E-N Computers

03/06/2026

Not all IT support is equal. And the difference often doesn't show up until something goes wrong.

A lot of businesses pay a monthly fee to their MSP and still wait hours when something breaks. Or they finally get someone on the phone who doesn't know their business, doesn't understand the urgency, and can't explain what they're fixing.

Here's what we've found separates a good MSP from one that quietly costs you more over time:

Proactive planning vs. reactive scrambling.
Does your provider tell you in January that your server needs replacing in June? Or do you find out when it fails?

Transparent pricing vs. surprise invoices.
Adding a user, setting up a computer, resetting a password — these should be included in what you're already paying. If every small task comes with a separate charge, that's a problem.

You own your systems.
Your configurations, documentation, and admin access should belong to you. Not your IT provider.

Plain English communication.
You shouldn't need an IT degree to understand what's happening with your own technology.

Response times that are documented, not promised.
There's a big difference between "we respond quickly" in a sales pitch and a service level agreement you can actually hold someone to.

We put together a full video walking through how to evaluate IT providers — what questions to ask, what red flags to watch for, and what working with the right partner looks like.

https://www.encomputers.com/how-to-choose-the-best-msp/

01/06/2026

A weak password and no MFA on a VPN took one organization offline.

That's not a hypothetical. It happened recently. The breach forced their VPN completely offline while our team rebuilt it with proper multi-factor authentication. Recovery took weeks.

We've seen a similar pattern across multiple clients in the last six weeks. A law firm dealt with an email breach that required emergency policy changes for every device on their network. Several other organizations are actively cleaning up from phishing campaigns, tightening email authentication rules, and fixing gaps in how they verify user identities.

The common thread in every one of these situations? Basic security controls were missing or incomplete.

MFA — multi-factor authentication, the second step that confirms it's actually you logging in — either wasn't set up, wasn't enforced on every system, or was using a tool the organization had outgrown. Email authentication rules that stop spoofed messages from reaching inboxes were either off or set to monitor-only, not block.

These aren't exotic attack techniques. They're the first things attackers try because they still work.
If you're not sure whether your VPN, email, and remote access tools require MFA, that's worth finding out before someone else does. Let us know about it: https://www.encomputers.com/it-project-inquiry/

29/05/2026

Please note that our office will be closed May 25th in observance of Memorial Day.



We will respond to electronic service requests and emails when we return Tuesday, May 26th.



If you need immediate assistance, please call 866-692-9082 and leave a message with our dispatcher. We will have our on-call technician call you back.



From our team here at E-N Computers, we hope you have a wonderful holiday. Stay well and stay safe.

27/05/2026

Virginia healthcare providers face a tougher security picture than most.

You're already dealing with HIPAA. On top of that, ransomware groups target healthcare data specifically. And if your practice serves federal employees, military families, or contractors, you're a target for nation-state actors who want patient records, not just a payday.

That changes what "good IT" looks like.

A managed IT provider in Virginia healthcare needs to do more than keep the lights on. They need a real answer when you ask how they detect threats. They need a 24/7 SOC, either in-house or contracted. And they need documented incident response procedures, because Virginia's breach notification law (Va. Code § 18.2-186.6) requires you to notify the Attorney General when an incident affects 1,000 or more residents. A breach hitting your full patient panel will almost certainly cross that line.

Most "best MSP" lists you'll find online won't help you here. They pull names from a Google search and rank by review scores. That's not the level of decision you're making.

We put together a guide that's different. It covers what to look for in a healthcare-ready provider, what questions to ask, what managed IT costs in this market, and a few Virginia providers we know and can recommend.

https://www.encomputers.com/2026/04/best-managed-it-for-virginia-healthcare-providers/

Virginia healthcare providers evaluating managed IT options in 2026: here's who we recommend, what to look for, and what it costs.

26/05/2026

Six years ago, Amy Birckhead and Andrea Smith joined the E-N Computers team. Today, we're celebrating both of them.

If you've worked with us, there's a good chance one of them helped make something easier for you behind the scenes.

What stands out about Amy and Andrea isn't just the years they've put in. It's how they show up. Both are the kind of teammates who say yes when someone needs a hand, no matter what's already on their plate.

They're loyal, dedicated, and a real pleasure to work with.

Six years is a long time in this industry. We're lucky to have them, and we're not taking it for granted.

Happy work anniversary, Amy and Andrea. Thank you for everything!

20/05/2026

A small defense contractor we worked with spent between $100,000 and $120,000 in year one getting onto Microsoft 365 GCC High.

About 20-25 users. Two clear reasons it made sense: their prime required GCC High for collaboration, and they handle ITAR-controlled CAD files.

For them, the math worked.

But here's what we see all the time. Contractors come to us either chasing GCC High when a less expensive option would cover their requirements, or writing it off because they assume it's beyond their budget when it isn't.

CMMC itself doesn't require GCC High. Your contract might, but not always.

The decision usually comes down to three questions:

Do you handle export-controlled data?

What does your prime actually require?

Do you want to migrate once or twice?

One more thing worth knowing if you're a smaller contractor: a lower-cost licensing option launched in late 2025 that wasn't on the table the last time most people looked at this.

