cyber-stackWhen I was running my MSP and needed clients to upgrade their security stack (as in, buying our latest cyber stack), I had a couple of clients who would do whatever I advised. But then there were the others.

The clients that watched every single penny. Maybe they were dentists, lawyers, manufacturing—I really didn’t matter the vertical or how big the organization was, I was constantly confronted by objections against adding anything to their stack.

Today making sure your clients understand their risks and having confidence that the stack you are offering is working is a critical piece of managed services. Note: if you aren’t sure your stack is working or just want to make sure it’s working as expected, many MSPs are turning to a cyber stack evaluation as a means to get real proof on how effective their stacks protect them.

Today I see packaging and selling a cyber stack—AND making sure it is working—as the critical problems confronting MSPs.

I know you already are aware that our community is under attack. Even if your MSP has not fallen to a ransomware attack, our big problem is that many are. That means that criminals are learning how our businesses run and have figured out that we are prime targets for bigger pay days.

I wish we could return to the days where simply having an antivirus solution was more than enough protection. Now if you’re not doing your due diligence, you will be on the hook for more than just support. Today I want to walk through three problems confronting MSP cyber stacks and how you can deal with them.

Problem 1: your stack isn’t laid out simple enough for clients to understand.

This is a huge problem. Maybe you split up your offerings into components, like firewall, antivirus, SIEM, etc. The problem with that is your clients aren’t necessarily savvy enough (at least most of them) to really understand each piece and the benefits they’ll see with those components.

The solution here is to create a package that helps clients address their current risks. Make sure to communicate to them where their risks lie. One of the easiest ways to dig into their risks is by showing them how their personal and sensitive data is at risk through a penetration test.

Explain to them that cyberattacks continue to evolve and the only way to keep us is to through penetration tests that simulate real world attacks. Then show them how their current stack doesn’t adequately address threats their team is confronted with.

Remember to keep it simple. The harder you make it for them to understand, often the less interested and engaged they will be in making a decision in favor of your recommendations (unless all of your clients are raving fans that completely go with your suggestions).

Problem 2: your stack is bloated.

As we continue to evaluate MSP cyber stacks (we’ve already analyzed over 647 this year at this point), I can tell you that the majority are over-investing in specific layers of their security. Most MSPs are spending good money on their stack, but the problem is they are investing in redundant solutions or solutions that when combined are counterproductive.

The solution here is to come up with a strategy. First understand what your critical layers are and how your current stack addresses those layers. Our partners are attending Security Operations (SecOps) calls every week to understand how to strengthen their layers of security through (1) process, (2) configuration, or (3) augmentation. Without a sound strategy where your team understands where you are today, where current threats are targeting and how to show improvement day over day and week over week at addressing security risks, your stack will stay bloated and ineffective.

The truth of the matter when it comes to cyber stacks is that most problems related to effectiveness can be addressed with the tools you already have and team you have in place. The big hitter issues will be related to how your stack is implemented and supported—problems that can be addressed without increased budgets.

Problem 3: your client doesn’t see a clear ROI with cybersecurity.

When I was running my MSP, this was probably the biggest challenge that I had to face. Clients couldn’t stomach additional fees from security-related products. They’d try to throw almost every objection in the book at me because security meant costs and costs meant non-starter.

To get around the variety of hurdles you’ll be thrown and the finger pointing you’ll be given if something ends up happening, is underlying the benefits and the return on investment of your stack. Focus on team member uptime, data loss prevention and other trigger items that no business owner or decisionmaker would want to be confronted with.

In many cases, you will probably be thrown the “this could never happen to me” objection, which in my opinion is the catch all of objections. In response, I’d suggest you challenge them with a pen test. Prove you wrong! That’s what I learned worked well in getting clients to run the test and take a look under the hood at all of the risks their team bring on their network.

Until they get that AHA moment that this security stuff is serious and that they are as vulnerable without a sound cyber stack as the guy down the street trying to clean up from a ransomware attack, you’ll be the one footing the liability and risk for them (you’ve got to realize that they WILL blame you).

What kept me up at night…

When I was running my MSP, I was always trying to find ways to evaluate whether the stack that I picked out was actually working. How can you show clients that it’s effective at protecting their critical data assets?

The easiest way I’ve seen to evaluate your stack and networks of your prospects and clients is through a penetration test. And one the easiest ways we’ve seen MSPs improve their security has been through evaluating their own networks to see where they may need to improve [link to /stack].

NEXT Super Sales Friday I will be diving into developing, packaging and getting your clients to buy your cyber stack.

Join me June 4th at 12 PM Eastern

Stop Losing Money From Ineffective Cyber Stack Offerings: 3 Easy Steps To Package And Sell A Cyber Stack That Clients Will Want To Buy

Go to www.galacticscan.com/friday for all the details.