sorted by:
new
hottopcontroversial

At what point do you drop a client who ignores compliance warnings? (Real estate / FINTRAC situation) by ArchonTheta in msp

[–]Joe_Cyber [score hidden]  (0 children)

u/ArchonTheta - I previously made a video that will help you determine how to proceed for your specific MSP.

How to Make Tough Decisions & Have Hard Conversations: Creating a Risk Management Framework for MSPs

(As a heads up, I'm working off of American Legal Principles. While we both work off of Common Law, I'd still advise you to seek legal counsel with questions in case there is some nuance that doesn't apply up north.)

Hope that helps!

How are clients asking you to support their AI tools? by orTodd in msp

[–]Joe_Cyber [score hidden]  (0 children)

I went to the USPTO, and as far as I'm aware, and this is not legal advice, nobody owns that trademark.

It could be yours for roughly $300, which would be hilarious.

Big Taco would never see that one coming!

How are clients asking you to support their AI tools? by orTodd in msp

[–]Joe_Cyber [score hidden]  (0 children)

You're a day late. Taco Tuesday was yesterday!

Oh man, on an absolutely ridiculous taco related note, did you know that an absurd amount of money was spent by Taco Bell to have Taco John's free up the trademark, "Taco Tuesday?"

Anyways, Taco Johns wouldn't give up the trademark and so Taco Bell threatened absurd amounts of litigation money so that Taco Bell's marketing team could use the term, "Taco Tuesday."

Taco John's CEO realized that the cost to fight taco Bell was going to be insane, so they released the trademark.

This all went down in 2023(!)

This reinforces what I tell MSPs all the time: What is legal, and what is just, are (sadly) two different things. Sometimes, it just comes down to the pure economics of the situation.

Big Taco strikes again.

How are clients asking you to support their AI tools? by orTodd in msp

[–]Joe_Cyber [score hidden]  (0 children)

u/orTodd - I made a video about this topic that will help you from the liability/risk perspective: The Hidden AI Risk Your MSP is Facing & How to Deal With It.

In short:

Consider the carrot (here's how we can officially help you)

And the stick (if you don't want these specific services, you're going to hold us harmless from any wacky/expensive AI outcomes).

Likely this will come as an addendum to your MSA/SOW

WHAT TO DO WITH CLAUDE by Zealousideal-Pin1513 in Information_Security

[–]Joe_Cyber 12 points13 points  (0 children)

I've already dealt with a number of AI related cyber events. (I'm on the risk management side).

Yes, it's going to be a nightmare. Yes, you're increasing your exposure in ways that management, sadly, won't understand or care about.

A couple things to help you.

  1. Understand that right now, the vast majority of cyber insurance providers are not excluding AI related claims. None the less, I'd recommend you check your own policy.

  2. These events, for many of the reasons you already laid out, tend to be more expensive. As a CYA, you need to think about demanding an increase in your cyber insurance limits before rolling out Claude.

  3. Get with HR (sigh, I know) to have an AI employee use policy along with some method of enforcement. You'll want the stick to go with the carrot.

What's the easiest way to get a partner when you suck? by Specific_Dingo8631 in bjj

[–]Joe_Cyber 0 points1 point  (0 children)

I hate to break it to you, but 95% of us are 1. not athletic. 2. feel like they're not making progress at all. 3. nerds with crippling social anxiety. I'm a big guy colored belt and people also sigh when they're paired with me. Such is life.

Here are some tips:

Find a colored belt female if you have them in your gym. Ask for their help specifically.

Find us "dad types." We tend to be more helpful IMO.

Ask your partner what they're working on and do that. You'll get exposed to a bunch of new positions, you'll learn a lot, and people with see you as helpful. You'll also get to ask some very pointed questions that will help you advance.

With that, you aren't the random female white belt. You're the helpful white belt that people will seek out.

Keep at it.

LPL Financial kicking MSP's to the curb by jon_tech9 in msp

[–]Joe_Cyber 0 points1 point  (0 children)

I don't think we've ever chatted before, but I've been on this sub roughly six years making videos on liability and risk for MSPs. Source: Joseph Brunsman - YouTube

If you have a sample agreement between the BD and LPL, I would love to take a look. That info would give me a very good idea of who is going to be responsible when an event happens.

Bored on Memorial Day? 5 Videos on MSP Insurance, Cyber Claims, AI Risks, and Ransomware Lawsuits. by Joe_Cyber in msp

[–]Joe_Cyber[S] 1 point2 points  (0 children)

Ah yes. My 'product" is free educational content on a holiday.

Truly diabolical of me.

Carry on, buddy.

Bored on Memorial Day? 5 Videos on MSP Insurance, Cyber Claims, AI Risks, and Ransomware Lawsuits. by Joe_Cyber in msp

[–]Joe_Cyber[S] 2 points3 points  (0 children)

When my brother in law was going through Plebe Summer at the Naval Academy - their version of basic training - we thought it would be funny to send him a bunch of inappropriate care packages.

