Early in my career, when I was just starting out in this industry, I was tapped to speak to a group of new colleagues. I gave what I thought was an impassioned and productive speech. However, as soon as I stepped off the podium, a colleague pulled me aside and told me point-blank, “Nobody understood 90% of what you just said.”
In the cybersecurity world, acronyms, insider phrases, and buzzwords are part of everyday jargon. In that moment, however, I learned they fall flat and sound like a foreign language to customers and even colleagues in different departments, leaving them confused, frustrated, and disconnected. That’s why managed service providers (MSPs) need to explain cybersecurity technologies in a way that’s easily understood and can be conceptualized outside of a security control room. Doing so ensures you’re providing the services most needed by your customers and, in turn, preserves the integrity of what you’re ultimately trying to achieve—keeping them protected, informed, and equipped with solutions.
To build trust with customers and provide the services they truly need, explain the concepts and technicalities behind the acronyms. The adage, “Give a man a fish, and you feed him for a day. Teach a man to fish, and you feed him for a lifetime" applies here. Be intentional in how you convey the long-term benefits behind the nuts and bolts of cybersecurity practices.
When customers ask questions that go beyond “What’s the cost?” it’s exciting to know they’re becoming more knowledgeable about the technical side of security and are seeking out ways to be better informed about cybersecurity risks. However, recognize that this new knowledge is the result of a worrying trend: Businesses that may not have an established cybersecurity team are increasingly becoming the victims of cyberattacks. Therefore, they are seeking high-level specialists to manage their security.
Adding to this sense of urgency, the number of workforces operating on home networks as a result of the global pandemic opened up a breeding ground for a new wave of cyberattacks. While businesses around the world were navigating the work-from-home model, cybercriminals were busy developing more sophisticated approaches to already vulnerable workforces. Companies woke up to that fact that prioritizing their internal security systems is an essential part of their business and began anxiously looking for outside help to manage their security. Through this accelerated process, MSPs became technical advisers as well as business advisors, with the C-Suite and customers alike looking to them to answer, “How does this work? and, “What does this mean?” which ultimately, I believe, accelerated our industry forward five to seven years.
Getting the Message Across
Like I learned in my speech, MSPs need to break through the acronyms so many rely on in the cybersecurity industry and find other ways to get the message across. Metaphors, for instance, can help explain to customers the difference between solution disciplines.
For example, imagine the scenario of a criminal robbing a house. Every access point in the house, the windows, the garage, etc., is like an IP address. And everything nowadays has an IP address—from your computer to your fridge. Allowing the thief to walk into the house and then trying to stop them once they’ve begun to steal things is akin to reactive cybersecurity. Locking your doors and ensuring every access point is secured is like prevention technology. Endpoint detection and response (EDR) and managed detection and response (MDR) are the video cameras, the fence, the dog, the extra layers of protection.