Q: When it comes to security, I feel like our SMB customers just want to tune us out! How can I communicate with customers who are tired of hearing about security?
As an IT service provider, one of the most important conversations you can have with your SMB customers is about cyber security and how you can help keep their business-critical data safe. However, with so much buzz about the most recent attacks, many providers shy away from having necessary cyber security conversations because they’re afraid of overwhelming customers.
To help you overcome this concern and guide your conversations in the right direction, we spoke to Neal Bradbury, chair of CompTIA’s IT security community council and VP of MSP strategic partnerships at Barracuda MSP. Neal discussed the complexities of whether you’re talking to your customers about security too much or if you just aren’t talking about it enough. We also sought advice from your MSP peers to see how they try to approach their customers about security and how they avoid security fatigue.
Finding balance in security discussions
When you talk about cyber security, are your customers tuning you out, or are they worried about how much they’re spending? If a customer believes you’re handling their security already, they might not understand why you’re trying to sell them on another feature or charging them more money.
The truth is, most IT service providers aren’t talking about security enough, Neal says. Unless you’re bombarding your customers with articles about the most recent attacks in their vertical every day, you could be talking more about how they can protect their business.
If you are bombarding customers, take a step back and only share articles and information that will be helpful to them. For example, if you’re working with a small dental office, you don’t need to send them every article on PII being exposed. Instead, send them ones where a small office or local business fell victim to an attack.
IT spend fatigue
Rather than having IT security fatigue, one MSP recognized that his customers were experiencing IT spend fatigue. As new technologies are developed, additional security measures cost more money — and it can be harder to get the necessary approvals. This can put you in a tough spot as an IT service provider because while you’re doing what you can to keep customers’ data safe, their budget might not allow them to adopt all the solutions you recommend.
To help customers that may be facing budget constraints, take the time to educate them on the value of the security services you’re trying to provide — and any alternatives you can offer. While they might not be able to swing the expense this year, taking the time to educate them on security solutions can help them make the case for fitting it into the budget down the road.
Brent Fairbanks, an MSP owner, shares that most of his customers have a “cried wolf” attitude about security. While they think cyber security is important, they seem to believe it won’t happen to them — and that “we are just pitching the next Y2K scare,” Brent says.
To overcome this dilemma, Brent says he leads the cybersecurity conversation with a dark web scan. This helps them see what accounts have been compromised and what personal information is already available to cybercriminals. While it might be too late to retrieve some of that information, customers still need to put the technical safeguards in place to ensure that more information won’t be compromised down the line. This gets the conversation started even when customers initially seem unfazed about the dangers of cyber-attacks.
A proactive approach
During a recent partner panel at the Barracuda MSP office, Neal says the team asked a few partners how they acquired new customers. The answer was unanimous. They acquired new customers in one of three ways: The customer had been hacked, the customer’s computers were too slow, or the customer hated their current provider and they didn’t know what to do. When customers are looking for an IT service provider, it is usually very reactionary. However, acquiring a new customer gives you the opportunity to educate them on how they can prevent issues from happening down the road.
“Unfortunately, customers might be desensitized to new cyber-attacks. That’s why it’s important to take an educational approach with #security to break through the noise and show them what solutions they should have in place.”
Chances are, your customers are hearing about recent breaches from their favorite news sources. Because these big-name companies are making headlines for getting hacked, though, smaller customers often have a hard time believing it will happen to them. Or worse, they think if a breach is going to happen, to just let it happen. Unfortunately, customers might be desensitized to new attacks. That’s why it’s important to take an educational approach with security to break through the noise and show them what solutions they should have in place.
There are a few ways to take an educational approach with your SMB customers. In person training is great when you start an engagement, but you also need recurring training on an annual or quarterly basis. MSPs that are on the cutting edge of security have incorporated a computer-based training service offering — like Barracuda MSP’s Managed PhishLine service. This type of solution allows SMBs to always have up-to-date training on recent attacks. Another program to consider is CompTIA’s CyberSecure. This is an educational hub that trains your customers on cyber best practices to help them mitigate attacks. After all, education can be your customers’ most important asset for protecting their business-critical data.
It’s also a good idea to discuss security in quarterly or yearly business reviews you have with your customers. Discuss what you’re already doing to protect their business, show the value of those services, and explain where they might want to add more security layers. This will help you create a regular cadence for security conversations.
Whether your customers are falling victim to IT security fatigue or IT spend fatigue, it’s important to reiterate what they can do to avoid falling victim to the next attack. After all, cyber criminals don’t discriminate — and your customers’ businesses could be next on their list.
Photo: PopTika / Shutterstock.