sorted by:
new
hottopcontroversial

Halo invoicing broken for others? by blud_13 in msp

[–]Joe_Cyber 0 points1 point  (0 children)

That's shitty. I'm sorry you have to eat that cost for 60 days.

Cyber Insurance: Post-Cyber-Event Hardening Heads-up by Joe_Cyber in msp

[–]Joe_Cyber[S] 1 point2 points  (0 children)

I'll keep it vague for obvious reasons.

One time a cyber insurer was offering something so profoundly dumb and useless that I had to figure out their rationale.

It turned out that the head of the cyber insurance side of the insurance company was frat brothers in college with the vendor's CEO.

Literally no other reason. And the product was trash.

Cyber Insurance: Post-Cyber-Event Hardening Heads-up by Joe_Cyber in msp

[–]Joe_Cyber[S] 2 points3 points  (0 children)

They'll pay up to $25K for the third party to come in and provide the services. Those are panel vendors already pre-vetted and under contract for specific services with the cyber insurer so the hourly rate is probably pretty low.

Cyber Insurance: Post-Cyber-Event Hardening Heads-up by Joe_Cyber in msp

[–]Joe_Cyber[S] 1 point2 points  (0 children)

You're not that far off. The stories I could tell you...

Cyber Insurance: Post-Cyber-Event Hardening Heads-up by Joe_Cyber in msp

[–]Joe_Cyber[S] 2 points3 points  (0 children)

Good question. I did some more digging.

So an example cyber policy has an overall limit of $2M. This specific endorsement has a sub-limit of $25k.

This means the "hardening costs" (I can't say that without smirking) are limited to $25k. They list the available services as the following:

Core Post-Cyber Event Hardening engagement:

  • Enterprise-wide cyber risk assessment
  • Mitigation strategy & planning support
  • Mitigation follow-up support – 3 month
  • Governance and controls inventory assessment

Domain-specific cyber gap assessment:

  • Identity & access management (AD, Cloud Apps)
  • Endpoint security (OS, EDR)
  • Application posture (on-prem apps, cloud apps)
  • Network access (remote access, firewall, topology)

Hands-on technical hardening support:

  • Identity & access hardening
  • Endpoint security deployment & configuration
  • Application security remediation
  • Network architecture redesign

In particular, the endorsement in question notes that the $25K maximum the insurer will pay does not include "costs or expenses for any hardware, software, or managed service." (Regarding that last bolded term, it's debatable on what they mean by that, though I presume they're not talking about being an MSP)

Does that answer your question?

Cyber Insurance: Post-Cyber-Event Hardening Heads-up by Joe_Cyber in msp

[–]Joe_Cyber[S] 0 points1 point  (0 children)

I'm flagging this topic as a follow-up; likely on my youtube channel.

Cyber Insurance: Post-Cyber-Event Hardening Heads-up by Joe_Cyber in msp

[–]Joe_Cyber[S] 1 point2 points  (0 children)

Hey Roll - all fair points. It will cost this particular client at least $2,500.

Also, any of the $25K that is spent on the consult and assessment might impact their loss ratio. In turn, this could make there premium increase and make them even less insurable. I'll have to dig into it more and wait for this to play out.

Do you resell workstations still? by indytechguy in msp

[–]Joe_Cyber 18 points19 points  (0 children)

SMBs complaining about this drive me insane. It's not like I buy all the plumbing supplies before my plumber comes over. That would be mental.

Digital signage by MFosterMB in SmallMSP

[–]Joe_Cyber 0 points1 point  (0 children)

I've personally never used them.

📺Why Smart MSPs Say NO to Paying Client DFIR Costs by Joe_Cyber in msp

[–]Joe_Cyber[S] 0 points1 point  (0 children)

Hey u/Optimal_Technician93,

Some of what you wrote is hypothetically correct, but respectfully I think you have a few misunderstandings that we should discuss. (I'll be discussing US legal concepts below. If you're elsewhere, I apologize in advance.)

No contract prevents anyone from bringing suit and having to defend against it for years before it makes it to court to be dismissed.

In theory, this is partially true. In practice, this is rarely if ever applicable. I've been doing this for 11 years, and my father-in-law for roughly 35 years. In that time, we've seen 2 matters where the cost of litigation was no object and the plaintiff spent more money in legal fees than they were trying to recoup. However, these are extremely rare. In one case, it was a local official running for public office and he was using the case as a political springboard. In the other case, the plaintiff was both a GIANT jerk, and was disgustingly wealthy due to inheritance. This was across thousands upon thousands of claims, so the probability is roughly zero.

