As cyber threats escalate, dealers must put network security at the forefront of their managed services offerings.
All Covered’s network security used to be an optional managed services’ offering. Not anymore.
“Our position is, if you don’t sign up with us on these security services, we’re not interested,” said Jim Mullen, vice president of sales with All Covered. “It’s too much risk for us. We are taking that stronger position because nine out of ten phishing emails are answered. There are four million cyberattacks every day, and 75 million phishing emails sent every day. This wasn’t a problem 10 years ago. If you follow the industry data, it’s thousands of percent higher today. Why would I go to the bank and rob with a gun, when I can do it from my basement?”
Indeed, as cyberthreats escalate, network security should be at the forefront of all dealers’ managed services offerings.
According to Cisco, the global IT provider of networking and cybersecurity solutions, network security is any activity designed to protect the usability and integrity of one’s network and data. (See sidebar “Most Common Threats.”)
Spectrum Technologies in El Paso, Texas, has been providing managed services since 2005. The dealership had its own network operations center (NOC) and offered remote monitoring, patching, and updates. But as Spectrum Partner and President Kyle Elliott explained, it was more of a “casual offering,” and not something its team focused on in the same way it did when selling traditional office technology.
That was a problem.
“We were constantly chasing our tails, putting out fires, and doing a lot of reactive stuff,” recalled Elliott.
The solution was to create what the company calls the StrykerCyber program and turn much of the heavy lifting over to a third-party managed services provider. Spectrum looked at different platforms and five years ago, elected to partner with Continuum, which allowed Spectrum to move from a reactive to a proactive managed services model.
“That made us look more professional than we had been previously,” noted Elliott. “It also allowed us to shift our focus to what we should have been spending our time doing—the consultative side. We had expensive resources doing level-one type tasks like patching and updating. Shifting that to Continuum helped with scalability.”
“I constantly tell my field teams, if you want to get inside the door, there is no easier topic to do that with than cybersecurity,” said Jake Elliott, Spectrum’s director of IT sales.
He’s seen a shift in the types of individuals his team talks to about security. Before the Continuum partnership, most meetings were with office managers, IT managers, and IT directors.
“This conversation about cybersecurity has made its way to the people and less the IT department,” reported Jake. “It truly is about risk mitigation. If you want to get the ear of a business owner or CFO, cybersecurity is the absolute way to do that.”
It’s no surprise then that security is now a significant piece of Spectrum’s managed services offering. Its approach to security focuses on three main areas—people, processes, and technology.
“Everyone loves to focus on the technology component first, but people always represent the number one vulnerability inside the network,” said Jake. “Education, security awareness, and training are key. It doesn’t matter if you’re the receptionist or the IT manager, everyone is in it together, so providing awareness to the staff is highly important.”
According to Jake, “Process” encompasses everything from how an employee or customer on-boards to how the company off-boards a departing employee, ensuring they don’t have network access after they leave.
“Of course, there are certain clients that have to be compliant with metrics and targets around HIPPA and PCI (payment card industry) compliance and the process of putting that in play is extremely important,” said Jake.
The technology component is understanding that a basic perimeter security strategy is no longer enough. That’s why Jake emphasizes active EDR (endpoint detection and response) and a business continuity plan needs to be part of the technology discussion.
This is where Continuum’s expertise comes into play for Spectrum.
“From their 24/7/365 video operations center monitoring to getting us access to the software, to the tools, through a centralized dashboard is a tremendous benefit for us and our clients,” observed Jake.
Interviews with other third-party managed services providers underscore his points.
The Basics
“The sky’s the limit in terms of network security,” observed Corey Kerns, vice president and general manager, Collabrance.
“At a minimum, basic network security should include preventative maintenance, patching, domain name system (DNS) filtering and monitoring, and web traffic monitoring,” he said.
Beyond that, he recommends installing a firewall that’s monitored and managed to identify external threats and secure the network for wireless access.
