Archives For data security

boring salesAre You Getting Leads to Talk About Managed IT

…Only to find that what your prospect really wants is a quote – to compare to others.  Price is your only value proposition here, so what do you do?

I was recently working with a small business reseller on the west coast. He had mastered the art of using Google Adwords to attract new business and was getting meetings.

The problem? No sales. His conversion from EDUCATION to SOMETHING was downright frustrating.

So how do you turn a meeting like this into something worth meeting about?

The answer, you need something in your meeting that’s new, exciting, compelling, and urgent. Napoleon Hill, in his book, The Law of Success, tells us that enthusiasm is critical. If you don’t love your value proposition, you’ll probably leave any meeting hungry. But you need more.

While enthusiasm is an essential part of moving people to buy, you also have to understand what they really need. In another section of Hill’s book he shares with us principles of the shirt sales person. The one who presents the shirt he likes assumes the buyer won’t buy a shirt. The seller who understands the real need sells multiple shirts.

But What Does the Small Business Owner Really Need?

Hint; It’s not managed services.

Managed IT offers the client a couple of things, but only one is potentially urgent. And only by identify urgent aspect of that one thing, are you going to differentiate yourself during this sales call. It’s security of course.

There are thousands of choices when it comes to buying basic server and network monitoring. There’s a well known business coach out there telling his clients to find something unique in order to sell more managed IT contracts – he’s right! But what unique thing can you bring to the table, that your buyer really does need, and that really is urgent? It’s security – but not just firewall management. It’s security intelligence – it’s detection/response.

So How Did My Client Start Turning These Deals Around?

Here’s what he did.  First, he learned to present a compelling security message. In his case he simply memorized the message I give in my book, The House & The Cloud.  It’s simple, straight forward, and compelling. As I’ve said before, I still use this message in lunch & learn meetings, and I’m converting more business owners than ever in one single hour with it.

Now, when he would schedule a new prospect meeting from his Adword campaign, he would go in armed with two things. Some basic MSP (Managed Services Provider) materials and his compelling security presentation.

He started his meeting out addressing the reason for their initial call – finding a new managed IT provider. But quickly transitioned to security. It went something like this:

“Here is what we can provide from a managed IT perspective…backup, monitoring, patching, etc…but the truth is, there are hundreds of companies that provide these same services in this city. And it would be hard to figure out who to use – in fact, many of them would do a good job, and prices would be all over the map.  But let’s look at what really matters.”

“Have you considered how secure your data is?”

Using the three questions presented in my book, The House & the Cloud, my client gathered some basic information. All of these companies are moving to the cloud. As they do, their approach to security must chance. And so he asked them.

“What are you trying to protect?”$1 HC Book Ad

“What are your relevant threats?”

“How comfortable are you with your ability to detect something is going wrong, and respond to it before it is too late?”

See The House & Cloud book to get the details on how this conversation should go. But from there, my client showed them a model I use to determine risk – The Impact Vs. Likelihood graph.

“This is what you need before you can make any sort of budgetary or technology decision. Without it you’re flying blind.”

He then spent ten minutes taking them through The House, Cloud and Coverage model – the message presented in my book. The point is, there’s one mistake just about every company has made when it comes to securing data, and this model proves it.

The response from his listeners was obvious. They too have been making this mistake. Their security has no detection/response capability built into it – and only a managed program can provide this to a small business client.

An Assessment Was Offered

The assessment does three things.

First, it puts everyone else (his competition) on hold, while he does his assessment.

Second, he now has face time with every decision maker. With his consulting hat on, he can talk to whoever he wants, because, in their eyes, he is no longer selling.

Third, he is building the justification he needs to sell this deal without budget being a concern. If the need is urgent (and it will be in most cases), the client will respond.

If the client does not convert, either you had the wrong audience, didn’t find the right urgencies (ones they care about – like the shirt seller above), or did not present the urgency in the context of their business.

The last deal my client worked on landed him the largest managed services contract he’s ever signed, worth about $20,000/month.

© 2016, David Stelzl

Advertisements

malwareWhat’s the Likelihood I’ll be Hacked Over the Next 12 Months?

That’s the question every business leader should be asking.

The answer – it’s likely.  Over the past week two of my kids have been hit by fraudsters. Neither ended up paying, but both were initially confused. Had it not been for the constant security awareness training that happens in our home, they might have paid the bill.

It could have been malware, but in this case it was a pop-up.  “Call Our Support Desk Now!  You’ve been infected by malware,” the message read. My 20 year old son had one on his iPad; my 21 year old daughter had one on her company laptop. Both came by inadvertently clicking on a pop-up ad.  In my daughter’s case, she did call the number to see what was up (her system was completely frozen at this point.)  The technician on the line wanted to access her system, which is no longer on any Apple support contract. For $250 he promised to set her up on an annual support agreement and remove the malware on her system.

