Cybersecurity is an increasing priority for companies and organizations of all shapes and sizes. More and more companies have some element of remote work—whether it's a few workers or the entire company—and bad actors aren’t slowing down their cyberattacks on small, medium, large and enterprise-level companies.
As “extended environments” become more complicated, many smaller companies are turning to their MSPs for guidance and support. In fact, our ConnectWise 2020 State of SMB Cybersecurity report found 91 percent of SMBs are willing to change their MSP for the right cybersecurity offering.
But adding cybersecurity to your offerings can be intimidating—where, and how, should MSPs start the journey to selling cybersecurity support?
Get Your Own Security Under Control
If you’re hiring a caterer for catering, you’ll probably want to taste-test the food first. The same goes for selling cybersecurity. Organizations want to get cybersecurity help from MSPs who are themselves secure.
The compliance and auditing landscape is only getting more complicated, and many businesses are beholden to different regulations such as the Healthcare Insurance Portability and Accountability Act (HIPAA), SOC2, and others. MSPs may be asked to complete checklists or prove that they are handling security with best practices and industry standards.
In order to provide cybersecurity, MSPs will need to protect their own houses first. Assess your protections, processes, and protocols. Understand where you are—and aren’t—compliant, and get certified where you need to be certified. Build a risk-first cybersecurity culture internally.
Frameworks such as our MSP+ Framework, can be helpful in understanding the different levels of security and how to start, and consider training such as ConnectWise’s IT Nation Certify program, designed especially for MSPs.
Upgrade Your Expertise and Offerings
For SMBs, It’s not a matter of if but when a cyberattack will happen. SMB cybersecurity is an increasing area of interest and concern for organizations across all industries. And MSPs need to be prepared.
It’s not fun to build a plane while you’re trying to fly it—and especially not when it comes to cyberattacks, sensitive data, and entire businesses on the line. The best time to become a cybersecurity expert is before a client comes to you with a cybersecurity emergency.
Start by assessing your cybersecurity offerings as an MSP. Ask questions like:
- How well-educated are my technicians about cybersecurity?
- Do I have experts on staff? If not, do we have an outsourced SOC that can help monitor client security 24/7/365?
- What kinds of security tools and software—if any—do we offer clients?
Once you have these questions answered, work to understand how much staffing you want to bring in-house, vs. how much you want to outsource. For example, our ConnectWise Fortify offering operates as a white label SOC for MSPs’ customers—allowing MSPs to ramp up their offerings without the struggle of hiring staff amid the drastic cybersecurity talent shortage.
Start the Conversation Proactively
With so many companies willing to change their MSP for security support, MSPs who aren’t proactive about their existing clientele could risk losing accounts to MSPs who are further along the cybersecurity journey.
Once you have the right technology, expertise, and offerings in place, start the conversation with clients early. Don’t let it become an emergency situation. Many MSPs are often tech nerds, so the instinct might be to lead with software and tools. But when it comes to cybersecurity, it's all about managing risk.
Ask existing clients to complete a cybersecurity assessment by using a tool like our ConnectWise risk assessment tool. This can uncover areas of risk where the organization needs more support—risks your clients may not even know they have. Once clients are clear-eyed about their weak points and the risks of cyberattacks like social engineering or ransomware, it opens the door to helping them manage these risks.
And with new clients, being able to offer cybersecurity right off the bat can be a selling point. You essentially become a one-stop shop for traditional IT support and the risk mitigation for the modern business environment.
A Journey, Not A Destination
We like to say that cybersecurity is a journey, not a destination. There are constantly new hackers, new attacks, and new risks, so cybersecurity is an ongoing, evolving process that requires regular reassessment. Your cybersecurity toolkit—and the conversation around security—will constantly evolve. By starting with these three steps, MSPs can position themselves to provide cybersecurity and help make their clients more secure.
Author Jay Ryerse is vice president, cybersecurity initiatives at ConnectWise. Read more guest blogs from ConnectWise here.
