So you left your customer service job in retail thinking you'd finally escape dealing with “Karens”, only to end up managing their corporate doppelgängers in the IT world. Now, they wear C-suite badges, wield unrealistic expectations like blunt instruments, and somehow believe that rules don't apply to them. Sound familiar?
One Reddit user nailed it with brutal honesty:
“I left my Retail job due to hating dealing with Karens only to end up in the IT version, only now they’re C-Suite with unrealistic expectations and attitude problems.”
And it’s not just a personality clash, it’s a process-breaking problem that affects MSPs every single day.
The Mental Gymnastics of Policy Exceptions
Let’s break it down:
-
You help your client craft a clear security policy.
-
It says no personal laptops connected to VPN.. great.
-
Then the executive team wants an exception for one of their “trusted” users.
-
You reluctantly agree, with a signed “accepted risk” form to cover your liability.
But three months later?
“Then back when you send them an accepted risk sign-off, they get mad that they have to sign off again…”
Rinse, repeat, and welcome to the MSP version of Groundhog Day.
The Smarter Way: Recurring Risk Acceptance as a Process
Another MSP in the thread came up with a smarter solution, one that saves endless back-and-forth:
“We finally built a recurring ‘accepted risk’ renewal into our process. Today it is less arguing and more ‘sign here again if you want to keep ignoring the rule.’”
This tactic does three things:
-
Eliminates ambiguity – Clients can’t claim they forgot the policy.
-
Reduces conflict – No need to rehash the debate every few months.
-
Documents everything – You’re covered if things go sideways.
It’s not just about enforcing a policy; it’s about training clients to respect the rules they themselves approved.
When All Else Fails: CYA with Signed Risk Acknowledgments
Here’s how one veteran MSP handles the liability nightmare:
“If the customer is breached due to that user’s device, you’re damn right I’m getting receipts.”
They make the client sign off on a detailed document that outlines:
-
No guarantee of device security
-
No visibility into user activity
-
No control over data once that user leaves
-
No way to enforce or audit compliance
And if that’s not good enough?
“This is a last resort when all coaching and advising fails.”
Because let’s face it—if the client refuses to follow good advice, the next best thing is covering yourself in writing.
You Don’t Have to Die on Every Hill—But You Do Need Boundaries
Being flexible is fine. But being a doormat? That’s where MSPs burn out.
Setting hard boundaries with C-level clients isn’t confrontational—it’s professional. And when exceptions are allowed, they must come with clearly defined risk and documentation.
Your role isn’t just tech support—it’s risk manager, policy enforcer, and yes, occasionally the voice of reason in a room full of noise.