Techniques for selling security to existing customers

Posted:
11/14/2019
| By:
John Ford

Security has become an important differentiator for managed service providers (MSPs). Those who do it well can truly set themselves apart from the competition. To do this, you can’t treat it like an add-on to your current managed service contracts—it must be at the core of everything you do.

Technology is being commoditized, and you need to find a better way to keep it secure. As you continue to build your security services, you need to get your current customer base on board. That’s easier said than done.

There’s the challenge of customers assuming you already provide security. “Aren’t I already paying for this?” they’ll ask. While you may have offered antivirus or firewall protection, the threats have evolved past their effectiveness of defensive measures alone. Other customers might not see the benefit of paying for additional security. They believe an attack will never hit them. There’s more than enough evidence to convince them that’s not true.

When a customer doesn’t adopt security, they are a liability to your business. Your goal is to get all your customers to a minimum standard of security. This ensures their security risk is mitigated, vulnerabilities are closed, and able to defend against the latest attacks. A secure customer base also reduces your risk.

With the following tips, you’ll be able to confidently sell your security to your existing customers.

Become security-first minded

After you’ve learned the ins and outs of cybersecurity, it’s time to put that knowledge into practice. But before you can approach your customers, you need to ensure you have a firm grasp on security within your operations. You can’t develop a path to where you want to be without knowing where you are today. We call this ‘protecting your house.’ By implementing stronger security practices and procedures in your business, you show your customers you take security seriously and help keep yourself and your customers better secured.

When you put real security measures into practice internally, you build a practical expertise in meeting today’s security requirements. With this hands-on experience, you’ll build trust with your customers.

As an MSP, you hold the keys to a lot of businesses’ infrastructure, making you a prime target for cyberattacks. From backup and passwords to financial information and other sensitive data, you have a lot of crucial information at your fingertips. If your systems are compromised, you’re leaving your customers wide open.

Assess the current state of risk

The first step to closing security gaps is to perform a security risk assessment across your business. With a risk assessment tool like ConnectWise Identify®, you can pinpoint risks across your business, not just your network, and get recommendations for remediation.

This leads to assessing your customers’ risk. Performing a risk assessment on your customers uncovers security gaps at their level. This opens to having a larger conversation about cybersecurity and present your new services. It also highlights how the old ways of security aren’t keeping up with current threats.

Suggesting products or services after each incident is a reactive approach to security. It didn’t prevent what already happened, and there’s no guarantee it will help in the future. A risk assessment is a proactive approach. You’re able to identify risks and vulnerabilities against a comprehensive set of security measures, like the NIST Cybersecurity Framework, which ConnectWise Identify is based on.

Make your case: Why your customer should invest in security

With your risk assessment in hand, now’s the time to start having the cybersecurity conversation with your customers. The findings from the risk assessment will allow you to show your customers where their security is lacking, what could happen if they don’t make a change, and what you can do to help mitigate their risk.

Along with the information you pull from the risk assessment, another way to drive your point home is through real-life security incidents against businesses that were in a similar situation as your customers. There are plenty of stories you can share to prove that no business is too small to be a target and that even the smallest vulnerability can lead to a significant security problem.

The end goal is to put security in a language the decision-maker can understand. Introduce them to key terms and tactics, so your conversations are more impactful.

Overcoming objections

The hardest part about selling your new security services to existing customers is explaining how these services are different than your current ones. Your customers already assume you’re keeping them secure. When they’re told they’ll have to pay for additional security, they might have some reservations, to put it lightly.

While you may have included some security protections in the past, what you did five years ago doesn’t work today. On the criminal-side, tactics have evolved. It’s much easier for cybercriminals to monetize an attack with ransomware. Attack files and code can be purchased ready to deploy with minimal effort on the part of the hacker. Attacks have also become more sophisticated, taking advantage of your customers’ biggest vulnerability: their employees.

Many end users are naïve to the tactics bad actors are using today. Social engineering attacks, like phishing, have become real to the point of being unrecognizable. All it takes is one employee to click on a link in an email and provide their password to grant a criminal access to your customers’ data.

You’re doing your job as their technology advisor by keeping them up with the times. If you were an internal resource, they’d expect that from you. As their service provider, you’d be doing them a disservice by not having these conversations.

Prepare yourself to handle any customer objection that comes your way Get my kit >>

Mitigate your risk as the service provider

Your goal is to get your customers to understand the importance of security, buy into your offerings, and decide they want you as their security partner. To do this, you need to establish a minimum standard of security your customers need to meet. This will be a part of their base package, and if they aren’t meeting that standard, you need to get them there.

You’re also trying to mitigate as much risk as you can. Riskier customers may require more work and resources than other customers. You can use the risk assessment to determine how risky your customers are and determine the appropriate package for their type of business and risk profile.

If you find a customer who brings on a lot of risk and is unwilling to listen to you about security, this is your time to re-evaluate that customer relationship. The costs may outweigh the benefits of continuing their agreement.

No matter the outcome, having the security conversation with your customers is important. It’s up to you to educate them on the threats at hand and what you can do to protect them.