B&R Computers - IT Services & Cybersecurity in Lehigh Valley

Managed IT Services in Allentown, Reading & Berks County

B&R Computers provides 24/7 system monitoring, expert IT support, patch management, server and workstation management, network optimization, backup and disaster recovery, and help desk support for businesses in Allentown, Reading, Wyomissing, Kutztown, and throughout Lehigh Valley and Berks County, Pennsylvania. Our managed IT services follow industry best practices recommended by NIST Cybersecurity Framework.

Cybersecurity Solutions for Lehigh Valley Businesses

Protect your business with 24/7 security and threat monitoring, advanced endpoint protection, security incident response, vulnerability assessments, and compliance management including HIPAA, FTC Safeguards Rule, and CMMC from B&R Computers. We also provide security awareness training to help your team recognize and prevent cyber threats, following guidelines from CISA.

AI Consulting & Workflow Automation

Transform your business with AI strategy and planning, workflow automation, and AI adoption training. B&R Computers helps businesses in Berks County and Lehigh Valley leverage artificial intelligence to increase efficiency and reduce costs.

About B&R Computers

B&R Computers has over 20 years of experience providing IT services and cybersecurity solutions to businesses in the Lehigh Valley and Berks County. We are locally owned and operated in Kutztown, PA. Connect with us on Facebook and LinkedIn. We follow cybersecurity best practices recommended by the U.S. Small Business Administration (SBA).

Why Choose B&R Computers

B&R Computers is your trusted partner for managed IT support, regulatory compliance, and business automation. We serve businesses of all sizes across the Lehigh Valley and Berks County with tailored technology solutions. View our sitemap for a complete overview of our services.

Contact B&R Computers

Call (484) 641-8083 or email [email protected]. Visit us at 7 S. Kemp Rd., Kutztown, PA 19530. Contact us today for a free consultation. Serving Allentown, Reading, Wyomissing, Kutztown, and all of Berks County and Lehigh Valley, Pennsylvania. Book a strategy call online.

B&R Computers
Back to Blog
April 15, 2026Cybersecurity

The 30-Minute Checkup That Uncovered a Dark Web Secret

The 30-Minute Checkup That Uncovered a Dark Web Secret

I sat down with a local business owner last week. Let’s call him "Jim." Jim runs a successful operation here in the area, and like most established businesses, he already had an IT provider. He wasn’t looking to switch, he wasn't unhappy, and he certainly wasn't looking for a sales pitch.

He just wanted a second set of eyes.

In the world of business, we do this all the time. You get a second opinion on a medical diagnosis. You get a second quote on a construction project. You might even have a different accountant look over your books once in a while just to make sure nothing is slipping through the cracks. But for some reason, many small and medium-sized businesses (SMBs) treat their IT setup like a "set it and forget it" slow cooker.

We sat down for what was supposed to be a quick 30-minute review. No complicated software installs, no deep-packet inspection, just a conversation and a look at the high-level configurations.

What we found wasn't just surprising to Jim; it was a wake-up call.

The "Everything is Fine" Fallacy

Most business owners assume that if their computers turn on and their emails send, their IT provider is handling everything. And in many cases, the provider is doing the basics. They are patching the servers and keeping the internet running. But "running" and "secure" are two very different things.

Jim’s business was a classic example of this. He felt secure because he had a contract with a professional firm. However, as we walked through a few simple questions, the gaps started to appear. This isn't necessarily because his current provider was "bad," but because cybersecurity moves faster than most general IT workflows can keep up with.

A digital lens revealing hidden cybersecurity gaps and vulnerabilities in a local business office setup.

The Three Red Flags

During our 30-minute walkthrough, we focused on three pillars of modern security. These are often overlooked because they don't necessarily "break" the daily workflow if they are missing. You won't know they are gone until a disaster strikes.

1. Multi-Factor Authentication (MFA) was Optional

We checked his email environment. Multi-Factor Authentication (MFA) was available, but it wasn't enforced. This is one of the most common mistakes we see, and it's actually one of The Seven Deadly Sins of SMB Cybersecurity.

