I’ve gotten a lot of requests from MSP owners for me to spell out a good sales process to closing more clients taking a security-forward approach.
This is something that I recently covered in Super Sales Friday. If you haven’t been attending these super sales events, I’d highly recommend signing up for the next one at www.galacticscan.com/friday. [Warning- these sessions DO fill up quickly, so get your seat ASAP].
Back to a killer sales process that focuses on cybersecurity.
When we talk about the Galactic Sales Process, it looks pretty simple.
You start with an incoming lead. You may have gotten it from a many different channels. Some of our partners have been successful by pitching a pen test at an event (speaking or a booth), advertisements, email blasts, conversations, or even direct call ins to their offices. They also have reengaged old leads pitching a new look at their security posture from a hacker’s perspective. Whatever way you get a lead to raise their hand enough for something free, I’m assuming here that you have your marketing engine working enough to get some initial bites.
And if you have no bites, I recommend you asking your current clients! Consider offering them a pen test and then asking if they know anyone that they work with who they think would want one and get a couple introductions. This could be people in their supply chain or business like them (kind of depends on your MSP’s focus).
From a lead coming in I like to follow this process:
Collect basic information—when they call in, get some critical information. Don’t directly go into a deep dive with a 20-minute meeting. You probably will not get that far with them. Make sure whoever takes this call gets their company name, their name, why they are calling/ what’s worrying them. While you’re on this initial inbound call, schedule a 20-minute phone call. This is important- make sure you schedule it on the books rather than trying to follow up to schedule something.
Credibility email— after your inbound call, send the lead a credibility email. This should include no less than 5 testimonials about your service and the assessment that you ultimately will offer them. These testimonials should demonstrate your excellent work. One additional critical point is that this email should include a PDF with a simple non-disclosure agreement (NDA). If you need a copy of our NDA, simply go to www.galacticscan.com/audit (it’s at the end of the document). The NDA will communicate that you take their data security seriously.
Phone call—you already have this phone call scheduled from your initial conversation with them. This call typically takes about 20-minutes of time. In Galactic Portal, we provide you with a form of critical questions to ask and get responses from your prospect on. These will help the prospect mentally prepare for needing to further invest in their security. You will initially have a conversation about their security measures—things that should be visible to them.
Then you will switch to offering them an assessment of their network—to see what a hacker would get to if their network were breached. Send them a link via email to the pen test and have them run it on their machine while you’re finishing up the conversation. In most cases, this should finish in a few minutes. Have them identify other key people within their organization to send it to—people they are concerned about. Maybe suggest people that work with sensitive data within their business. We typically suggest in total have 3-5 people run the scan.
WARNING- DO NOT simply send an email containing a survey of the questions you’d like them to fill out. This will not gain you any points as their security champion. Your mission on this call is to get them interested and focused on their security.
Also, very important on this call to schedule the readout- this should be set about 3 to 5 days post- phone call. You don’t want it to be too soon, otherwise your prospect may not see your report as being valuable and not too long, else they might never get around to the meeting.
The Analysis—this section is probably the simplest. Log into the portal and check that you see scans populating. When you see the number expected, click a request link for your reports.
Readout—You will have a report in hand, showing exploitable vulnerabilities, sensitive information and routes in which your security team were able to get into and exfiltrate data from their network. This typically creates a ton of AHA moments. In most cases, even prospects unwilling to initially spend money are interested in your package. They’ve seen how fragile their data is and how much they have to risk.
Referral Grab—At the end of this meeting, partners have been extremely successful getting referrals. Ask them if they have any businesses, they work with that they think would benefit from a pen test. You might prompt them with the type of organization you’re looking for, maybe other organizations in their supply chain. What ever the case, you have a perfect opportunity to backfill your pipeline with hot leads here!
One additional note—make sure you’re consistent. If you have a different strategy for each lead or don’t adhere to a process, you’re likely not going to see where your team needs to improve or where leads are leaving your funnel.
In total, the entire process shouldn’t take much more than an hour and a half to two hours total of your team’s time.
If you’d like to see this process in action, consider a free cyber stack evaluation.
