You tell your client they need MFA. Or a backup solution. Or endpoint protection. But they say no. What now?
As a service provider or technology consultant, you might feel stuck: you gave the right advice, but they refused it. If something goes wrong, will you still be blamed?
Why It Matters
Security breaches are rising. So are lawsuits. If a client rejects a critical recommendation and it leads to data loss, they may still point the finger at you.
Without the right contract language, they might even have a case.
What Not to Do
It might seem like a good idea to ask the client to sign a waiver or special document. But according to attorney Julie Machal-Fulks, that can backfire.
“Don’t ask them to sign a separate waiver. Instead, document the declined protection in the quote or ABR. That’s enough to protect you legally, and it avoids triggering red flags.”
What To Do Instead
Use your contract and sales process to capture declined protections in a professional, consistent way:
- Include a clause in your MSA stating that clients are responsible for choosing to accept or reject recommendations.
- If they decline MFA or backups, note it clearly in the quote, proposal, or ABR.
- Use attorney-approved language to show the client made an informed choice.
How Monjur Helps
Monjur Pilot bakes this approach directly into your contracts:
- Language that shifts responsibility when clients reject key protections.
- Templates that reflect current cybersecurity standards.
- AI Legal Assistants that help you track declined protections and flag risk during renewals or changes.
Bottom Line
If they say no to MFA, your system should say: we advised it, they declined, and here’s the record.
Rob Scott
CEO, Co-Founder, Attorney
Rob advises technology companies on Cloud and Managed Services, drawing on 25+ years of MSP legal experience. A member of the State Bar of Texas and the MSP Alliance Advisory Board, he founded Monjur to bring attorney-supervised contract intelligence to the MSP industry.
