Cybersecurity is a complex challenge that only appears to be getting worse. In fact, researcher Cybersecurity Ventures predicts that there will be a cyberattack every 11 seconds in 2021. This is due to current and emerging technologies that are broadening the risks organizations face. Add to that the pressures the recent pandemic has placed on businesses as they battle increasing cyberattacks with stretched-thin IT resources.
While large corporations benefit from having the experience and resources to tackle these threats, SMBs often lack both, making it difficult for them to manage risks or to implement effective and affordable cybersecurity strategies. Unfortunately, cybercriminals know this, making SMBs a primary target. That’s why partnering with a managed service provider is quickly becoming a viable option for SMBs who realize that the task of protecting their systems and data is too large for them to do alone.
But for MSPs focused on offering cybersecurity services to the SMB market, success depends on establishing a best-practice approach. In doing so, they should focus on a number of key areas.
1. Education
Many SMBs learn about cyberattacks from the high-profile cybersecurity breaches that make headlines and strike fear. While this can be a motivating factor to implement increased security measures, it is important for an MSP partner to provide a balanced education. MSPs should help SMBs focus on the issues most relevant to them, as well as educate them on which solutions will maximize their protection. This is key to building trust in an outsourced supplier.
2. Value
While many small and medium-size businesses may already utilize MSPs for a variety of key IT infrastructure elements, a recent study found that 91% of SMBs would consider using or moving to a new MSP if it offered the “”right”” cybersecurity solution. In fact, the same study showed that 86% of SMBs place cybersecurity within the top five priorities for their organization, and 6 in 10 would invest more in cybersecurity because it reduces risk for their organization. Therefore, it is important for MSPs to ensure that they are offering the services and value that SMBs are looking for.
3. Commitment
When an SMB does turn to an MSP for cybersecurity services, the changes needed to properly secure that business may be significant—and may even require a cultural shift. It is crucial, then, that the MSP gets the stakeholders to understand and commit to the changes needed when it comes to new security policies, procedures, and technologies being implemented. Any push-back or resistance to change risks undermining efforts to improve security. Therefore, the MSP should define a security vision for the client that will be effective both now and in the future.
4. Recommendations
SMBs often perceive new security measures that can strengthen a company against cyberattacks—such as multifactor authentication, password protection, and password rotation—as time-consuming and inconvenient. They are also concerned these measures may negatively impact the user interface and by extension the end user experience. MSPs not only have to work to change this mindset, but also provide training and recommendations that will balance security with operational efficiency. This is important in building trust, and it should be done by showing the SMB’s teams sufficient detail on exactly why they need to adhere to a strict security policy that may include additional measures.
5. Ongoing Investment
MSPs that offer security services as part of their core service portfolio will benefit from a significant market advantage, but they need to maintain this advantage by constantly investing in additional talent and conducting research to ensure that their offerings are diverse. The focus should be on critical issues such as ransomware, phishing, and deep packet inspection. Service levels are also key, as any MSP that can continuously deliver excellence will not only secure customer loyalty, but will also see business growth due to recommendations and customer testimonials.
The unfortunate truth is that many SMBs do not currently possess the security measures needed to protect themselves from growing cyberthreats. However, MSPs are ideally suited to fill the role of trusted partner when it comes to cybersecurity due to their strong relationships with vendor partners and ability to offer co-managed services. This can lead to a situation that benefits all parties involved, where SMBs recognize the value in significantly improving their security standards and MSPs can gain long-term customer partnerships.
JAY RYERSE is vice president of cybersecurity initiatives for ConnectWise.
