Lifecycle Insights and Breach Secure Now recently released an integration to allow mutual MSP partners to better consult with their clients around human cybersecurity. Read the conversation between Art Gross of BSN and Alex Farling of Lifecycle Insights around addressing the human security element in a business review. Then check out how the integration makes the client conversation easy.
Marnie Stockman: Welcome to the Better Together webinar. I am Marnie Stockman, CEO at Lifecycle Insights and we are very excited to chat today with our guest, Art Gross, from Breach Secure Now about the integration that both of our companies have been working to deliver.
Art Gross: All right Marnie, thank you. I am Art Gross and am the CEO of Breach Secure Now. Breach Secure Now is a channel only white label human security platform. We have about 2000 partners, about 10,000 clients, and about half a million users on our platform so we’re definitely all about being MSP friendly. I also run an MSP so I’m very knowledgeable in the MSP market and we’re excited to be here.
Marnie Stockman: Alex how about you will you introduce yourself.
Alex Farling: My name is Alex Farling and I came out of the MSP community kind of like Art. I ran an MSP for 16 and a half years. In fact, we founded Lifecycle Insights while I was still at the MSP and the plan was for me to continue running the MSP but Lifecycle Insights turned into kind of a boom. I came over here and sold the MSP about a year and a half ago so I’ve been doing Lifecycle Insights non-stop. The reason we built it was really to solve for some problems I had in my MSP. We had a lot of data scattered across multiple systems. We had no real good way to pull all that data together to put it in a presentable and actionable format that we could take to a customer in a strategic business review or any kind of a customer facing meeting.
We actually used Breach Secure Now at my MSP so I’m familiar and have lived in both sides of the business. We actually used HIPAA Secure Now, which was how we were introduced to the Secure Now team… so that’s that’s kind of my background, where I come from, and now I’m the the guy that helps all of our MSP partners roll out the Lifecycle Insights platform and start making money with it in their in their MSP.
Art Gross: …and you know in running an MSP, QBRs are so important but they’re really not easy right and that’s one of the things I love about Lifecycle Insights. It is pulling that data because you know all that prep work it used to take pulling data together. I just love what you guys are doing at Lifecycle Insights, so I’m thrilled to be here.
Marnie Stockman: Alex we’d love to hear some of your stories around the struggle of having that conversation around cyber security as an MSP?
Alex Farling: Well I think every MSP has their own story right? But each of us approaches it a little bit differently and each of us also has a customer who approaches it differently. We’ve gone everywhere from the customer who says “I want to know everything anyone does on my computer anytime they’re there I want spyware software installed so I know everything.”
And then there’s other folks who will say, “That’s not me. Let them do what they’re going to do and you(the MSP) keep the bad stuff out, but kind of let’s play hands off and not be the hyper authoritarian and even to the point where you have companies who say I don’t want to do phishing and and that kind of stuff because I feel like it’s it’s malicious to my people and it makes them think I don’t trust them.”
So there’s all this I would say misunderstanding by MSP’s customers that they have to overcome to help people realize phishing isn’t about catching your employee doing something bad and wrong it’s about education and this is how we score whether or not our education works. If users are still clicking the links the education’s not working and we’ve got to try something different! I think just the entire conversation around cyber security and especially around employee security awareness training and employee training and phishing and these kind of thing boils down to making sure that our customer understands the piece of information we’re trying to present to them simply is about knowing that you have a mature workforce who is aware of modern threats and and can keep you protected because second to misconfigurations people clicking on stuff that they shouldn’t is probably the number one reason for breaches. Art, I suspect you’re going to say a close second it may be number one, I don’t know.
Art Gross: Yep, there are some clients who are really worried. They’ll come to the MSP and say “I’m really worried – protect us” and there’s lots of clients who say, “I don’t really care, I’m too small they’re not going to focus on me. We don’t have any risk” and the truth is all businesses are at risk and the key to selling managed services I believe, managed services and managed security, is showing that risk. As we all know and everyone on this call knows that humans are the biggest cause of breaches. They make mistakes right. We’re all human. We make mistakes and being able to show the human element of security that, yes, you have employees and they could be weak; they could fall for a phishing scam. They could fall for a business email compromise. They could fall for a tech scam and give access to their computer so you know it’s really important to focus on those humans and that is the easiest way to show vulnerabilities. So if you know that the majority of breaches are caused by human mistakes it’s great to focus on the humans… the employees, and employers and business owners. It’s not too far-fetched, as anyone who has employees knows that employees make mistakes. They say the wrong thing to employees. They say the wrong thing to customers. They come in late. It isn’t too hard to connect the dots between employees making mistakes and employees causing data breaches, which is why you need to focus on those employees. That’s what excites me about being able to talk through the human element of cyber security.
Alex Farling: Well it’s funny that you mentioned falling for the tech support scam because I’m thinking back to a specific client I had at my MSP. They gave us our biggest pushback when I said, “we need to do anti-phishing training and we need to simulate phishing attacks.” It made this particular customer think “my employees will think that I don’t trust them” and they pushed back – they really didn’t want to undertake security awareness training.
Fast forward a few months and I’m sitting in my office one day… and my office was literally through a door around the corner from the helpdesk bullpen. I could hear everything that went on in there and at this particular point I hear a ruckus erupt… so I walk around the corner and one of my very outspoken senior engineers is just losing her mind. I just remember her saying, “this person calls me every day for something stupid and yet when somebody called her and said they were from Microsoft she let them on her computer instead of calling me first! I know the sound of her voice. I know about her children I know she likes chocolate chip cookies over peanut butter and yet she let somebody log into the computer because she didn’t want to pick up the phone and call me first!”
My team talked to this lady all the time and it was a really eye-opening moment for me that we’ve got to get this training right. It’s a tough conversation because this same customer picked up the phone and I said “hey someone didn’t complete their security training”, this same customer would have responded, “Yeah they’re busy, I don’t really care” [click] and hung up on me and moved on. Those were really difficult conversations to have. You call your point of contact to talk about it; you’re taking them away from what they’re doing that relates to their job. They’re trying to execute on their deliverables – not worry about yours, so you feel like you’re interrupting them all the time.
In the end, what I learned was that I could move the needle further with my customers by having this conversation when I had the leadership team in the room.
Hear the rest of the story about how to have that leadership conversation in a business review here.