Expanding your Business into Cybersecurity: Tips for Success from MSPs

Expanding your Business into Cybersecurity: Tips for Success from MSPs

By Rotem Shemesh

Expanding into cybersecurity can dramatically increase your revenue, but if not done carefully, it could also increase your expenses significantly or damage your reputation.

So how can you enjoy the benefits of this opportunity without taking risks? What is the best way to ensure your revenue grows without increasing your staff overhead and expenses? Can you gain the needed expertise without spending too much? We interviewed several Datto partners who have navigated this shift in hopes that their expertise provides insight into the potential risks MSPs face when expanding into cybersecurity.

All MSP professionals we have interviewed mentioned that today’s climate makes it easier for MSPs to sell security products. A few years ago, customers didn’t feel that they were targeted by cybercriminals and didn’t see this as a real threat to their business. “But now”, says Jeffrey Loeb, SVP at Prosource Technologies, “that ransomware is all over in the last few years, small businesses are now taking this seriously. They are now proactively asking us how to better secure their businesses”. According to Loeb, cybersecurity solutions is Prosource’s fastest-growing segment over the last two years.

Tip #1: Avoid beginner’s mistakes

  • Beginner’s Mistake: No investment in training

Eric Brown, CISO at RetroFit Technologies, suggests that a solid understanding of the solutions you sell is crucial. You must have your staff trained properly to sell and support the products. Whether you select a resource in-house or hire someone to train the term externally, Brown recommends looking for someone who has one or two known cybersecurity credentials like CISSP so you know they have studied that discipline enough to be familiar with it.

Loeb agrees that training is crucial—Prosource invested a lot in its technical and sales team education in order for them to get familiar with the terminology, NIST framework, products etc. According to Loeb, security education is ongoing: “Security is changing all the time so we have to constantly be training and updating, keeping our staff involved in the community”.

  • Beginner’s Mistake: Settling for the first security solution

Loeb advises to select products that fit well to your current offering, packaging, your audience, and budget. Most importantly, Loeb advises selecting products that are easy to explain to your customers, “Prosource started with an AV that was combined with SIEM. This package was expensive and difficult to explain to customers. The business model wasn’t good for MSPs either. As an MSP, we charge X dollars per month every month so clients have a repeatable predictable budget. These solutions were contrary to that.”

Jude Travers-Frazier, COO at Kraft & Kennedy adds that MSPs should make sure they do proper due diligence before selecting a product. “Don't add something if you can't support it, don't buy a tool and implement it if you are not going to be able to monitor that tool or configure it” he says.

  • Beginner’s Mistake: Ignoring the benefits of MSP-focused solutions and billing options

Loeb confesses another challenge they faced early on; many of the solutions they explored were well known in the enterprise space but they were not built with MSP dashboards. Not being able to see all customers from one place created a big hurdle.

Travers-Frazier agrees, adding “We don’t limit ourselves to tools for MSPs, but if a product is designed specifically for MSPs and performs just as well as other products, then this is a big plus”. Moreover, Travers-Frazier emphasises the need for easy billing, “I would prefer a vendor that makes it easier for MSPs to receive bills, pay them, incorporate those bills and charge clients. I simply prefer vendors that make it easier for me to run and manage my business.”

Tip #2: Stick to best practices

  • Carefully consider pricing & packaging

According to all interviewees, pricing and packaging of security solutions is one of the biggest challenges and many of the MSP representatives preferred to use a standard security package, which includes a fixed per-user per-month price. “You always look at new tools and technologies that would improve your service but no MSP wants to have to go back to their entire client base and tell them they have to increase their monthly bill,” Travers-Frazier comments. “You have to think about it yourself and have a plan because otherwise every time you consider a new tool, you’re gonna get stuck on not knowing how you could address the pricing and packaging. So spending the time to figure out your model and how you can bring new tools and increase prices to them is important.”’

  • Take a strategic sales approach

It was clear to all of our partners surveyed that selling security solutions is different from selling IT managed services. Prosource went through some trial and error until the company found their best practices for selling cybersecurity:

“The game changer for us was changing our approach to net new sales. Instead of looking for customers that are good managed IT customers and talking to them about security as part of the IT discussion, we’ve changed our talk track to where we are hunting for security opportunities and letting those evolve into managed IT opportunities. The most transformational part was changing our entire approach to sales to focus on security first.”

Prosource takes a very collaborative sales approach and relies on vendors to join some of the deeper conversations with customers, helping them to sell first hand.

  • Keep your own house in order

Perhaps the most important thing that came up was the fact that MSPs should not forget about their own security. These days MSPs are considered lucrative targets, as they hold the keys to many other businesses’ assets. According to Travers-Frazier, “It's easy to focus on clients and to forget about your own environment.” He suggests that MSPs undertake a formal SOC audit or some kind of assessment to help ensure they themselves are protected and don’t create a backdoor to their clients’ assets.

RetroFit’s Brown advises to adopt a security discipline - having processes in place and practicing it in order to operate properly (for example, do a real disaster test quarterly). “You have to train your people, define the processes and implement the technology properly” he summarises.

Tip #3: Seek out advice from your peers

One of the unique benefits MSPs enjoy is the support from their community. MSP executives can share knowledge and consult with their peers since, in many cases, they are not competing for the same clients. Expanding into a new area such as cybersecurity is a big step and getting advice from others who have done it can reduce your risks tremendously.

All of our interviewees stress that MSPs considering cybersecurity should consult with peers who have taken that path. “I don't think there is any single roadmap that says you have to go with this product or solve this challenge. I think you have to go back to your trusted peers to see how they have done it and get advice, and then do your own due diligence and homework, and figure out what you can add into your stack and support” explains Travers-Frazier. Brown agrees and adds that “MSPs are happy to share this kind of knowledge, especially if they are in different geographic regions”.

Our partners are a wealth of knowledge and have many more tips and tricks to share on this subject. Stay tuned for our next blog post for insight into ensuring profitability when expanding into cybersecurity.

Want to learn more about Datto’s cybersecurity offerings? Get in touch with us today. 

SMB Cybersecurity: Tips for MSPs to Share with Clients

Here are 9 tips for MSPs to share with clients to help them up their cybersecurity game.

View the Resource

Suggested Next Reads