FRSecure

Introduce your business and what you do there.

I am the VP of tech and operations for Emerging Therapy Solutions, a healthcare service provider. We provide coordination of transplant services from traditional organs to bone marrow. We are also breaking into the new gene therapy transplant market, helping get those services into the hands of patients that need them.

What challenge were you trying to address with FRSecure?

In the healthcare space, we have to keep everything secure to protect patient’s data. We were looking for help creating a baseline annual security review process.

What was the scope of their involvement?

FRSecure provides cybersecurity and testing services. First, they helped with our annual security review. This is a comprehensive review of everything related to our business, including policies and procedures. Their team also performed an internal scan and audit of our systems, reporting on the maturity level of our infrastructure. They helped us create a roadmap where we can track progress reports on security compliance. 

Next, they provided recommendations for what they viewed as areas of weakness. They also provided a rating and an explanation of their rating scales. This showed us how we rank against norms and standards and where we should be.

The team also ran an external penetration test against our public-facing audits. They scanned and tested the security of those systems. Then, the FRSecure team provided reporting on any vulnerabilities they found through those tests and recommendations to remedy them. Finally, they run quarterly internal scans.

What is the team composition?

I work with three members of the FRSecure team, including Christy (Client Success Manager), Victoria (Security Analyst), and Joshua (Associate Analyst).

How did you come to work with FRSecure?

Our compliance officer had worked with FRSecure while at another company and recommended them to us. 

How much have you invested with them?

We have invested between $15,000–$20,000.

What is the status of this engagement?

Our ongoing engagement with FRSecure began in September 2020. We have a two-year contract with them.

What evidence can you share that demonstrates the impact of the engagement? 

Based on my past experience, working with FRSecure was exceptional. They’re extremely knowledgeable. This can be a daunting task for an organization and they were very professional and patient. 

The FRSecure team doesn’t waste time, they get right to it. Additionally, the results were very well laid out and did a great job of giving us a clear picture of what we needed to work on. They were also willing to accommodate some of our extra requests. 

How did FRSecure perform from a project management standpoint?

Christy currently runs our account and she does a great job communicating with us. I ended up feeling like they were a part of our team.

What did you find most impressive about them?

They brought professionalism, experience, knowledge, and logic to this endeavor. From the get-go, you can tell they’re experts in the space. I felt comfortable working with them, they really know what they’re talking about. 

Are there any areas they could improve?

No, everything went exceptionally well. 

Do you have any advice for potential customers?

Explore the process upfront with them. Go into the engagement knowing you’re going to work with a well-organized, well-structured, and professional team. Listen to them and don’t fight the process.

Please describe your company and your position there.

Founded on June 7, 1997, CaringBridge was the first social network created for communicating during a health crisis, developed nearly a decade before most social networking sites, including Facebook (2004) and Twitter (2006). CaringBridge is the first and most widely used global social network dedicated to helping family and friends communicate with and support loved ones during a health journey through the use of free, ad-free personal websites.

Our vision is a world where no one goes through a health journey alone. CaringBridge.org is used by over 30 million unique visitors every year, an average of almost 300,000 people visit CaringBridge per day, and those visitors come from over 235 countries and territories. CaringBridge is a non-profit with nearly 90% of funding coming from individuals who have used the site on a health journey. In 2019 we have more than 120,000 individual donors. More than a million donors have supported CaringBridge since 2002. My position is CTO, responsible for the product and technology which powers our mission.

For what projects/services did your company hire FRSecure?

We used FRSecure to assess and test our product's and organization's security capabilities.

What were your goals for this project?

CaringBridge is used by people going through very difficult times and often requiring that they communicate sensitive and personal information to their community. Part of our brand promise is that we will provide a secure and safe environment for them to work with their community of support.

Our objective was to evaluate the security of our environment and site to ensure we can provide the level of protection that our users expect. In addition, we are a non-profit that has limited resources and requires a security program that fits our organization.

How did you select this vendor?

FRSecure has a comprehensive yet lightweight framework for evaluating an organization's security capabilities. Their cost was reasonable yet they provided excellent technical expertise.

Describe the project in detail.

We used FRSecure for our original assessment in early 2018. They provided both a risk assessment and an external Web Penetration Test. With their results they provided both a detailed assessment of our capabilities as well as templates and deliverables to jumpstart our remediation efforts.

