When it comes to cybersecurity, few business owners and employees pay enough attention to the risks. Entrepreneurs often give lip service to the MSP firms that support their operations, and prospects frequently claim the systems already in place are good enough based on their perceived lack of threats against the SMB. Many errantly assume companies of their size and anonymous nature are not sitting squarely in the crosshairs of cybercriminals.
MSPs know better. Small businesses are as apt to be hit by ransomware attacks and other cybercrimes as much larger organizations, if not more so due to a lack of enterprise-class defenses. Misplaced confidence and a negative attitude about implementing higher quality cybersecurity measures can be difficult for IT services professionals to overcome. Unfortunately, your prospects and, in some cases, clients may not lose that indifference until it’s too late.
No one besides cybercriminals wants to see any business under attack. The challenge for MSPs is effectively conveying the seriousness of the problem, not just explaining the risks and vulnerabilities and repercussions of inaction but getting real ‘buy-in’ from key decision-makers. Ensuring that your prospects and clients take cybersecurity seriously is one of those major responsibilities that can lead to a lot of lost sleep for you and your team members.
The trick is getting the right systems and processes in place. No matter what decision makers say about adding critical defenses or how much they are willing to spend, any MSP firm that manages their networks is at least partially responsible for compliance and data protection. If something goes wrong, lawyers may end up deciding which side will shoulder the most blame and financial liability.
Create a Cybersecurity Action Plan
MSPs have few options when it comes to dealing with indifferent business owners. First, you can walk away and let another IT services company take on those liabilities. While that sounds easy, many MSPs are understandably reluctant to sever relationships that they worked hard to grow and lose invaluable MRR in an uncertain economy. Most will consider this route only after exhausting all other options, including the three e’s: educate, emphasize, and enhance.
Successful security professionals do everything possible to bring their business prospects up to speed on data and network protection. That should include continual communications between MSPs and their end-user communities, from the business owner and employees to anyone with access to corporate computers or applications. Informing those parties of the latest threats and attack avoidance methods helps boost awareness and lessen risks.
Sharing insight into network and data protection is just one way to start getting your clients to take cybersecurity more seriously. MSPs can implement a number of practices and policies to help raise awareness, overcome mistaken beliefs, and ultimately ensure these businesses strengthen their defenses, either voluntarily or under the radar.
Here are four tips for changing the hearts and minds of clients who might willingly compromise the protection of their companies, employees, and customers:
1. Make your best offerings mandatory
Why compromise your standards? IT services providers earn the business community's respect by doing the right things for their clients, and cybersecurity is one of their most important responsibilities. Many MSPs are moving to a minimal option approach, only varying their data protection stack to address specific industry and compliance requirements and implementing the most user-friendly solutions. Tiered programs with a lengthy list of cybersecurity options tend to confuse business owners and undermine your goal of providing the best possible protection for them (and for you). Offering a single stack of capable solutions streamlines your training and support activities, reduces the cost of delivery, and improves your chances of successfully stopping cyberattacks.
2. “Drink your own champagne”
Do you implement and test all the same tools and services you recommend to other businesses? Surprisingly, some MSPs don’t have a standard policy of vetting new cybersecurity offerings internally or find themselves rushing to utilize that tech at client sites to address a major vulnerability or threat. The latter point may not be easy to overcome, but every provider should thoroughly assess every prospective product and service in their portfolio, especially when data protection is involved. An onsite demonstration of a cybersecurity solution in action is also the best way to convince prospects of its attributes.
3. Extend the conversation to their customers
Inadequate security can affect everyone in the supply chain, not just the clients who pay you to protect their data. MSPs can play a vital role by establishing a safe conduit between businesses and end-users with proven technologies such as secure payment portals, email encryption, and file-sharing platforms. Through those websites and applications, you can strengthen data protection and privacy messaging to their customers to help ensure everyone is aware of the threats and safe practices to counter cybercrime.
4. Lead off with (and emphasize) cybersecurity in QBRs
While you may not get real face-to-face time with your clients these days, opting for safer virtual or ‘socially distanced’ meetings, these periodic check-ins are critical for educating clients on the latest threats and cybersecurity practices. Emphasize the value of continually upgrading their systems and enhancing their end-user training activities and review the results of existing programs and any ongoing concerns. Quarterly Business Reviews (QBRs) are the perfect time to change any misconceptions about cybersecurity using the latest breach news, SMB-focused statistics and honest and open conversations. Plan wisely for these sessions.
The best-laid plans can always fail without proper oversight and implementation. Overcoming misperceptions and stubborn attitudes towards cybersecurity will never be easy for MSPs, so carefully review your notes and prepare solutions to neutralize any objections.
Ensuring your clients take cybersecurity seriously is not a ‘one-and-done’ endeavor. MSPs must steadily educate those businesses’ decision makers and end-users on the value of top-level defenses and reinforce those points regularly.
Confidence is key. Build a formidable cybersecurity stack capable of adequately protecting the clients your team supports and make that a mandatory offering. Never waver in your convictions, especially when it comes to protecting data, people and businesses.