If MFA isn't enforced across the board, it’s effectively useless. All it takes is one employee, maybe the one who finds the extra step "annoying", to leave their account wide open. In Jim’s case, his executive team didn't have it active because they wanted the "convenience" of quick logins.

2. Backups: The "Hope" Strategy

Jim knew he had backups. He saw the line item on his invoice every month. But when I asked him when the last time those backups were tested for a full recovery, the room went quiet.

His provider was running the backups, but they weren't being tested unless Jim specifically requested it. In the IT world, an untested backup is just a collection of bits that might or might not work when your business is on the line. If you are hit with ransomware and your backup fails, you aren't just back to square one; you're out of business.

3. Zero Visibility

There was no clear visibility into login activity or potential threats. If someone from an IP address in a different country logged into Jim's email at 3:00 AM, nobody would know. There were no alerts, no logs being monitored, and no "tripwires" in place.

We talk a lot about the NIST CSF 2.0 framework, which emphasizes the need to Identify and Detect. Without visibility, you are essentially flying a plane in a storm without any radar.

Digital login screen with an unlocked padlock and warning alert, illustrating the risks of missing MFA.

The Dark Web Discovery

Then, we took it a step further. We ran a quick scan of his primary business domain against known credential leaks.

The color drained from Jim’s face when he saw the results.

His business email credentials, his actual password and username, had already been exposed on the dark web. This didn’t happen because his office was hacked directly. It happened because of a third-party breach.

Think about all the services you sign up for using your business email. Industry forums, shipping sites, software tools, or even a local catering service. When one of those third parties gets hacked, your credentials end up in a massive database sold to the highest bidder on the dark web.

At that point, it wasn’t a question of if something could happen. It was a question of when.

Because MFA was not enforced on his account, any hacker with those leaked credentials could have logged into his email at any time. They wouldn't need to "break in." As we like to say, Hackers are "Logging In" rather than breaking in these days.

No alerts. No barriers. Just access.

Imagine a bad actor sitting in Jim’s inbox for weeks, watching how he talks to his bank, learning the names of his vendors, and waiting for the perfect moment to send a fraudulent wire transfer request that looks 100% legitimate.

A business office connected to stolen data and leaked credentials hidden on the dark web below.

It’s Not About Blame; It’s About Clarity

I want to be clear: this story isn't about bashing other IT providers. The reality is that the threat landscape changes every single day. Sometimes, things get missed. Sometimes, a provider is so focused on keeping the "lights on" that they forget to lock the doors and windows.

That is exactly why we offer a simple, no-pressure review.

When we meet with a business for a second opinion, we aren't there to convince you to fire your current team. In fact, if everything looks good, we’ll be the first ones to tell you. We’ve had reviews where we walked away saying, "Your team is doing a fantastic job; don't change a thing."

But if we find gaps, like Jim’s exposed credentials or the lack of MFA, you get the clarity you need. You can take that information back to your current provider and say, "Hey, we found these issues, can we get these fixed?"

Our goal is to ensure that local businesses are protected. No sales pressure. No obligation. Just the facts.

A magnifying glass inspecting a digital network to identify hidden security risks and broken links.

What Would Happen Today?

If your email credentials were exposed on a dark web forum this morning, would there be anything stopping someone from logging in as you?

Would your current IT setup catch it? Would your phone buzz with an MFA prompt, or would the hacker have a clear path into your company's private communications?

Don't wait for a "when" to become a "now."

We’ve designed our Cyber Strategy Session to be the most valuable 30 minutes you’ll spend on your business this quarter. We’ll ask a few targeted questions, identify anything worth a second look, and give you clear, practical feedback you can actually use.

If you’d like to schedule a quick review and get that second set of eyes on your setup, you can grab a time on my calendar here:

Book Your BRC Cyber Strategy Session

Stay safe out there,

: Ryan Hertzog President, B&R Computers

P.S. Seriously: if your email credentials were exposed today, is there a single barrier between a hacker and your sensitive data? If you aren't 100% sure, it's time for that second opinion. Let's talk.

A cybersecurity shield being placed on a calendar to represent a proactive business strategy session.

Tags:Dark WebMFA
All Posts

Need Help with Your IT?

Our team of experts is ready to help secure and optimize your business technology.