For those that have these customers, how do you report unsecure systems and fully ignoring the requirements to maintain an up-to-date system? We’ve given them a year to upgrade and they haven’t done so. As their MSP, we’ve even had them sign a hold harmless agreement.
Who do we report this to? Or rather, how do you report it?
**FYI, they are running Windows 10 devices. Some of the devices are failing. Some of the devices are so old, they probably should never had Windows 10 on them. We host their Imaging Software on our cloud servers and we use Netgate Devices on both side, they are up-to-date. But man, unprotected computers access that network. Not sure what to do.
Speaking as a CPA, are you giving them any kind of SSAE 18 SOC 2 reporting? I would include a disclaimer in that report for scope items that you note as not compliant, but are out of your control. Either that, or decline to support the out of date hardware. If you make too big a deal out of this you risk getting replaced. Just make sure it is well documented and consult your lawyer for appropriate legal protections, like a clause in your contract, or any SOWs or engagement letters.
First, make sure the software they need to use runs on windows 11.
You could suggest buying a bunch of keys online for win10 LTSC or IOT which would get them out a few more years.
Come up with a price to swap all computers to newer devices running supported OS, but you might need to dig to find out what tweaks need to be done to be compliant. I would guess that out of the box win11 would not be compliant due to all the “spyware” it comes with as default.
You could consider weighing the risks and then presenting them with an ultimatum. The risks being either you lose them as a client and lose the profit or you continually attempt to support unsupported hardware/OS issues and all the hassle that goes along with it with the risk of the liability and potentially losing your entire business because of their unwillingness to accept a simple cost of doing business.
Put it to them in simple terms - “You rely on computers for 100% of your ability to conduct business and if you want me to continue servicing you, you have to bring things up to date. Do you also use outdated and broken medical equipment? There are certain unavoidable costs of doing business and I can’t put my entire business and livelihood on the line for you any longer. None of my other clients put me at this risk. The choice is yours, but you’ve got x number of days to make a decision.”
One thing you can’t do is let other people run your business and hold your livelihood hostage simply because they’re either inept at their own business or are downright cheap. It’s supposed to be a mutually beneficial business relationship.
We doubled their bill because of the outdated systems. They still pay it. It’s not like we “can’t” support them. They are just ignoring the warnings and recommendations. That’s why we had them sign a hold harmless agreement.
Next time you have a difficult support case, you may need to raise the rate again.
Would they lease computers? In the USA you can often deduct the lease from your taxes. Might be an interesting service to offer. They would probably still decline. When was the last time their networking hardware was updated or upgraded? When was the last time their imaging devices were calibrated? Just wondering if this is systemic and all of their stuff is out of spec.