How to Protect Your Business When Clients Ignore Security Advice - monjur

You tell your client they need MFA. Or a backup solution. Or endpoint protection. But they say no. What now?

As a service provider or technology consultant, you might feel stuck: you gave the right advice, but they refused it. If something goes wrong, will you still be blamed?

Why It Matters

Security breaches are rising. So are lawsuits. If a client rejects a critical recommendation and it leads to data loss, they may still point the finger at you.

Without the right contract language, they might even have a case.

What Not to Do

It might seem like a good idea to ask the client to sign a waiver or special document. But according to attorney Julie Machal-Fulks, that can backfire.

“Don’t ask them to sign a separate waiver. Instead, document the declined protection in the quote or ABR. That’s enough to protect you legally, and it avoids triggering red flags.”

What To Do Instead

Use your contract and sales process to capture declined protections in a professional, consistent way:

Include a clause in your MSA stating that clients are responsible for choosing to accept or reject recommendations.
If they decline MFA or backups, note it clearly in the quote, proposal, or ABR.
Use attorney-approved language to show the client made an informed choice.

How Monjur Helps

Monjur Pilot bakes this approach directly into your contracts:

Language that shifts responsibility when clients reject key protections.
Templates that reflect current cybersecurity standards.
AI Legal Assistants that help you track declined protections and flag risk during renewals or changes.

Bottom Line

If they say no to MFA, your system should say: we advised it, they declined, and here’s the record.