Jay Ryerse, CTO, security products with Continuum, a ConnectWise Company, recommended starting with a risk assessment to understand the impact on the business and the critical assets that need protection. This step, he said, is essential for making the right recommendations.
The typical business environment includes backups and recovery point objectives, as outlined by the business. Then, the basic protections should be installed, such as firewalls and advanced endpoint protection, which includes unusual behavior analysis, machine learning, and AI as part of the protection strategy. At the higher end, he suggests looking at managed SIEM (security incident and event manager), which monitors activity coming and going through and around the network to detect intruders as early as possible.
One of the biggest mistakes made by managed services providers who are discussing security with their customers is that they tend to lead with the tools.
“I question the integrity of somebody that leads with tools before they’ve figured out what assets are worth protecting,” said Continuum’s Ryerse. “Tools aren’t going to solve the problem if you don’t know what you want to protect.”
His suggestion is to take a step back and examine a customer’s environment holistically before making recommendations. This way, the customer isn’t spending money protecting things that aren’t worth protecting.
All Covered focuses on a layered security approach.
“Message protection, endpoint protection, patching, and vulnerability management are table stakes for us,” noted All Covered’s Mullen. “Underneath those layers there are 10 or 12 different solutions.”
He suggested that dealers new to managed services focus on basic message protection (email archiving, spam filtering, email continuity, phishing protection, and email encryption), endpoint protection, patching, and vulnerability management. Beyond that, dealers can focus on web-contact building and mobile-device management and move deeper from there as necessary.
All Covered has found that bundling its security offerings together is the most effective way to sell security.
“It’s like a car alarm with a club and a tracking system on your car,” said Mullen. “We bundle it because the customer doesn’t know what they don’t know. Don’t give a customer the diner menu because they won’t understand it. They expect you to manage their security system.”
Confidence Building
Gaining a customer’s confidence is critical when offering managed services, particularly around security. For example, Spectrum has done a good job of selling into verticals such as healthcare, where compliance with regulations such as HIPAA is critical.
“Touting experience in those specific industries oftentimes makes people feel at ease,” said Elliott.
Spectrum also has a specialist on staff who focuses exclusively on cybersecurity.
Equally important to gaining a customer’s or prospect’s confidence is discussing how the dealership protects its network and data. Spectrum works with Continuum to monitor its network for threats.
John Schweizer, vice president of office technology at Continuum, recalls a conversation with a dealer who asked him why the bad guys would want his data. Schweizer replied, “The bad guys could care less about your data, but if they get you, you’re going to pay them the ransom because, can you go three weeks without your e-automate?”
“It starts with the good internal hygiene,” added Collabrance’s Kerns. “If the dealer’s internal environment isn’t secure, how can they sit in front of a customer and give them that confidence and trust?”
Honesty is equally important in winning a customer’s trust. Don’t give customers a false sense of security, meaning, as Ryerse pointed out, that there won’t ever be a problem.
“No antivirus [software] is 100% effective,” he said. “Anyone who tells you that it is, is lying. What we found effective is making sure [the customer] feels like they are part of the process, and that it’s a true team effort. We’re alongside you to help mitigate your risk and to help shore up your vulnerabilities. Dealers need to leverage their sales organizations and their client relationships.”
Kerns echoes Ryerse’s comments.
“The biggest thing is not giving them that false sense of hope that nothing’s going to happen,” said Kerns. “Where the confidence comes in is that we are mitigating as much as we can, but more importantly, letting them know that you can control that incident and recover from it if something does happen.”
By educating customers about policies and procedures related to network security, and most importantly, adhering to them, a dealer can help customers reduce downtime, comply with government regulations, and reduce liability.
Access Related Content
Visit the www.thecannatareport.com. To become a subscriber, visit www.thecannatareport.com/register or contact cjcannata@cannatareport.com directly. Bulk subscription rates are also available.
