A VAR asked me for some advice on how he could convince more of his clients to invest in improving their data security. He said that he was getting the brush-off by the majority of his clients even though he was convinced that their security had serious deficiencies. He kept on working the objection-handling route and still he did not close more deals. I told him that it seems like he is doing everything right, but I really did not know why he was not closing more deals. Over the following weeks, I kept on thinking why do some people refuse to invest in things that can impact their business on such a critical level? To me it was not a nice-to-have, but a must-have. Looking for answers, I started to ask other VARs and MSPs for their advice. Here are some of my findings that I hope may help you.
First, I am no IT security expert but I do understand the process of selling IT solutions. As such, I will not talk about the actual IT solutions, but rather the sales aspects.
It seems like most VARs and MSPs have spent a lot of effort in trying to convince their clients in a similar way to beef up their security. They too got mixed results. Some had clever ways to continually prospect their clients. One tagged all of their clients who were not on their full IT security program and would simply send an alert message to them highlighting every major public security breech as it happens. Each time, it pushed a few more clients to take action.
In general, it seems like securing a company’s data only became urgent when there was an actual data breech that caused the business significant harm. They simply waited for the heart attack to happen. Procrastination is a natural human characteristic and very difficult to change. On top of this, you just don’t know what you don’t know and so, you don’t really care. This may be the simple explanation as to why these clients are not buying more IT Security improvements.
Changing the conversation towards risks and monthly payment plans seems to help close more deals. Using reports to help the client quantify the risks to their business is a big factor (especially for management as they need to understand that it’s a significant risk to their business and not just another technology issue). With more comprehensive reports and assessments, successful VARs were able to gain more attention from the client.
Another VAR told me that when they are not getting any results, they would send the client a letter or e-mail stating that they have informed them of the potential security risks to their business and they are “indemnifying” themselves for any liability that may result from any security breech in the future. It is like kicking up the fear factor a notch by connecting the legal liability dots for the client. Sometimes they try to get the client to sign a document that says that they acknowledge the matter. I would be careful using this tactic because it could backfire.
Another MSP told me that his message to his clients is simple. “There are some things that can save your company money or improve productivity. Then there are other things that will save your company from shutting down. IT Security is for the latter.”
Most told me that all of their clients do understand that their data is at risk of being hacked and they already have some level of data security protection in place. The problem is that the security protection is not adequate. Many clients felt somewhat safe because they had some basic protection. They also said that additional cost to fix the problem combined with the lack of understanding of the risks, were significant factors for their clients’ procrastination. However, when there was an actual breech that affected their company, they were ready to drop everything to do whatever it takes to fix the problem, regardless of cost. Funding seems to be available so making the investment a priority, is the catalysis.
I heard a comment by a security expert: “there are two kinds of companies out there…those who know they have had a security breech and those who had a security breech, but does not know it”. This may be another good comment for VARs and MSPs to socialize amongst their clients to keep up the awareness.
At a Ted Talks seminar, I saw a security expert log into the hotel’s TV network and take control of what a random guest did with their TV, in another room. I saw him track the movement of someone at a conference using Bluetooth. I saw him extract credit card information with a simple touch. I saw him open a door lock with an uncut key and a hammer! It is like we are living in a World with a false sense of security. It seems like the only thing keeping us from falling apart is the “belief” that we are secure. Maybe this belief is what VARs and MSPs need to change for their clients.
The smart VARs and MSPs dug into their IT Security vendors’ resources to leverage a ton of supporting data and white papers on the subject. Showcasing some of this information on their web sites and presentations helped in their marketing and sales activities. Continually feeding bits of information on their e-newsletters and social media networks also closed deals. The key is to never stop talking about IT Security risks with your clients.
Here is another resource that VARs and MSPs can leverage. This company tracks all sorts of security breeches by country and types. They also have a lot of info graphics to make it easier to understand.
IT Security is a moving target. What’s best practice today can easily change tomorrow! The successful VARs and MSPs told me that they were investing significantly to keep up to date on IT security solutions. They are adding more certifications to their team. Some said that partnering up with an IT security expert was better for them. They preferred the partnership strategy instead of building their own in-house IT security skills. If you are not up to speed or do not want to make the investment, then this is a great alternative.
Keep in mind that getting the end-user to buy your IT security solution is just the beginning. If the client is investing in you to provide the protection, then you must be responsible to get the job done properly and well maintained. I will also caution VARs and MSPs that they should review their agreements and SLA with their clients to ensure that they are not increasing their liability risks when selling data security protection to their clients (maybe a good time to also beef up your liability insurance?)
The great news for VARs and MSPs is that eventually, every company will have to invest more to fix this security problem. From a VAR and MSP perspective the game should be “pay me now or pay me a lot more later”. I think if IT Security was sold in a similar way as business insurance, it may help to close more deals. A recurring contract that outlines what is protected and what is not. As with insurance, if you want more protection, you need to pay more.
Julian LeeHere are 10 ways in which VAR Office Suite helps VARs, MSPs and ITSPs to sell more IT solutions:
1. When you ask us for advice, we consult the most successful companies for answers and we share them with you on VARCoach.com and our VARCoach LinkedIn Group – subscribe for free.
2. Top notch coaching to help your sales team do the right job.
3. Digital marketing tools to help you prospect more effectively.
4. Fix your web site to improve your corporate image and content.
5. Improve your social media content to help you build stronger thought-leadership.
6. Recommend the right Service Automation tools to help you manage SLAs, services and billing.
7. Connect you with the right insurance providers to help protect you from liability risks.
8. Improve your current CRM tool to help you to better manage your customer relationships.
9. Connect you with vendors who sell IT Security assessments and solutions that the most successful VARs and MSPs carry.
10. Introduce you to other companies looking to partner at our events.
Explore over 30 ways to help your VAR, MSP or ITSP business at VAR Office Suite.