Small and emerging businesses have historically had little incentive to meet cybersecurity frameworks or comply with regulations around processes, procedures or technology related to information security. But that ship has long sailed.
Consumers now look for businesses, irrespective of size, that invest in protecting their sensitive information – and the organizations that don’t expose themselves to potentially grave risks and lost opportunities. According to a recent Continuum study, for example, one in four clients consider leaving their service providers if their cybersecurity practices aren’t up to par.
Customers increasingly ask their vendors what they’re doing to protect their data, and these providers, in turn, must show without a shadow of a doubt that they’re meeting their end of the bargain. It's this dynamic that creates unique opportunities security-forward MSPs are equipped to exploit.
The hang up? Small businesses often don’t understand their obligations, may be resistant to change, or haven’t yet built the muscle or the culture to effectively meet their compliance responsibilities.
The Apptega Cybersecurity Podcast recently caught up with Christopher Bracket, owner of Greater Nashua Technology Consulting, to discuss how MSPs can approach these hurdles and what an ideal client relationship might look like when a small business is just beginning its cybersecurity compliance journey.
The key takeaway: MSPs that don’t prioritize client buy-in place themselves at a disadvantage with their clients. But it’s a two-way street. Clients must also be willing to work with their MSP.
Getting Client Buy-In
As an MSP, getting your clients on board is essential to developing a successful cybersecurity program. Because industry-specific frameworks are relatively new, MSPs often face the challenge of companies not realizing that they must follow a specific compliance program. It’s also the case that the frameworks themselves are often written for large enterprises – which creates confusion around which ones may even apply to a particular business and, for the ones that do, what steps the company must take to meet their controls. And in this context, getting leadership to buy in can be a challenge.
For business owners, the importance of cybersecurity practices doesn’t always click immediately, so having a regular feedback loop is essential. According to Brackett, companies that see the most success meet bi-weekly to discuss changes and have an internal contact to talk to the group and implement changes before the next meeting.
Continuous meetings that are well spent also remind customers of the necessity of cybersecurity practices. It’s essential to keep up with the pace of change and pursue continuous customer buy-in because cybersecurity compliance is not a challenge that will just go away. Approaching it as a gradual implementation lends itself to minimal business disruptions and gets strong customer buy-in.
A Two-Way Street
As an MSP, securing customer buy-in can be difficult, but it’s a common problem. On the other hand, though, customers that expect a hundred percent of the work to fall onto MSP shoulders achieve compliance slower and often lag behind their competitors.
Customers willing to work internally and own the process can keep things moving forward – and they also progress faster and better. If a company isn’t willing to meet, discuss, and spend a few hours working on compliance, roadblocks arise.
Both internal buy-in and collaboration are necessary. Brackett says that “the key is continually moving the needle forward and making things easier for the business,” but also that work must happen internally to progress faster.
The New Normal for Businesses
Compliance with cybersecurity frameworks and regulations is the new standard for businesses, and MSPs play a vital role in helping SMBs adopt a cybersecurity compliance program. But MSPs that don’t know how to meet their clients where they’re at will suffer.
With client buy-in and collaboration, businesses can move forward in their compliance journey and meet the demands of their customers.
Listen to the full podcast episode here.
