Don't Let Your SMB Customers Succumb To False Security

By The Business Solutions Network

Small companies face the same cyber threats as their enterprise counterparts, but proper education and the right sales strategy are prerequisites to getting them what they need.

An independent study commissioned by GFI Software a few years ago revealed the following alarming statistics about SMBs:

• Nearly half of IT admins reported they do not have the capability to see which PCs or servers on their network are about to fail. For organizations with fewer than 25 employees, this number bumps up to 55 percent.
• Fifty percent of IT admins reported spending an equivalent of three weeks or more per year manually updating antivirus software or removing malware on users’ PCs.
• Seventy-eight percent of respondents said they would be interested in a Web-based service that enables them to manage antivirus protection on company PCs.

What all this adds up to is IT environments that have no visibility into what’s going on with their IT infrastructure and are vulnerable to various threats, ranging from malware to human error and equipment failure.

Many analysts and security experts are predicting huge growth in this market over the next few years. “Today there are more than 28 million small businesses with fewer than 500 employees,” says James Tolosa, senior security analyst at Check Point Software Technologies. “IDC predicts SMB security growth will top $5.6 billion this year and reach $25 billion by 2020.”

SMBs are going to be investing heavily in security over the next five years. The question is: What can you do to make sure your customers are buying security solutions from your company? Industry experts from AVG, Check Point Software Technologies, and My Digital Shield offer their advice on this matter.

Don’t Take SMBs At Their Word When It Comes To Security
Even though some organizations may pretend that everything is okay with their current IT security situation, the facts tell a different story. Keep that in mind the next time you speak to an SMB business owner, and feel empowered to ask a few probing questions to help you and your prospect get to the truth of the matter. “Unfortunately, many SMB owners have an ingrained, independent DIY [do it yourself] attitude, which may lead them to purchase an all-in-one firewall and some antivirus for their PCs,” says David Haadsma, VP of business development at AVG Technologies. “They may even think they are saving money — until something terribly wrong happens.” In these situations, the problem could be that the SMB is using inadequate security solutions and/or their firewall, for example, may not be configured properly.

One of the best ways to confirm whether an SMB’s DIY security is really working is to offer a free security test — preferably one that is cloudbased and doesn’t require a lengthy setup and installation process. “Shieldtest.com is an example of a free security test site VARs and MSPs can use to validate a customer’s security strategy,” says Andrew Bagrin, founder and CEO of My Digital Shield. “From any of the customer’s computers, the site can be accessed from a Web browser, and in less than a minute it can confirm six key security areas, including open ports, distributed denial of service vulnerability, malware/virus threats, clientside vulnerability, serverside vulnerability, and credit card theft susceptibility.”

One of the best ways to confirm whether an SMB’s DIY security is really working is to offer a free security test — preferably one that is cloudbased and doesn’t require a lengthy setup and installation process. “Shieldtest.com is an example of a free security test site VARs and MSPs can use to validate a customer’s security strategy,” says Andrew Bagrin, founder and CEO of My Digital Shield. “From any of the customer’s computers, the site can be accessed from a Web browser, and in less than a minute it can confirm six key security areas, including open ports, distributed denial of service vulnerability, malware/virus threats, clientside vulnerability, serverside vulnerability, and credit card theft susceptibility.”

The Do’s And Don’ts Of Selling Security To SMBs
Once you’ve earned the SMB’s trust and are ready to discuss security in more depth, there are a few things you should — and should not — do to win the sale.

1. Don’t Overcomplicate The Sale. Security is one of those topics that gets very intricate and complex in a hurry, and some IT enthusiasts love to wax eloquently on security heuristics. If your goal is to increase SMB security sales, you’re better off taking Haadsma’s advice. “Trying to impress SMBs on the merits of the latest and most advanced security techniques and algorithms is a lost cause. A better approach for SMBs is focusing on managed services contracts that offer monthly pricing for hardware, IT management, and security.”

Check Point Software Technologies’ Tolosa concurs and adds, “Don’t overcomplicate the sale. ITSPs [IT solutions providers] should aim to keep their security services simple and concise. Too many products and too many choices can quickly confuse an SMB customer. Build a solid support program for customers that’s easy to follow, and provide a technical representative. SMBs are already daunted by the amount of technical literature available and often receive too much information. A customer should be able to call a single phone number and quickly reach someone about their questions.”

2. Do Move Beyond The Doom-And-Gloom Security Approach. When talking about security, it’s easy to get caught up in the drama of multimillion-dollar breaches, fines, and business failings. Keep in mind that this approach can backfire if it’s used too often, making the solutions provider come across as being too fixated on negative events. Even though security is a very serious matter, keep in mind that there are also practical day-today reasons your customers need better security. For break-fix customers, selling security with ROI is often feasible, advises Bagrin. “If you’re regularly cleaning up their computers because of malware-related issues, it’s a win-win for the customer to pay you a small fee each month to proactively monitor and protect their machines,” he says.

3. Don’t Overlook Mobility. In the enterprise, mobile security threats are often thwarted by issuing company-owned smartphones, tablets, and laptops to employees. For SMBs, outfitting employees with mobile devices typically is not in the budget, so employees use their own devices for work. As a result, this is a major vulnerability area for many SMBs. “The use of mobile devices in the SMB space is exponentially growing, and we’ve seen evidence that businesses of all sizes — including SMBs — are unable to stay abreast of the rise of mobile malware,” says Tolosa. “SMBs need to take the appropriate steps to implement security controls to protect their mobile devices. Sensitive data such as company emails and contact information is stored on mobile devices, and that data needs to be encrypted.”

What’s more is that when employees terminate employment, the company’s applications and intellectual property often leave with them, which is another security concern. “We advise partners to keep their customers’ work and personal data separated with a mobile security management solution such as Bluebox Security,” says Bagrin. “It’s important, also, to recognize that policies alone won’t solve this challenge; it has to be handled from a technology perspective.”

Another key issue VARs and MSPs get hung up on with SMB customers is price. This can be especially challenging when it comes to security because, despite needing the same level of security protection as enterprises, SMBs simply don’t have the same budgets. This is where the as-a-service model can be leveraged, say the experts. “If you tell an SMB it needs to spend $3,000 for better security, you’ll likely be met with resistance,” says Bagrin. “But, if you take away that CapEx objection with a monthly payment that’s less than $100, your chances for success go up significantly. Some of our SMB end customers pay up front for their security service each year, but 90 percent opt for the monthly payments.” Changing the way you sell security could mean the difference between winning and losing a sale. It could also mean the difference between your SMB customers gaining a comprehensive security solution versus settling for false security.