12 Aug Grab New Government and Education Accounts With These Insights
Government and education managed services contracts can yield big profit margins and lucrative recurring revenue. But how can an MSP get the attention of a government official or educational leader? How do you convince them your services are critical?
To land one of these contracts, you’ve got to get to know your prospect – consider what regulations apply uniquely to K-12 education, higher education institutions, or local governments. Then consider what is at risk should they fail to meet compliance standards or encounter a breach – Could they lose funding sources? Could enrollment dwindle? Could citizens voice their disapproval in the next election? Then align your services to benefit their specific requirements and pain points.
Let’s get a little enlightenment on schools.
With K-12 education, administrators’ attention and time are spread thin with endless and shifting demands, such as performance metrics and last-minute budget changes. Of course, cybersecurity falls into that long list of responsibilities since officials want to safeguard children and their institutions against cyber threats. However, administrators often don’t think of cybersecurity in terms of compliance. Many school board officials and administrators possess little-to-no IT or cybersecurity knowledge. They aren’t privy to privacy and data regulations. They don’t understand how the failure to satisfy these requirements can weaken their security or how that deficiency can open them up to financial and reputational damage when a breach does occur.
But they do understand the importance of money and reputation. Demonstrate the risks that the lack of compliance poses to both these stressors, and you will get their attention. A data breach in their district tarnishes their reputation and weakens public trust as well as financial support. With fierce competition among districts, no school official wants to chance a reputational blemish that can diminish funding and enrollment. School officials want to keep the voters happy – both for budget and funding support and for prosperous student enrollment.
One popular funding program carries its own set of compliance requirements – the E-Rate. This program, managed by the Federal Communications Commission (FCC), provides discounts for a school’s telecommunications services and internet connectivity. Any school that has received money from the E-Rate program must comply with the Children’s Internet Protection Act (CIPA). The regulation mandates protection measures to block inappropriate websites and set up firewalls.
Higher learning institutions are both similar and different from K-12 schools. Universities and colleges also guard their reputation fiercely and compete for enrollment. But since most colleges are for-profit and function more like businesses, they rely on advertising for enrollment and grants for research rather than taxpayer-funded support; and college officials are hired rather than elected, as is the case with most K-12 administrators. Also, university research is often allied with private companies, so there’s an overlap of education and private industry compliance laws.
The Family Educational Rights and Privacy Act (FERPA) is another security regulation that MSPs should become familiar with to land new educational clients. The act protects student information and governs public and private schools for all K-12 and colleges and universities. State data breach laws also apply to educational entities, covering both student and HR information.
Let’s move over to government contracts.
Local governments provide many critical services, such as police, fire departments, emergency medical responders, jails, court systems, utilities, public health resources and senior care facilities. Local jurisdictions are also responsible for the safety and maintenance of public infrastructure. All these amenities require privacy and data security as many of these services and the systems that manage them continue to become digitized.
Like K-12 educational institutions, local government services rely on taxpayer dollars and their decision-makers often answer to or are elected officials, with politics often coloring their actions.
So, what regulations must local governments comply with? Public health services, emergency medical services and jails with inmate medical records must adhere to HIPAA. Many law enforcement organizations must follow the FBI’s Criminal Justice Information Services (CJIS) regulations because local precincts can access the National Crime Information Center (NCIC). Any of the other services that handle customer or citizen information must comply with state and federal security regulations that govern consumer data.
Common among both educational institutions and government decision-makers is a lack of cybersecurity education, appreciation for the criticality of their IT staff, and an understanding of the financial rewards to improve security efficiency.
MSPs possess valuable experience to expand government and education officials’ narrow knowledge. Emphasize your expertise and demonstrate how you can streamline their efforts to create a more secure cyber environment with more efficiency and cost-effectiveness. Talk to them about funding loss, diminished citizen support and reputational damage that could result from a breach. Hit them in the wallet and public opinion pain point to drive home your value.
Begin with a thorough assessment to establish proof, backed with an executive presentation and reports that show concise facts. Then illustrate the importance of constant compliance, the need for its documented substantiation, and finally, how you can automate this process for efficiency and certainty.
For some helpful tips on leveraging privacy and data laws to land new accounts, check out this blog!
