Are you ready for June 9th?

Are you aware that on June 9th one of the largest opportunities of the decade is going to fall into your lap?  Are you ready for it?

June 9th is when the expanded FTC rules take effect and this means that many MSP clients will be in the SMB marketplace looking for leadership. They’re going to need answers because the new rules are impacting more organizations, even ones that were previously not included.

If you don’t tell your clients, somebody else will.

There’s going to be people lined up to tell YOUR clients what’s happening, including

  • Their insurance provider. We all know that insurance providers are redirecting their clients for managed security opportunities. This issue is become a revenue killer for MSPs.
  • Their clients. If their clients need to comply with FTC Safeguards, they will hear about it sooner than later. As the effective date nears, you better believe that their clients will start asking about what they are doing to comply with the new FTC requirements.
  • Their employees. Specific roles within their organization probably have already heard about FTC Safeguards. Think leadership positions, Finance, Accounting, or anyone in compliance. These people may be asking questions about what is currently in place OR they may be assuming you are completely covering their compliance already.

Along with changes in who falls under the FTC rules, there’s also a requirement that organizations have a “qualified individual” who will be overseeing the security program. This is a need that you can fill perfectly.  It’s time to introduce your clients to a vCSO offering.

Your clients are going to need someone who can oversee their security program.  Is that someone going to be you?

Here’s the thing.  To be secure and to meet the requirements of the new safeguards, your clients need someone wholistically managing their security risks.  This goes way beyond simply having the tools and it goes across their entire organization.

Your clients need a complete security program.  For them it means less headache and more success.  For you it means increasing income without adding a single support ticket.



Your solution is vCSO.

You have invested in your clients. You have established trust within their ranks. Why not start leading them with a complete security program?

Your first step is to talk to them before someone else does.  If they hear it from another source, they may wrongly be assuming you’re already doing this for them or worse yet, they might think you’ve dropped the ball because you haven’t addressed this with them.

Here’s the exciting part for you: this represents an opportunity

We’ve seen partners sell CSO services and get base-bottom clients to invest in complete security stacks, simply by linking their existing risks to FTC Safeguards.

Want some actual evidence?

One MSP convinced an accounting firm previously investing in basic security to go full gamut with a complete advanced security stack and CSO engagement.

This accounting firm they knew they had FTC Safeguards requirements coming. When the MSP asked if they wanted to set up a time to talk about what the FTC Safeguards meant, they agreed.

Even though they were reluctant to invest in more security services, they wanted to know what it would take to close any gaps with the new requirements.

A very successful meeting all started with a conversation about risks, the Galactic risk assessment, and gaps in security.  The MSP owner got the firm to agree to a third-party penetration test to see if there were any gaps. A few clicks and 20 minutes later and the assessment was done.

The MSP owner educated the client about third-party assessments and how several areas of concern on the third-party report were directly linked to the new FTC requirements. He then showed the firm how FTC safeguards and how the safeguards would address findings in the penetration test AND that these requirements were needed going forward.

This MSP ended up closing a COMPLETE advanced security stack AND vCSO engagement, amounting to over 10K in new MRR, over $500 per user.

The Take Away

If you have a client who isn’t investing in your advanced security stack, FTC Safeguards is a good way in.

Here is the strategy that worked for this partner above AND for dozens of others who have started taking advantage of the FTC requirements:

STEP 1: Set up a virtual meet to talk about risk

STEP 2: During the meeting, have each decision maker click a link or have them share the link with a few people they worry about on their team. This is a third-party penetration test.

STEP3: Read out the results. Each of the findings in the report can be easily linked back to FTC Safeguards.

STEP 4: Explain how your solution can help—here is where you need to explain that simply having security tools will not close their security gap. They need someone leading their security program, this is exactly where your vCSO offering will come in.

How can you get started?

You can see the vCSO sales process in action with a free cyber stack assessment.