Most people in the channel agree that cybersecurity is a major opportunity for MSPs, and building out a security offering is one of the best ways to differentiate. That is, until everybody else does it. Then the competitive landscape looks like a bunch of MSPs all wanting to be a “trusted security advisor”, and they’re all offering some variation of the same stack of services. How do you convince a small business owner who knows nothing about cybersecurity that you’re the one to hire?
There’s two ways. One is to be a cybersecurity leader and the other is to pretend that you are. If you’re slick enough, you can do just fine pretending, but eventually your clients will figure it out (usually when they get breached) and then your churn rate will go through the roof. If you want a sustainable way to convince your clients that you’re a cybersecurity leader, you have to actually be one. That goes way beyond stack – security has to be baked into your culture.
From the client perspective, what does baked into the culture look like? It’s having answers to all the client’s security questions. It’s knowing about your stack and the stuff that your stack competes with. It’s understanding your clients’ business and how to improve their cybersecurity. It’s also being so dedicated to cybersecurity that you are constantly thinking about it. You spot vulnerabilities that the client doesn’t see. Your entire team can do this.
Cybersecurity leadership for an MSP or MSSP starts with education about the risks, the stack, and the types of vulnerabilities that everyday, non-technical businesses face. Identifying key areas of risk requires creative thinking – the ability to envision your clients’ environments from the perspective of someone trying to hack into them. Security and risk should never leave your brain, or the brain of those on your team.
Training is essential. Your leadership team should talk about security regularly. Let’s put it this way, harping on people with a generic message to think about security doesn’t get the job done in terms of building a culture. What does? Talking about security. A lot. Discussing security issues, performing security audits, and having regular and varied conversations about the topic.
Your leadership team has to convey the message to everybody else that having a security culture is a critical part of the business going forward.
Leadership isn’t easy, and being the cybersecurity leader in your area isn’t, either. But if you’re serious about developing a SECaaS business, you’ll want to embed security consciousness so deeply into your culture that your clients think you’re obsessed. Do that, and you’ll not only be in the game, but you’ll have a strong position, too.
If you’re interested in learning how IT Glue helps you facilitate a culture of cybersecurity leadership, sign up for a demo.
IT Glue is the leading documentation platform for MSPs, designed to eliminate waste, improve productivity and hit your SLAs better. We are SOC 2 compliant, meaning that you can count on the security of your information in IT Glue.