At that point she called me in to talk with him.  First I asked him how he knew we had malware on this system.  He reported that he had received a message from our system telling him.  I probed further to understand what he was planning to do to fix our computer. His explanations were technical but vague. I asked him about malware, bots, and signs of intrusion.  He wouldn’t tell me specifically what the problem was. So then I started asking about remediation steps. Was this a scan, patch, firmware upgrade, etc. He couldn’t explain. It was clear he didn’t know what he was talking about, but he was adamant that we needed a solution. Finally I said, how do I know you work for Apple. He explained that his firm, BTS, was contracted by Apple for this type of support. I took down his number, thanked him, and called Apple. He was a fraudster.

In my son’s case, he simply called Apple support directly, ignoring the phone number on the screen. It too was fraudulent. Apple gave us the right tools to scan both systems to clear them of any adware or malware. And, using Apple’s chat software, the entire process was free.

Your Client’s Don’t Know Any Better

The problem is, your clients don’t know any better. What are the chances they would call and pay?  They’re working hard, trying to get through their day, and suddenly a message pops up, and like my son’s tablet, the system is locked. Apple walked my son through a hard-reset to get back to functionality. How many of your clients would simply call the number and pay the support fee?  Sure, if they work for IT, they’re probably savvy enough to do the right thing. But what about the countless office workers, especially those working in small businesses without dedicated IT support people?

Fortunately, in our case it was a simple hard-reset. It could have been ransomware, malware installed through a support link, or some destructive virus. The point is, your clients are highly likely to be hit with some sort of fraud scheme, malware, or ransomware in the near future. If all you provide is basic managed services, or possibly firewall support, these attacks will continue, and your client is likely to pay for it. Educating them on this is the first step. But then, every one of your clients really does need someone to monitor, detect, and respond to these types of problems. They will only get worse over time.

© 2015, David Stelzl

In case you missed my recent interview with Marc Haskelson

Here’s a short clip on the difference between security and compliance (Specially HIPAA, but Marc’s answer applies to just about every compliance regulation I can think of – PCI, GLBA, SOX, etc). The gap is big and healthcare companies are paying for their lack of knowledge on this subject! When there’s confusion in the marketplace, there’s also opportunity. You can learn more about how to tap this market right here.  Just click the Compliancy Box.

© 2015, David Stelzl

compliancy group

Adding Security to Managed IT

Security is the most important part of your managed program.

Last Thursday I spoke to resellers in Atlanta, sponsored by Check Point Software.  This all day event included several important updates for resellers on what to consider in your managed program.  Keeping patches up-to-date and backing up data is important, but just about any reseller can do this.

What Small and Medium Size Businesses are Missing is the Ability to Detect Security Issues  

Following my session, was an excellent overview on how Check Point manages security at the end node. Small businesses are not going to stop their people from using their own phones and tablets for work (BYOD).  So how will these companies stop all the mobile device malware coming out?  This is a perfect role for the future SMB MSSP.  Can your company detect when a mobile device has been compromised? Are you able to help your clients make sure unauthorized users are not connecting to their wireless network? What about monitoring their IPS or correlating their events and providing reporting to show attacks you are blocking?  It’s all about intelligence. Helping small businesses (the businesses most targeted by today’s hackers) detect when someone is trying to access their data, and then responding to stop it.

It’s Not Just Technology – Marketing Science I Needed

In my session I showed how resellers should market and sell this. Not all business owners immediately see the need. As an example, the event I did last week in Richmond had over 30 attendees – every attendee (with the exception on one person who left early) signed up for an assessment provided by the hosting reseller. But I can tell you, not all of these attendees thought they had a need when we started the meeting. It was only after they heard the message.

This is the place to start.  These attendees where business level people, interested in keeping their businesses safe and growing. Assuming they are pretty safe, their focus is on profit and growth.

They may not all need more security, but the assessment process we are using is designed to uncover urgent issues such as compromised end nodes. If we don’t find problems, they should just keep checking. But we almost always do.

I spoke with one reseller yesterday who performs several assessments every month. While just about every assessment shows urgent issues, his assessment-to-project conversion is only about 15% (Which is average for our industry). Something is wrong here. If all of the assessments reveal urgent issues, why is the conversion rate so low?  It’s the assessment process. It’s designed to uncover vulnerabilities, but not designed to convert clients.

In my session I reviewed how to move business people from thinking they are fine, to understanding the truth about security. From there, we talked about how to assess and convert, to help businesses take the right actions to keep their data secure. Once things are under control, the MSSP offering should be designed to maintain an acceptable level of risk.

Providing this to your customers will make you one of their most important strategic partners.

