By Scott Beck, BeckTek
No one believes a tornado, burglar, or other calamity will wreck their house — until the day it happens. Afterwards, when it’s too late, they’ll regret being unprepared for the catastrophe they thought would never come.
That same mindset also keeps countless business owners from recognizing how vulnerable they are to ransomware threats, phishing scams, and other attacks by cybercriminals that could destroy their companies. Overcoming that mindset is one of the major challenges we face as MSPs when promoting and selling cybersecurity services to small and midsized businesses (SMBs).
But meeting that challenge not only reduces the toll of cybercrime — projected to cost $2 trillion globally in 2019 — it offers IT professionals an opportunity to build their own businesses.
At my company, BeckTek, we began positioning ourselves to expand our cybersecurity offerings and expertise in late 2016. In the presentations we’ve made to potential clients since that time, a full 80 percent have signed long-term contracts with us.
Along the way we’ve learned a few lessons about monetizing cybersecurity services to protect businesses from costly data breaches while at the same time expanding our roster of clients.
Educate, Don’t Violate
One of the first things we recognized was the need to educate SMB owners and CEOs about the realities of cybersecurity risks compared to the illusion their companies were invulnerable to hacker attacks.
The engineers on Team BeckTek serve several dozen professional firms, manufacturers, and associations from our headquarters in New Brunswick, Canada have all heard a variety of excuses business leaders use to avoid implementing IT security until it’s too late. Maybe you, too, have gotten comments like, “I’ve never had to deal with it before, why bother.” “My guy already put in antivirus software, so we’re all set.” “Hackers only target big companies and I’m a small company.” Or, “Hackers only target small companies and I’m a big company.”
In the face of these excuses, it’s tempting to use scare tactics to convince potential clients of the dangers of the dark web. But it’s critical to avoid that temptation. Don’t just do a dark web scan of a company and present it to the CEO thinking you’ll get buy-in for your services. Potential clients don’t know you and if you try this tactic they’ll assume you’re trying to con them. If you just run the scan and take it to them, they’ll feel violated.
Instead, we use the offer of a complimentary dark web scan as a door opener; it’s a relationship-building tool. We engage and educate first. Once we do the scan with their blessing and show them how vulnerable they are, it leads to a conversation about other cybersecurity issues and IT problems. Now we’ve built trust and we expand on that trust to earn contracts.
At BeckTek, we use the Dark Web Breach Assessment (DWBA) service from Breach Secure Now! (BSN). With DWBA, an MSP can scan the dark web to identify which employees’ emails have been compromised, as well as the staffers most likely to be cybercriminal targets. DWBA also provides analytics that can be presented to potential clients, giving them a clear picture of where they are exposed to hackers as well as the overall risk level of the company.
One Employee Mistake Spells Disaster
Few business owners, however, realize their trusted employees pose the greatest risks in terms of cybersecurity. For instance, when a Human Resources manager at a medical office unwittingly responded to a phishing scam, a hacker got access to the personal data of everyone on staff and it cost the firm $100,000 to repair the damage. In another case, employees at a manufacturing company routinely used their birthdates as passwords and that practice made it easier for hackers to infiltrate the computer system and install malware. Even well-meaning employees can make mistakes that lead to disasters.
Using BSN’s dark web scan and Employee Vulnerability Assessment (EVA) program, we are able to pinpoint the specific staff members who pose the highest risk for a breach and make the case for a potential client to sign up for ongoing employee training as well as our other services.
Some clients resist the concept of regularly training employees because they believe an annual cybersecurity check provides sufficient protection from online criminals. Common sense examples help counter that view. No one, for example, would ever think taking a shower once a year will keep a person clean for 12 months. Nor will getting a flu shot in one season protect you from a new flu virus the following season. Similarly, just as diseases mutate and adapt, so do the tactics of cybercriminals which means cybersecurity training for employees must be continual and updated throughout the year.
When employees learn how to spot the latest phishing scams, create invulnerable passwords, and practice basic cyber-hygiene they greatly reduce the chances a business will lose its data to hackers or get its computer systems frozen by ransomware. Trained employees are the best form of inoculation against a virus.
Become An Advisor, Not A Seller
For MSPs, cybersecurity tools like those we use from Breach Secure Now! provide leverage for building a connection with potential clients that goes beyond just selling them the latest technological fix for their IT problems. In less than an hour of dark web scanning, we move from sales person to advisor, which then puts us in a great position to develop a long-term business relationship. As proof of the effectiveness of this approach, we offer new clients a guarantee in which we will return all of their money if they are not 100 percent satisfied. No one has asked for their money back so far!
About The Author
Scott Beck is a two time best-selling author, award winning speaker, and cyber security advisor who founded BeckTek in 2004 to uncomplicate technology for fellow business owners and executives, so they can run their businesses faster, easier, more profitably, and securely.