Getting rid of clients may sound counterintuitive, but as Charles Weaver, CEO of MSPAlliance, explains sometimes it can be the best choice for the health of your MSP. 

In the MSP world, clients are essential. Specifically, long-term clients and the recurring revenue they represent mean everything to the MSP. Yet, not all clients benefit your business equally. For decades, MSPs have played a waiting game of transforming break/fix customers into managed services clients. Today, the stakes are much higher, and break/fix clients can do more than just drag down your valuation. Break/fix clients can add significant risk to your MSP practice, not to mention the risk added to the client organization.

Sometimes, you may need to consider whether to let a client go; assuming they have been given plenty of opportunities to change. Here’s why parting ways with certain clients might be good for your MSP practice.

Clients Impact Your MSP Risk

The clients you choose to work with can significantly affect your risk profile. Risk is not just a difference between reactive and proactive clients, but rather how cyber hygienic the client is willing to become. The more resistant a client is to cybersecurity best practices and technologies, the riskier they become and the more risk they transfer to their MSP. High-risk clients, particularly those who are reactive rather than proactive, can hinder your ability to deliver efficient, scalable solutions. A single reactive client can create tremendous service delivery inefficiency, not to mention increased cyber risk to your MSP practice.

Conversely, proactive clients (particularly those who work collaboratively with their MSP to help improve cyber hygiene), become easier to manage, less costly, and are less risky to the MSP.

Reactive vs. Proactive Clients

Reactive clients tend to wait until problems arise before addressing them, making it difficult to automate processes and maintain scalable operations. This often results in a cycle of constant firefighting, where MSPs spend more time fixing issues than preventing them. Consequently, the time and resources allocated to reactive clients detracts from efforts to scale and improve overall service quality in other areas of your MSP practice. These clients can also increase the likelihood of cybersecurity incidents, as their lack of preventive measures leaves them more vulnerable to attacks.

In contrast, proactive clients are more likely to follow your advice and implement preventive measures. They invest in regular updates, training, and adhere to best practices, thereby minimizing risks and ensuring smoother operations. This collaboration fosters a healthier, more secure environment that allows the MSP to manage resources more efficiently and focus on strategic growth initiatives.

High Risk vs. Low Risk

Not all clients add the same value to your MSP practice. High-risk clients often require more attention and resources, which can detract from your ability to serve your other clients effectively. Evaluating the risk each client presents can help you determine whether they are worth retaining, it will help your MSP practice perform internal risk assessments, and it will help you plan for future growth with greater specificity and accuracy.

Setting a Minimum Cyber Hygiene Standard

To mitigate client risk (and your own MSP risk), consider establishing a minimum cyber hygiene standard for all clients. This ensures that all clients meet a baseline level of security, reducing the likelihood of breaches and other cybersecurity issues. By implementing such standards, you can promote a culture of security awareness and proactive behavior. This might involve regular training sessions, periodic security audits, and the enforcement of access controls.

Additionally, offering incentives for clients who consistently meet or exceed these standards can further encourage adherence. Establishing clear and precise guidelines for cyber hygiene not only protects the clients but also strengthens the overall security posture of your MSP practice. This approach helps to create a more stable and efficient operating environment, allowing your team to focus on innovation and growth rather than constant crisis management.

Impact on MSP Certification Goals

Clients who fail to maintain good cyber hygiene can impede your MSP certification goals. When enough clients are reactive, the additional (and non-scalable) resources challenge the rest of the organization’s ability to deliver scalable services to the proactive clients. At a certain point, having reactive clients will negatively impact your ability to scale services and you will have to pick which business model will receive the attention.

In these situations, MSPs who maintain too many reactive clients will find it challenging to meet MSP certification requirements as the resources needed to service the reactive clients manifest themselves in numerous service delivery and security areas. This could lead to increased vulnerability, more frequent cybersecurity incidents, and a general decline in service quality. Additionally, the effort to constantly address and rectify issues for reactive clients can detract from strategic initiatives aimed at growth and innovation.

This imbalance not only affects the MSP’s operational efficiency but also its reputation. A consistent inability to meet certification standards due to a high volume of reactive clients can tarnish an MSP’s credibility in the industry. As a result, it becomes essential to evaluate the client portfolio regularly and ensure that most clients contribute positively to the overall objectives of the MSP. By prioritizing clients who invest in good cyber hygiene practices, MSPs can maintain a high standard of service, achieve certification goals, and foster a secure and efficient operational environment.

Creating a Plan for Risky Clients

Develop a comprehensive plan for bringing risky clients up to an acceptable level of cyber hygiene. This plan should include implementing more rigorous security protocols tailored specifically to the client’s needs and vulnerabilities. Begin with a thorough assessment to identify weak points in their current cybersecurity practices. Following the assessment, establish a timeline and set of action items for addressing these weaknesses.

Regular audits should be scheduled to ensure adherence to the new protocols and to identify any emerging threats or compliance issues. These audits can be conducted by your internal team or by bringing in external experts to provide an unbiased perspective.

Continuous education is another critical component of this plan. Offer training sessions and workshops to educate clients on best practices for cybersecurity, emphasizing the importance of proactive measures and the role each employee plays in maintaining security. Provide resources such as guidelines and checklists to help them stay on track.

Additionally, consider implementing a feedback loop where clients can report any issues or concerns they encounter. This allows for real-time adjustments to your cybersecurity strategy and fosters a collaborative approach to maintaining high standards.

Finally, monitor the progress of these clients closely. Regularly review their compliance with the established protocols and take corrective actions as needed. By doing so, you not only enhance the security posture of your MSP practice but also build stronger, more trusting relationships with your clients, positioning your business for sustainable growth and success.

Taking a Stand

Do not be afraid to take a stand when necessary. Prioritizing the overall health of your MSP may mean making tough decisions about which clients to retain. Ultimately, clients must be the ones to choose to take security seriously. If they do not, you must decide why you continue to be their break/fix provider.

Benefits of Cleaning Up Your Client List

Once you do cleanse your client list of risky organizations, you will begin to see immediate results.

• Improved Operating Margins: Lower-risk clients typically require fewer resources, boosting your profitability.
• Lower Cyber Risk: A more secure client base means fewer emergencies and a more stable business environment.
• Lower Cyber Insurance Premiums: Reducing your overall risk can lead to lower insurance costs.
• Greater Scalability: With fewer high-maintenance clients, you can focus on growing your business more effectively.

Unlock the power of managed controls for your clients by ensuring they adhere to best practices and meet your MSP’s standards. By doing so, you not only protect your business but also provide better service to your clients, fostering long-term relationships built on trust and reliability.

In conclusion, while it might seem counterintuitive to fire a client, sometimes it is the best decision for the health and growth of your MSP. By evaluating and managing the risks posed by your clients, you can create a more secure, efficient, and profitable business.

Charles Weaver is CEO and co-founder of the MSPAlliance