third-party-assessmentsAs you are planning your 2021, you might want to reconsider how you will reach your sales targets.

We just had a deep dive into CoMIT 2021 last week (if you’re interested, here’s a link to the recording)—we went through all of the ins and outs of selling Co-Managed IT solutions moving forward. The consensus is that CoMIT is a HUGE direction for many MSPs and a win-win for both you and your potential clients.

As we continued the conversation about CoMIT relationships, one thing was clear. The way we are currently doing audits and network assessments (maybe you’re familiar with the term Problem Prevention Audit) is not working.

These audits point too many fingers at your allies in IT and don’t get to the heart of actually resolving problems.

In fact, some of these auditing tools that MSPs are using require you as the MSP to open up more security holes in your prospect’s environment to even get a generated report (and then that report goes on to point out those very security holes you opened!). We understand that something needs to be done to have an educational conversation about cybersecurity and network hygiene with IT directors and teams WITHOUT pointing fingers at who caused what

If you’re selling a jet to a multimillionaire, if you just focus on the guy with the checkbook, you probably won’t make the sale. Unless you get the trusted pilot on board with the decision, you’ll continue to spin your wheels. This is precisely the problem with current MSP-generated audits and reports directed at opening CoMIT opportunities.

Today I want to go a bit further in how to focus on 3rd party assessments to sell more deals in 2021.

3rd party assessments will give you a perceived unbiased look into their network without politics or finger-pointing. It will position you to be the teacher or helper, rather than the person or organization perceived at trying to outsource jobs. Having a 3rd party assessment will:

Determine specific security requirements— good security is rooted in control management. The 3rd party assessment will show them how well they are currently managing changes in their environment. You will be able to use the assessment to explain all of the ‘why’ questions that never get answered. Why should they—either the IT team or the executives in the room need to worry about security? Why not invest in hiring their own security guru. By presenting the 3rd party assessment, you will be able have a conversation around how to meet the organization’s needs and where their gaps currently lie.

Plug security holes— you can certainly get the IT team to be interested in security holes. With your 3rd party risk assessment in hand, you will be able to effectively communicate a snapshot of the organization’s security. They will be able to see everything from critical patches to faulty token distribution process that leave applications wide open to compromise. The report will help you help them prioritize their efforts and will open doors in which you can start a working relationship.

Justify budgets— Regardless of a perceived need for security, the executive team will most certainly rely on a budget to help them understand where your services fit into the bigger picture. The 3rd party assessment will be able to be a standalone justification for budgetary line items that previously might not have convinced C-level decision makers of inclusion within IT. This assessment will be able to help elucidate the cost of NOT doing anything.

Improve your ability to plan with them— By proactively identifying security problems before they’re exploited, you are a critical player in helping the decision makers and IT team proactively prepare their network to avoid such attacks. You will help them to see how risk management is about reducing their overall exposure to attacks and help facilitate a conversation around where their acceptable risk level should be.

If you are currently using assessments to sell, is your audit process working? Simply answer YES or NO to these to find out whether your process is working the way it should:

  1. Does someone have to go onsite to run your audit?
  2. Do you have to install agents while performing an audit?
  3. Does your assessment tool require domain admin rights?
  4. Does your auditing solution require you to reduce the client’s internal security posture? (Do you modify their WMI settings?)
  5. Does your process alert the incumbent IT provider that their client is seeking a second opinion? (So they can start fixing stuff and poisoning your results.)
  6. Does your auditing process fall apart when users are working remotely?
  7. Does your audit require your salespeople to wait for your engineers?
  8. Do you end up with a bunch of technical details that you have to turn into something the client cares about?
  9. Do you have problems getting decision makers to attend your readout meeting?
  10. Does your Audit process slow down your sales cycle?

If you answered YES to any of these questions, your process is NOT working—especially not for CoMIT opportunities in 2021 and beyond.

Imagine being able to run a complete comprehensive and accurate cybersecurity assessment of a prospect or client’s network environment WITHOUT technical staff or admin credentials. That’s What a Mini Pen Test is here for.

What if you could get a pushbutton-generated report with specific details as to how and why their networks are not good enough against today’s cyber threats?

Why not have a clear-cut way to communicate to your clients and prospects HOW attackers are actually getting into networks like theirs TODAY?

What if you could effectively communicate ALL of this without investing time and money in your technical team to generate sales reports?

Penetration Testing designed specifically as a tool for MSPs to help educate their clients and prospects gets you with the specific smoking gun results your prospects and clients need to make critical decisions about their network and data security.

Get a high-level C-Suite ready summary report to communicate issues to decision makers and executive teams.

Have high-level, accurate detailed report at your fingertips for anyone wanting to get into the nitty gritty details.

All without the hassle of running the ‘OLD’ way tools you’re probably grudgingly using.

Sign up for a free cyber stack assessment to find out how pen tests are revolutionizing how MSPs educate their clients on cybersecurity.