We just completed a second round of security assessments including a risk assessment and an external Web Penetration Test in December 2019. Based on the framework they had provided for our previous remediation, we significantly improved our secure posture and capabilities since the original assessment in 2018.

What was the team composition?

The team included an executive sponsor and technical experts from CaringBridge. FRSecure supplied a project manager and technical security experts for the assessment.

Can you share any outcomes from the project that demonstrate progress or success?

Our security posture increased by 75% using a risk assessment scoring methodology from 483 to 702. The number of identified security issues dropped significantly. The framework that FRSecure provided to us significantly helped us to focus our remediation efforts and resolve individual security exposures.

How effective was the workflow between your team and theirs?

The coordination of the assessment was greatly helped by their Project Manager to ensure the whole effort stayed on track.

What did you find most impressive about this company?

The quality of the security assessment was very good and comprehensive. Yet the cost and impact were relatively low. This was an effort that even small organizations can absorb to improve their security posture to help protect their organization from all the bad actors out there in the world.

Are there any areas for improvement?

None

Introduce your business and what you do there.

Our application supports clinical trials. I’m our vice president of technology.

What challenge were you trying to address with FRSecure?

Our industry is heavily regulated, and we need to keep our data security HIPAA compliant. We needed help assessing the level of our information security, and reached out to FRSecure for their recommendations and improvements.

What was the scope of their involvement?

Initially, we signed up for their virtual CISO (Chief Information Security Officer) program. They reviewed our policies and standard operating procedures to find any gaps, and they examined the physical security measures within our office. From all the information they gathered, they built a report that outlined our strengths and weaknesses, and a playbook that that suggested improvements for our weakest areas.

What is the team composition?

There is a project manager, but most of our interaction is with the Virtual CISO they provide. We meet with her once a month to review any new information or incidents that arise.

How did you come to work with FRSecure?

They’re a local company that could provide the level of engagement we were looking for. They came to our office and gave a good presentation of what they could do for us, and we felt that they would be the best fit for our needs.

How much have you invested with them?

We spend around $3,900 per month.

What is the status of this engagement?

The collaboration started in May 2018 and is ongoing.

What evidence can you share that demonstrates the impact of the engagement?

Since our industry is so highly regulated, we wanted to be sure our security was performing as well as it possibly could. We are subject to customer audits, and FRSecure helped us strengthen our policies and operating procedures to frame us in the best light with our customers.

How did FRSecure perform from a project management standpoint?

They manage the project well. Because of the virtual aspect, a lot of our interaction is over the phone. They follow up with summaries of all of our meetings, with useful ideas for next steps.

What did you find most impressive about them?

There is a lot of depth to their background in information security and physical security. They know how to provide full coverage and give good suggestions to eliminate gaps.

Are there any areas they could improve?

I can’t think of any areas of improvement for them at this time. We have a good relationship.

Do you have any advice for potential customers?

Be honest about the current status of your information security programs; don’t try to hide anything. They will be able to help you best if you are open with them.

Introduce your business and what you do there.

I’m the VP of operations at SERVICE 800. We provide voice of the customer (VOC) services to help our clients measure the satisfaction of their consumers.

What challenge were you trying to address with FRSecure?

Data protection laws recently shifted from the relatively lax International Safe Harbor Privacy Principles to the more strict GDPR framework. In preparation of migrating our physical servers to the cloud, we wanted to ensure our clients’ data continued to be secured as outlined in the new policies.

What was the scope of their involvement?

Our first involvement was contracting FRSecure to perform an external vulnerability scan. They followed up with a more thorough, two-day day scan of our physical site, including our cameras, windows, rooftop access, and servers. After finishing the assessments, they generated a detailed roadmap of where our data protection currently stands and where improvements could be made. The report included a list of what they discovered and the measures that we should take to resolve them; their team meets with us each month to track our progress. FRSecure also helped us draft a new NDA that requires our subcontractors and consultants to adopt GDPR-compliant policies.

What is the team composition?

They have a designated vCISO for our account, but we also interact with the CEO, the sales team, and the IT department.

How did you come to work with FRSecure?

A simple web search led us to FRSecure. They provided all of the security scans that we needed. Considering that they also had an office close to ours helped as we met with them in person before deciding to hire them for the job.

How much have you invested with them?

