B&R Computers - Business Risk Advisors | IT & Cybersecurity in Lehigh Valley

Managed IT Services in Allentown, Reading & Berks County

B&R Computers provides continuous system monitoring, expert IT support, patch management, server and workstation management, network optimization, backup and disaster recovery, and help desk support for businesses in Allentown, Reading, Wyomissing, Kutztown, and throughout Lehigh Valley and Berks County, Pennsylvania. Our managed IT services follow industry-leading security frameworks and best practices.

Cybersecurity Solutions for Lehigh Valley Businesses

Protect your business with continuous security and threat monitoring, advanced endpoint protection, security incident response, vulnerability assessments, and compliance management from B&R Computers. We also provide security awareness training to help your team recognize and prevent cyber threats.

About B&R Computers

B&R Computers has over 20 years of experience providing IT services and cybersecurity solutions to businesses in the Lehigh Valley and Berks County. We are locally owned and operated in Kutztown, PA. Connect with us on Facebook and LinkedIn. We follow cybersecurity best practices recommended by the U.S. Small Business Administration (SBA).

Why Choose B&R Computers

B&R Computers is your trusted partner for managed IT support and regulatory compliance. We serve businesses of all sizes across the Lehigh Valley and Berks County with tailored technology solutions. View our sitemap for a complete overview of our services.

Contact B&R Computers

Call (484) 641-8083 or email [email protected]. Visit us at 7 S. Kemp Rd., Kutztown, PA 19530. Contact us today for a free consultation. Serving Allentown, Reading, Wyomissing, Kutztown, and all of Berks County and Lehigh Valley, Pennsylvania. Book a strategy call online.

B&R Computers - Managed IT and Cybersecurity Services in Lehigh Valley PA
Back to Blog
May 8, 2026Business Risk

Are You Making These Common Business Risk Mistakes? Why Untested Backups and MFA Gaps Are Ticking Time Bombs

Are You Making These Common Business Risk Mistakes? Why Untested Backups and MFA Gaps Are Ticking Time Bombs

Let’s be honest for a second. As a business owner, you probably have a mental "to-do" list that’s three miles long. Somewhere on that list, nestled between "hiring a new operations manager" and "reviewing Q3 projections," is a little box labeled IT and Security.

Most of the time, that box gets a quick mental checkmark. Why? Because you pay someone, an internal person or an outside firm, to handle it. You assume that because the lights are on and the emails are flowing, your business is safe.

But there’s a massive difference between "functional IT" and "Business Risk Mitigation."

At B&R Computers, we see it every day. Businesses in Allentown, Reading, and beyond are operating under a false sense of security. They aren’t suffering from a lack of technology; they are suffering from a lack of strategy. Specifically, they are sitting on "ticking time bombs" that could derail their entire operation in a matter of hours.

Today, I want to talk about the two biggest culprits: untested backups and gaps in Multi-Factor Authentication (MFA). If you think you’re covered, I challenge you to keep reading. You might find that your safety net has more holes than you realize.

The Illusion of "I'm All Set"

When I sit down with business owners for a Business Review, one of the first things I hear is, "Ryan, we’re good. Our IT guy says the backups are running every night."

That’s great. Truly. But "running" and "working" are two very different things.

In the world of business risk, an untested backup is essentially non-existent. Think about it like a fire extinguisher. You see it hanging on the wall every day. It looks fine. But if you haven't checked the pressure gauge or had it inspected in five years, do you really want to wait until the breakroom is on fire to find out if it works?

The same logic applies to your data. If your business fell victim to a ransomware attack tomorrow, or if a server simply gave up the ghost, how long would it take you to get back online?

  • Do you know which files are backed up?
  • Do you know where they are stored (on-site, cloud, or both)?
  • Most importantly, when was the last time someone actually restored a full server to prove the data wasn't corrupted?

If you can’t answer those questions with 100% certainty, you aren't managing risk, you’re gambling with your company’s future.

A non-functional fire extinguisher on an office wall, symbolizing the risk of untested data backups.

Schrödinger’s Backup: Why Having One Isn't Enough

In physics, there’s a famous thought experiment called Schrödinger’s Cat, where a cat is both alive and dead until you open the box to look. Backups work the same way. Until you attempt a restore, your backup is both functional and useless at the same time.

We recently spoke with a company that thought they were doing everything right. They had an automated backup system that sent them an email every morning saying "Backup Successful." For three years, they saw that green checkmark and felt safe.

Then, a localized flood damaged their main server. When they went to pull the data from the cloud, they discovered that while the system was running, it was only backing up the directory structure, not the actual files. Three years of data, gone. The "Success" email was technically true; the software successfully finished its task. It just wasn't the task the owner thought it was doing.

This is why Cybersecurity isn't just a technical service; it's a core business function. It requires regular "fire drills." At B&R Computers, we believe in a "trust but verify" model. If you haven't seen a successful restore report in the last 90 days, you are currently operating at high risk.

