This MSP Got Sued For What?? Avoid This High-Stakes Gamble

cybersecurity lawsuits managed service providers Mar 25, 2024

Originally published in MSP SUCCESS magazine. 

By Mike Semel, Complianceologist. 

 

Would you take everything you own, cash it out, go to a Vegas roulette table, and put it all on red?

As an entrepreneur MSP, you’re a risk taker.

C’mon. What could possibly go wrong?

Black.

Believe it or not, your odds of winning at roulette are better than the odds of surviving a lawsuit if you are providing MSP services either without a written contract in place, or with a contract you downloaded from the internet or copied from a friend.

 

What Could Possibly Go Wrong?

Ask the owners of Lantech, an MSP in Sacramento, California, and Lantech’s former owner, Terry Berg. They’ve been sued by a law firm client claiming that they breached their contract after the law firm was hit by ransomware and had to pay the ransom to recover their data. Acronis was also sued because Lantech backed up the client to their cloud, but the data could not be recovered. [In a statement to The Sacramento Bee, Acronis said it was not responsible for the law firm’s computer problems.]

Lantech was sued for breach of contract. But there was no written contract, because Lantech entered into a verbal agreement with the law firm.

Lantech foolishly touched the law firm’s computers without a contract that limited their liability and their exposure. Now everything the company and the former owner own is on the line.

What’s the only thing with a higher risk than providing services without a contract?

Providing services without a contract to a law firm that (a) sues people every day and (b) doesn’t have to hire a lawyer to sue you.

 

Why It Could Happen To You

This isn’t the first time an MSP has been sued, and it won’t be the last.

In 2020, Involta was sued after an incident with a client. In that case, Involta did have a contract but it was used against them when their client’s attorneys showed how the MSP’s marketing and promises did not align with their contract.

You are exposing yourself, your family, your staff, and your customers to the day your company will no longer exist if you don’t use a contract:

  • Written specifically for you by an attorney with a deep understanding of how MSPs work
  • That considers how you use vendors to provide services in your security stack
  • That includes things your state laws may require that are different than the contract your peer group buddy gave you to copy, and whatever other little things make you different

What’s your day going to be like when you tell your spouse that a judge or jury found you personally liable for millions of dollars, because you were sued separately from your corporation and your Errors and Omissions (E&O) insurance laughed when you filed the claim?

Before they called us MSPs, my IT company did a lot of break/fix repairs on computers and printers. We would not leave the building until we had a signed agreement that limited our liability faxed back to us (yes, I am that old). If the customer called up yelling that they would not sign our one-page agreement, we gave them the phone number of the competitor we didn’t like. Let them take the risk.

 

Take 5 Steps To Protect Your MSP Business

Here are five things you should do to protect your MSP business and yourself. Don’t forget that the Lantech owner was sued personally along with his company.

  1. Always use a contract created specifically for you by an attorney familiar with the MSP business, not your regular attorney, your brother-in-law attorney, or the attorney who did the closing on your house. In our industry, there are risks that must be managed properly in your contract. Remember that your best client, who knows your kids’ names, could become your worst adversary overnight if their lawyer blames you for their incident.
  2. Limit your exposure. You shouldn’t be responsible for any equipment or cloud services you don’t manage. You cannot prevent ransomware attacks and data breaches even when you do everything right. And somedays your techs may do something wrong, which should not cost you your retirement. What if your client gets themselves into a mess that you didn’t cause but requires your resources? Your contract should let you charge for that the outside of your managed services monthly fee.
  3. Limit your liability. Make sure your contract says you are not responsible for consequential damages. Limit your liability to dollars that might hurt but won’t kill your future.
  4. Align your marketing and sales with your contract. If you say you aren’t responsible if your client gets breached or hit with ransomware in the fine print of your contract, don’t scream that you prevent data breaches and ransomware on your website, in your proposals, and in sales presentations.
  5. Have great insurance, but don’t assume it will cover you. Even though you may have an E&O insurance policy from a reputable vendor, it has exclusions. They may be enough to have your claim denied, leaving you to cover all expenses and judgments yourself. Also buy a directors and officers policy in case you are sued personally alongside your company. Your personal homeowner’s umbrella probably doesn’t cover business risks. Even if you win a lawsuit, your insurance may help you avoid expensive legal fees.

 

Don’t Risk Your Business

Or, forget everything I recommend, cash out, and put your money on red.

If black hits and you lose everything you own, it’s faster and less painful than a dragged-out lawsuit because you didn’t have a contract to protect you.

 

STAY UP TO DATE WITH THE LATEST COMPLIANCE ALERTS

2024 is not just another year; it's a turning point for compliance. Whether your work involves dealing with healthcare, defense contractors, financialĀ  services, or corporate leadership, sign up to getĀ FREE reports, alerts & updates for the latest changes in regulations.

SIGN UP TODAY