The devastating impact of ransomware, hacking, spyware and the myriad of other online attacks that can access the corporate network via an unpatched vulnerability are well known: lost revenue, a decline in productivity and even damage to your business’ reputation.
While SMBs are usually aware of the dangers of not patching, their methods are often outdated, with many businesses only patching on an ad-hoc basis, and doing so manually, meaning that time and resources are wasted with each manual installation.
On average, it takes two hours to manually update a single system. Say the SMB has 100 computers within its organisations – the IT team will be spending 200 hours a month on commonplace, easy to outsource, tasks. It is up to the MSP to educate SMBs on how they can help streamline and error proof these processes, thus leaving the IT administrator far more capacity to add real value to the business.
I’ve been tackling the issue of how best to promote the benefits of patch management for some time now, so here are my thoughts on how MSPs should approach the subject of outsourcing patch management, how to secure the contract and, most importantly, how to upsell patch management, making for a mutually beneficial business partnership:
My method works, why should I invest in managed patching?
SMBs are often limited in terms of resource and finance. While they are often aware of the time it takes to patch a damaged system, the ad-hoc repairs often seem less impacting than the upfront financial cost and investment time required when negotiating and implementing an outsourced patch management system.
Unfortunately, the reality is that exploits move quickly and are able to progress through the company network in just a few minutes. No matter what anti-virus software is being used, or how skilled the technicians tackling the situation, by making manual system updates, the chances of being able to react before an infection takes hold are slim. It is the responsibility of the MSP to flag these concerns for the SMB and educate them on the possible risks they are exposing themselves to by relying on outdated methods.
By highlighting the benefits of working with a reliable, trusted MSP to deliver an outsourced patch management strategy, the SMB is far more likely to consider the long-term benefits of outsourcing such tasks, particularly when offered at a price point they can afford.
How to seal the deal
Once interest is secured, the MSP must work hard to get the SMB to sign on the dotted line. Of course the overarching benefit of patch management is clear: a fully managed solution that offers peace of mind and assures the SMB that the corporate network is protected and that devices are secure. While this alone is a huge selling factor, the savvy MSP will flag the additional benefits that outsourcing can offer. By freeing up the hours of manpower that manual patching requires, the IT team is available to address the day to day IT issues that arise, which are often neglected when the team is manually attempting to manage an attack. Similarly, a smart MSP will offer a fixed monthly fee; meaning that the SMB will no longer be faced with large overtime bills when a system requires patching and the IT team is forced to work out of hours.
So what is in it for me, the MSP?
The issue for many MSPs is that patch management is not particularly profitable as a standalone service. Ultimately, the decision to offer an SMB client a contract based on the use of just one service comes down to trusting that there will be a return on the initial, upfront investment. Nine times out of ten, the SMB won’t realise just how streamlining and beneficial outsourcing can be until they begin working with the MSP. Once the wider benefits have been recognised, the SMB will look to invest in additional tools, continually adding to their contract and increasing the amount they are paying the MSP month on month.