Compliance: The More You Know, The More You Earn

Getting up to speed on state and federal regulations isn’t as hard as it seems, and the payoff for you and your clients is huge.

TRUE STORY: COMPLIANCE helped me sell $50,000 in firewalls in less than two minutes to people who didn’t understand what a firewall does.

My client was a school district that needed to upgrade its firewalls. The district had received over $1 million in E-rate discounts for telecommunications and internet access after an exhaustive application process. A requirement of the E-rate program is compliance with the Children’s Internet Protection Act, which prohibits schools from allowing students to access pornography and other harmful websites.

The cost of the firewalls was just under $50,000, and the CFO told me the request had to wait until the next year’s funding cycle. I got his approval to make a special funding request at the next school board meeting. He said money was tight and he was sure the board would put off the purchase.

At the public board meeting, I walked up to the podium with the firewall specs in hand. I had the model numbers and the individual prices and all the features, including throughput, number of simultaneous VPN connections, security features, and more. Everything anyone would want to know about a firewall.

I was ready.

Then I looked at the school board members. One was a retired policeman. Another was a hairdresser. The president of the board worked in her husband’s insurance agency. None had any technical knowledge.

I put down my papers, looked them each in the eye, and asked, “Do you remember how hard everyone worked to get the million dollars in E-rate discounts?”

They all nodded their heads.

I said, “The good news is that to keep the million dollars in government funding, you just need to buy $50,000 in firewalls.”

The school board immediately voted to buy the firewalls. Because of the compliance requirements tied to their E-rate funding, the board realized it had no choice. The CFO was stunned. After the meeting a board member asked me what a firewall was.

Worth the Investment

The moral of the story? If you want to sell more cybersecurity services, at premium prices to affluent clients, learn more about compliance.

My definition of “compliance” is simple: having to do something required by someone else. In life, compliance means crossing at crosswalks, stopping at stop signs, and having your car inspected.  In business, compliance means implementing security controls required by regulations such as HIPAA and PCI DSS. It means understanding your state data breach laws, cybersecurity-related ethics rules (if you want to sell to lawyers), and cyber-insurance policies.

Adding compliance to your toolkit doesn’t carry many more risks than what you already have. Learning the regulations isn’t as hard as it seems, and the payoff can be huge. I know, because compliance is how I redefined my MSP business and eventually began a new career as a consultant.

Be mindful that you can’t just bolt on compliance to a security program, however. It has to be considered from the beginning.

Imagine you are allergic to gluten. Can you bake a cake using wheat-based flour, and then just add gluten-free frosting to make the cake compliant with your allergy? Of course not. Should you build a commercial building without properly installing the rebar in the concrete, and then fix it later? Nope. (Check out this Las Vegas hotel example(link is external) to see what that mistake cost.)

The same goes for your MSP practice. Selling security services plus a “Compliance-Made-Easy” online service that comes with a gimmicky seal of approval does not make a client compliant. Only by understanding more about compliance requirements will you be able to build it into your recurring security services and deliver them ready-to-go.

It takes some knowledge, but it’s worth it.