SMB & Security: Finally, they believe! (Part Two)

HOW ONE MSP USES NETWORK ASSESSMENTS TO WIN THE TRUST OF ONCE-SKEPTICAL SMALL BUSINESS OWNERS

Part II

We recently spoke with Jeff Sumner, president of Tech Guides. Tech Guides is a 19-year-old MSP and IT consulting company located in Media, PA, and a proponent of the RapidFire Tools network assessment tools. The company offers managed services, security consulting, and digital media services such as digital signage and web sites. Sumner and his team swear by network assessment reporting and the Network Detective solutions—especially the Security and HIPAA Compliance modules, and the Detector insider threat detection appliance.

Here’s Part II of his comments on how he leverages network assessments to help increase business in the area of security offerings, and how such documentation helps him justify implementing the type of security solutions he knows his clients need and deserve.

How have network assessments changed your clients’ attitudes toward security?

Let’s face it, as MSPs, we’ve been beating the drum for years on the crucial nature of security. In the past, many businesses didn’t take that to heart and were willing gamble a bit on the side of danger. We’re finally coming to a place where companies are more mindful of the threats they’re facing, due in part to highly publicized breaches. Having an assessment done of their own network hammers home that point. Finally, small businesses are starting to believe us.

This strategy is most effective if assessments are delivered on a quarterly basis, detecting patterns that manifest over time. At that point, the customers say, Okay, I see the proof. I should have believed you before, but I believe you now.

What kind of financial impact does this have on your MSP practice?

A security consulting project can bring in anywhere from $10,000, $15,000, even $20,000 in revenues, depending on the scope. Typically, we’ll start off with a CEO or CIO who’s looking to discuss best practices. We’ll provide a security assessment, which almost always reveals significant shortfalls in the customer’s security, and that leads to work.

For example, we went into a company in the insurance industry. They had two locations and about 100 seats. An assessment showed the that client had rogue wireless activity on their network. They had no idea what was going on in the back corners of their offices. That generated a conversation on how to secure their access points and firewalls. We recommended remote tools that could be managed via the desktop to keep a better handle on network activities. This evolved into a comprehensive upgrade, which they sorely needed, in addition to a HIPAA assessment.

That was a $15,000 project, which we finished in about a month. We’re now set to conduct quarterly reviews for a smaller fee, building on what we’ve established. The ultimate goal with this and every client is to implement regular quarterly assessments. We advise clients from the outset that assessments, and long-term initiatives such as HIPAA compliance, are not a “once-and-done” activity. They’re an ongoing procedure.

What advice do you have for MSPs?

Don’t be afraid to introduce new services to your clients, and to ask for compensation. A valuable MSP must always bring new tools to the table. No client should expect their network, and your services, to remain static. The cost to maintain a network has been rising as security gets more complicated and external threats become more nefarious. So it’s reasonable to ask clients to pay for those costs.