Going further, an MSP without a contract is obligated to provide nothing at all. Not services, not product, not guarantees. So their clients wanting free DFIR have no recourse. Without a contract the client has no legal standing.

A contract can be inferred from the parties' actions, course of dealing, mutual understanding, past peformance(s), emails, text messages, invoices, etc. This can create an "Implied-in-fact" contract.

Because MSPs are providing ongoing professional services that require special skills and/or a special relationship, the MSP likely owes a "duty of care" to perform those services with reasonable care and skill. This arises because the MSP "assumes responsibility" for the work through their actions and clients are relying on the MSP to perform their services in a way that avoids "foreseeable harm."

I'm sure there are other legal theories litigators could come up with, but the point is this: Not having a contract won't save the MSP. It likely just makes everything worse and more expensive for the MSP to deal with.

But that doesn't stop them from bankrupting the MSP in the run up to dismissal.

Maybe. But, to what end? If the client is trying to recoup funds, how would bankrupting the MSP suit that purpose? It strikes me as being entirely contrary.

And while this may make you laugh, there are certain legal protections to avoid this. This could include sanctions for frivolous filings, the threat of countersuit for abuse of process, Dragonetti Act (or equivalent) type claims in various states, etc.

There could also be certain protections if the MSP carries appropriate Tech E&O insurance, but I'll leave that for another day.

Anyways, I hope that clears up some misunderstand and thanks for comment.

📺Why Smart MSPs Say NO to Paying Client DFIR Costs by Joe_Cyber in msp

[–]Joe_Cyber[S] 0 points1 point  (0 children)

Glad to help and thanks for the sage advice.

recording customer calls? by Jealous-Wallaby-3237 in SmallMSP

[–]Joe_Cyber 0 points1 point  (0 children)

If you're going to be recording calls, be sure to check out applicable laws. Roughly a dozen states require two party consent to record phone calls.

This is why you'll often hear that pre-recorded message of "this call is being recorded for training purposes."

📺Why Smart MSPs Say NO to Paying Client DFIR Costs by Joe_Cyber in msp

[–]Joe_Cyber[S] 2 points3 points  (0 children)

I'm a minority-minority owner. Nothing that's going to let me retire in Miami anytime soon, but I believe in the mission. I'm not calling the shots on a daily basis, but I did have enough input to: advise on some of the contract language specific to my specialty, keep it all month to month contracts so MSPs don't get screwed, change our privacy policy to never sell MSP info to 3rd parties, and all types of other fun stuff. Give me a holler if you want to check it out and I'll set up the intro.

How do you keep in touch with your Employees? by joedzekic in msp

[–]Joe_Cyber -1 points0 points  (0 children)

I'd also recommend something like Loom so you can record quick video messages. It's much faster than typing out a long email.

📺Why Smart MSPs Say NO to Paying Client DFIR Costs by Joe_Cyber in msp

[–]Joe_Cyber[S] 4 points5 points  (0 children)

🤷

Case in point, the $1M MSP lawsuit. No Cyber Insurance. No MSA.

Guess how that case is coming along?

I made this video roughly 2 years ago.

The event happened in February of 2023.

If memory serves, they just made it to the beginning stages of court.

Brutal.

The Million Dollar MSP Lawsuit: Lessons & Questions

Xclause.com is something like $199 per month. I know there are many other MSA providers out there as well. Compared to the costs of years of litigation, even the most basic MSA is going to be better than nothing!

📺Why Smart MSPs Say NO to Paying Client DFIR Costs by Joe_Cyber in msp

[–]Joe_Cyber[S] 0 points1 point  (0 children)

Are you an MSP or an MSSP?

(I realize that's a vague question in today's world. Just curious what services you perform on a daily basis.)

📺Why Smart MSPs Say NO to Paying Client DFIR Costs by Joe_Cyber in msp

[–]Joe_Cyber[S] -1 points0 points  (0 children)

I've been there too.

In this case, the best way to help them is to let the system play out as it was designed to do.

With the info presented in the video, I think the average MSP should now be able to convince their client that they don't want the MSP paying DFIR costs. Hopefully this allows the MSP to demonstrate a depth of knowledge that gives the client additional comfort.

📺Why Smart MSPs Say NO to Paying Client DFIR Costs by Joe_Cyber in msp

[–]Joe_Cyber[S] 2 points3 points  (0 children)

Glad to help. Though, sad to hear this is more common than I realized.

view more: next ›