GUEST APPEARANCE
The MINIMUM Cybersecurity Protections You Should Include In EVERY Managed Services Plan You Sell
MJ Shoer , LLC Founder and Principal Consultant
As MSPs , we understand the opportunity and responsibility we have in protecting our clients from cybercrime . However , many of my fellow MSPs struggle with how to take advantage of the opportunity cybersecurity presents without being purely opportunistic and selling our clients solutions they don ’ t truly need .
To further complicate matters , new threats and new technologies are constantly presenting themselves , so what worked yesterday might not work today . Plus , new and better solutions are frequently coming to market . Add that to the complexity of compliance and each client ’ s individual needs , budgets , and risk tolerance , and you ’ ve got quite a problem .
In an attempt to simplify , I wanted to define the minimum cybersecurity protections every MSP should be selling to their clients in their managed services offering . If you aren ’ t including these protections , I could easily argue that you ’ re being irresponsible to your clients and , therefore , should never allow a clients ’ ignorance or cheapness to alter your recommendation . Here are the necessary protections :
• End point protection like Cylance , Kaseya Antivirus , Sophos , or Webroot
• Spam filtering , including sandboxing technology to trap malicious attachments and links , and spoofing protections like AppRiver , Mail Protector , Mimecast , and Sophos
• A business-class firewall like Cisco , Sophos , or Watchguard that has rules for both inbound and outbound traffic
• Ransomware proof backups like Acronis , Kaseya Unified Backup , StorageCraft , or Veeam
• Two-factor authentication like AuthAnvil , Duo , OneLogin , or Yubikey ’ s to protect your business and your clients ( just look at what recently happened to some fellow MSPs that were not using it )
I am committed to including this baseline of cybersecurity services because it will make selling more advanced services a lot simpler . By having this baseline for your clients , you will position yourself with authority on the topic and demonstrate your firm ’ s commitment to providing basic cybersecurity services to your clients . By including these services , you will be able to show your clients that they are safer by using their data . This will make the more complex discussions easier to engage in .
In a very short amount of time after installing these solutions , you should be able to produce some pretty compelling stats , especially related to email flow , about how real the threat to their infrastructure is . From here , engaging your client in a more focused discussion about IDS / IPS , web filtering , penetration and vulnerability testing , and more will be considerably easier and more productive , for both you and your client .
If your client is in a regulated industry , you must get them to invest in the technologies necessary to meet their compliance requirements . By including baseline cybersecurity services in your core managed services , you demonstrate your understanding of the importance of cybersecurity to their business . By having more advanced cybersecurity solutions geared to their compliance requirements , you create a level of trust and loyalty that will keep your client safe . Ultimately , this should lead to a long-term relationship that grows over time .
Finally , keep in mind that it may be best for you to partner with another firm that specializes in outsourced cybersecurity solutions for MSPs . Just as the landscape can be confusing and expensive for your client , it can be the same for you as an MSP . There is a healthy debate as to whether MSPs should become MSSPs , but that is a topic for another time . My point here is simply that if you do not have the cybersecurity experience and skills in-house , don ’ t be afraid to partner in order to provide the best service to your clients and ensure you get the sale instead of your competitor . n
MJ Shoer