are the ones where IT has a seat at the table for business discussions. Not literally—I'm not asking to attend your strategy meetings. But when you're planning to open a new location, or add a new product line, or bring on a major client with specific requirements—that's when I want a phone call.
"IT decisions have business implications. Business decisions have IT implications. When those conversations happen in isolation, you end up with technology that doesn't fit the business need, or business plans that assume technology capabilities that don't exist.
"The businesses that see IT as a strategic partner rather than a cost center are the ones who get the most value from the relationship."
On What He Wishes More Clients Understood
"Technology is not a project that you complete. It's an ongoing requirement, like keeping the lights on or paying your people. The companies that allocate consistent resources to IT—time, attention, budget—are the ones who don't have to scramble when something goes wrong.
"Also, documentation matters more than anyone wants to admit. I can work a lot faster when I know how your systems are configured, what's connected to what, and what's been tried before. Every hour we spend documenting pays back multiples in future efficiency.
"And finally—trust your gut. If something about your IT situation feels fragile or risky, it probably is. That feeling of 'we're one bad day away from disaster' is usually accurate. Don't wait for the bad day to address it."
On the Future
"AI is changing a lot of things. I'm using AI tools to help with documentation, troubleshooting, even some basic monitoring analysis. It makes me faster and lets me focus on the problems that actually require human judgment.
"But AI doesn't change the fundamentals. You still need backup. You still need security basics. You still need someone who understands your specific situation and can help you make good decisions.
"If anything, AI makes the security side more challenging. Better phishing emails, more sophisticated attacks, deepfakes for social engineering. The threat landscape keeps evolving. Staying ahead of it is a constant effort.
"The businesses that will thrive are the ones who take this seriously. Not paranoid, but realistic. Understanding that technology is both opportunity and risk, and managing both deliberately."