As a former small-business owner, I understand the attitude of “I am too small to be targeted by cybercrime.” The problem is that as larger businesses harden their security, criminals are looking for easier targets. The other thing that is changing is the automation of exploits. The end result is that small businesses are now the easiest target as automation increases the ROI for criminal activities against multiple targets of lesser value. Continue reading Selling Cybersecurity to Small Business
I have been working on a project lately that requires me to have access to a large database (about 1 Million rows). On my recent trip to Scotland I knew I would have time on the plane to work on the project but didn’t want to pay for airline wifi that would be slow anyway. Continue reading Have Big Data…Will Travel
One of the most frequent things I am asked is how to monitor a backup that MSP RMM does not support. This is done by creating a pair of event log checks. One check looks for the presence of any failures and the second looks for the absence of a success. Continue reading Creating an Event Log Backup Check
Here is my latest blog post over at LOGICnow…
The cost of a data breach can cripple any size business. Being an MSP means taking on some of the risk for the client. Knowing what data is at risk is the first step to finding out the level of risk. Once you know what data exists and how much data there is you can assign a dollar value to that data if it were to be compromised.
So what constitutes “at-risk” data? There are the obvious answers:
- Credit Card Numbers
- Social Security Numbers
- Drivers License Numbers
- Bank Account Information
There can be others like patient ID numbers or business specific sensitive data.
What types of businesses have “at-risk” data. The short answer, almost all businesses have sensitive data that could be valuable to would be hackers. If they take credit cards, process payroll or are in the medical or legal verticals, they have data that needs to be monitored.
The new MAX Risk Intelligence platform allows you to assess and monitor important data. In combination with the MAX Remote Management platform, you can schedule daily, weekly or monthly scans to see if data has been added, modified or moved. One of the most powerful features is the ability to actually show the potential liability, in dollars, your client has in the case of a breach. The tool also helps you to maintain PCI compliance by running scheduled PCI specific scans and providing reports detailing endpoint specific details.
So what is the cost of a data breach? Industry standards put the cost of a breach at $200 per piece of data. That means even a small business with 30 employees taking 20 or 30 credit card payments per day could generate $156,000 in liability in a single month.
Protect your clients by keeping them informed of their risks while helping them with compliance. Find out more using the link below.
A recent comment showed up on LinkedIn that I thought I would take a bit further. The observation was that there was a statistic that an MSP doing lead generation noticed that they got 2-4 times more leads from break/fix marketing than from marketing with MSP messaging. I think this is highly informative and explainable.
When do you seek out a plumber? An electrician? When you need work done. Most of us (me included according to my wife), only seek out services when we need them and sometimes only in extreme circumstances. The same is true of IT services, especially in the micro/mini-SMB space. The other problem here is that, as the top end of the SMB space is starting to mature in terms of the MSP model, the lower end of the space can hardly spell MSP. They don’t know what it is and they don’t understand why they need it. Some would say that the lower end of the SMB space is not worth going after. My opinion is that there is a lot of potential for the small to mid-size MSP who can standardize across a large group of small SMB’s.
They key is not to abandon the strict MSP model but to use break/fix work as a marketing tool rather than part of your solution. Use break/fix interactions to start a conversation about keeping their IT systems running with less downtime and a more predictable (and often lower) expense. Remember that the journey of a thousand miles begins with a single step, even if that single step is managed AV.
Check out this quick video on how to create a standalone or group policy installer for the MAX RemoteManagement dashboard.
The easiest way in the door to a new client is to offer something they don’t have and assuages a fear. The two biggest fear-factors in SMB IT are continuity and security breaches. Selling managed AV and other security add-ons is a good vector to consider when approaching a new client.
Download This Simple Flyer: LayeredSecurity
- Managed AV – Most managed AV can be sold against off-the-shelf AV by simply pointing out the following…
– Monitored solution – every endpoint is monitored to ensure that scans and updates are being done and that the AV software is actually running. Off-the-shelf software can’t do this.
– Reports can be sent for compliance requirements
– Same price or just a little more than off-the-shelf
- Managed Web Protection – AV is based on signatures and heuristics, Web Protection considers the source and helps keep employees (and kids) out of the dark places on the internet. Point out the following bullet points to your client…
– Additional (and different) layer of protection to AV
– Monitor employee web usage for risk and waste
- Security Focused Monitoring – In addition to AV and Web Protection, there are monitoring pieces that can be put into place to alert when abnormal activity happens. Some examples are…
– Failed Login Checks – When too many login attempts are made against a device
– Open Ports – Check specific ports to make sure they aren’t open if they should be closed (i.e. RDP – 3389)
– Event Log Checks – See this article from MS for a list to choose from: https://technet.microsoft.com/en-us/library/dn535498.aspx
So how to I approach a customer initially? My suggestion would be a non-invasive security audit. The simplest audit would contain, at minimum, the list below. In most small businesses I approached who were not working with an MSP, I could find something in one of these three to create doubt in their mind about security.
- Open Port Scan
- Endpoint AV – Vendor, version, defs up-to-date, last scan date < 30 days
- Wireless Security – WPA2 encryption, separate network for guest devices
Quick Security Audit Worksheet: QuickSecurityAudit
I know that seems over simplified but you would be surprised how well it works. Obviously, if they will let you do a more thorough audit then go ahead. I stress the non-invasive audit because they don’t necessarily trust you yet. You have heard before that sales is a series of steps and the easier you make those steps, and the less barriers you put up, the easier it is to move the prospect towards a purchasing decision. The purpose of the audit is to find doubt not to be exhaustive. Complete security audits are time intensive and should be charged for.
It occurred to me this morning that there are many MSP’s still struggling to get into a managed services model. There are a large number of you who are managing less than 250 devices and trying to reach the next level. I know I have told my story before so I will not re-tell it here. The important part is that I started from 1 client with 35 workstations and 1 server. I also started using Hound Dog (GFI MAX > LogicNow) and a PSA within 6 months of starting that business. I had the same challenges all of you do and here is my best advice… Continue reading Just One (More) Thing – Growing Your MSP Incrementally