Why should you care about compliance? Tim, who helped develop the SAS application Polygon, joins us this week to discuss compliance for engineers and why it matters. Polygon is shaping the future of policy processing management by helping MSPs streamline the policy process.

To understand why you should care about compliance, it helps to really know what compliance is. Essentially, it is adhering to some standard. In the technology world, there are Risk Management Frameworks (RMFs) that are used as a compliance standard to adhere to. You could compare it to quality control, or the referee of cybersecurity. This “referee” is helping guide you through the rules that you and the client should adhere to in order to avoid the ramifications and consequences that could follow.

Last week, we discussed pentesting and why it’s important. This week, we are going to dive into how MSPs can utilize automated pentesting to generate higher profit margins.

Pentests have never been so accessible in terms of a price point and turnaround times, making it a valuable tool to add to your security tech stack as an MSP. However, you’re already as busy as it is - despite the revenue that an automated pentest can generate, you just don’t have the time to implement it into your offerings.

This is where a third-party consulting firm comes into the picture. They will advance your security stack to include pentesting, which ultimately attracts businesses who are interested in improving their uptime.

Vulnerability assessments and penetration testing - more commonly known as pen testing - play a huge role in cyber security, something that is more important than ever. According to a report by Dark Reading, businesses suffered a 50% increase in cyberattack attempts per week in 2021. This huge increase should alert all business owners to ensure their networks are adequately protected.

To more efficiently help business owners do just that, there have been some drastic changes in the world of vulnerability assessments and pen testing. Here are some of those key changes, and why you should care.

Apple Podcasts: https://apple.co/2NHRRDl
Spotify: https://spoti.fi/3AyHCUd
Youtube: https://youtu.be/jSRDaSpEdBw

When reviewing a gap analysis with a client, we often come off as the person on a terrible first date. Instead of conversing with our clients, we sit down and point out all the wrong or missing things. No one wants a date like that, and your clients are no exception.

A poor approach to gap analysis can hurt your business and the relationship you are trying to build with your customers. Of course, you need to do a gap analysis for your clients. It’s part of what helps you understand the goals of their business and how you can help. However, if you can’t align your findings with the needs and values of your client, you’ll find yourself getting nowhere. When approaching your client with your analysis, it’s not your thorough, super detailed report that will catch their attention. It’s understanding your client and the value you bring to the table. When your clients come to the same understanding, you stop becoming a nag with the same repetitive concerns. You become a partner and an asset.

Talk to your clients about their business. Make it a point to understand what aspects of your gap analysis are most valuable to their operation. You may have a lengthy list of items that need to be addressed, but not all of them are things your client will care about. Let them know how your gap analysis helps them run their organization and generate profit. When you take the time and effort to have a conversation with your customers, you start to build trust, which will, in turn, open up more opportunities for you!

There will be gaps that your clients will not understand. This is not a foreign concept to those of us in the IT world. We have language and lingo that a layperson does not use. While this can be a challenge, you should take this as an opportunity to showcase what you have learned about their business and how your gap analysis pertains to their success. Educate them as to why your services are needed. Prioritize the things that are most important to them. This is not you being a salesperson. It allows for a customer-led strategy! Your customers have the chance to do the work for you by prioritizing what risks need the most attention. Then let them know what future steps you can take to improve things in the future. It’s a win-win scenario!

Remember, you do not know every gap in your customer’s portfolio. When a client seeks your services, you are often given a small window of insight that usually only pertains to IT. Make an effort to build rapport. It will help you prioritize the gaps that need the most attention, and your client will start to trust you to make decisions. Again, this allows you more opportunities to expand your services and build a business relationship that can last decades.

Gap analysis doesn’t have to be boring and repetitive. Use it as a tool to strengthen your business relationships and turn them into a profit!

Apple Podcasts: https://apple.co/2NHRRDl
Spotify: https://spoti.fi/3AyHCUd
Youtube: https://youtu.be/7uIOwxWU_HU

In the tech world, we tend to focus on the tasks that directly correlate to our work. But if we only focus on things like fixing firewalls and cybersecurity without understanding our clients - that is what makes tech companies suck at risk analysis.

That is not to say that what we do is unimportant. Our clients would not have hired us if they did not need our services. What is important is that we understand that to our clients, there is a difference between technical risk and business risk.

It is only natural that tech companies focus on technical risk. It’s what we do! But, you must remember that business risk will always outweigh technical risk to your client. Make it a point to talk to your customers. Understand what they see as risks and threats to their company, and then align your services with their needs. For example, if you have a client that runs a dog kennel, their main concern is the health and safety of the animals. If you only talk to them about everything you have done to improve their cybersecurity, your words will fall on deaf ears. But, if you can explain to them how improvement to their cybersecurity helps oversee all dogs that they are caring for and allows owners to safely access live streams of their pets from work, you have proven how your goals match those of your customers. Now your client has more features to sell to their customers, and you have opened the door for your business to provide additional services to build an ongoing relationship.

Aligning technical risk with business risk benefits you and your customers by providing a clear path to success. It helps your clients prioritize the factors that threaten their business and enables you to understand how your services help them meet their goals. Use this as a foundation to expand your business.

Business Risk x Technical Risk = Opportunity

When your client understands how the risks and threats to their business can be resolved by addressing technical issues, it allows you to cultivate your business relationship and the opportunity to offer additional services. In turn, it is your responsibility to ensure that you understand your customers. Focus on what your clients care about and what is most important to them. Learn how to identify the problems they face and then mitigate them to how IT can help prevent problems from happening. This strengthens the trust your clients have in you, provides direction for you and your client and creates a base on which you can expand your services.

Tech companies don’t have to suck at risk analysis. We just need to listen and understand how our work impacts client businesses and reduces the threats they face. Building client rapport is more than just doing a good job. Remember, we have conversations, not presentations! Take the time to understand what they value. Turn your risk analysis from sucking to spectacular!

Apple Podcasts: https://apple.co/2NHRRDl
Spotify: https://spoti.fi/3AyHCUd

The holiday season is in full swing, which means that you need to know security tips to protect
yourself from fraud and getting information stolen.

In my observation, previously working for an managed service provider and now with MSPs: for some, monetizing security is an elusive goal that seems to be reserved for those who already have connections, experience, and the right customers. Why?

It was a really engaging talk with Steve Rutkovitz CEO of Choice CyberSecurity. He is a very successful MSP practitioner specializing in IT Security and Compliance.

We were talking about MSP challenges, strategies, IT consultative sales processes, IT security and compliance opportunities and partnerships, and I learned the following: