Cybersecurity Indifference Can Haunt You and Your IT Customers

The threats just keep on coming.

Here are three things about cybersecurity you know but may not think about.

1. Cybersecurity threats are real and changing almost daily.
2. Your salespeople may be ill-equipped to talk with customers about cybersecurity.
3. You should encourage customers to think proactively about cybersecurity.

Cybersecurity is a blanket term for keeping information away from those who would damage or misuse it. For example, the law firm where you placed 12 MFPs doesn’t want their trial strategies available to attorneys at the other table in a courtroom. The superintendent of the school system where you placed multiple machines might be displeased if social security and bank account numbers escaped from the accounting department. Social security numbers, incidentally, go for about $5 on the dark side of the internet. Bank account numbers sell for about $120 each.

In the bigger picture, IBM says recovering from a data breach in the U.S. costs companies an average of $9.4 million in 2022. It is far less costly to pay for the security that could prevent an intrusion.

“Having a high-level understanding of cybersecurity issues helps with basic problem identification and can be enough to get a conversation going.” affirmed Chris Nuiver, general manager for IT Solutions at Applied Innovation, a dealer with operations in the Upper Midwest and Florida. “Focusing on a few hot topics enables a sales team to bring in a specialist.”

Two Levels of IT Threats

Specialists are essential, unlike your IT guy who looks online for IT threats once every couple of weeks. Read about the services offered by cybersecurity companies and you’ll understand how complex it is. Peruse the sites of 360 Advanced, ConnectWise, Mimecast, or Z Cyber Security. Then ask yourself if your sales or IT team is up to protecting your customers.

“Successful MSPs have subject matter experts in security without a doubt, and larger ones have CISOs (chief information security officers),” noted John Schweizer, vice president of channel sales and programs, ConnectWise. “We have data from our large dealer network that indicates greater success with sales professionals dedicated to growing the MSP and MSSP businesses. Traditional reps can, however, be taught to open the doors for their specialists with security. In fact, while still hard work, they will find a much higher prospecting to appointment ratio when cybersecurity is the call to action.”

There are two levels of cybersecurity, usually requiring software to be installed or activated to help prevent unwanted intrusions. Level 1 ensures your customers can securely print, copy, or scan documents. Your OEMs can show you and your staff how to protect the machines and offer this service to customers. Level 2 goes further by extending cybersecurity to customers’ businesses. Providing such a high-value offering sharply separates you from competitors. For most dealers, Level 2 requires a partner, deep pockets, and specific expertise.

Cybersecurity Decision Time!

Protecting customers from external and internal intruders should be an ongoing effort. However, absent the pocket depth to put a team of cybersecurity experts on staff, most dealers may be unable to take this on internally. Partnering with a company that eats, drinks, and breathes cybersecurity is a faster and safer strategy. It adds value while providing your dealership with access to cybersecurity experts who are familiar with a variety of businesses.

“Partnering with cybersecurity organizations lets us bring in specialists for solution development,” explained Applied Innovations’ Nuiver. “We align with providers that are committed to providing support. That is far more important than the additional solutions they offer.”

On the other hand, dealers seeking to go it alone are trying to become part of their local IT and managed services market. One approach here is selecting areas to specialize in, becoming an expert in those areas, and adding more offerings as you grow. Going it alone can be right for dealers seeking to control the entire solution by developing and owning the intellectual property involved, but the vulnerability can be significant because your dealership takes on substantial responsibility.

It requires an investment in people, training, and management platforms—plus a track record of proven performance. And here’s the rub: “Building that track record is an uphill battle when going it alone,” explained Bob Lamendola, senior vice president and head of Ricoh’s Digital Services Center. “Market relevance and a track record of satisfied customers are important elements.”

Dealers who take on cybersecurity typically have specialists responsible for cybersecurity or who can assist a dealer’s traditional copier reps. Unfortunately, the larger job market comes into play because there are not enough people needed. Hiring, training, and retaining skilled cybersecurity talent—including salespeople—are persistent problems. In all candor, skilled people may be more likely to take jobs at IT companies, not copier/printer dealers.

Schweizer recommends that dealers not venture into the cybersecurity world alone. “If you are going down that route, it has to be 100% built, tool enabled, staffed, and ready to go before onboarding the first customer. It’s a 24x7x365 part of the business, no exceptions. The group also needs to practice, practice, and practice so they can respond when the bell sounds. The demand for human capital in this area is outrageous. Be prepared to get your wallet out and still have your people leave.”

In Schweizer’s opinion, it doesn’t matter if that expertise comes from an MSP such as ConnectWise or an OEM. Cybersecurity protection comes in varied flavors and there is a place for traditional OEMs and providers like Connectwise. Your better choices would be those that have significant resources committed to cyber,” said Schweizer. “By way of example, cybersecurity is Connectwise’s largest business unit and core to our value to our partners. The hundreds of people in that unit work on cyber all day, every day, and as a software company, every line of code in every product is written with a security-first mindset.”

Get Educated About Cybersecurity

Whichever path you choose, your salespeople should be sufficiently conversant in cybersecurity to have initial conversations with customers and prospects. This provides some assurance that your dealership can help.

“It has been beneficial to have a cybersecurity specialist proactively finding opportunities and supporting the traditional sales team,” said Applied Innovations’ Nuiver. “We use continuous internal education and a network of vendors that focus on IT security operations.”

“Dealer salespeople should be helping clients understand the potential gaps in their security readiness. There’s training to help them know what to listen for,” agreed Bob Madaio, vice president of marketing at Sharp.

All vendors offer cybersecurity training, but the complexity of threats makes such training an ongoing endeavor. Plus, multiline dealers may have solutions that apply only to equipment at certain customers. Still, suggests Cody Walton, national manager for strategic solutions and dealer sales at Konica Minolta, offers a sound approach, “…dealers can take a layered approach to cybersecurity, combining multiple layers of protection, starting with MFPs and working toward more complex issues.” Good advice, so where to begin?

Be Curious About Cybersecurity

Start with the broad information obtained through online searches. For example, although a salesperson may be able to talk about ransomware, they may not be aware of attacks that cause a system to crash, then activate a virus when the system is restarted and a targeted program is opened. Specific skills can matter too, such as deploying virus-checking on multiple MFPs, then managing them as trusted devices in a Microsoft ecosystem. Few IT providers can do everything, so pick those that match customer needs. It is common to work with more than one partner.

Dealers and their salespeople should have a working knowledge of the dangers cyber threats pose. You already know which businesses your customers are in, so ask questions to peel back the layers:

• What cyber threats are they aware of?
• How is their network protected against external or internal intrusion?
• What information may be exposed to unauthorized intrusions?
• Do they have secure backups and strategies for when they are hacked?
• Ransomware is a common cyber-attack. What strategies does a customer have for it? Paying up is not a strategy.
• What do they do to counter email (especially in Microsoft Office) as a threat?
• How frequently is their computer network tested to ensure its security? What tests are performed? Who does them
• How many employees can access the computer network beyond the devices they normally use?

• How secure are access points used by their remote employees?
• How often are passwords for the network, computers, copiers, and printers changed?
• Are passwords changed when an employee leaves the company?
• How much insurance is carried against cyber-attacks?

Questions should fit the customer, and you may not need to ask all of them. They can help educate (or worry) customers while refining your awareness of their risks. All can be expanded into conversations about how your dealership may be able to address customers’ needs.

Not If, but When

Many customers believe themselves invulnerable to cyber intrusion—until it happens. This can be especially true for customers relying on the cloud, which is a remote server that offers marginally more protection than the customer’s network.

If you’re even remotely nervous about cybersecurity you’re not alone. It is not a matter of “if” a customer has an intrusion but “when.” You may have a competent IT team and some customers already poised for trouble. But what about those operating under the delusion that they’ll be okay? Education is a start. You should ensure all your customers are protected before the “when” arrives.

Benefits of Partnering

Although he may be biased, John Schweizer, vice president of channel sales and programs, ConnectWise, contends that for the average dealer, partnering with a company that is up to speed on the latest cybersecurity threats is hugely beneficial. According to Schweizer, consider the following before partnering with a cybersecurity provider.

1. They offer dedicated resources to help your team at the customer level. They will also sell with you as you learn and develop.
2. The partner should have a fully managed SOC (Security Operation Center) with the keyword being managed. The SOC should do everything through remediation. The partner should be hyper-focused on this area and know what to do when that ugly incident arises.
3. The partner should have an Incident Response Unit (IRU) ready in the event of an incident. Use similar diligence here. Will your IRU partner deal with the incident, the press, the authorities, and the lawyers?
4. Your partner should also have a threat-hunting team that proactively stays ahead of the bad guys and up to date on the most current threats.
5. The partner should have a training program for your personnel.

To become a subscriber, visit https://thecannatareport.com/register or contact cjcannata@cannatareport.com directly. Bulk subscription rates are also available upon request and included in our media kit.