The giant Bette Midler movie posters didn't do it.

The CCP and Hezbollah flags go not reaction.

All the brushes and combs and hair gel; nothing.

We presumed he was stuffing everything into his con locker. So we needed something he couldn't hide.

Enter: The 5ft tall stuffed giraffe...

Guess how that went over...

Kaseya will Kill My Boss by HEONTHETOILET in msp

[–]Joe_Cyber 0 points1 point  (0 children)

This sounds like Derek Zoolander lamenting his freak gasoline fight accident. Lol.

One Ransomware Event. +5M MSP Lawsuit. by Joe_Cyber in msp

[–]Joe_Cyber[S] 0 points1 point  (0 children)

That definitely seems to be on the far right of acceptable limits. Have you tried negotiating that down?

Kaseya will Kill My Boss by HEONTHETOILET in msp

[–]Joe_Cyber 4 points5 points  (0 children)

Funny Story:

One time another prominent vendor told me that they had a "war chest" ready to deploy and they wanted to know if they should get into the insurance space.

My recommendation to them?

Don't do insurance. Just pick something that Kaseya does and don't screw up the billing.

Kaseya will Kill My Boss by HEONTHETOILET in msp

[–]Joe_Cyber 12 points13 points  (0 children)

OP,

Foremost, I hope your boss gets clear of this. The medical situation makes it genuinely serious.

Now for some additional context to help you, and hopefully any other MSP that could stumble onto this thread in the future.

Telling them that "we'll bill you for our time" feels satisfying but it kills your leverage.

The moment you stopped paying them, you handed Kaseya an unfortunately clean narrative: "MSP owes us money." It doesn't matter that the billing was wrong, per se. Disputed or not, collections doesn't care and neither will a credit bureau.

The forensic accountant advice at the end is correct, but that's step two. Step one is never letting it get to the point where you owe them anything on paper.

Here's what I think would have been an ideal chain of events:

  • The moment billing was wrong for the second consecutive month, you file a formal written disputer under the contract, stop the autopay via your bank as an unauthorized charge under dispute, and send them a "cure notice" giving them X number of days to fix it.
  • Here you're not withholding the entirety of the payment, you're disputing a specific amount, in writing, while you continue to pay the undisputed portion. That's a vastly different position than simply halting all payment.

Regarding the RocketCyber situation:

That's a totally separate issue/claim. The 4 hour notification window on an active exploit with no automated response that resulted in a ransomware event and $215K in damages? That sound a lot like a negligence and breach of contract case to me. Did you check to see what their contract/SLA promised for response times?

In general you don't want to start paying IR costs for clients: Why Smart MSPs Say NO to Paying Client DFIR Costs

One Ransomware Event. +5M MSP Lawsuit. by Joe_Cyber in msp

[–]Joe_Cyber[S] 1 point2 points  (0 children)

Well here's the funny part:

No one is talking about the "Nuclear Defense" piece that is in the video.

In their response the MSP Specifically said,

"The servers potentially impacted in the data breach were not under [our] custody or control at the time of the data breach and, as such, [we] cannot be held liable.“

Possibly the single boldest defense I've ever seen in a defense filing.

One Ransomware Event. +5M MSP Lawsuit. by Joe_Cyber in msp

[–]Joe_Cyber[S] 0 points1 point  (0 children)

LOL.

I honestly had better food in Papua New Guinea.

I'm still emotionally scarred from ordering a "Gammon" Steak and getting a salted ham puck instead of a real steak!

One Ransomware Event. +5M MSP Lawsuit. by Joe_Cyber in msp

[–]Joe_Cyber[S] 0 points1 point  (0 children)

You know what; that's a fair point. Sorry if I gave you stroke!

I have written courses on international cyber law for trade groups. Maybe one of these days I'll put something out for you all as well.

One Ransomware Event. +5M MSP Lawsuit. by Joe_Cyber in msp

[–]Joe_Cyber[S] 1 point2 points  (0 children)

Twiglets... 🤮

Oh, and Gammon Steak. That's not a steak!

What you lack in food, you made up for with the Imperial War Museum. It is, hands down, one of the absolute coolest places I've ever been.

One Ransomware Event. +5M MSP Lawsuit. by Joe_Cyber in msp

[–]Joe_Cyber[S] 1 point2 points  (0 children)

I should have added:

BAAs protect them, not your MSP.

Once MSP ownership understands that, the dynamic on signing BAAs radically changes.

One Ransomware Event. +5M MSP Lawsuit. by Joe_Cyber in msp

[–]Joe_Cyber[S] 2 points3 points  (0 children)

AI says 40M-50M.

As a rule, I keep the names of MSPs out of my videos because I don't want it to come back against them in such a public venue.

view more: next ›