The Challenge: Cybersecurity for Small Businesses that Don’t Care
Like many MSPs, Mike Bloomfield is worried about the state of security. Notably, cyberattacks have become big business — especially when their targets are small businesses, said the president of Tekie Geek, which provides cybersecurity and IT services to businesses in New York and New Jersey.
Mike Bloomfield
Small business owners still don’t understand that hacking is a money-making business, no matter the size of the business, Bloomfield said. Hackers are blatantly stealing information and keylogging and harvesting credentials everywhere they can.
Gone are the days of launching viruses in the wild “to annoy someone,’’ he added. Supply chain cyberattacks in particular, have become so lucrative and hackers are keeping up with the new methods of infiltrating a company’s network. “Their sole purpose is making money. They go where the money is,” Bloomfield said.
“What worries me is the small business owner that doesn’t understand that and is willing to take the risk,’’ he said. “Not only is that risk putting their business in jeopardy, but it’s putting all the data that they have on their clients in jeopardy.”
So much data is on the dark web because there’s a company somewhere that didn’t protect their data, Bloomfield shared.
He pointed out that the Federal Trade Commission (FTC) issued a new safeguard requirement to hold business owners responsible even with prison sentences if they don’t implement the proper cybersecurity procedures, including reporting certain data breaches and other security events, Bloomfield said. Only then does it become “a different conversation” with business owners, he said.
Yet, there are also companies that do their due diligence with robust security programs, “but sometimes, the hackers are just better,’’ he noted. “When there’s a will, there’s a way.”
Practical Advice for MSPs
- Educate SMB Clients on the Business of Cybercrime
- Regularly communicate the risks with real-world examples, showing how SMBs have been compromised due to lax security.
- Different techniques work with different customers: charts, statistics, news stories, etc. Get to know them on a human level first so you can speak their language in a persuasive way.
- Dark web scanning tools can demonstrate that a prospect or client’s credentials have already been compromised.
- Leverage Compliance to Drive Security Conversation
- Frame cybersecurity as a compliance requirement, not just an IT best practice.
- Help SMBs understand that not securing data can now lead to legal consequences.
- Make Your Tech Stack Non-Negotiable
- Many MSPs let clients dictate what tools they use, but this weakens security and increases inefficiencies. Standardize your security stack and make it mandatory for all clients.
- Build Relationships, Not Just Marketing Campaigns
- Expensive advertising isn’t as effective as networking and relationship-building.
- Focus on local networking groups, industry events, and referrals to grow your business organically.
AI’s Role In Cybersecurity
AI “in the right hands is an amazing tool,” Bloomfield said. The technology can play a significant role in making MSPs more efficient because it helps them analyze data, he said. In the wrong, hands, “it’s scary.”
Bloomfield uses AI for branding, generating content ideas, marketing his cybersecurity services. Bloomfield also highlighted how artificial intelligence can improve an organization’s security posture. He frequently demonstrates for clients how AI can identify phishing emails far faster than a help desk technician. Additionally, AI can analyze logging attempts, detect anomalies, and alert the right IT professionals if an attempted breach is in progress.
Advice For Growing Your MSP Business
Building your business is about building relationships, Bloomfield said. “Putting up a billboard isn’t going to give me a single client.”
If you’re a small, one-person MSP, Bloomfield recommends that you hire quickly but deliberately. “How can you sell if you’re in the weeds yourself, working through client issues?” Bloomfield mused. That new employee should be someone who “complements what you do, so you’re able to focus on what you do best.” Also, let them do what they do best, he said.
From there, he said, “Stop letting the clients control the stack.” Clients are not hiring MSPs to just sell them services, he said. “They’re hiring us to solve the problem. So solve that problem by creating your stack, sticking with your stack, and making that mandatory.”
Jonathan Browning contributed to this article.
Featured image: iStock