We’ve spent about $30,000 to date. 

What is the status of this engagement?

They did the initial scan in July 2017, and they returned in October 2017 to complete the full assessment. We plan to continue working with them beyond our one-year agreement.

What evidence can you share that demonstrates the impact of the engagement?

In the past, we had to make certain assumptions that our data was protected. But FRSecure revealed areas that could be improved. Since using their services, we have the comfort of knowing that all of our policies are up-to-date and compliant with the new regulations.

How did FRSecure perform from a project management standpoint?

We have varying levels of technical proficiency with our staff, yet FRSecure was able to explain the recommended corrective actions coherently to our entire team.

What did you find most impressive about them?

FRSecure offers a wide range of services at a fraction of the cost compared to hiring those same skills internally/full-time. In addition, they’re exceedingly transparent about their security testing methods. Vendors don’t typically disclose all of the secrets to their success, but FRSecure regularly hosts meetings for all of their clients to attend and learn about the latest in cybersecurity news.

Are there any areas they could improve?

Due to the numerous changes in data security, we could miss out on a lot if we didn’t read their newsletters or attend their conferences. However, whenever we have raised questions on new services, they are quick to respond.

Do you have any advice for potential customers?

FRSecure’s data protection services are an excellent investment, so don’t hesitate to reach out to them.

Introduce your business and what you do there.

I am the president of Schuler Shoes, a retail store company with nine locations in the Minneapolis St. Paul area and an online presence. We’ve been around for 125 years.

What challenge were you trying to address with FRSecure?

We needed a technology specialist to create a roadmap to identify the information security threats we are exposed to as well as ways to approach them in order of priority based on the risk of the threat and related to our business needs.

What was the scope of their involvement?

FRSecure started off with a general collection of data over the phone and sent us some documents to allow access to our security systems. Then, they walked us through the scope of the work.

For the main portion of the project, they came onsite and asked us questions to understand our company and its requirements. Then, their team did some offsite work, scanning our security for vulnerabilities. Using the gathered research, they prepared a 200-page report highlighting our strong points and places that needed improvement. They also provided a checklist in Excel with showcasing the security and functions that we could improve, which they took us through step by step. Finally, FRSecure created security policies to help guide and direct our IT team from a policy and HR standpoint.

What is the team composition?

We had an initial sales contact, and then once we signed on, we were assigned a project manager. We were also provided two technical specialists that helped us with the onsite work.

How did you come to work with FRSecure?

A previous employee of ours introduced us to FRSecure. We liked that they were local and understood our business a little—even before we hired them.

How much have you invested with them?

We invested $17,000 in total.

What is the status of this engagement?

We worked with them in March 2018 and ended the engagement in April 2018.

What evidence can you share that demonstrates the impact of the engagement?

It is a little early to measure results. However, through security scans they did, we found ways to secure against external threats and hackers. The policies they created for internet use, computer use, and device use from home also secured our systems.

FRSecure's expertise, in general, has been very useful for us and they found technical solutions that we wouldn’t have known about. The results are still coming in, but so far it's already been worth the time and money we've spent.

How did FRSecure perform from a project management standpoint?

They were easy to get a hold of for questions and great at communicating with us. They worked autonomously and made the process easy.

What did you find most impressive about them?

FRSecure have a lot of experience, knowledge, and understanding of the landscape. They have a lot of clients who have more regulatory requirements such as health care providers, and we could tell they were professionals. They were very friendly and always polite with their suggestions. Their team was always trying to improve our business.​

​​​​​​Are there any areas they could improve?

The process relied heavily on the interviews and that took a long amount of time. Smaller companies, like us, would benefit from maybe a more miniature version of the discovery process to save some time and money. However, overall, they did an excellent job. 

Introduce your business and what you do there.

I’m the security administrator at a high-end printing company. We do printing primarily for fashion retail, financial, and healthcare industries.

What challenge were you trying to address with FRSecure?

We have access to a lot of our customers’ secure and sensitive data in order to print catalogs with their clients’ mailing addresses and send them out. As such, we need to have a strong security system to protect that data. Ours was a bit scattered and weak when I was hired, so I was looking to revamp our security policies and procedures, particularly involving security audits. FRSecure provided their expertise to guide that process.

What was the scope of their involvement?

