[BreachExchange] Cybersecurity Is an Essential Part of the MSP Toolkit

[Audrey McNeil]

http://mspmentor.net/blog/cybersecurity-essential-part-msp-toolkit

With big data, analytics, social, mobility, cloud and IoT driving the move
to Digital Transformation--also known as DT, digitalization, DX, DE
(Digital Everything) and Industry 4.0--IT is moving from the back office to
business enabler. However, all the things that make DT possible also make
it more vulnerable. And with small and midsize businesses already facing a
growing range of internal and external cybersecurity threats, combined with
a shortage of skills and resources, partnering with an MSP becomes
increasingly attractive.

That’s good news for MSPs, but how do you ensure you are profiting from
this trend? How do you position your business to address the new realities
that more than half of SMBs (55%) were victims of a cyber attack within the
last 12 months and that 60% go out of business within six months of an
attack?

The pundits talk about becoming an SMB’s business partner, strategic
partner or trusted advisor, and all three terms make sense, as far as they
go. However, I would argue that when you consider the vital importance that
secure IT represents, much more is at stake than a partnership, strategy or
trust. We’re talking about the success or failure of your client’s
business, and that demands a more inclusive approach. This also happens to
be good for you: The managed security service market, worth $17.02 billion
in 2016, is expected to almost double by 2021 to $33.68 billion, at a
Compound Annual Growth Rate of 14.6%.

The efforts to find, sign and retain a client aren’t easy, but it becomes
much easier if you match your capabilities with their needs and desires.
You’re looking for customers that will be profitable on an ongoing basis.
They’re looking for a vendor who will address their requirements affordably
and reliably, and preferably provide more than a monthly invoice. A part of
that reliability--and added value--includes transparency, especially when
it comes to cybersecurity: what are they paying for and what are they
actually getting.

What services are you offering--that is, assessments, remote monitoring and
management, antivirus, patching or backup and disaster recovery--and how
are they being charged--hourly, weekly or monthly? What are the results of
these services--such as attacks detected and prevented, patches and
uptime--and how are the results being communicated to the customers. (For
example, "We offer more than 100 built-in reports with our managed services
platform, along with the ability to easily create custom reports.")

In addition to executive summaries and more detailed reports, you should
consider more strategic initiatives, such as quarterly or annual business
reviews. These reviews can summarize activities and results to date, and
identify areas where changes and/or improvements can be made. With the
rapid evolution of IT and cybersecurity, your thought leadership and
recommendations can extend a successful relationship and make the
partnership more useful to your customers, and more profitable for you.

Understanding and addressing your customers’ needs and desires reliably and
affordably will not only keep them happy, it will also open the door for
additional revenue opportunities, including network optimization and
strategic growth initiatives. Partnering, strategy and trust are all
important; combing all three will drive your customers’--and your--success.

5 Onboarding Tips

The onboarding process sets the foundation for success between MSPs and
their clients, and is typically built on discovery, advisory services and
deployment. A best-practice approach should be rooted in efficiency and
high value for the customer, and should include:

1. Put business goals first: Customers and their business goals take
priority. It’s great to have technology tools and processes in place, but
understanding business goals--such as customer acquisition and employee
efficiency--can ensure the onboarding process is in line with what matters
to clients’ bottom lines. For example, customers choosing a proactive
service approach require patch testing and auto-approvals,
server/workstation maintenance, predictive failure monitoring, and monthly
reporting summaries to prevent customer downtime and minimize fire drills.
Lead with business goals and your processes should follow naturally.

2. Create a standardized process: No one wants to undergo a 30- or 50-step
onboarding process. Yet it’s important to ensure that appropriate security
stages--monitoring, patching and maintenance, to name a few--are in place
to protect you and your customer alike. Streamlining a multistep onboarding
process is key to getting customers configured easily. Regardless, any
technician should be able to go to the customer’s deployment and understand
what was done--and not find that steps 15 through 20 were skipped.

3. Set expectations with customers: Many MSPs spend time talking with
customers; however, a good percentage are not successful in completely
understanding business needs, so no wonder they are challenged with
delivering a package to fully meet requirements. Placing customers on
specific service plans allows them to receive high-quality, high-value
services according to a plan, and this also makes it easier for an MSP to
communicate. Setting clear expectations and delivering to those
expectations is a time-proven key to success.

4. Make security a priority: In today’s threat landscape, the greatest
challenge is ensuring that strong detection and protection are put in
place. Ransomware, compromised passwords and data loss can cause
irreparable damage for businesses. Security begins with questions.
Customers should be made aware of security best practices and how adopting
a multilayered defense is the strongest approach to protecting their users,
devices and data. There is no one-size-fits-all when it comes to security,
but MSPs today have the solutions available and are in the best position to
protect their customers from an ever-growing and advanced threat landscape.

5. Put reporting in place from Day 1: Continuing to prove the value of your
managed services is critical. Start by showing a regular report of what has
been accomplished (what you’ve patched, what malware you’ve caught). This
gives your customer peace of mind, shows your effectiveness and can tie
back to the business goals.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170317/9e01e63d/attachment.html>