It shouldn’t be stressful to talk with customers about cybersecurity, but it often can be. Asking the right questions–beforehand–can be a determining factor between preventing or even recovering from a cyber-attack and disaster. Talking with customers about cybersecurity shouldn’t be stressful. It shouldn’t be done after a breach or other incident. Managed service providers are often not in this position.
Asking the right questions–beforehand–can be a determining factor between preventing or even recovering from a cyber-attack and disaster, according to panelists during a CompTIA Cybersecurity Community Meeting at CompTIA’s Communities & Councils Forum in Chicago.
Start the conversation with a common pain point
According to Chris Johnson, cybersecurity strategist at OnShore Security, starting a cybersecurity conversation could involve bringing up a common problem with customers, such as asset management.
“A simple question such as “What are your assets?” is not often given enough attention. Clients often assume that MSPs already manage all assets. Johnson stated that you cannot protect what you don’t know and what you don’t know will lead to your downfall.”
You can also manually compile a list of assets on paper so that you have a better idea of what the client needs. Don’t forget about virtual assets such as Azure or AWS servers.
“Technology alone cannot be the truth. Johnson stated that it must be an intentional effort to find the truth.
Nicole Upshur, regulatory compliance counsel at nContracts, said, “I like saying you can’t rely just on cybersecurity.” Sometimes it’s nice having something tangible in your hands, such as a list, and being hands-on.
Use Business Terms and Not Technology
To strike a cyber conversation, target business leaders (the owner or executive team) within your customer’s organization. Alex Rutkovitz Spigel (cofounder and vice president at Choice Cybersecurity) said that business leaders understand technology and should meet on common ground.
“Meet clients where they are with key performance indicators and key risk indicators. It’s different for everyone. Know what risks you face and what could make a customer unhappy. What are their business goals? What are their growth plans? Spigel stated that it is important to understand the entire business in order to better protect it. “A friend asked me last evening ‘What keeps you up at night?’ I answered.
Vince Crisler, CEO at Dark Cubed, stated that executives are interested in reducing the risks they face. This will allow you to help them manage their risk and use technology, policies, and people to reduce that risk.
There’s more to talk about than money
Deloitte found that cybersecurity accounts for 10% of IT budgets. Crisler stated that many companies don’t want to spend that much on cybersecurity.
Crisler stated that any money budgeted to cyber is already a commitment. However, most people believe they can’t spend more. “But there are many things we can do without money, but customers must participate to make it a reality.”
For example, employees can be trained in physical security and made to understand that they cannot leave computers or other assets behind.
Crisler stated that there is some paralysis caused by analysis. This is because it’s so overwhelming and overwhelming. It’s either your downfall or your success. Two-factor authentication has been turned off by users who claimed it was too complicated. How difficult is it to enter six numbers? It’s easy, it’s simple.
According to the panelists’ consensus, the key to a successful conversation is to communicate a consistent message to customers and make them understand that it’s not whether they’ll be the victim of a cybercriminal but when.
Cybersecurity is a game in which defense loses and offense wins. Assume that you will lose at some point. Crisler stated that it’s all about making it harder for the bad guys to win. How can you discover sooner that you have lost and reduce the impact of losing?”
Johnson stated, “We can’t stop every bad thing happening, but what we do is the difference between whether you come back”
To show customers what can happen if they aren’t prepared, you should take them through simulations and other table-top exercises. Spigel stated, “I’d rather lose hundreds of thousands of dollar to the wrong person than fail a simulation.”
Register now to get more information and register for CompTIA ChannelCon 2022 LIVE!
