The perception of security vulnerabilities between business owners and IT professionals is often worlds apart. News reports about ransomware attacks on organizations of virtually every size and type are everywhere, yet no one thinks they’re a target. In many cases, the awareness level only rises after cybercriminals strike close to home ‒ hitting their business or watching a friend try to recover from a serious incident. Pain is the ultimate teacher.
MSPs constantly get frustrated trying to help their clients and prospects avoid those disruptive and costly lessons. Unfortunately, many decision makers disregard the warnings and make every imaginable excuse to avoid making larger investments in their cybersecurity protections. It’s the classic “ostrich with its head in the sand” deflection. There’s no need to address a problem when their company hasn’t experienced any issues.
The “too small or too insignificant to be a target” argument is one of the most common objections that MSPs encounter and one of the hardest to overcome. IT professionals understand that every computer is a target since cybercriminals don’t discriminate. Aggressors often cast a wide net, pushing their phishing attacks to as many email addresses as possible in the hope a small percentage will hit the mark.
The companies with the weakest defenses are, of course, the most attractive targets. So, how do MSPs convince owners that AV and first-generation firewall technologies are not enough?
An Education-Heavy Sales Process
First off, there’s no single “silver bullet” for overcoming the advanced security objection. MSPs need to hit their reluctant clients and prospects with a steady dose of business-critical information and common-sense options to keep the conversation moving in the right direction. That dialogue is critical.
Getting owners to see the light with cybersecurity requires a long-term commitment of time, energy, and resources. They should form a coordinated plan of attack with members of the marketing and sales teams, with education as a cornerstone of their approach. That strategy must include a variety of resources, from relevant industry research and news sources which customers respect, to company blogs and article submissions in the local media.
Content is king in security. While it won’t replace a successful sales team, it can augment their efforts and help break down a prospect’s presumptions and objections. Of course, an effective strategy hinges on your team knowing and understanding the true obstacles they face. Is their push back a true objection or simply a smoke screen to delay making a key decision? That’s an important distinction and finding the truth can be very difficult without increasing the engagement.
When your firm shares information on true SMB cybersecurity risks ‒ including the latest ransomware and downtime statistics from organizations such as CompTIA, IDC, and Gartner ‒ it opens the door to more meaningful business discussions. Relevant news can have the same effect. Share articles about security issues in similar-sized or situated organizations and, when possible, break down what went wrong and how that company could have stopped the attack.
For every cause, there should be a solution ‒ but not a hard sales pitch. Successful cybersecurity professionals keep their marketing messages as educational as possible with fairly gentle nudges in the right direction to soften objections. That makes the sales team’s job so much easier.
Take a Multiple Delivery System Approach
Education needs a conduit. The best way for MSPs to ensure their customers understand the risks of poor cybersecurity protection is to show them what failure looks like ‒ in as many ways as possible. Sharing news stories, the latest stats, best practices, and solution suggestions is actually quite easy with all the cost-effective communications platforms available today, including:
· Social media ‒ share articles, podcasts, video presentations, infographics, and other materials related to cybercrimes and security. Focus on providing a steady stream (2–3 posts per week) to heighten awareness and encourage followers to tighten their defenses.
· Blogs ‒ if your company has a website, it should also have a place to share your expertise and advice. You don’t need to be Hemmingway; simply write a few simple 300–500 word articles on a security-related issue or opportunity every year, with other topics in between. Be sure to promote each piece on social media and in the company newsletter, or an email to clients and prospects. Blogs allow MSPs to share their insight and suggestions in a useful forum that also helps increase website SEO results.
· Local media ‒ have you volunteered to be a cybersecurity resource for the community newspapers and TV stations? Chances are they’re looking for a local expert to explain the issues, share useful tips, and to quote when a major attack hits the wires. Many small-town newspapers are also on the lookout for great content, so ask if you can share an article or pen a regular column (you may be able to repurpose a recent blog post).
· Newsletters ‒ one of the best ways to ensure your clients are up to speed on the latest risks and other business-related news is to send them a brief monthly update. Make it look professional and keep the length to one page if possible, and link in supporting information from the company website, blog or other resources as needed.
· Email ‒ have you ever warned clients about an impending or ongoing security threat? Alert messages should be used only when your clients and prospects are seriously at risk of attack, not as part of a sales or marketing campaign. MSPs who constantly barrage their contact lists will false fears are sure to lose that privilege in the end.
What is your company doing to educate the SMB on cybersecurity risks? If your team is still getting the usual objections when trying to upsell clients on more advanced solutions, it’s probably time to switch up your approach.