Rather than dealing with the fallout after an attack occurs, have proactive conversations about IT security with your customers.
When WannaCry made its first appearance in May and infected hundreds of thousands of systems in just a few weeks, the issue of ransomware again moved to the forefront. Most victims of ransomware will agree that it’s better to be proactive about IT security and prevent ransomware rather than dealing with encrypted mission-critical files, a request for ransom and system restoration after an attack.
However, according to CompTIA’s Security in the IT Channel report, only 51 percent of MSPs initiate proactive security discussions with their customers and prospects. If your sales team finds it challenging to talk about security, consider these six conversation starters--before one of your customers falls victim to a ransomware attack:
1. Let the Prospect Guide the Conversation
It may be best, especially when ransomware strains such as WannaCry are getting widespread media attention, to do more asking and less telling. You don’t want to give prospects the impression you’re trying to use scare tactics to sell security or put them off with a lot of facts and figures they aren’t interested in. Asking a simple question like, “What are your concerns about ransomware?” can reveal their understanding of the risk, the security solutions and strategies they currently use, and how likely they are to upgrade.
2. New IT? New Security
If a client adds new IT solutions, it’s a good time to bring up the subject of protecting those solutions. Far too often, businesses add new systems, endpoints or applications without taking a comprehensive look at security throughout their organization and how it can be impacted by new solutions. Offer advice on how your client can minimize vulnerabilities and protect their entire IT environment.
3. Have You Heard About …?
When a peer or competitor is hacked, it’s bound to come up in conversation. If the hack hits close to home for your customer or prospect, it may make them more open to discussions on how to prevent the same thing from happening to them. Before a meeting where the subject may come up, educate yourself on the details of the attack, such as what went wrong and what the repercussions were. If possible, find out which security solutions (if any) the business had in place, so you can explain how the solutions you offer could have helped.
4. The Story of How Ransomware Gets onto a Computer
When you mention a ransomware attack, the story of how it got onto the victim’s system is always something that sparks interest. Your prospect may think ransomware could never happen to them, but sharing details of the sophisticated social engineering tactics cybercriminals use may change their minds. Explain how difficult it can be to differentiate a legitimate email or link from a spear phishing attack. Interactive tools like the MSP Phishing Quiz or Ultimate Ransomware Quiz from Intronis MSP Solutions can help illustrate your point.
5. Is Your System Infected?
A client or prospect that isn’t experiencing problems probably assumes there isn’t malware on their IT systems. It’s not necessarily a result of your prospect living in denial, though. Hackers are very good at obfuscating their malicious code so it isn’t readily detected, giving them time to exploit the system. If you have the capability to do so, run a free scan to reveal hidden threats and remediate them--then use the results to continue the conversation about security.
6. The Cost of Breaches
The topic of ROI and security solutions is a tricky one. All of your clients and prospects want to get the most out of their IT budgets, and, on paper, upgrading security probably won’t appear to provide the return that things like mobility, communication and collaboration, or virtualization can provide. If your sales team is stumped by objections about the cost of solutions versus ROI, arm them with information about the costs associated with a ransomware attack beyond paying a ransom, including costs from downtime, IT system repairs and damage to a brand’s reputation. A desire to avoid the crippling costs associated with an attack may drive action.
Establishing your company’s security expertise by openly communicating with clients about security and educating them on the topic will be beneficial to both your business and your clients' businesses. Don’t shy away from the topic because of past objections you may have encountered. Let customers and prospects know that when they need security solutions or help recovering from a ransomware attack, they can turn to your company for expert assistance.
Additionally, Intronis offers The Smarter SMB’s Guide to Ransomware, which you can share as a resource to help customers and prospects understand what ransomware is, how to avoid it and how to recover from an attack. It’s another way to help you start the conversation in an engaging way.
Chris Crellin is Senior Director of Product Management for Intronis MSP Solutions by Barracuda, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.
Guest blogs such as this one are published monthly and are part of MSPmentor's annual platinum sponsorship.