How to Protect Your Business When Clients Ignore Security Advice

You tell your client they need MFA. Or a backup solution. Or endpoint protection. But they say no. What now?

As a service provider or technology consultant, you might feel stuck: you gave the right advice, but they refused it. If something goes wrong, will you still be blamed?

Why It Matters

Security breaches are rising. So are lawsuits. If a client rejects a critical recommendation and it leads to data loss, they may still point the finger at you.

Without the right contract language, they might even have a case.

What Not to Do

It might seem like a good idea to ask the client to sign a waiver or special document. But according to attorney Julie Machal-Fulks, that can backfire.

“Don’t ask them to sign a separate waiver. Instead, document the declined protection in the quote or ABR. That’s enough to protect you legally, and it avoids triggering red flags.”

What To Do Instead

Use your contract and sales process to capture declined protections in a professional, consistent way:

  • Include a clause in your MSA stating that clients are responsible for choosing to accept or reject recommendations.
  • If they decline MFA or backups, note it clearly in the quote, proposal, or ABR.
  • Use attorney-approved language to show the client made an informed choice.

How Monjur Helps

Monjur Pilot bakes this approach directly into your contracts:

  • Language that shifts responsibility when clients reject key protections.
  • Templates that reflect current cybersecurity standards.
  • AI Legal Assistants that help you track declined protections and flag risk during renewals or changes.

Bottom Line

If they say no to MFA, your system should say: we advised it, they declined, and here’s the record.

Found this useful?
Share it with another MSP founder.
Rob Scott
About the author

Rob Scott

CEO & Co-Founder, Attorney

Attorney with 25+ years of MSP legal experience. Co-Founder of Scott & Scott, LLP and Monjur. Has overseen contracting for 1,000+ MSPs.

Rob Scott is an attorney with more than 25 years of experience in MSP and technology law, and the co-founder of both Scott & Scott, LLP and Monjur. He has overseen customer contracting for more than 1,000 managed service providers and built Monjur to bring attorney-supervised contract intelligence to the MSP industry.

Licensed in Texas since 1999, Rob earned his J.D. from the Maurice A. Deane School of Law at Hofstra University and his B.A. in Economics and Philosophy from Austin College. His practice focuses on software licensing, software audit defense, data privacy, and vendor risk, representing MSPs and enterprise clients in transactions and disputes with major software publishers.

Stop worrying about contracts

Attorney-supervised contract intelligence for MSPs.

We write and update your client contracts, and protect your business, so you don't have to.

See Monjur Pilot in your own MSA.

No slide deck. We'll pull up your actual contract and show you what Pilot would flag.

Schedule 20-minute demo →
1,000+ MSPs · 25+ years of MSP legal