Micro-IT

Micro-IT Simple. Secure. Flexible. We provide managed IT services, cybersecurity, cloud management, and responsive technical support — all without long-term contracts.

Micro-IT delivers managed IT and cybersecurity built for small businesses — no long-term contracts, just trusted support that keeps you running with confidence. Micro-IT delivers simple, secure, and flexible IT solutions designed specifically for small and mid-size businesses across the United States. Our team helps business owners stay protected, productive, and confident in their technology thro

ugh proactive monitoring, endpoint security, and expert guidance. With Micro-IT, your business runs smoothly, securely, and stress-free.

MFA isn't enough anymore.MFA-bypass attacks ("prompt bombing," attacker-in-the-middle proxies like Evilginx) now account...
06/10/2026

MFA isn't enough anymore.

MFA-bypass attacks ("prompt bombing," attacker-in-the-middle proxies like Evilginx) now account for roughly 1 in 3 successful M365 account compromises in our incident data over the last 12 months.

The fix isn't more authentication. It's *smarter* authentication:

• **Conditional Access policies** that require sign-in from a managed device or trusted network.
• **Number-matching MFA** instead of simple approve / deny push (kills prompt bombing).
• **Token-binding session policies** so a stolen cookie can't be replayed from a different IP.

All three are included in M365 Business Premium. Most of our clients aren't using them. We turn them on as part of Managed Inbox at \$20/mailbox.

If your guest Wi-Fi can reach your POS network, your PCI scope just expanded to include every phone in your lobby.This i...
06/09/2026

If your guest Wi-Fi can reach your POS network, your PCI scope just expanded to include every phone in your lobby.

This is the single most common failure we find in retail and hospitality audits.

The fix:

1. **Two SSIDs** on a UniFi or Meraki access point — "Customer" and "Staff".
2. **Two VLANs**, fully isolated. Customer VLAN cannot route to anything internal.
3. **A captive portal** on the customer side with a click-through terms page — cheap legal protection.

Forty dollars in config time. The audit savings pay for it the first quarter.

We set this up as part of Managed Site — small location \$149/month.

$79 per computer, per month. Here's what's actually in it:• EDR (next-gen antivirus + behavioral detection)• DNS filteri...
06/08/2026

$79 per computer, per month. Here's what's actually in it:

• EDR (next-gen antivirus + behavioral detection)
• DNS filtering (blocks the bad domain before the browser ever asks for it)
• OS + application patching, on a schedule, with reporting
• Image-level backup, restorable in under an hour
• Full-disk encryption enforcement
• Mobile-device coverage for the phones that read company email
• Helpdesk that answers in under an hour
• The phone number you actually call

No add-ons. No “oh that's an upgrade.” Same number every month.

See all services → micro-it.net/services

We've turned down work this year.A few examples of what we said no to:• Replacing a $400/month MSP for a 6-person office...
06/05/2026

We've turned down work this year.

A few examples of what we said no to:

• Replacing a $400/month MSP for a 6-person office where the existing one was already doing a fine job.
• Selling cyber-insurance — we're not licensed and we don't pretend to be.
• “Rebuilding” a sub-$2K server when a $99 cloud migration was the obviously correct answer.
• A managed-Wi-Fi project in a building where the landlord wouldn't allow cabling. The customer needed a different *building*, not a different MSP.

If the right answer for you isn't us, we'll tell you. It's cheaper than re-selling the same client twice.

The laptop in the truck is the weakest link in most construction-and-trades businesses we audit.It has:• Estimating soft...
06/04/2026

The laptop in the truck is the weakest link in most construction-and-trades businesses we audit.

It has:

• Estimating software with the markup formulas that ARE the business.
• Signed contracts with customer signatures.
• The QuickBooks file with bank account routing numbers.
• Job-site photos that include addresses.

And it's on hotel, coffee-shop, and customer Wi-Fi half the week.

Three controls that take an afternoon to deploy:

1. **Full-disk encryption (BitLocker / FileVault)** on every field laptop. Free, built in, off by default.
2. **EDR with remote-wipe** — if it goes missing, you nuke it from your truck.
3. **A separate user account** for the kid who borrows it for homework on the weekend.

Included in Managed Endpoint at \$79/computer/month.

QR-code phishing in restaurants is the trend of the summer.The attack: a sticker is placed over the legitimate menu QR. ...
06/03/2026

QR-code phishing in restaurants is the trend of the summer.

The attack: a sticker is placed over the legitimate menu QR. Customer scans, lands on a fake page that asks them to “verify they're over 21” by entering a credit card. The card is harvested. The customer blames *the restaurant*.

What to do this week if you operate any kind of seated service:

• Walk every table. Confirm the QR codes match a printed reference.
• Tape over QR codes that aren't yours.
• Train staff: “if a customer says the menu asked for their card, that wasn't us, here's the manager.”

You don't need a tool for this. You need a five-minute walkaround. We do it for clients during quarterly site visits.

The FBI and IC3 published an advisory in May on a phishing-as-a-service operation built to take over Microsoft 365 accou...
06/02/2026

The FBI and IC3 published an advisory in May on a phishing-as-a-service operation built to take over Microsoft 365 accounts. The technique doesn't break MFA — it borrows it.

It abuses the OAuth device-code flow. The target gets a real Microsoft sign-in prompt and a genuine device code, enters it, and Microsoft hands a valid session token to the attacker's device. MFA was satisfied by the user, for the attacker. No malware ran. No password was cracked.

Three controls close it, and all three are in Microsoft 365 Business Premium:

• Conditional Access that blocks the device-code flow except on managed devices.
• Number-matching MFA, so a prompt can't be approved blindly.
• Token-binding session policies, so a stolen token can't be replayed from another network.

The part worth sitting with: this capability is rented by the month now. The cost of running the attack went to *zero*. The cost of stopping it is one afternoon of Conditional Access work — what we turn on as part of Managed Inbox at \$20/mailbox. micro-it.net/services/inbox

[email protected] · 270.816.5726

Donor data at a church is regulated. People don't think about it that way — but a list of names, addresses, and giving h...
06/02/2026

Donor data at a church is regulated. People don't think about it that way — but a list of names, addresses, and giving history is a high-value target.

The attacker wants it for two reasons:

1. To run “your pastor needs gift cards” phishing against your congregation, with names and amounts that match real giving patterns.
2. To sell to data brokers who package it as "high-net-worth Christian household" lists.

The minimum we set up for every church we manage:

• The donor database lives on a managed server, backed up daily, encrypted at rest.
• Only two people have admin access. Everyone else has read-only.
• The pastor's email has impersonation protection turned on.

Our Kingdom Partner Discount applies to every Managed Endpoint and Inbox plan. 270.816.5726.

Address

55 Paradise Lane
Metropolis, IL
62960

Telephone

+278165726

Website

Alerts

Be the first to know and let us send you an email when Micro-IT posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Micro-IT:

Shortcuts

Share

Category