Month: August 2021

Cybersecurity Selling Techniques for MSPs

Small businesses often lack the budget to employ full time IT staff, so instead rely on Managed Service Providers (MSPs) to meet their IT and cybersecurity needs. Small businesses know about the importance of having good IT support and will also likely be aware of the need to have some cybersecurity defenses in place, but it can sometimes be difficult to get clients to commit to purchasing the cybersecurity solutions they need to block cyberattacks that could cripple the business.

MSPs therefore need to communicate the importance of cybersecurity and the solutions that are necessary to reduce risk to protect their clients. Without the right solutions in place, clients will be at risk of suffering a costly data breach, and potentially regulatory fines and litigation. It will also be the MSP that will most likely be required to put the time and effort into getting the business back up and running following a cyberattack, and an MSP may also be blamed for not preventing the breach in the first place.

So how can MSPs sell cybersecurity solutions to their clients? What techniques can be used to get clients to commit to purchasing the solutions they need to protect their networks and infrastructure from attack?

Cybersecurity Selling Techniques for MSPs to Improve Customers’ Defenses and Monthly Revenue

Many small businesses will have little in the way of cybersecurity defenses, so this presents MSPs with an opportunity to increase their revenue, but first they must make sure that a client is aware of the importance of cybersecurity and having the right infrastructure and security solutions in place. It is up to the MSP to communicate the need for cybersecurity defenses to block credible threats, as many businesses will not understand the risks they face and the true cost of a data breach.

One of the most important elements of selling cybersecurity to clients is to have a good understanding of the risks a business faces and the level of risk each business is prepared to tolerate. Each business will be different and, most likely, there will be different risks within each business that need to be addressed.

It pays to take some time to audit and review those risks, and then to develop a cybersecurity strategy for the business that is tailored to its needs, rather than trying to sell a standard package of security solutions.

It is unlikely that a small business will be effective at conducting their own cybersecurity risk assessments. By becoming proficient in conducting risk assessments, MSPs will be able to gain a competitive advantage. If an MSP can present an accurate risk assessment to a customer, along with cybersecurity solutions that will reduce all risks identified to a reasonable an acceptable level, it will be much easier to get clients to buy in and sign up for the products and services they need to reduce those risks.

When selling cybersecurity solutions, it pays to focus more on the risks and how they will be addressed, rather than the technical aspects of each solution. That information can naturally be shared if required, but it is better to explain how the solutions meet the needs of the business and the benefits they provide. Cybersecurity solutions are expensive for small businesses, so before a business commits to a purchase – which can involve a significant upfront cost – they need to know the benefits the investment will bring and how it will likely save them considerable costs in the long run by preventing costly data breaches and the resultant downtime.

Customer Support Needs to Include Cybersecurity

Having the right cybersecurity solutions in place is only part of the story. It is also important to ensure that there is adequate monitoring in place. Cybersecurity solutions must be correctly configured and maintained so MSPs will need to make sure the staff is on hand to identify and respond quickly to any threat and neutralize it. Cybersecurity support also needs to be sold to clients.

You must be clear about the different between IT support and cybersecurity support. Clients are likely to need an MSP to provide basic IT support but may also expect the MSP to deal with cybersecurity issues as well. It is vital to communicate the difference and to cover cybersecurity support when onboarding a new client.

By explaining the need for cybersecurity and providing tailored solutions and the right level of support, MSPs will be able to earn the trust of their clients and be able to reassure them that their infrastructure and data will be kept safe and secure. As the business grows, that trust will be invaluable in getting the business to buy into more advanced cybersecurity solutions as their risk profile changes.

When it comes to finding solutions to meet the needs of MSP clients, TitanHQ can help. TitanHQ provides reasonably priced, powerful and effective cybersecurity solutions to block the most common attack vectors, along with a solution for backing up and archiving business critical data.

