I recently sat in on a panel webinar that Intronis hosted with the help of two of our channel Partners, Chris Cable of Techworks Consulting and Ryan Rosenkaimer of Alura Business Solutions. I knew that with their collective experience and keen insights on cyber security, we were in for an exciting event as soon as Chris and Ryan decided to join our panel, and unsurprisingly, I was proven right. For those of you who missed it, feel free to check out a recap below, or to watch the recording now.
One of the first things that struck me during the webinar was the results of our first audience polling question. A full 83 percent of the IT service provider attendees indicated that they spend time regularly discussing security and the importance of protecting their data with their customers. This is an encouraging number because, as we all know, one of the biggest challenges in defending customers against cyber-crime is raising awareness and teaching them about the topic. Knowing that so many of our Partners are dedicating their time to this means that, hopefully, their SMB customers are becoming more educated and better protected.
Keeping in touch with your customers
As our panelists discussed their approaches to keeping customers informed about cyber security, the resounding sentiment was that this isn’t something that can be brought up once and forgotten about. The conversations need to be frequent and regular, and they need to force the customer to ask, “How does this apply to me?”
Both Alura and Techworks ensure that security is a core topic of conversation with customers, sending email blasts linking to documents, articles, and other material about new security threats, and scheduling account audits that review the customers’ settings and help discover where vulnerabilities exist.
For example, leverage developing stories or news reports about data breaches to proactively reach out to your customers before they reach out to you. You can do this by updating your customers via social media, email alerts, and proactive phone calls when it’s appropriate. Chris and Ryan both said that MSP need to stay one step ahead, ready to reach out to customers about what any threats mean for them. So, staying informed yourself is critical.
Staying up to date on threats as they emerge
A great suggestion for staying up to date on threats as they emerge is by following resources, vendors, and partners via social media channels. For instance, by keeping an eye on antivirus providers’ Twitter feeds, a service provider can often get updates on a new threat quicker than waiting for the news to pick it up — which means being able to spread the news to customers sooner. Also, many channel vendors share content and resources that you can take advantage of and pass on to your customers, so be sure to follow them as well!
Areas where customers need coaching
One of the questions our panelists were asked was, “What are some of the common (cybersecurity) mistakes you see at your customer sites?” A few they touched on were:
- Poor password practices. Work with your customers to encourage stronger password policies that require a mix of upper and lower case as well as complexity. A goal is to find balance in algorithms that are easy for users to remember but would be difficult for a hacker to guess.
- Unsafe activity on the web, especially on social media. Many employees don’t realize the risk of social engineering and phishing when they are taking a quick Facebook break, or even just clicking a link in an email.
- Assuming that free antivirus solutions will work for business. There are many benefits to a managed security solution. In particular, with business-grade solutions the MSP has visibility into what is happening and can alert the customer to any issues. Free tools are difficult for the MSP to monitor, and they also don’t offer the same level of support as a business-grade option.
- Ignoring alerts. There’s a reason these alerts come up, and security solutions can’t do their job and provide proper protection if they aren’t kept up-to-date.
We also discussed that often, employees are unknowingly one of the biggest risks to a company’s cyber security. This calls for regular internal training on policies and potentially blocking certain sites. While this might feel like just another process for management to deal with, customers can think about it in a positive way when they realize the increased productivity associated with these policies and how it will protect against future downtime.
Kicking off your security service offering
We learned via a polling question that 15 percent of those in attendance were not currently offering any security solutions. Our panelists had this advice for MSPS looking to kick off their security offering:
- “It’s like a puzzle. You’ll want to offer all of the pieces to avoid creating gaps in what is protected,” suggested Ryan Rosenkaimer.
- Chris Cable advised service providers to control the edge of the network, that way they don’t have to worry about a laptop that is brought in and using their Wi-Fi network serving as a catalyst to a problem.
- Our co-founder and VP of Channel Development, Neal Bradbury, chimed in to remind us of a great tool from CompTIA for evaluating what security services to offer — the security assessment wizard.
For more details on this and other tips, be sure to check out the recording of the webinar!