The FTC Safeguards rule is NOT a fad. It is here to stay and if you aren’t thinking about how you can help your clients adjust to the requirements, you will be blamed if something isn’t right. These requirements are NOT just for banks. They WILL impact you and your clients.
I want the Safeguards rule to be a big opportunity this quarter. This is a huge opportunity to get them to invest in your 2023 stack, do the right thing when it comes to protecting their client data and a major way for you to grow your MRR quickly.
Why the FTC Safeguards Rule?
The FTC was formed in response to the Great Depression to prevent another Earth-shattering stock market crash. Between then and now, we split the atom, went to the moon, and creating the internet. In our modern world, there are many data security risks than were ever imagined even 20 years ago when Congress passed the Gramm Leach Biley Act (based on 1999 technology). Now they are redefining who needs to take data security seriously and the rules of the road to protecting that data.
FTC EXPANDED who the rule applies to, including a large swath of MSP clients in the SMB marketplace.
My question to you: how can you use this requirement to drive security and managed services sales? AND how can you use these new rules to sell security to clients and prospects even if they aren’t covered by FTC (There is a way… and it is extremely easy).
And even more, how can you make sure you have an offering to make sure your clients won’t look somewhere else for guidance on FTC Safeguards oversight?
One of the requirements of FTC Safeguards is having a “Qualified individual” who will be overseeing their security program.
This does NOT simply mean someone that checks off that they have tools set up. This is someone overseeing a complete security program. Security programs are far more involved than simply tools. These programs oversee the gamut of security. Think about policies, people, technology, and processes. Wholistically managing their security risks. Across their entire organization.
Are you capable of doing this right now?
Most MSPs do have pieces of this puzzle figured out. But most are NOT piecing an offering together that will satisfy FTC requirements.
I have personally seen compliance as a service companies come in and take over very good clients within MSP ecosystems. If you aren’t offering a solution, you can bet that someone will go in on top of you and start eating your lunch. They will start by pointing every single problem out in the environment. They then will come in with solutions that are not yours. And by the time they’re done, your service offerings to that client will be diminished so much that that “very good client” will no longer even be profitable. They no longer will follow your streamlined and honed in processes. And your client will start to distrust your opinions.
Your solution is vCSO.
You have invested in your clients. You have established trust within their ranks. Why not start leading them with a complete security program?
Today, your best clients—the ones with environments of 50 users or more. The ones that value their data security and data assets. The ones that are interested in investing in your cyber stack. These are clients you want to keep and these are the ones to start leading with a security program.
They don’t have compliance needs?
That doesn’t matter. If they don’t want to be a statistic—they will want to invest in a program that addresses their risks. If they are worried about their reputation, they equally will want this.
If they DO have FTC compliance pressures OR they have some other compliance?
These clients will be looking for this kind of thought leadership going forward.
My question to you: will you give your relationship away to someone else?
If you want to give security leadership to someone else, that’s fine. But realize that you will be giving away your relationship as well. Security is about trust. If you are engaged with their leadership and actively planning with the team to address their risks and shore up their processes, you will be their ultimate trusted partner above all.
If you relinquish this to someone else, they will be in this seat. And if something happens—even something entirely outside of your control—you will be on the chopping block as a commodity.
I know you are qualified to be their security leader.
You have the experience—you are FAR more qualified than a 9-5 CSO. You have worked in tons of environments, are exposed to a gamut of tools (and even if you aren’t yet, Galactic Partners have hundreds of hours of training and experience behind them with the Galactic team). I am 100% sure you will be a better leader as vCSO than most options your clients have right now. NOW is your opportunity to make sure your FTC Safeguards clients are secure. And more importantly, that your clients eliminate the security risks in their environments.
Want to get started with your vCSO program? Here is a framework that will help: https://www.vcsoaccelerate.com/
