Before the COVID-19 pandemic began, 43 percent of all cyberattacks targeted small and mid-sized businesses (SMBs) last year alone. And as it continues, security experts generally agree that SMBs are at greater risk for cyberattacks and incidents.
According to an Alliant Cybersecurity report, 22 percent say they transitioned to remote work “without a clear policy to mitigate or prevent cybersecurity threats and attacks.” More broadly, SMBs are vulnerable because they’re simply less resourced than enterprise companies at every turn, with limited budget, overburdened staff and little in-house expertise. And when employees were sent home in March as a result of COVID-19, they had to make do with their current technology or with what their employers could easily buy online or at retail outlets.
Managed IT services offer a huge benefit to these businesses because they can close these glaring security gaps as part of a larger suite of end-to-end IT capabilities. From a security standpoint, moving to a managed model eliminates vulnerabilities, frees up internal resources and hedges against the possibility of an expensive—even catastrophic—cybersecurity incident. That’s partly why, according to our new Future of Work research, 62 percent of businesses with roughly 500–1,000 employees indicated they would invest in remote IT support as a result of the pandemic.
Resellers and dealers are rightly seeing opportunity to make a difference—and bring in revenue—with managed IT services that address this emerging customer demand. But not all managed IT service solutions, nor those selling them, are created equal. Here’s how to think about using cybersecurity to stand out in a crowded field.
Know the Security Landscape
Today, threats stem from multiple sources, including cyberattacks, data leaks, employee mistakes and employee-owned devices. Anything with an endpoint on a company network, from a PC to printers to servers and routers, is vulnerable. As we look at how this landscape affects our industry, research from Quocirca in 2019 makes it clear we have an opportunity to do more.
- 60 percent of organizations have reported a print-related data loss incident,
- Two-thirds consider print to be an IT risk.
Understand Your Customer and Industry Segment
It is obvious to say customer intimacy and industry knowledge are critical to developing a managed IT services model that’s smart on security. Yet these very simple fundamentals are all too often overlooked by teams eager to make quick sales and move on.
That’s unfortunate, because it means closing the door to lucrative verticals, which often have unique requirements and considerations. In health care, for example, patient privacy is paramount and governed strictly by HIPAA. For public sector clients at the federal level, achieving FedRAMP certification is required for doing business using cloud infrastructure. In fact, Xerox is the only print provider with FedRAMP-certified, cloud-based managed print services. Knowing the specifics unique to a vertical increase the odds of not just landing business, but retaining it for the long haul.
Zooming out from a vertical-specific outlook, even simple compliance with local or broader regulations (e.g., GDPR; California’s SB-327, which bans default passwords like “admin”; or Common Criteria Certification) reinforces credibility with customers and ensures a faster path to closing a deal.
Finally, the NIST cybersecurity framework (identify, protect, detect, respond and recover) is a powerful way to round out a complete and comprehensive security solution for the customer. This is how we at Xerox approach total security solutions; we find that consistently adhering to this model is a differentiator.
Security Is a Team Approach
No one company can provide a complete security package—at least, not one that meets or exceeds its promise. Done correctly, this is a team effort. Does the vendor you’re considering have that depth of talent to create a truly comprehensive solution? At Xerox, we’ve intentionally built a layered managed IT solution that incorporates recognized industry leaders for certain components. For example, we partner with McAfee for embedded whitelisting of firmware, with Cisco ISE for secure network access, and with SIEM providers such as LogRhythm, Splunk and McAfee for integrations.
In any evaluation process, resellers and dealers should look at each element of the vendor solution and see who they’ve partnered with. How do they stack up against the industry’s best? Do they meet, exceed or even set industry standards? What advantages do they bring to intended customer targets? The best vendors are purposeful in building security into all solutions they offer from the ground up.
Cybersecurity Must Now Be Central to Every Customer Conversation
Security is integral to any sale today. A reseller or dealer salesforce must be able to credibly integrate cybersecurity from the first conversation with a prospective customer. Use turnkey materials and resources direct from primary vendors to train sales teams quickly and easily on cybersecurity differentiators.
As we move forward in a pandemic—and eventually, a post-pandemic—business landscape, SMBs will need managed IT services more than ever. A complete end-to-end model of remote monitoring and management, cloud services, and cybersecurity frees them to focus on the strategic and operational elements they do best. But it’s the security component that will be most interesting as more of this target market begins to understand that the risk to operations, reputation, and client information is real, and can be solved more easily and cost effectively than previously imagined simply by engaging outside expertise.