[00:41] Just two episodes ago, I mentioned the COVID-19 coronavirus and asked if you were feeling any effects from it, mostly from supply chain issues or early event cancellations. At the time, the coronavirus was in the very early stages of spreading globally and not too many people were concerned. It’s hard to believe how much has changed in the span of a month. It’s becoming clear that COVID-19 is going to have deep and far-reaching effects across the planet.

[01:04] We’re starting to see the MSP message boards and Facebook groups and subreddits light up with service providers asking others how they’re grappling with the pandemic.

[01:28] Before COVID-19, ransomware was the big issue keeping MSPs up at night. Now cybercriminals are taking delight in the coronavirus as an opportunity to prey on anxious people. We’re hearing reports of phishing emails offering “important information” about staying safe or the economic impacts of the virus, as well as malware in real-time outbreak maps and stats counters.

[01:57] Cybersecurity is still so important. In this episode, I talk to Matt Bernacchi, an MSP account exec at Sophos, about how to initiate a security conversation with clients, and what to do when they say no.

Listen here


Selling Cybersecurity to Reluctant Clients: Interview With Matt Bernacchi

Matt Bernacchi, Sophos
Matt Bernacchi, Sophos

[02:26] I’m excited to have this conversation about selling security services because I know it’s something a lot of MSPs are wanting to do better at.

[02:53] A lot of customers think that cyber attacks aren’t going to happen to them, and the cost of purchasing security services can affect their bottom line.

[03:57] Convincing customers they need security services is all about education.

[05:12] Have an on-site meeting and present why security is a must to your potential customer. Education and a security assessment go hand-in-hand.

[06:22] It’s okay to walk away from a client who’s not interested in security services. It can hurt you as bad as it can hurt them.

[07:44] You want your security package to be all-inclusive.

[08:48] Your core package should include some type of network security, a firewall, backup, email security, and whatever else would be specific for the company.

[10:39] Security is evolving, but working with the right vendors should keep you up to date. You don’t always have to bring in an MSSP or an outsourced SOC but you may want to for higher level things like PHI or HIPAA compliance.

[12:09] When you re-evaluate your customer’s contract is a good time to offer increased security coverage. If they don’t want additional services, have them sign a waiver.

[14:06] More established MSPs are going to walk away from a client who doesn’t want security.

[15:51] There are so many resources and reports put out by vendors to help MSPs stay informed. There are also Facebook and LinkedIn groups for peer sharing.

[18:04] Best practices for selling security services include making them an integrated, non-negotiable part of your standard support packages, having good collateral and tools to make the case to your clients, and being prepared to walk away.

Listen here

Like what you hear? Listen and subscribe.