Security auditing is one of the largest aspects of FRSecure’s work with us. It assures our customers that we are as secure as we claim to be and they can trust us with their data. Every two years, they do a comprehensive two-day audit of administrative, technical and physical security systems. I provide them with documentation of our security procedures, as well as other evidence I can offer to prove we’re doing everything we can to protect our customers’ internal data. 

After they’ve completed the audit, they deliver a graded report with recommendations on what we can do to improve. That recommendation is extremely important to us because it helps us prioritize the issues that need to be addressed.

Beyond audits, FRSecure has advised on a lot of our security policies and procedures. They’ve designed some of the security awareness and incident response training we send out to our employees. They’ve also come on site and given live training to our employees. 

Another large part of our partnership is their assistance on our payment card industry (PCI) certification. To collect credit card data, our credit card data security system has to be audited and pass the PCI certification. PCI council allowed FRSecure to be our PCI auditor which has been greatly helpful because they know our system so well. With their recommendations and assistance, we’ve been able to pass our PCI certification for the last three years. 

What is the team composition? 

In the early days of our partnership, we worked closely with FRSecure’s CEO and founder, Evan Francen. As the company grew and Evan took on more responsibilities, we began working with our own security advisor and project manager from their team. We also work with a variety of additional people from their team depending on the project. Currently, we’re working closely with about five people from their team.

How did you come to work with FRSecure?

One of the sales reps cold-called us to offer their services. After doing a bit of research on them and meeting with Evan, we decided to move forward with them.

What is the status of this engagement?

We began working with them in 2012. Currently, we work with them on a monthly retainer basis.

What evidence can you share that demonstrates the impact of the engagement?

Thanks to FRSecure’s PCI audits and recommendations, we’ve earned a level one PCI certification, which is the highest level you can achieve. 

The higher level of security we’ve achieved with their guidance has allowed our business to grow immensely. Clients trust us with their sensitive data and that wouldn’t be possible without FRSecure’s services.

How did FRSecure perform from a project management standpoint?

We’re very happy with their performance. They remain available to us whenever we want to communicate, whether it’s about current projects or any security incident we have to respond to. We primarily use email and phone to communicate with them.

What did you find most impressive about them?

They’re extremely personable. I know their staff on a first-name basis. Despite them being a growing business, I still feel like I’m working with smaller, personalized security consultants. I never feel like I’m bothering or burdening them when I reach out. They’re always available and willing to help.

Are there any areas they could improve?

This isn’t an area for improvement, but I would suggest that they make sure to maintain the small, personalized feeling of their firm despite its growing clientele. I think it’s what distinguishes them.

Introduce your business and what you do there.

I am the senior IT security analyst for a regional grocery store chain in the upper Midwest.

What challenge were you trying to address with FRSecure?

I am a staff of one and we do not have a lot of funds to dedicate to security initiatives. In order to get a better handle on threats, I realized we needed to reach out to a company with an excellent history of conducting risk assessments and was competitive in the market space. Specifically, we needed someone to look at our e-commerce platform and assess its internal and external risks.

What was the scope of their involvement?

FRSecure had a unique proprietary risk assessment methodology that started with a basic scope review. They then moved onto a technical phase by taking a look at our network diagrams and policies while scanning for vulnerabilities.

Next, they conducted a two-day onsite visit. The first day, they focused on our administrative controls by interviewing key stakeholders involved in the management of the e-commerce platform. The second day, they focused on our physical security—administrative and physical controls, etc.—and then provided a very comprehensive report. The report included a basic executive summary for middle management and a technical overview that identified exactly what we need to fix.

They used a comprehensive methodology that produced a comprehensive report. I was very pleased and so was my boss.

What is the team composition?

I worked with one individual from FRSecure on the project.

How did you come to work with FRSecure?

The store has a business relationship with them going back a few years, so we knew they were a proven commodity we could trust. The relationship was established before my time, but I was aware of them as well and knew they were a great company.

How much have you invested with them?

It was very economical—approximately $13,000.

What is the status of this engagement?

We began working with FRSecure in December 2017, and we concluded with the onsite visits in February 2018.

What evidence can you share that demonstrates the impact of the engagement?

An interesting aspect of their methodology is that their metric reports correspond to credit report ratings so that people are innately familiar with it. Like credit scores, FRSecure’s scores go from 300 to 800, and we did outstanding overall. There were some findings however, and we are using their recommendations to actively remedy some technical aspects of our security and add to our administrative policies.

