Every MSP should be educating clients on cybersecurity. If you aren’t, what are you waiting for?
By Travis Ray, Director of Channel Sales, Overwatch
Why MSPs Should Educate Clients on Cybersecurity:
Every one of your clients has cyber-risks that need to be mitigated. Period. Some clients are more aware of the risk than others, but overall cyber is still a new frontier; education needs to be a top priority. By continuously educating clients on cybersecurity you will organically improve your clients cyber-risk mitigation which will make their lives and your job easier. Another benefit is the opportunity to illustrate what their subscribed services currently protect them from or do not. Simply having a firewall, anti-virus, and web or email spam filtering do not suffice. Unfortunately, many MSP clients have a false sense of security. While that can be an awkward conversation, it is better to be transparent with your customers about the evolving landscape of threats and how you are currently protecting them from cyber-crime. That transparency and education will increase clients buy-in for more advanced Managed Security Services (MSS) and generate opportunity to upsell, adding more monthly recurring revenue (MRR) for you. Most importantly, it transitions you from trusted advisor to trusted authority, an invaluable partner to their success.
More on MSP Cybersecurity here
Six Top Tricks and Tips:
1. Always position cybersecurity as a business risk.
Cyber-crime is the number one risk to business – you should hammer it home. Crafting your message around the business case for cybersecurity as risk mitigation resonates louder with leaders who hold the purse strings. Most of your clients are not “tech-savvy”- that is why they need you. Decision makers are concerned about business risk and will listen to you when you speak their language.
2. Lead with security as much as possible.
Position security content first and everywhere. Make it a focus on your landing page and use pop-ups offering MSS or risk assessments on your website. That also goes for marketing emails and during one on one conversations with your customers. Ask simple, open-ended questions about cybersecurity at the start of conversations: “Where do you rank cyber in your risk management priorities?” or “What kind of business disruption would a cyberattack like ransomware cause?” or “How would a breach of sensitive information effect your reputation and credibility?”
3. Offer cyber risk assessments.
Even a basic assessment will help you understand your clients’ current risk awareness and security posture. From there, you can tailor messaging to the right level for your audience. Some clients might be further along in their buyer’s journey than you expected, others not so much. Do not waste time talking about the basics or being too technical, respectively. Assessing your clients’ cyber posture will also help you understand what MSS to propose and add maximum value. Work with your cybersecurity partners and vendors to develop an assessment template or CompTIA has an excellent IT Security Assessment Wizard.
4. Review cybersecurity posture and share new best practices in QBRs.
3 Steps to Building an Effective Cybersecurity Incident Response Plan
If you are not already doing Quarterly Business Reviews (QBR), start as soon as possible. QBRs show the value of your services and increase customer loyalty. Most Professional Services Automation (PSA) or Remote Monitoring Management (RMM) platforms have a QBR reporting wizard built in or you can find dozens of free templates online. Use QBRs to share best security practices for avoiding the latest cyber-scams and recognizing new cyber-crime tactics. Dark web scanning is usually cheap and a great way to engage clients that have little cyber-risk awareness. Review the data from your phishing and security awareness platform if the client is subscribing to that service (MSPs should require every client to subscribe to that service – users are their biggest vulnerability). Document security incident responses and present graphs tracking tickets over time to show the value of your MSS. That will also help illustrate weakness to address in their current security posture.
5. Monthly cybersecurity awareness newsletters/social media.
Digital newsletters and social media are great platforms to share the latest threats and risks that clients should be aware of. There are tons of platforms for building newsletters, many of them can import external news sources to make generating content easier and can use your own internal content. Most of your security vendors should have a library of content you can leverage too. Frequently share security focused news and articles on your social media platforms to increase visibility with your clients. MSPs should also be “drinking your own champagne” or “eating your own dog food” when it comes to security. If you are selling it, you should be using it too. Include real world examples in your newsletter and social media posts of how your MSS has prevented or detected attacks and helped you prevent the disruption of cyber-crime. MSPs are becoming high value targets for cyber criminals and showing your dedication to security hygiene and managing that risk improves your status as a trusted authority.
6. MDF from vendors/partners.
There are free marketing dollars out there from your vendors and partners. Get creative with your security education marketing and collaborate with partners to increase engagements. Some of the biggest deals my partners have closed came from lunch and learns or giveaways that we funded. If your partners will not provide MDF – find one who will invest in a mutually profitable partnership.
Wait, one more thing:
If you are going to educate clients, you must educate yourself as well. Below are some resources to stay up to date on cybersecurity. The key is continuous education. You are planting seeds. If you stop nurturing those seeds they will die, and you will have wasted time and resources. If you continue to increase clients cyber-risk awareness, you will reap the rewards. Be patient and persistent. Education is critical and should be done continuously. Keep in mind, you will not make MRR if education is not being leveraged to sell MSS.
Resources for staying up to date on cybersecurity:
- Overwatch by High Wire Networks
- IoTTSA
- CompTIA
- Darkreading
- Infosecurity Magazine
- Threatpost
- Cyaware
- SCmedia
Stay tuned for our companion blog on how to use education to close more security deals!
Leave a Reply