For most MSPs, it used to be a straightforward task to cover your bases around security. Simply bundle an Antivirus product suite and internet Firewall with your services and you looked like a hero. But IT technology and how we use it has changed, and the threat landscape has changed with it. The old norm does not apply anymore. It’s being replaced by a new norm and with it comes challenges but also lots of opportunities for MSPs.
Your clients want and need better cybersecurity solutions, or so say 93% of them. Basic security packages of anti-virus and firewall solutions aren’t cutting it these days, and they aren’t protecting you from liability should your client get breached.
The numbers from our recent SMB security survey tell a cautionary tale for MSPs, namely 80% of SMBs are worried they will be a target of a cyber-attack, and 93% are willing to switch MSPs if another provider offered the “right” cyber security solution.
Put simply: if you’re a services provider, you not only need to be providing security, it needs to the “right” kind of security. Or you’re out! The following answers to today's most pressing security questions will helps guide you as an MSP to offer your clients better protection and establish a prosperous security business.
Answers to Important Security Questions
- Why is it so hard to cross the security sales chasm?
According to MSPs we've spoken to, they are having great security conversations with clients. Clients will say, "Yes, we need this solution; this is great," but MSPs are having trouble driving them from that kind of acceptance of the solution to actually driving action—to drive them to change their contracts, to drive them to be able to say, "Okay yes, we want to deploy that new service." That's always due to the lack of a compelling event in a lot of these situations. It's one of those things where you know that there's a risk, but you don't prioritize dealing with it.
2. In order to build a security business, you need ways to communicate gaps that clients may have in security. How do you go about that? Can these methods be used to attract new and existing clients to purchase security?
We've talked to a lot of MSPs that said, "We're not even going to our clients with our security solution yet." And there were two different reasons for that—about two thirds of them said, "We don't have the right collateral. We don't know what we're going to bring in to that meeting to be able to show our clients and be able to drive that conversation." And then about three quarters of them said, "We don't know if we can effectively have that conversation with our clients. Whether it's lack of collateral or lack of knowledge and understanding of how it ties into their existing services." Being able to tie together that story can be a huge struggle.
3. What are the things that you’re suggesting to your customers as it relates to security?
MSPs have answered, "Everything you do has to have a holistic view. Are your laptops encrypted? Do you have 2FA? Mobile device management? “Most companies' most precious data is their intellectual property, and they need to take the necessary steps to protect that.”
Other MSPs say, "When it comes to security with your clients, transparency is the best tool you have, in regard to setting expectations and holding regular meetings, telling your clients where their vulnerabilities are, and being sure they know you’re aware and concerned about them."
4. You've done everything for your clients, but they're still breached. What do you do?
The MSPs we've asked have said, "Recommend that they contact their attorney before they do anything else. And then empathy, empathy, empathy. These are your clients; they need to know you’re there and you care. You do not want to lose them."
"Have a run book. Attorney, screen shots, document what's happening, get the clients secure but take footprints along the way, make sure they're not drowning, and build a communication plan and plan of action. We actually increased revenue 65% after an incident and this protocol."
5. What are the things MSPs can use to help them sell more tomorrow?
Our MSP partners have said, "Go and have the conversation. Then make assessments that aren’t technical. Light the fire—no vulnerability scans. Dark web scans are what you should be doing because they resonate."
6. What’s one or two things that help you grow your business?
"If you’re not talking to your clients about risk right now, you can be sure someone else is. Sell through education. Make sure you’re talking to the decision maker—when their business is compromised it’s going to be their problem, not their tech’s problem."
Addressing these key facets of security is crucial to an MSP's business success.
By Lily Teplow
By Brian Downey
By Dave LeClair