How did FRSecure perform from a project management standpoint?

We had no problem at all with project management. We mostly communicated over email and phone, while collaborative work was done through their own communications application.

What did you find most impressive about them?

FRSecure has a very common sense approach to risk assessment. Most other companies get carried away with grandiosity and make things too complicated. FRSecure’s approach is very intuitive. Take for example their application of credit score ratings; the information is presented in a way that makes it easy for key stakeholders to understand without needing a long explanation process.

Are there any areas they could improve?

I don’t have any recommendations for improvements. They just need to keep doing what they are doing.

Introduce your business and what you do there.

I’m a financial manager at Mackoff Kellogg Law Firm. We’re a traditional law firm, but also provide legal services to major banks across the country.

What challenge were you trying to address with FRSecure?

Our bank clients require us to do penetration testing to ensure our system is secure. We reached out to FRSecure to provide this service.

What was the scope of their involvement?

They currently only do penetration testing for us, but that could change at any moment with our requirements. The actual testing lasted about a week. Afterwards, they gave us a comprehensive report with suggestions on how to further protect our data. We're definitely open to utilizing them for additional services in future.

What is the team composition?

I communicated with a main point of contact and worked directly with one tester as well. However, two or three testers worked on the project.

How did you come to work with FRSecure?

We considered several companies, but FRSecure was recommended to us by our IT vendor. Considering the cost and a couple of other factors, we felt they were the best fit for our company.

How much have you invested with them?

We’ve spent $4,500.

What is the status of this engagement?

We started working with them in June 2017 and the relationship is ongoing.

What evidence can you share that demonstrates the impact of the engagement?

FRSecure’s services help us maintain compliance with our major banking clients. The process was smooth and painless. We’re very happy with the quality they provide.

How did FRSecure perform from a project management standpoint?

They respond to questions via email on the same day. They’re prompt and the process was everything I could have wanted. We met every deadline set in the project timeline.

What did you find most impressive about them?

Their responsiveness and expertise are noteworthy. There was no downtime on our end, so we didn’t notice when it was happening. They made it an easy process for us.

Are there any areas they could improve?

I don’t have any complaints about what they did for us.

Do you have any advice for potential customers?

I’d recommend customers ask lots of questions. They’re incredibly knowledgeable, very helpful, and willing to answer anything.

Introduce your business and what you do there.

I'm the chief compliance officer and chief technology officer for an investment adviser. We manage individual accounts and invest our clients in stocks and bonds.

What challenge were you trying to address with FRSecure?

We were looking for a company to provide a double check of what we’ve done to secure our clients’ information. We wanted to find out if we’re doing the things that we should be in order to protect them and if there are areas where we need to improve.

What was the scope of their involvement?

They perform an annual penetration test by attempting to access our system to see where there might be holes and vulnerabilities. They also do a scan of what’s out there in social media or on our website that may give people information that could be dangerous. The test itself takes place over one night and then FRSecure runs the results through their scoring system. About three weeks later we have a conference call where they give us a full report along with their recommendations for any changes we should make.

What is the team composition?

The team is about four people and we have one main contact.

How did you come to work with FRSecure?

I was introduced to them when they spoke at a compliance roundtable. I called and talked to them and liked what they had to offer.

How much have you invested with them?

The initial test was more but now we spend around $1500 each year.

What is the status of this engagement?

We started in 2015 so this will be our third year running the test in July.

What evidence can you share that demonstrates the impact of the engagement?

There were a number of suggestions for steps to take after the initial test in 2015. We followed their recommendations and it significantly changed our score. The tester actually said he had to double check to make sure he was looking at the same company because the score changed so dramatically.

Putting in place new security measures and seeing the score change has really given us a lot more confidence in our IT provider. It also comforts our clients when they learn of the steps that we’re taking to protect their information.

How did FRSecure perform from a project management standpoint?

I never have any issues with communication. They’re always available to answer any questions, even when I have follow-up questions after getting the report. The test requires very little hands-on time on our end, which makes it painless.

What did you find most impressive about them?

I really like the report that they provide because they really break everything down. That level of detail makes me feel that they looked into things carefully and are there to help us do better.

Are there any areas they could improve?

No.

Do you have any advice for potential customers?

