Being the expert: Tips for guiding your clients through the cybersecurity journey
by Serena Raymond on Jul 30, 2020 12:00:00 AM
On The Cybercall on July 20, a question was raised: How much should MSPs be communicating with their customers? How much is too much? And when you do reach out, how do you explain the value of what you’re telling them without making them hear complete static?
This question around MSP communication isn’t new by any means. But with more people working from unsecure home networks and with online threats (and high-profile hacks) on the rise, it’s a question that you’re probably asking yourself more often.
It’s easy for both MSPs and their customers to grow numb to it. “Oh, look. Another cyber attack.”
So how can you communicate cybersecurity concerns and best practices to your customers in a way that actually gets through to them? We have some advice.
Listen to their cybersecurity concerns
If you approach a customer and start giving cybersecurity advice without hearing their concerns first, they’ll tune you out.
You don’t want to educate for the sake of it. All of your customers are coming to you with different levels of cybersecurity knowledge and awareness. If you approach every customer like they’ve never heard of antivirus software, some of them won’t take you seriously because you’re not taking them seriously.
So the first thing you need before you start sharing cybersecurity news is an understanding of what will be most relevant to each of your clients. Maybe they’re not concerned with email phishing because they exclusively use Slack. This then gives you more information around where their gaps are and what you can share to keep them more secure.
Give examples, but make it digestible
On that same CyberCall referenced earlier, Kyle Hanslovan from Huntress Labs made a good point about analogies. It’s often better to simplify cybersecurity news and present analogies instead of long-winded descriptions of cybersecurity incidents.
Your clients don’t want (or need) too much detail when it comes to cybersecurity. They don’t need to know everything. That’s your job.
Education for your customers is more about the broad strokes:
- The interesting numbers
- Cyber breaches affecting big-name brands
- General safety tips
- Foundational cybersecurity concepts
Your customers don’t need to know the intricacies of how exactly 5 million guest records were exposed after Marriott was hacked in March. It’s enough to point out that whatever protocols Marriott had in place to protect their login information failed, and hackers were able to get a hold of that information.
When you do decide to use (relevant) examples of recent cybersecurity incidents, or even share changes in software like MacOS supporting DoH in a future release, make it simple and easily understandable. Think your analogies through beforehand, and only go into the detail you have to. You do not want people to zone out during your explanations or stop reading your email halfway through.
Make it actionable, or they won’t bother
Have we touched on the importance of relevancy in this article yet?
What you share with your customers needs to matter to them. That means it needs to be relevant, but it also needs to be interesting or actionable.
Like I mentioned earlier, there’s a tendency to become numb to all of the cybersecurity news out there. In some ways, it feels like someone is shouting from megaphone constantly. And instead of getting alarmed by that, as humans we often grow accustomed to it. We have a “that’s-just-reality” mindset.
Don’t be the person with the megaphone who keeps repeating themself. Your customers will stop caring very quickly.
Instead, be the person who speaks up when you have something interesting or actionable to say. Your voice is much more powerful that way.
Never stop asking questions
You shouldn’t ask your customers questions only when they first sign up for your services. Make a habit of asking questions regularly.
This isn’t just a box you should check on your MSP communication checklist. You will really benefit from questioning your customers about:
- What tools they use most often
- Cybersecurity scares of the past
- Education their employees want
- Their trust level of the vendors they use
- Any long-term plans to move to the cloud
You’ll learn about their interests, their concerns, and their goals. All of this will better equip you to help them on their cybersecurity journey. You’ll be able to make what you share more relevant and provide insight they’re more willing to trust. It will also reveal upsell opportunities for products and services that would be helpful to recommend to them.
What is the benefit of asking a lot of questions? People feel heard. Your customers will be more likely to trust you as the expert if they feel like you’re actually listening to what they have to say every time you ask them a question.
But enough about MSP communication. What about helping them navigate their cybersecurity journey and determining where to start? We teamed up with Huntress to write an in-depth guide on just that subject. This whitepaper will give you the tools to be the expert as your customers’ business grows, including hypothetical examples to help you ask the right questions and start on the right foot.
The impending Cisco Umbrella RC End-of-Life has many Umbrella users concerned about their next steps and questioning which protective DNS solution might be able to fill the gap for their organization.
Industry State of the Art
This month there was a high level of focus on compliance issues spanning several focus areas from governments and oversight agencies around the world. And while there were actions taken with regard to specific vulnerabilities, a larger spotlight was placed on bigger picture security considerations in a more general context.
TL;DR: SASE is broadening—it is about more than just access! It is about endpoint protection and user-based access…and it's called Security Service Edge (SSE). All of the aspects of the joint NSA and CISA guidance on Protective DNS (PDNS) and user-level policies are part of the secure category, originally launched by Gartner in January 2022. Regardless, it’s been interesting to see the NSA and CISA create guidance recognizing the breadth of cyber...