© 2015, David Stelzl

P.S. if you’re interested in selling more security, consider the Security Sales Mastery Program – contact us to see if your company is eligible for training sponsored by Check Point Software, or one of several other well known security manufacturers.

9990016123_29d261209d_zHere’s Why Executive Level Prospects Should Attend Your Next Lunch & Learn

And What You Should Be Presenting On

Next week I’ll be speaking in Louisville, KY, at yet another lunch & learn – The question is, do people still attend these? Why should they?  Well, this morning’s WSJ article, Boards Struggle With Cybersecurity, Especially in Health Care, answers the question.  “Board members, [and any C-Level executive] need more education,” writes columnist Kim Nash.

Every company is facing these threats on a daily basis, yet only about 11% of the business leaders claim to really understand data risk.  This data comes from a survey across 1034 directors.  And while healthcare data is some of the most sought after by cybercriminals, the healthcare leadership rank as one of the least educated groups in this study!  On the high ranking side (high-tech companies), only about 31% have a thorough understanding.  In other words, most industry leaders are completely unprepared to make wise decisions when it comes to mitigating risk.

Healthcare Leaders Need More Security Awareness Education

Last year I experienced this misunderstanding as a speaker at a Healthcare conference in Denver. Every security related session I attended focused on compliance. HIPAA is important, but it has little to do with risk.  I started my session by asking the audience to set compliance aside for an hour while we talk security. They seemed surprised by the idea. After my session, several commented that they had no idea what was going on.  Kim Nash quotes Charles W.B. Wardell, III, president and CEO of executive recruiter Witt/Kieffer, stating, “In health care, the need for security knowledge is urgent, …Many [health-care] organizations are conducting risk assessments regarding their information security programs and preparedness and are alarmed at what they’re finding.”  Having personally worked with many security providers who perform these assessments, I can confidently agree – most of them are turning up urgent issues.

Study results presented in this article showed that just about every industry, other than IT, scored 20% or less on having a high degree of knowledge.  More industries reported “Some Knowledge”, but many reported “Little Knowledge”.

When Is Your Next Lunch & Learn? Fall is a Great Time. Now Is The Time To Plan It.

Should you be setting up more security-focused lunch & learns? The answer is, Yes!

However, these groups don’t need product knowledge. They don’t need to hear sales managers, channel managers, or even you local SE talking about products, services, or esoteric technology jargon. What they do need is straight talk on trends, likely threats, big  mistakes being made, and why so many companies are losing the battle. They need intelligence they can use to make wise decisions regarding access to data, policy, hiring decisions, outsourcing decisions, and budget justification.

These are the kinds of things we’ll be addressing next week, and they’re the same things your clients and prospects need to hear. If you get push back on attending, you might want to point them to Kim’s article… (Access it on the WSJ website).

© 2015, David Stelzl

PS. Check out my new Security Website – it’s a work in progress, but here it is.

www.stelzlsecurity.com

Here are some important words from my friend and colleague, author and speaker, John Sileo.  We can stop talking about TJ Max now…The Target Hack was big.  And even though the bank tends to cover the stolen card issues, Target did report significant drops in both sales (6%) and profit –  cutting it’s profit forecast by (20%). How many companies can stand this kind of loss?

It’s interesting that even after this event – Gartner Group’s recent report shows that Information Security has dropped from the #1 CIO concern, down to #8.  This is not a good sign…

 

© 2014, David Stelzl

We’re continuing today in our workshop, switching gears from security trends to  sales and marketing strategy.  How successful are you when it comes to moving up and connecting with decision makers?  Many sales people will have a meeting or two upstairs, but how many are maintaining these strategic relationships.  I have found that maintaining these relationships requires some serious attention to delivering regular value at the executive level.  Being a nice guy only goes so far…

Selling high tech solutions means staying on top of the IT and security trends.  The sales process is changing – sales people that fail to move up to a more strategic level conversation are going to miss the boat.  If you find yourself getting lazy with new trends and technology, because your large accounts are keeping you busy, you just might find yourself without a job down the road.  Don’t let success destroy your future.  A few links on recent trends to get you started…

  • Super cookies : A new stealthier way of collecting browsing history, allowing marketers to build more complete profiles of an individual.  These super cookies are legal, and are not deleted when you delete or deny cookies in your web browser.
  • Electronic Communications Privacy Act – it sounds like you have a right to privacy, but in reality the US Government has the right to secretly obtain information from people’s email and cellphones without a search warrant.
  • Virtualization requires a different approach to security, but also offers some new approaches to end-point protection.  Cisco, VMWare, and others are working on this right now.
  • Federated IT approaches – this may change some of the politics when calling on larger organizations.  Cisco and Microsoft are both doing this – how does this affect your future sales strategy? Will this make companies more secure or less?

© 2012, David Stelzl