We’ve said it before…and then again…and again: you need to have an AV cybersecurity strategy. If your business doesn’t have one, you obviously have some holes in your overall company’s security. But consider that a lack of strategy is also terrible for sales.
Having a cybersecurity strategy for your AV firm’s operations isn’t just good for your firm’s cybersecurity — it’s a sales tool.
An IBM report says the average total cost of a data breach worldwide is $3.92M, while the average cost in the United States is $8.19M. That’s a very big financial reason for you to sell not only your AV expertise, but how secure you can make your systems.
Shanna Utgard, a success manager at Defendify, says incorporating cybersecurity into your value proposition is a very powerful differentiator for two main reasons.
“The first is that you respect the information about the client’s environment that you are trusted with in order to work on their network (floorplans, topology and diagrams, IP or MAC addresses, credentials),” she says.
While the other guys ‘set it and forget it,’ you secure what you sell.
“Therefore, you have implemented extensive cybersecurity measures to protect that information and can confidently meet any requirement in RFPs or vendor cybersecurity assessments.”
The other component is that unlike many other competitors, integrators can provide ongoing scanning and monitoring services when their cybersecurity practices are front-and-center.
“While the other guys ‘set it and forget it,’ you secure what you sell. Beginning at the conclusion of a project, you’re going to double-check your work by running scans to ensure default passwords were changed on devices and you didn’t leave any exposures or vulnerabilities on the client’s external network.
“You can also conduct ongoing vulnerability scanning of the devices you installed to identify any patches or security updates.”
AV integration cybersecurity more important now than ever before
There’s this attitude still present in the AV integration industry that customers tend to view a system’s cybersecurity as an afterthought, but the COVID-19 crisis has changed things.
Vince Crisler, founder and CEO at cybersecurity vendor Dark Cubed, says companies are getting more nervous about security and don’t want to work with vendors who don’t visibly care about it.
“AV companies are moving towards integrating IP-based devices, with that driving costs down and introducing new options. But there’s also a lack of security best practices associated with those.
“Whether it’s AV, VoIP, etc. – people are waking up to the fact that these things are not inherently secure. You’re not going to patch or update them unless you need to if you’re in IT — so it’s important integrators get it right the first time.”
Approaching tough cybersecurity conversations
The first question integration business leaders need to ask themselves is whether their customers know much about cybersecurity. Are they sophisticated in their knowledge?
If they are, that’s a tough situation for an integrator.
“If you’re pitching to those customers, you need to reach out to your vendors for support to have those answers, full stop,” Crisler says. “Your vendors better have a good answer — if they don’t, you need to have a thought about who you’re working with.”
On the other hand, some customers don’t have a sophisticated approach. That’s a whole opportunity in itself: stressing what you can do regarding cybersecurity, becoming a trusted partner, and eventually offering it as-a-service if that’s in your scope of ability.
Starting these conversations with education is important. Clients must have a strong understanding of business risks and why digital security is so important.
Your presentation likely revolves around protecting assets and reducing risk rather than details about the specific solutions, and the cybersecurity conversation is almost identical but swaps physical solution names for their digital equivalent.
“The discussion around the technical aspects of cybersecurity can feel intimidating at first,” says Utgard.
“However, the decision makers are also dreading getting lost in a bowl of alphabet soup and technical acronyms, and would prefer to talk about operational impact, revenue loss, reputational damage, downtime, or other business needs.”
Many firms are already having these conversations, but from a different perspective, she says.
Your presentation likely revolves around protecting assets and reducing risk rather than details about the specific solutions, and the cybersecurity conversation is almost identical but swaps physical solution names for their digital equivalent.
Most partners discover it is not as difficult as they think it will be and would probably be much easier than explaining why they installed a device but failed to secure it after.
If you’re selling one of your traditional solutions, you can reassure the customer that you utilize widely accepted cybersecurity frameworks, such as NIST or the Center for Internet Security in assessing your internal cyber posture to ensure you make every effort to protect their sensitive data.
Read Next: 4 Steps for Creating a Cyber Security Strategy for AV Clients
If you’re marketing cybersecurity solutions to your client, the important piece is to explain how you’re employing a defense-in-depth strategy, Utgard says.
“You layer several tools and approaches in an effort to help them reduce their risk to an acceptable level at a reasonable cost.
“You’re going to provide a combination of assessments and planning, user training and technology solutions to identify and mitigate potential threats, but also have a plan in place in case an incident does occur.”
Steps to take right now to profit off your firm’s cybersecurity
The first step towards ensuring AV integration cybersecurity is to conduct an assessment to understand how your cyber hygiene stacks up (Utgard says her company offers one for free).
Here are some more things to consider:
- purchase cybersecurity insurance if you haven’t already
- understand customer base – are they sophisticated or small enough not to afford these capabilities; what are their specific needs?
- have conversations with customers
- figure out your ability to build out these services, ask your ‘Power Partners’ about how they can help
- start small, fail fast, heal quickly – come in with backup solutions
- use a Stolen Password Scanner to check for dark web exposures on your company’s email domain
