This month, CI once again, instead of featuring a single ASCII Group member writing a full-length column, presents comments from multiple leading ASCII members. All of them are addressing the same topic: what to do when client relationships get difficult. These problems can materialize in several ways — for example, nonpayment or late payment of invoices due, continual cybersecurity lapses that expose IT providers to unnecessary risk, or disagreements about service levels or support hours. Like all entrepreneurial operations, MSPs must consider the welfare of their own businesses while, at the same time, working to maintain positive relationships with clients.
As noted last month, CI received a flood of response to the questions posed below. So, next month, we’ll finish up with Part 3 of this conversation. For the last installment, we’ll draw on detailed insights from QPC Security’s Felicia King. We hope you enjoy this multi-month presentation!
Related: Navigating Difficult Client Relationships, Part 1
Commercial Integrator: When you run into billing/payment issues with clients, what are your go-to solutions to avoid or mitigate negative outcomes?
Mat Kordell (CyberStreams): To avoid or mitigate negative outcomes related to billing/payment issues with clients, we do the following things:
- Clearly define the billing terms on the first page of the service agreement. This page is in a welcome-letter format and written in short, easy-to-understand paragraphs.
- Run predictable invoicing and payment processes and send invoices on the 15th of the month, which are due on the 1st of the following month. (We bill ahead on the first of the month for that month’s services.) The downside of this is that we do miss some changes that may occur in the second half of the month, requiring prorating on the next invoice. But the upside is that any issues or disputes tend to be addressed well in advance of the due date.
- Use Wise-Pay to automate our billing process, automatically debiting our clients’ accounts via ACH on the 1st of each month.
- Offer flexible payment options. Although we do require by agreement that clients pay by ACH, a client sometimes may have a need or desire to pay by check or with a credit card. We work with them to facilitate this as long as they work with us to make sure we are paid in a timely manner.
- Communicate proactively with clients. We have regular communication with clients prior to, at the time of and immediately following the sending of invoices and thereafter. This ensures that nothing slips someone’s mind or falls through the cracks, and it can help to build trust and prevent misunderstandings. If there are any billing or payment issues, it’s important to address them promptly and find a mutually agreeable solution.
- Consider offering incentives for timely payment. We do have preferential pricing for clients who are auto-paying via ACH. For those who are experiencing financial difficulty, we may get creative to offer discounts or other incentives to encourage clients to pay on time or come up with a plan that helps them get through their current situation. This builds further trust in the relationship.
Angel R. Rojas, Jr. (DataCorps Technology Solutions): Communication is key: Do it early and do it often. Communicate clear expectations, and don’t be afraid to use a late fee and interest as tools to help the client understand that prompt payment is appreciated.
Sean Jennings (CIM Solutions): I try to avoid billing issues from the start, but they do come up. I will review their bill and then set up a call to review their concerns, as well as to review why the bill is/was done the way it was.
CI: If your client doesn’t take cybersecurity seriously and/or introduces unnecessary vulnerabilities, what are best practices for helping them make change?
Kordell: If our client doesn’t take cybersecurity seriously and/or introduces unnecessary vulnerabilities, we do the following:
- Educate the client, referencing news stories, as well as anecdotal stories from our own clients and experiences, to try to expand how they perceive threats to their own livelihood. We also talk to them about cyber insurance and/or compliance requirements, why the insurance providers or regulators have the requirements that they do and how we address those concerns. We especially point out the liability that can arise if they don’t address those requirements.
- Perform a risk assessment. Depending on the circumstances, we may offer to perform a free or paid assessment, where we would compile a series of executive reports to expand their perception of risk through a greater understanding of their own security posture.
- Recommend specific solutions based on the results of the risk assessment. This could include implementing email and spear-phishing protection, managed detection and response (MDR), regulated data detection and protection, and other security measures.
- Enforce consequences as noted in the service agreement. We make it clear to the client that there will be consequences if they continue to ignore cybersecurity risks. This could include termination of service, penalties or other measures, depending on the severity of the issue.
- Encourage the client to foster a culture of security by promoting best practices and making cybersecurity a priority. This can help to ensure that the client takes cybersecurity seriously and continues to make changes over time. In support of this, we offer cybersecurity-awareness training, phish testing and dark-web scanning, with reporting and a client portal.
Rojas: Understand that you cannot make anyone change anything that they do not want to change. They are in control, and they are telling you they either do not understand the risk or are willing to accept the risk. It is your job to determine which position they are coming from. If they do not understand the risk, ask them how you can help them understand it. If they are willing to accept the risk, document it and advise them that you understand they’ve chosen to accept the risk despite your recommendation against it. Remember, it is their business and their money. We cannot make clients do anything. You always have the choice to discontinue servicing them by adopting terms according to which you are willing to provide services. If the risk they are accepting entails a risk to you as an MSP, you should consider exercising your terms and refusing to provide services.
Jennings: If we propose a solution to a client that we feel is important to their business and their security and they decline it, then I will get them to sign a hold harmless/decline of service letter. This will normally get them to understand the risks they are now assuming by declining the service.
CI: How do you deescalate the situation when your client and your business encounter a dispute about either service levels or support hours?
Kordell: When a client has a dispute about either service levels or support hours, we do the following:
- Take the time to listen to the client’s concerns and understand their perspective. This shows that we value their input and that we’re willing to work toward a resolution.
- Stay calm and professional, even in the face of frustration or anger from the client. This helps to deescalate the situation and prevent it from getting worse.
- Review the service agreement, as well as any other relevant documentation, with the client. Explain the terms and conditions of the service and what is (and isn’t) covered by support.
- Offer a solution to the dispute, taking into account the needs of both the client and our business. We are open to compromise and willing to find a mutually acceptable solution.
- Document the resolution of the dispute and any changes made to the service agreement.
Rojas: Show up in person. Break bread and talk about it. Nothing beats a conversation to discuss what happened. Seek to understand by asking questions. Lead with, “Help me understand…” to disarm the situation. And be humble about receiving the feedback.
Jennings: I will normally refer them to their agreement/contract/quote and highlight the terms/sections that outline the terms that are disputing. If we are at fault, then I will work with the client and my team to resolve the issue.