Our full guide walks through how to make the call without overspending or under-protecting your business.

Read our full article: https://www.encomputers.com/2023/10/what-is-microsoft-office-365-gcc-high/

What's been the biggest factor pushing your GCC High decision so far?

18/05/2026

Most CMMC projects fail at the same spot: rushing to lock things down before knowing what actually needs protecting.

We see it constantly. A defense contractor buys tools, writes policies, and starts hardening systems. Six months in, they realize half the work was on systems that never touched CUI, and they missed controls on systems that did.

Scoping fixes this. It's the work of figuring out what data you have, what systems it touches, who needs access, and what controls you actually need.

Two reasons to start here:

It keeps your budget where it belongs. When you know what's in scope, you also know what's out. No wasted spend on systems that don't matter for compliance.

It makes your assessment go smoother. Your assessor will expect clear scope documentation. The cleaner your scope, the cleaner your audit.

What scoping actually looks like:

1. Pull your contracts, including subcontracts
2. Read them for what they tell you to protect (drawings, specs, manuals, code)
3. Inventory every piece of information your company handles, including paper and USB drives
4. Map each type of information to the contract it came from
5. Decide what qualifies as CUI under 32 CFR 2002.4
6. Map that CUI to the systems it lives on and the people who touch it

Skip this work and you'll spend money on the wrong things, walk into a stressful assessment, and still miss controls you needed.

The contractors who get CMMC right start with a map, not a hammer.

Want help building yours? Book a consultation: https://www.encomputers.com/complimentary-cmmc-consulting/

13/05/2026

$50,000 for a CMMC Level 2 audit. Another $20,000–$60,000 for GCC High licensing and migration. That's before a single security control gets implemented.

For a 20-person defense contractor, those numbers stop being a budget line and start being a reason to walk away from DoD work entirely.

They shouldn't have to.

E-N Computers offers financing for small and mid-sized defense contractors working toward CMMC compliance. Through equipment vendors like Dell and Cisco, we can structure the hardware, licensing, and consulting costs into predictable monthly payments — so a compliance investment looks more like a managed services bill and less like a balloon payment.

What we can help finance:

• GCC High migration and licensing

• Endpoint, server, and network refreshes required for L2 scope

• CMMC consulting engagements (gap analysis, SSP, POA&M, evidence collection)

• Ongoing managed compliance services

If you've been quoted a CMMC number that's giving your CFO heartburn, let's talk about how to spread the investment over a term that matches your contract timeline.

Use this form to start the process: https://www.encomputers.com/complimentary-cmmc-consulting/

11/05/2026

Losing your IT person can feel like the floor dropped out from under you. The passwords, the systems, the "how do we do this again?" — it all sits in one person's head, and now they're walking out the door.

We helped an agency through exactly this kind of handoff. Started Wednesday. Done by Friday. 🙌

The executive director's reaction afterward? "That went a lot better than I thought it was going to be."

Here's the thing about these transitions: they don't have to feel like a fire drill. We've walked into these situations many times. Most IT setups follow patterns we already know, so we don't need someone holding our hand through every login and folder. Hand us the basics and a few notes about quirks, and we're moving.

That speed matters when you're staring down a deadline. It also takes a lot of weight off the IT person who's leaving, because they're usually carrying their own stress about the whole thing.

A team that's been through this before will always beat one person trying to figure it out on the fly. Our techs have been tested by other technical pros and earned their spot. No guesswork.

Curious what a smooth handoff actually looks like? Watch the full video here: https://youtu.be/1QEd9RGjkgs

What's the trickiest IT transition you've been through?

05/05/2026

If you're a defense contractor wondering what CMMC Level 2 certification really takes, the short answer is: a lot more than buying the right software.

It's about proving — with documentation, plans, and real evidence — that you handle CUI the way the DoD expects.

For most small and mid-sized contractors, here's what that looks like:

🔍 A gap analysis to scope your systems and figure out what's actually in-scope

📄 A System Security Plan (SSP) — the detailed playbook of how your company practices cybersecurity. Assessors lean on this one hard.

🚨 An Incident Response Plan so everyone knows who does what when something goes wrong

📋 A Plan of Action & Milestones (POA&M) — your working list of weaknesses, fixes, and deadlines

☁️ Decisions around Microsoft 365 GCC High — whether you need it and how to set it up

🛠️ A GRC tool to keep documentation, inventory, and CUI marking organized

It's a lot. And honestly, it's the part some consultants won't touch. They hand you a report and disappear.

That's not how we work. We have two Registered Practitioners on our three-person CMMC team, 29 years in business, and a 100% U.S.-based staff. We walk with you through certification and help put the technical controls in place to pass.

Already have internal IT or an MSP you trust? We slide in alongside them as the compliance expert. Want one partner for everything? Our CMMC managed IT add-on layers compliance right onto your managed plan.

The October 31, 2026 deadline is closer than it feels. And the contract requirements? They're showing up now.

Full breakdown of our CMMC consulting services here: https://www.encomputers.com/cmmc-consulting-services-for-small-businesses/