Selling Simple Security – Growing Your MSP Incrementally – Part 2

cloud-securityThe easiest way in the door to a new client is to offer something they don’t have and assuages a fear.  The two biggest fear-factors in SMB IT are continuity and security breaches.  Selling managed AV and other security add-ons is a good vector to consider when approaching a new client.

Download This Simple Flyer: LayeredSecurity

  1. Managed AV – Most managed AV can be sold against off-the-shelf AV by simply pointing out the following…
    – Monitored solution – every endpoint is monitored to ensure that scans and updates are being done and that the AV software is actually running.  Off-the-shelf software can’t do this.
    –  Reports can be sent for compliance requirements
    – Same price or just a little more than off-the-shelf
  2. Managed Web Protection – AV is based on signatures and heuristics, Web Protection considers the source and helps keep employees (and kids) out of the dark places on the internet.  Point out the following bullet points to your client…
    – Additional (and different) layer of protection to AV
    – Monitor employee web usage for risk and waste
  3. Security Focused Monitoring – In addition to AV and Web Protection, there are monitoring pieces that can be put into place to alert when abnormal activity happens.  Some examples are…
    – Failed Login Checks – When too many login attempts are made against a device
    – Open Ports – Check specific ports to make sure they aren’t open if they should be closed (i.e. RDP – 3389)
    – Event Log Checks – See this article from MS for a list to choose from:

So how to I approach a customer initially?  My suggestion would be a non-invasive security audit.  The simplest audit would contain, at minimum, the list below.  In most small businesses I approached who were not working with an MSP, I could find something in one of these three to create doubt in their mind about security.

  1. Open Port Scan
  2. Endpoint AV – Vendor, version, defs up-to-date, last scan date < 30 days
  3. Wireless Security – WPA2 encryption, separate network for guest devices

Quick Security Audit Worksheet: QuickSecurityAudit

I know that seems over simplified but you would be surprised how well it works.  Obviously, if they will let you do a more thorough audit then go ahead.  I stress the non-invasive audit because they don’t necessarily trust you yet.  You have heard before that sales is a series of steps and the easier you make those steps, and the less barriers you put up, the easier it is to move the prospect towards a purchasing decision.  The purpose of the audit is to find doubt not to be exhaustive.  Complete security audits are time intensive and should be charged for.