How to sell Cybersecurity by partnering instead of selling

Here is the deal, the threat actors don’t care for the size of the business you have. An example can be, a small software development company that does work for larger firms. Having their clients’ data leaked can be detrimental to them. They might not have millions to pay in ransom, but the threat actors don’t really care.

They are perfectly fine collecting $5,000 from you and 1000’s of others. So, when I speak with a client about their cybersecurity needs it’s a game of listening. I certainly don’t want to sell them something they don’t need or feel like they don’t need, so the process that I walk through with a client is as follows:

I ask them to rank their security tolerance first, from 1 to 5. One being very laxed on cybersecurity and five being extremely intolerable to any risk. The idea is that if my client feels that they have no information that is vital if it leaked out, it would not affect their reputation with their clients, it would not negatively impact their operation and they have very little data stored on the cloud that can be easily recovered then maybe major security measures aren’t for them.

However, more often times than none, if I am speaking with a client about cybersecurity, it’s because they have either been hit by a ransom or phishing attack, or they know it’s only a matter of time before their business will suffer from such an attack.

Here is where the high-pressure sales come into play 😂

I generally just let the clients explain their concerns and tell me why we are even here discussing cybersecurity. Often times what I find is that most know that their systems are unprotected, or they know that it’s a matter of time before they fall victim.

I like to be the partner to them, not a sales guy or a vendor, so, generally speaking, everyone can see through the BS of a sales guy. I like to take the clients’ concerns and address them in a meaningful way, so, if they don’t go with us as their IT provider, they will walk away with some value from our meeting on things they can do to improve their security. Information is out there, so I try to educate people and bring up concerns that they might of not thought of prior to our meeting.

Cybersecurity is a rewarding job because you know the things you do actually matter to your clients. So, if I can educate people during our meeting and they walk away with some valuable information, I feel as though I accomplish my task.

I like to ask potential clients these questions before we can formulate what to do next. Here they are…

  1. What security systems do you have in place today?
  2. What regulations and standards apply to you?
  3. Is all of your sensitive data identified and encrypted?
  4. What are your high-risk systems and platforms?
  5. What are you doing for backups. (How do you know your backups are good?
  6. If you did get hit by malware, would you be able to figure out where it came from?
  7. Do you provide security awareness training for staff?
  8. Are you regularly scanning all the data on your network and emails?
  9. Are you running any spam filters outside the basic O365 one to prevent phishing attacks?
  10. Have you created and maintained a comprehensive incident response plan? (Probably not, but that’s ok, most don’t really have one.)
  11. How would a security breach affect your business? What about your customer relationships?

I know, those are some tough questions to ask, and it’s ok if you feel like your business falls short when it comes to answering some of these. This is designed to make you think about factors that you may not have previously thought of when it comes to cybersecurity.  Based on the industry and clients needs we would then walk through with them on figuring out what and how we can address all of these concerns.  Every environment is different, so it’s not a one solution fits all; however the general approach remains the same.  Restrict permission access as much as possible and revamp

What we aim to do is educate potential clients on what threats their business faces and let them decide the rest. As I previously stated, our job is to be the partner, not the sales guy or a vendor, so if a potential client has security concerns, our job is to work together with them to address them and educate at the same time. If nothing else, I want to make sure that people are aware of these threats and even if they decide to DIY their cybersecurity, they will know in what direction they should head.

If you do, however, need an assessment of your systems and wondering if your company is at risk, please reach out to AlphaCIS. We are a Managed Services Provider and Protective Security Services in Metro Atlanta area. Our number is 678-619-1218.