For more information on these solutions give the TitanHQ team a call and ask about TitanHQ email security, DNS filtering, and email archiving, and the TitanShield Partner Program. MSPs that join the TitanShield Program will be provided with extensive tools, marketing resources, and training aids to help them sell cybersecurity solutions to their clients more effectively.

Remote Working and the Dangers of Public Wi-Fi

The dangers of public Wi-Fi are well documented, but the increase in remote working means the threat has grown. During the pandemic, many businesses had little option other than to allow their employees to work remotely. Remote working during the pandemic meant employees working from home, but now that COVID-19 restrictions are easing the dangers of public Wi-Fi have reared their head one again. Many businesses have seen benefits to remote working and are continuing to allow employees to work from home, while many others are considering adopting a hybrid working model, where employees can work remotely for at least some of the week.

The Dangers of Public Wi-Fi

There are a variety of risks when accessing the Internet over public Wi-Fi networks, one of the most serious being the Wi-Fi access point that people connect to is not actually the Wi-Fi network of the establishment where employees are working. It is all too common for threat actors to set up rogue access points that resemble the legitimate Wi-Fi access points that they spoof. Through those access points – often referred to as evil twins – connections are monitored, and no communicated data are secure.

Attackers often inject malicious proxies, eavesdrop on network traffic, and use redirects to send Wi-Fi users to malicious websites. While perhaps unlikely in a local coffee shop, it is possible to compromise wireless technologies such as Bluetooth and Near Field Communication (NFC), and these tactics are commonly used, especially in foreign countries. If Bluetooth and NFC are enabled, an attacker could scan for nearby devices and gain information that could allow them to identify and target a particular individual.

How to Reduce Risk

There are various steps that remote workers should take to ensure they do not unwittingly fall victim to a malware infection, disclose their credentials in a phishing attack, or otherwise compromise their device, and in turn, the network of their employer. The most straightforward of these measures is to simply not use public Wi-Fi networks, although that is not always possible for travelling employees.

If it cannot be avoided, it is important to connect to a Wi-Fi hotspot that has encryption and strong authentication, as security will be greater. It is never a good idea to connect to any Wi-Fi network that has no security and does not require a password to connect, but it can be difficult to determine how good Wi-Fi security actually is.

It is important to remember that having a password on a Wi-Fi access point does not mean there is data encryption, so any transmitted data may be intercepted. Even with encryption, if an attacker knows the pre-shared key, the encryption is rendered useless as data can easily be decrypted.

It is also possible to force a network into using unsecure protocols or obsolete algorithms, and there are widely available open-source tools that can easily be used to capture credentials and other sensitive data.

It is therefore important to take precautions. For employees, the steps are straightforward. Avoid public Wi-Fi networks if at all possible and avoid disclosing any sensitive data on websites that do not start with HTTPS. Bear in mind that hackers can set up HTTPS websites just as easily as anyone else so be sure not to place too much reliance on https for providing security.

Employees should avoid disclosing any sensitive data or accessing their email or work network entirely over public Wi-Fi if possible, and to ensure that tools supplied by employers – such as a VPN – are used.

Employers should ensure a Virtual Private Network (VPN) is available to employees and there is sufficient capacity to allow all workers to connect. Employers can – and should – extend the protection of their web filtering solution to remote workers’ devices. Web filters will block access to known malicious websites and can block malware downloads. Solutions such as WebTitan are easy to configure to protect remote workers’ devices, and filtering controls will then be applied just as if the employees are in the office.

Standard cybersecurity best practices should also be followed, such as ensuring patches and software are kept up to date, including VPNs. Multifactor authentication should be enabled and anti-malware software installed. Anti-spam solutions – SpamTitan for example – should also be implemented to block email attacks, and firewalls should be used to prevent unauthorized inbound and outbound connections.

It is also recommended to disable Link-Local Multicast Name Resolution (LLMNR) and Netbios Name Service (NBT-NS) on Windows laptops and to configure Web-Proxy Autodiscovery Protocol (WPAD) to use only corporate proxy servers and to turn off device file and printer sharing on public networks.