The Secret To Performing Recurring Security Assessments That No One Is Talking About
If your MSP isn’t doing recurring vulnerability assessments, you are putting your reputation and business at risk. If you aren’t charging for them, you are losing your shirt on additional work that isn’t really helping anyone.
How I see it right now: you’ve got two BIG problems on your hands. Your clients either:
Aren’t listening: They don’t think anything will ever happen to them. They might think cyber liability insurance (or business insurance) will cover them. OR they simply don’t understand their risks and think that investing in cybersecurity is a waste of time and money. Nothing can hurt them. And if it does, it won’t hurt that bad. Those free assessments your team is doing for them are falling on deaf ears.
ARE listening: They are hearing about cyberattacks and have been paying attention to news stories and know there are increased attacks and they are worried. They are looking for second opinions on how secure they are. Maybe they want to renew their cyber liability policy (many are requiring third-party assessments in 2022 renewal forms). Maybe they just care enough about their data to want to make sure nothing happens. These clients are looking for some way to know that a third party is validating that they are protected.
What can you do right now? Here are 4 easy steps to a successful recurring security assessment:
STEP 1: identify your most valuable clients—the first thing I tell MSPs to do is identify your most valuable clients. By valuable I mean the clients that are your most profitable. The ones that if you lost them, you’d be hard-pressed to find others like them right away. Make a list of these clients, which will be the first ones you will engage with an recurring security assessment.
STEP 2: Have a conversation with them about why they should start getting updates—site down with decisionmakers at those clients to go through why getting them involved in the security conversation is important. One way some of our partners have found super successful to get your clients to wrap their heads around security is by offering them a third-party penetration test. Many partners offer this for free initially as a means for their client to see the security risks within their business and how its currently operating.
STEP 3: Sell them an on-going security assessment—After getting them engaged with a first assessment, which will direct conversations and additional cyber stack initiatives, get them to realize that having these conversations—especially as the cyber landscape is constantly changing—is important. Heck, getting these recurring third-party assessments are a growing requirement to renew cyber liability insurance policies. Get them to realize the importance of your recurring assessment offer as a solution to improve their security programs.
STEP 4: Implement the solution—I typically recommend that you read out a security assessment quarterly for your clients. This will often align security initiatives within the scope of other business initiatives on a cadence that leadership teams can work with. I also would perform an external vulnerability assessment monthly to make sure there are no glaring holes opening the door to an imminent attack or threat.
Take Home? If you aren’t selling them recurring security assessments, you aren’t really protecting them. You are missing out on an opportunity to show them you are paying attention. Missing out on delivering something they value (free is NOT value). Missing out on ways to build extreme trust.
I will be talking about this very topic Friday, September 16th at Noon Eastern.
More details at www.galacticscan.com/friday
