It’s been one crazy summer. As a matter of fact, it’s been one heck of a year and when you talk to MSPs, most will tell you it’s all been kind of a blur. But as summer turns to fall, a somewhat clearer picture has begun to emerge across the managed services landscape.
MSPs weren’t immune to the economic downturn in the first half of the year. The good news is, MSPs were expected to grow at around a 17% clip and that number has been adjusted down to somewhere around 8-10% growth. Not bad for being in the midst of a global health crisis. We know that cybersecurity is on the minds of nearly every business owner and for good reason. Cybersecurity is the horse to ride for many MSPs looking to sustain YoY growth.
Most analysts agree that a geographically dispersed workforce is here to stay- at least to a much more significant degree than before 2020. How do MSPs capitalize to make the most out of organizations digital transformation efforts? As the spike in demand for hardware and remote control software solutions begin to wane, what new opportunities exist for selling sustainable services?
Security Awareness Training
The idea of training employees to recognize phishing emails isn’t necessarily new and some MSPs have added SAT well before the work from home transition occurred earlier this year. For those MSPs that have been reluctant, here are a few points to start the conversation with clients and prospects.
- WFH means increased risk to the business
- Normally less security measures in place
- Inherent knowledge of the user is leaned on more heavily
- Unknowing users are prone to being far less security-minded than the informed
- Users need education
- Users will prompt a majority of the threats to security seen today
- Not all jobs are technical, everyone can’t be expected to understand risks
- Most users aren’t aware of the threats they face
- Phishing and Business Email Compromise (BEC) have evolved
- Sophisticated phishing scams are more difficult to spot
- BEC and whaling often don’t involve bad URLs
While many enterprise-sized organizations already have SAT programs, their SMB counterparts do not. There’s an opportunity for MSPs to add security awareness training as a monthly service to the SMBs they serve.
Email Advanced Threat Protection
Over 90% of ransomware comes in through a phishing email. Training an organization’s employees is critical, but in and of itself is not enough protection for a business. There needs to be an intersection of technology and human behavior to maximize an organization’s security posture. The lion’s share of MSPs leverage Office 365 for email services to their clients. The trouble is, the criminals also know most MSPs use O365 and have built exploit kits to circumvent the native security. Here’s a few tips to convince your customers to add email security with advanced threat protection.
- Phishing and attachment protection are needed
- Zero-hour threats use clean URLs to get through filters then become weaponized a few hours after the send. Phishing protection is designed to provide click-time protection.
- Microsoft Excel, PowerPoint and Word can all contain malicious macros and must be addressed with attachment protection
- Office 365 is a big target and ATP is expensive
- Office 365 exploits are common amongst hackers and thieves
- Microsoft concedes and offers their ATP package at E5 and quadruple the price
- Keep the basic O365 package and add a less expensive, standalone ATP email solution
According to IBM and Ponemon research, over 57% of SMBs reported a phishing attack last year and that number is on the rise in 2020. Email security isn’t an option anymore. It’s as critical as endpoint security and a network firewall.
According to Craig Newman’s New York Times report, Managing Risks, using encryption and training employees before an event occurs can save your clients company 47% of the costs of a breach. As the network edge expands and most people are working from outside of the office, it’s a great time to offer a business VPN. Most companies protect their internal network and data with extra security measures in the form of a VPN tunnel for remote salespeople and executives for example, but that’s it. Now, nearly all employees are “road warriors” and they’re accessing the network from anywhere with a signal. Here’s how a VPN can help SMBs in particular.
- Provides end-to-end encryption for devices connected to the internet
- Allows remote data access and safe and secure data sharing
- Business-grade VPN will protect the company intranet as well as enable employees to safely access unsecure Wi-Fi networks
There’s no doubting the growth in cybersecurity spend, particularly in the SMB space. Try adding these timely add-ons with your clients and prospects. You’ll get additional billable services and your clients will get better cybersecurity.
VIPRE Security recommends that all organizations utilize a layered security approach when implementing defensive measures. A top-rated endpoint security solution coupled with advanced email security and threat intelligence solutions will ensure that you are protected from malicious threats via multiple attack vectors.