MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

How to Have the Security Conversation with Small Businesses That Don't Want to

Posted January 23, 2018by Meaghan Moraes

How to Have the Security Conversation with Small Businesses That Don't Want to

For managed IT service providers working to bring a cybersecurity offering to market, it’s serendipitous that “cybersecurity” is at the tip of every small-to-midsize business’ (SMB) tongue… right? With hacks hogging headlines, small businesses will instinctively run to their MSP for security guidance and enhanced protection—in a perfect world. The reality is, the high frequency of debilitating data breaches has spawned a numbness to cyber attacks. The majority of SMBs today actually think they don’t need managed security services. That’s a major hurdle for aspiring MSSPs to overcome.

So, where does the answer lie? In the way you’re able to communicate with these skeptical SMBs. Once you and your client come to a cybersecurity strategy you can agree upon, you’re golden. And it all starts with flipping their perspective on what security really means.

Tell Them Something New

The reason many of your SMB clients don’t want to talk security with their MSP is that there are a number of myths flying around.

“SMBs have nothing worth taking.”

“Attacker groups won’t waste time on SMB targets.”

“The tools I have in place will protect me.”

The truth of the matter is that SMB targets align with hackers’ goals of: theft of funds, ransom data and exploitation of sensitive  information. There is a clear misalignment on the definition of security, which subsequently limits upsell and increases risk. This brings the role of the consultative MSP to the forefront, which can be spearheaded with cybersecurity education and risk assessment.

What’s the Real Risk?

Oftentimes, when clients object to your security sales pitch, they think they’re already sufficiently secure; however, they aren’t actually aware of where they stand on a risk level or what acceptable risks are. People tend to think by default that you’re telling them about risks they’ve already detected, but if identified risks aren’t mapped to the client’s desired state, there’s a serious gap in the plan. So, how do you bring that to life for prospects and clients to get their buy in?

Map Out the Plan

From a transparent and eye-opening conversation will come an effective cybersecurity plan. It’s all about spinning the prevalence of cyber-attacks in a way that will change the way your clients think about what they actually need.

For example, you can highlight that a typical end client gets attacked multiple times per day, and basic security effectively roots out hundreds or even thousands of possible attacks—but is that one attack that gets through too much for your business to handle? Or, you could help the client plan for the worst case scenario. If they get ransomed, then what? The answer might be: we’d have to restore from backup, which we only perform once a day—so you could potentially lose 24 hours of work or the system could be down for several hours. Again, what is the acceptable risk? What would the business impact be if the system was down for a few hours and you lose 24 hours of data? If this is unacceptable for the health of the business, you should work with your client to reduce that specific risk.

And remember, not all clients will be at the level of maturity that they will want security. In that instance, just focus on the smaller items they do need and continue working with them on education to help them understand the real risks of other things longer term.

The Beauty of Alignment

A successful security conversation and partnership hinges on true alignment. You’ll be set if you commit to:

  • Properly defining security
  • Setting expectations with clients
  • Providing regular training and support
  • Tying true risks to desired outcomes

The topic of managed security services doesn’t have to feel burdensome. It’s your duty as an MSP to lead the security charge with validation.

 

Handpicked for you:

Download Cyber Security Sales Success Kit 2018

Meaghan Moraes is a Content Marketing Manager at Continuum, focusing on inbound and content marketing efforts surrounding cybersecurity and threat management. With several years of agency and tech marketing experience, Meaghan specializes in driving leads and conversion with her strategic and creative digital marketing content. In her spare time, she enjoys writing poetry, playing the piano, boxing, and exploring Boston’s best restaurants.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus