It started with a printer.
Like most IT horror stories, it wasn’t a big deal—just a new help desk tech trying to do their job. Printer wasn’t working, user was frustrated, and the tech just needed to find a driver to get things running.
So, they did what millions of people do every day.
They went online, found what looked like the right driver, downloaded it, and installed it.
Wooohooo! Printer works! Problem solved!
Except… it wasn’t.
Because that printer driver came with malware—and while everyone was celebrating the ability to print a PDF, a hacker was silently stealing 2.7TB of data before anyone even noticed.
Not gigabytes. Terabytes.
Imagine your client’s entire network—every document, every contract, every email—packed up and shipped off to some server halfway across the world.
Now, picture yourself trying to explain to them why it happened on your watch.
The IT Team Was in the Hot Seat—And That’s Where You’ll Be Too
Here’s the thing about zero trust: It works—but only if your team actually understands how to use it.
Zero trust means nothing runs in your environment unless IT approves it. Sounds great, right? No more rogue software, no more sketchy downloads, no more surprises.
Except now, every time software needs approval, your team is making a liability decision.
Every pop-up asking for permission? That’s a risk decision. Every urgent request to approve a tool? That’s a potential breach waiting to happen.
If that “must-have” software contains malware? That’s on you.
If a hacker slips through because someone didn’t do their due diligence? That’s on you.
If 2.7TB of sensitive data gets stolen because an unverified app ran in the environment? Guess what? That’s on you, too.
Here’s How MSPs Get Themselves Killed
This is where most MSPs screw up.
They think zero trust is about technology. A fancy new security stack. A policy they put in place.
But zero trust is a process. And if your team doesn’t follow it to the letter, it’s worthless.
The hacker isn’t asking your client for permission. They’re waiting for your team to approve them by accident.
And it will always feel urgent.
A user needs to install something right now.
A manager is demanding access.
A help desk tech doesn’t want to say no.
And just like that, you’re compromised.
How to Protect Your MSP from Becoming the Next Headline
If your team is approving software without a strict, documented process, you’re playing Russian roulette with your clients’ security.
Here’s what you need to do:
- Lock Down Your Software Approval Process—Right Now
- Define the exact steps your team must follow before approving software.
- Specify trusted sources—if it’s not on the list, it’s not approved.
- Who has authority? Not everyone should be approving software.
- Get Your Team to Acknowledge It—And Get It in Writing
- Your team needs to formally attest that they understand the process.
- You need evidence that they’ve accepted it.
- If something goes wrong, you don’t want them saying, ‘I didn’t know.’
- Give Your Team Permission to Slow Down
- Every request will be urgent—but security cannot be rushed.
- A five-minute security check is better than a five-week breach recovery.
- Make it clear: Cutting corners gets people fired.
Your MSP’s Survival Depends on This
Your clients assume you’ve got them covered. If something goes wrong, they’ll blame you.
And when the lawyers start asking questions, they won’t care how busy your help desk was.
If you cannot prove that your team followed a documented process, you are wide open to liability.
So… do you have that evidence?
Because the MSPs that do will survive. The ones that don’t? They’ll be the next $2.7TB cautionary tale.
