How to Sell Managed Cybersecurity Services: How to Avoid 3 Common MSP Pitfalls

Headline-making breaches, including those attributed to Yahoo and Equifax, have had resounding effects on companies and brought cybersecurity to the forefront of IT security woes and growth. To capitalize on this growth and provide the best customer experience, it’s important for MSPs to ensure clients recognize the threats they face, inform them how they can help mitigate threats, and guide them toward the proper response.

David Weeks, N-able
Author: SolarWinds MSP Director of Sales David Weeks

With that in mind, here are three common MSP pitfalls to avoid when selling cybersecurity services:

1. Assume nothing

SMBs are unlikely to realize their blind spots. As their trusted IT provider, you’re responsible for helping them discover overlooked areas or misunderstood threats—or for correctly estimating the exorbitant costs and impact of a data breach. For example, it's not uncommon for an SMB to purchase an antivirus system and think it’s adequately protected from all cyberthreats. The first point to keep in mind is you don't want to overwhelm a prospect with too much information. Instead, have a conversation with the client that includes asking open-ended questions about their security software and helping them self-discover critical areas they might have overlooked. Make sure they understand any legal requirements that may apply to their industry, and ask how they monitor threats as well as the current status of their system. Engaging with a client on various security points helps them see where their current security solution falls short, but it also simultaneously helps establish you and your business as a trusted advisor. Additionally, it builds confidence that your multilayered security solution isn't merely a more expensive version of what they already have—it's a better solution that's worth the extra cost. And that cost is just a drop in the bucket when you consider it can help your clients avoid the astronomical amount of money and time associated with recovering from a data breach. The bottom line: MSPs could benefit from making security a natural extension of what they offer; it’s really becoming an expectation most clients have today.

2. Never overpromise

An MSP might lose a customer if a breach occurs and the MSP did not have the proper protocols in place to enable the client to quickly remediate and recover from it. That’s why educating your clients about their overall security practices—in addition to your capabilities—is extremely important to selling your services. But managing their expectations is also essential to maintaining your reputation. Your company may be able to reduce threats by using email filtering, web protection, and vulnerability management solutions, but malicious users are always searching for new vulnerabilities to exploit. If you try to guarantee perfect safety or instant problem resolutions, you’re more likely to destroy your clients' trust versus inspire their confidence. A better and more comprehensive approach is to shift the conversation to business risk, which MSPs have always helped their clients manage. With breaches on the rise, cyber-risk is also becoming an equally important part of the conversation. As a result, today’s MSPs are expected to measure, quantify, and help guide their customers toward reducing both cyber-risk and business risk—which represents a winning proposition for everyone involved.

3. Never stop educating

Even the best security systems and protocols are only as good as the people who use them. Nothing can protect your clients if they don't know the proper procedures and most common tactics of malicious users. It is the MSP’s responsibility to initiate company-wide training at the client site with a goal of creating a “human” firewall. Making sure employees at all levels of the organization understand best practices and actively participate in avoiding attacks is a vital part of selling your cybersecurity services and mitigating cyberthreats.

The increasing severity of data breaches from large organizations, as well as the growing number of threats to SMBs, have made IT security an unavoidable concern. As an MSP, however, it represents one of the most significant opportunities for your company’s growth. Cover your bases by selecting the best security offerings you can find, taking the time to educate prospects on the benefits of comprehensive protection, managing their risks and expectations, and offering ongoing employee training services.

David Weeks is director of sales, SolarWinds MSP. Read more SolarWinds MSP guest blogs here.