What do you say when a small business prospect pushes back at the beginning of a security discussion by blurting out, “we already have enough protection” and shutting down the conversation? There are few things as uncomfortable as that silence between an objection and a response, especially when the potential client doesn’t understand the risks facing every SMB organization today.
There is never enough security. Repeat that phrase to yourself whenever preparing to talk with clients and prospects and start implanting that thought in the minds of every single one of your employees ‒ even the cleaning crew! It doesn’t matter if an organization buys and implements every type of available security tool; no person, entity, or system is immune to cybercrime.
Do your clients understand that last statement? Even with the best firewalls and endpoint protection, email security solutions, and phishing awareness programs in place, it just takes one slip of the tongue to undermine the best defenses. No matter how much they spend, or what provider, supplier, or specialists they work with, cybersecurity will be a lifelong commitment with no guarantees.
The NEW Objective
Cybersecurity goals are constantly evolving. Think of it from a military perspective: the objective is to win as many battles as possible and to minimize losses so your clients will live to fight another day. It’s really that simple. They should never expect to win the war on cybercriminals. The new objective for cybersecurity is frustrate potential attackers (so they’ll find less worthy opponents) and minimize any possible damage.
Stopping cybercriminals with zero effect on your clients is still the ultimate goal. However, today’s reality is every business is a target and, if someone wants to get in bad enough, or there’s a failure in one or more points of their defenses, bad things may happen.
Many SMBs still assume their companies are too small to be the victims of cybercrime. However, according to a recent industry report, 70% percent of ransomware attacks targeted small businesses last year, with an average ransom demand of $116,000. No one is immune, and the cybercriminals are increasingly targeting the SMB.
Once hit, the costs add up quickly. Some businesses decide to pay the requested ransom hoping that the affected systems can easily and economically be restored ‒ a pipe dream if they don’t implement proactive measures like disaster recovery solutions. Those scenarios, as well as a thorough review of the potential costs, should be a part of every MSP’s sales playbook.
Providers must remind their clients that their people will make mistakes. Despite all the awareness training, employees are human, and someone will inevitably fall for a social engineering trick or one of the many forms of phishing attacks. They will give out system credentials and click on infected links, and make other bone-headed moves. That’s the reality your clients need to accept and part of the continuing security education for the SMB.
Build a Cyber Value Proposition
MSPs and their clients have to continue to up the ante on cybercriminals. Like a skilled boxer, you need to add both defensive and offensive moves to remain competitive. Your clients also need to understand that even when cybercriminals get in a good jab, such as infecting one workstation with ransomware, their IT support team can still win the match. Today’s MSPs have the tools available to quickly identify, isolate, and remediate the problem on an affected machine before it infects the entire system, and then restore the user data and key applications. The most pressing concern usually involves getting victimized employees back-up devices to use until the security team deems their original equipment clean and secure.
Remediation services become that soft cushion your clients need in these trying times. They must know your security protection is not only extremely effective on the proactive side, but in the inevitable event that something begins to go wrong, your team will step in quickly to neutralize the potential damage.
In 2019, that’s an MSP’s best security value proposition: protector, counselor, and skilled problem solver. Can your cybersecurity team convey that level of confidence to the SMB? That’s one of the topics we regularly discuss at IoTSSA events and in our monthly security run-down email and Secure Connections podcast series (55+ episodes and counting). Engaging with our community ‒ including vendor, association, and media partners ‒ helps MSPs improve their cybersecurity edge and strategy, not to mention their sales play.
Change your clients’ mindsets and start building a tighter (and more profitable) relationship today!
Brian Sherman, Content Director