Cyber-attacks are continuing to grow and evolve, increasingly threatening organizations worldwide. Particularly vulnerable are the small-to-medium-sized businesses (SMBs) that may not have the in-house personnel to protect against cyber-threats like new and aggressive strains of ransomware. These businesses look to Managed Service Providers (MSPs) or remote information technology (IT) managers to ensure that their businesses continue running and that their data is secured in the event of an attack. It’s no surprise that recent statistics from B2B research firm Clutch, show that 69 percent of U.S. SMBs use at least one IT service provider, while only 31 percent of SMBs with 10 or fewer employees have an in-house IT staff.
MSPs are the guardians of an SMBs IT infrastructure, delivering ongoing monitoring and management of client applications including their security apparatus. MSPs keep tabs on the health of their clients’ IT environments, change and update systems and protect their data.
However, it’s important for MSPs to differentiate themselves when it comes to selling their services to SMBs, because not all MSPs are created equal. Business owners are becoming better educated when it comes to choosing the right MSP to launch and maintain a cyber-defense. Demonstrating how your security offering is differentiated in an increasingly complex digital landscape will be vital in showcasing your SMB’s cybersecurity strategy. As you’re developing the best way to showcase your expertise to a potential client, keep in mind the following considerations:
Pen Tests are a Must
Securing data on-site can be achieved by housing infrastructure in a room that is accessed by a select group of employees. Radio-frequency identification (RFID) or key cards are common ways to gain access. This approach can be coupled with software security as well. However, choosing to do so opens the door to vulnerabilities in a company’s security system.
It’s important that MSPs explain to their customers that they penetration-test their security solutions on a regular basis. The goal is to test a network, its computer systems and web applications to spot vulnerabilities that cyber-attackers can exploit. Vendors can work with MSPs to provide a remedy when vulnerabilities are found, but it’s important for MSPs to explain their proactive approaches to spotting vulnerabilities.
Keeping the Lights On is Vital
Business continuity is constantly challenged by security threats, including ransomware attacks. A recent survey from Datto found that employees are vulnerable to losing access to vital information via the cloud and when working remotely as SaaS applications like G-Suite, Office 365 and Dropbox and mobile phones and tablets continue to serve as a growing target for new and aggressive strains.
Demonstrating how your security offering is differentiated in an increasingly complex digital landscape will be vital in showcasing your SMB’s cybersecurity strategy.
More and more, SMBs are moving their information to a cloud based format, G-Suite, Office 365, Salesforce, Box, etc., and making sure that those users can access that data no matter where they are located is imperative. What good is moving data to the cloud when you can’t access it? Having a failover/failback router is key to making sure there is no loss of productivity. Having two ISPs can be cost prohibitive, so at the very least, failover to LTE would be a minimum. Helping SMBs understand that you understand these challenges about their business and describing how you approach it, is something that will help you differentiate your approach.
Enlightening the End User
MSPs should offer tools and strategy to their clients so that they can educate their employees on the cybersecurity landscape to help thwart future attacks. This is especially important for SMBs that may not have the time or budget to educate themselves. For those businesses, MSPs can advise that all current and new employees should have to go through some level of basic cybersecurity training. An MSP would then help their client to develop a training framework that includes visual examples of what a cyber-attack looks like, such as a phishing or ransomware attack.
In my experience, the number one cause for ransomware attacks is phishing emails. It’s very easy to Google a LinkedIn account, find an e-mail address and then spoof that e-mail address. Consequently, it’s becoming more and more difficult to distinguish what a phishing email looks like. MSPs need to work harder than ever to make sure that their clients employees know how to spot a malicious e-mail and know exactly what to do if they encounter a potential ransomware lure (i.e., don’t open attachments; if you see something, say something). This is an essential part of how MSPs should help SMBs (and their end users) protect against attacks and should be clearly defined as part of what you offer.
MSPs should also keep their clients apprised of new forms of cyber-attacks so that they can defend themselves more effectively. This includes bring-your-own-device (BYOD) work cultures that can increase the Internet of Things (IoT) threat to security. MSPs should anticipate an increase in shadow IoT devices that can pose a challenge to network security if left unsupervised.
Defending Pricing Through a Sound Security Strategy
While price certainly plays a factor in determining whether an SMB will secure your services, MSPs will be able to secure premium pricing, if they can demonstrate the value they provide in keeping data safe by explaining the costs involved if a business goes down for a day or a week. Should an SMB pay a fair price to prevent their business from being impacted by the next Cryptolock or WannaCry attack? If they understand the potential impact, they sure will. It’s like an IT insurance policy that can protect their business and help ensure that it doesn’t go out of business.