The MFA Gap: The Back Door You Left Unlocked

The second "ticking time bomb" we see is the Multi-Factor Authentication (MFA) gap.

By now, most people know what MFA is. It’s that extra code you get on your phone when you log into your bank account. Most business owners have it turned on for their primary email (Microsoft 365 or Google Workspace). They think, "Okay, the front door is locked."

But what about the side door? Or the window in the basement?

Hackers don't always go for the most obvious entry point. They look for the gaps. Common MFA gaps include:

  1. Legacy Applications: That old accounting software or CRM you’ve been using for ten years that doesn't support MFA.
  2. Local Server Logins: Your IT team might use MFA for email, but can someone log directly into your server or an admin account with just a password?
  3. VPNs and Remote Access: With more people working from home, remote access points are prime targets. If your VPN doesn't require MFA, you’re essentially leaving a key under the mat.
  4. The "MFA Fatigue" Factor: If your team isn't trained, they might just click "Approve" on their phone to get a notification to go away, even if they didn't initiate the login.

Risk mitigation means looking at your entire digital footprint, not just the easiest parts to secure.

Business owner facing a server warning light, representing the ticking time bomb of IT security gaps.

Why Your "IT Guy" Might Be Missing the Big Picture

This isn't a knock on IT professionals. Most are hardworking people who are great at fixing things when they break. But there is a fundamental difference between IT Support and Risk Management.

IT Support is reactive. You call them when the printer jams or the Wi-Fi is slow. Risk Management is proactive. It looks at the business as a whole and asks: "What could put us out of business, and how do we stop it before it happens?"

Often, IT providers get comfortable. They set up a system five years ago and, because it hasn't crashed yet, they assume it’s still the best way to do things. But the threat landscape changes every single week. If your IT strategy hasn't evolved to include things like AI-driven threat detection or immutable backups, you're falling behind.

This is why we offer a 20-30 minute Business Review. It’s not a high-pressure sales pitch. In fact, many of the businesses we review stay with their current IT provider. The value of the review is that it provides a fresh set of eyes: an "audit" of sorts: to identify the gaps that your current provider might have missed because they’re too close to the day-to-day "fires."

7 Tough Questions to Ask Your Current IT Provider

If you want to empower yourself as a business owner, you need to start asking the right questions. Don't settle for "It's handled." Demand evidence. Here are seven questions you can ask your current IT team or provider this week:

  1. "When was the last time we performed a 'bare metal' restore of our most critical server, and how long did it take to get back online?"
  2. "Is MFA enforced on every single entry point into our network, including local admin accounts and legacy software?"
  3. "If our primary office was destroyed by a fire or flood today, exactly how many hours would it take for our team to be working again from a remote location?"
  4. "Do we have an immutable backup (a backup that cannot be deleted or changed, even by someone with admin credentials) to protect us from ransomware?"
  5. "How are we managing the risk of employees using 'Shadow AI' (unauthorized AI tools) that might be leaking our company or client data?"
  6. "Are our backups stored in a way that is physically and logically separated from our main network?"
  7. "Can you show me a report from the last 30 days that proves our security patches were successfully applied to every device, not just the servers?"

Their reaction to these questions will tell you everything you need to know. If they get defensive or give vague answers, you have a major business risk on your hands. If they can pull up reports and explain the strategy clearly, you’re in a much better spot.

A propped open side door at a dark office building, highlighting business risk and MFA vulnerabilities.

The Shift: From Technical Expense to Strategic Asset

At B&R Computers, we want to help you move IT from the "expense" column to the "strategic asset" column. When your risks are mitigated, you have the confidence to grow. You can adopt new technologies: like AI: without worrying that you’re opening a Pandora's box of security issues.

Whether you are looking for IT Services in Reading or Cybersecurity in Allentown, the conversation should always start with risk.

Take the Next Step: The 20-Minute Risk Checkup

You wouldn't run your business without insurance. You wouldn't leave your storefront unlocked overnight. So why leave your digital assets: the literal lifeblood of your company: to chance?

If you aren't 100% sure about your backups or your MFA coverage, let’s chat. We offer a Business Review meeting specifically designed for busy owners. We’ll look at your current setup, identify any "ticking time bombs," and give you a clear roadmap of what needs to be fixed.

Again, even if you have an IT person you love, this review is beneficial. Think of it like getting a second opinion from a specialist before a major surgery. It’s just smart business.

Don't wait for the "Success" email to lie to you. Verify your safety today. You can also explore our Resources Hub for more guides on how to protect your business in an increasingly digital world.

Are you ready to move from "hopeful" to "secure"?

Schedule your Business Review here.

Tags:MFABackupsCybersecurity
All Posts

Find out where your business is exposed

Most businesses don't know their biggest risks until it's too late. Get a clear picture of your vulnerabilities — and a plan to address them.