GettyImages-1081349274

Selling security to small and medium-sized businesses (SMBs)—industry insiders will tell you—isn’t always easy. For starters, some businesses see cybersecurity as a cost center, instead of an investment.

But that’s changing.

There is an increased awareness among SMBs about bolstering cybersecurity efforts, with 79 percent planning to invest more in cybersecurity within the next year, according to a recent report sponsored by Boston-based IT management firm Continuum.

Additionally, cybersecurity has become a determining factor in whether an SMB is likely to use and continue to use an MSP, the report found, with 93 percent respondents saying they would consider moving to a new MSP if they offered the “right” cybersecurity solution. That’s good news for MSPs.

So, what should MSPs do next?

What SMBs Should Know About Security

Most MSPs can step in and educate existing and prospective customers about the current threat landscape and delineate why investing in cybersecurity has become a business imperative.

As you start talking to customers about internet security, endpoint protection and how failing to invest in a comprehensive data protection strategy can impact business continuity, it’s best to focus on some key areas.

Here are three topics you can talk to SMBs about—no matter their level of IT sophistication—and delineate why they should consider these when evaluating security vendors with their MSPs.

  1. The ransomware risk is rising for SMBs

With more than 70 percent of ransomware attacks now targeting SMBs, protecting against ransomware is one of the biggest challenges that SMBs currently face.

Talk to your customers about how you can help them create a ransomware response plan that includes detection, cause assessment, recovery, and prevention.

Educate them in ransomware infection attack vectors like RDP and spam emails and how adopting simple but effective measures like not leaving RDP ports open to the internet and disabling macros can help.

As ransomware gets more sophisticated, it is of utmost importance that SMBs have the ability to restore their database to a point in time with reliable cloud backup and recovery software.

  1. A multi-layered security approach is key

In an era of sophisticated cyber threats, having a firewall and antivirus software aren’t enough. It is important for SMBs to embrace a multi-layered security approach, which refers to combining multiple mitigating security controls to protect data and operations on multiple layers. Remember, your customers don’t want or need to become security experts. So relaying this information in easy-to-understand language is helpful.

  • Talk to SMBs about how solutions that incorporate artificial intelligence (AI) and machine learning (ML) can help future-proof their networks. Educate customers on how zero-day attacks can impact business continuity and how AI and ML are necessary for stopping zero-day threats that exploit unknown computer security vulnerabilities. With new strains of malware emerging every few seconds, investing in automated threat detection and response that can proactively prevent threats has become imperative.

  • Next is the DNS layer. Talk to your customers about why securing the DNS layer is a fundamental network security measure. According to a recent report, businesses experienced an average of nine or more DNS-based attacks in the last year. Delineate how DNS attacks can cause business damage in terms of downtime and financial loss.

  • Make sure to talk to SMBs about how network segmentation—a step that limits the type of network access that certain users, or devices may have, by dividing the network into sub-networks—can help restrict the amount of damage malware can cause. It can essentially block the spread of malware from end user systems to core systems that house sensitive data.

  1. Don’t forget to educate end users

Finally, remember to talk to your customers about the value of security awareness training that Webroot offer within their product. This gives IT managers and SMB owners the value of in-house security training without having to hire or contract and expert.

But, with cyber attackers frequently changing their attack strategy, security awareness training needs to incorporate those changes into simulated phishing attacks and training courses.

Businesses look to MSPs for comprehensive and cost-effective solutions. With the global managed security services market expected to exceed $45 billion by 2022, MSPs need to offer their clients a well-rounded cybersecurity solution to keep SMB businesses running smoothly. 

Speak with a Webroot cybersecurity expert today!
Click here to learn more about predictive cybersecurity layers for endpoints, networks, and end user education.