Take time to analyze the report and ask questions. Having them break down the technical jargon and discuss it in layman's terms is really important and really helpful.

Introduce your business and what you do there.

We’re a small actuarial consulting firm with 11 employees.

What challenges were you trying to address with FRSecure?

We had a client that was worried about their data, so we were basically required to do a SOC 2 (Service Organization Controls) audit if we wanted to keep them as a client. This was the first time we interacted with a cybersecurity company in this way.

What was the scope of their involvement?

Everything’s been related to a SOC 2 audit. We’ve done two to three different engagements with them related to that. A lot of firms are requiring their partners and vendors to go through a SOC 2 audit. It basically makes sure we have the processes and procedures to minimize risks of a cybersecurity breach. We hold a lot of their data, and they want to ensure we’re secure. That’s where FRSecure came in.

A SOC 2 audit entails getting all your systems up to snuff, and then an auditor comes in to confirm we’re done it right. We’re at the stage right now where FRSecure is helping us get ready for this audit. We’ll have the auditor come in very soon, and we’re hoping we pass. We’re setting up lots and lots of policies. For example, if you have a new employee come in, we have a policy that defines the steps IT needs to take.

They look at our server to make sure it has all the up-to-date stuff, so the client can’t get hit. We have to make sure we lock our file rooms and don’t leave stuff at our desks, all the various things that would increase the chances of Social Security numbers being released to the wrong people. It’s the whole process; setting up all the policies, and then other processes, and working with our internal IT guy to make sure we’re doing the most up-to-date stuff.

We had one on-site meeting, but otherwise, it’s all done remotely. It’s nice to have that option. FRSecure delivers reports and action items as they go along. They’ve given us samples to work with, so we start with those and modify them to meet our firm’s specifics. They’ve been very knowledgeable, and they’ve had a lot of good tools that allow us to work with what they’ve given us and to update.

How did you come to work with FRSecure?

I looked up local auditors who do SOC 2 audits, and they’re the ones who actually referred us to FRSecure. The auditors had worked with them many times and said it’s gone well. They’re a smaller company close to us, so it just made a lot of sense. They were the only company we interviewed.

What is the status of this engagement?

We’ve been working together for almost a year. It’s been taking us a long time, and I’m still not done. That’s not due to anything FRSecure has done, we’re just busy at work. I have to update a few more policies and get that ready for the auditor.

Could you share any evidence that would demonstrate the productivity, quality of work, or the impact of the engagement?

We’ve made a lot of changes. We’ve set up all these policies, and now we’ve been having regular IT meetings internally. We’ve had meetings with employees to talk about security. We’ve locked our server room so no one can just walk in and do what they want. We’ve changed configurations on the server based on what FRSecure has told us. We’ve changed how we’re sending data back and forth with clients. Basically, we’ve changed most everything in the overall data process.

We’ve hired them to do penetration testing. They try to attack our server to see if there are any holes in it. They do those monthly. There have been a few things we’ve changed due to these tests, which has been good. They’ve also given us some ideas on disaster recovery and business continuity. We’re still in the process of working on that right now, but they’ve definitely given us some good tools to update that.

How did FRSecure perform from a project management standpoint?

A lot of our communication is by email, but we also have scheduled meetings. We all get on and do a live webcast so they can see what we’re doing. We’re showing them everything we’re setting up, asking questions, and getting ready for this audit. That’s really what we hired them to do, get us ready to pass the audit. If I could spend a couple hours working on this stuff, I think we’ll be ready for the audit. I’ve met with the auditor once, and there were a couple things we still had to do, so we’re very close.

What did you find most impressive about FRSecure?

I didn’t know what to expect. Trying to change all your processes is not fun and not our business. It’s kind of been a pain, but not because of them. We’re realizing that we’re so far behind the times. It’s been good to talk with them, and they’re helping us get into the 21^st century and be more prepared.

Are there any areas FRSecure could improve?

I can’t think of anything. They’ve done what we asked them to do. They’ve been there every step of the way and done everything as we agreed.

Do you have any tips for potential clients?

I would tell them that’s it’s going to take longer than they think, and it’s much more involved than they think. They’re going to have to devote someone to spend a lot of time. I’m not sure I would tell them to react any differently regarding FRSecure. I would just warn them as to what’s really involved. For a small business, it takes a lot of time away from doing your real business.