We all want to protect our clients’ networks as thoroughly as possible but often overlook a key step: creating an overall IT security plan for the site. While this service is included in our (and many MSPs’) high-end agreements, on other plans it is not, so there is opportunity to provide planning as an add-on.
Bear in mind that a security plan is not a “set it and forget it” document, but more of a living record that, like any other such instrument, should be updated on at least an annual basis. Schedule a sit-down meeting with each client to do the planning required to execute the strategy. Be sure to account for more than one “level” of issue, from a lost notebook computer to a verified data breach. Finally, learn the legal reporting requirements of each client’s industry too.
Incident Response Plans
An incident response can be triggered by various outside actions or alerts from SIEM/SOC services, user activities, or even your gut reaction. The main thing here is to have the plan in place before you need it. The first step is to learn the local and federal legal requirements for the industry you are dealing with. Obviously, you would handle a data breach at a stone mason differently than one at a financial organization or a medical clinic.
Offering SIEM/SOC services, internal and external vulnerability scanning, security and incident response planning, and dark web scanning are all viable ways to increase your MRR while better protecting your customers’ vital assets.
Next, define the triggers that will initiate your response and outline that plan in detail. Keep it as simple as possible, as simple plans work best under pressure. Once again, unless you include this plan in your MSP agreement, this is nice, billable work that needs at least annual revision.
Dark Web Scanning
This is cutting-edge stuff that really brings the shock and awe. For this reason, dark web scanning is often used as a prospecting or deal-closing tool. In a nutshell, this service scans the dark web for compromised credentials and presents them (IDs and passwords) in reports for your clients to see—it almost always produces scary results.
ID Agent is the prime mover in this space, but others are piling on fast, offering limited scans and reporting as part of various service packages. The secret sauce here is integrating regular scanning and reporting into your ongoing services. We are now offering it as a standalone service as well as preparing to integrate it into our top-tier agreements.
Extra Credit: How to Sell It All
A primary driver for many of our clients has been their desire to acquire cyber liability insurance coverage (CLIC). Spend 10 minutes reviewing the interview form for CLIC and you’ll be shocked. It’s like the insurance industry wrote those questions specifically as a selling tool for you. Get even more bang for your marketing buck by asking an insurance agent who sells this coverage just what would happen if his or her clients filled out their forms less than truthfully. Then ask the agent whether he or she would prefer that clients’ policies actually pay out in the event of a claim. From there, the next step is to join the agent on cyber-liability sales calls so that you can work your magic. Selling this way can be a game changer.
Offering SIEM/SOC services, internal and external vulnerability scanning, security and incident response planning, and dark web scanning are all viable ways to increase your MRR while better protecting your customers’ vital assets. Partnering with a CLIC agent is a great way to get your foot in the door too. Whether you sell security more deeply into your current clients, or reach out to new ones, advanced security services are a winner.
JOSHUA LIBERMAN is president and founder of Net Sciences Inc., a network support firm offering systems integration and MSP services, with a strong focus on security and data protection, throughout New Mexico, Colorado, Arizona, and Utah.
Opening image: Courtesy Vijilan