E-N Computers
Share
Proudly Serving the State of Virginia and DC. visit us at www.encomputers.com We apply our values, process and expertise to every engagement. VA DCJS # 11-6604
E-N Computers is a leader in providing full-service Information Technology services. Along with general business applications, we have specialized in-depth knowledge of how office technology systems are set up for the following industries: medical, manufacturing, trucking and logistics, non-profits and education.
18/06/2026
Please note that our office will be closed June 19th in observance of Juneteenth.
We will respond to electronic service requests and emails when we return Monday, June 22nd.
If you need immediate assistance, please call 866-692-9082 and leave a message with our dispatcher. We will have our on-call technician call you back.
From our team here at E-N Computers, we hope you have a wonderful holiday. Stay well and stay safe.
15/06/2026
"FedRAMP authorized" sounds like a green light.
Pick a vendor from the FedRAMP Marketplace, sign the contract, move on. Compliance handled, right?
Not quite.
FedRAMP authorization means a vendor passed a standardized security review. That's it. It doesn't mean your specific setup meets your compliance obligations. It doesn't mean you're covered. And for defense contractors handling export-controlled data, that gap can mean rebuilding your entire cloud setup from scratch.
There's another layer worth knowing. The FedRAMP program office is running on about $10M a year with roughly two dozen employees. Deep technical reviews are increasingly rare. A new initiative called FedRAMP 20x aims to automate ongoing validation of cloud services, but authorization is still a process certification, not a security guarantee.
Using a listed product is a starting point. You still have to configure the systems, write the policies, and prove your own compliance when auditors show up.
We wrote a full breakdown on what FedRAMP means for federal contractors, including what "FedRAMP Moderate authorized" vs. "FedRAMP Moderate equivalent" means, how ITAR fits in, and how to evaluate a cloud vendor the right way.
https://www.encomputers.com/2024/10/fedramp/
Choosing an IT provider based on price alone is like hiring a surgeon because they're cheapest.
You wouldn't do it for surgery. But businesses make this mistake with IT all the time and they pay for it later.
The monthly fee is just one number. What matters is what's behind it.
Does your provider show up before problems happen, or only after you call? Do they know your compliance requirements, or will you find out they don't when an audit is on the line? When something breaks at 5 PM, is there someone available?
These are the questions that separate a good IT partner from one that just keeps the lights on.
Here's what we've seen over nearly 30 years: most businesses don't realize what they're missing until they've already experienced the failure. A security breach. A missed audit. An IT person who quit and took the passwords with them.
The right questions, asked before you sign a contract, prevent all of that.
We put together a free comparison tool to help you evaluate your options side by side. We've pre-filled our column so you can see exactly how we measure up. Use it to grade any provider you're considering on the things that actually affect your business.
https://www.encomputers.com/it-msp-comparison-tool/
08/06/2026
Failing a CMMC assessment doesn't just delay your certification. It can add three to six months to your timeline plus additional assessment fees.
Most people focus on getting the right controls in place. Fewer think about what happens when an assessor finds gaps on the day of the audit.
Here's what that looks like:
Minor gaps may be documented in a Plan of Action and Milestones (POA&M) — a formal list of what still needs to be fixed. But you won't receive certification until every required control is fully met.
Significant failures mean remediation, then a full reassessment. More time. More cost.
And there's something most defense contractors don't realize until it's too late: assessors want proof that your controls were running consistently before assessment day — not turned on the week before to pass a test.
That evidence period is what separates contractors who pass from those who have to start over.
If you're working toward CMMC Level 2 certification, the full article breaks down exactly how long this process takes and what you can do now to avoid a costly reassessment.
How Long Does CMMC Compliance Really Take in 2026? (Real Timeline Explained) Most contractors hear “45 days” — reality is 12–18 months. Here’s the real CMMC compliance timeline, broken down step by step so you can plan, budget, and avoid costly mistakes.
Not all IT support is equal. And the difference often doesn't show up until something goes wrong.
A lot of businesses pay a monthly fee to their MSP and still wait hours when something breaks. Or they finally get someone on the phone who doesn't know their business, doesn't understand the urgency, and can't explain what they're fixing.
Here's what we've found separates a good MSP from one that quietly costs you more over time:
Proactive planning vs. reactive scrambling.
Does your provider tell you in January that your server needs replacing in June? Or do you find out when it fails?
Transparent pricing vs. surprise invoices.
Adding a user, setting up a computer, resetting a password — these should be included in what you're already paying. If every small task comes with a separate charge, that's a problem.
You own your systems.
Your configurations, documentation, and admin access should belong to you. Not your IT provider.
Plain English communication.
You shouldn't need an IT degree to understand what's happening with your own technology.
Response times that are documented, not promised.
There's a big difference between "we respond quickly" in a sales pitch and a service level agreement you can actually hold someone to.
We put together a full video walking through how to evaluate IT providers — what questions to ask, what red flags to watch for, and what working with the right partner looks like.
https://www.encomputers.com/how-to-choose-the-best-msp/
01/06/2026
A weak password and no MFA on a VPN took one organization offline.
That's not a hypothetical. It happened recently. The breach forced their VPN completely offline while our team rebuilt it with proper multi-factor authentication. Recovery took weeks.
We've seen a similar pattern across multiple clients in the last six weeks. A law firm dealt with an email breach that required emergency policy changes for every device on their network. Several other organizations are actively cleaning up from phishing campaigns, tightening email authentication rules, and fixing gaps in how they verify user identities.
The common thread in every one of these situations? Basic security controls were missing or incomplete.
MFA — multi-factor authentication, the second step that confirms it's actually you logging in — either wasn't set up, wasn't enforced on every system, or was using a tool the organization had outgrown. Email authentication rules that stop spoofed messages from reaching inboxes were either off or set to monitor-only, not block.
These aren't exotic attack techniques. They're the first things attackers try because they still work.
If you're not sure whether your VPN, email, and remote access tools require MFA, that's worth finding out before someone else does. Let us know about it: https://www.encomputers.com/it-project-inquiry/
29/05/2026
Please note that our office will be closed May 25th in observance of Memorial Day.
We will respond to electronic service requests and emails when we return Tuesday, May 26th.
If you need immediate assistance, please call 866-692-9082 and leave a message with our dispatcher. We will have our on-call technician call you back.
From our team here at E-N Computers, we hope you have a wonderful holiday. Stay well and stay safe.
27/05/2026
Virginia healthcare providers face a tougher security picture than most.
You're already dealing with HIPAA. On top of that, ransomware groups target healthcare data specifically. And if your practice serves federal employees, military families, or contractors, you're a target for nation-state actors who want patient records, not just a payday.
That changes what "good IT" looks like.
A managed IT provider in Virginia healthcare needs to do more than keep the lights on. They need a real answer when you ask how they detect threats. They need a 24/7 SOC, either in-house or contracted. And they need documented incident response procedures, because Virginia's breach notification law (Va. Code § 18.2-186.6) requires you to notify the Attorney General when an incident affects 1,000 or more residents. A breach hitting your full patient panel will almost certainly cross that line.
Most "best MSP" lists you'll find online won't help you here. They pull names from a Google search and rank by review scores. That's not the level of decision you're making.
We put together a guide that's different. It covers what to look for in a healthcare-ready provider, what questions to ask, what managed IT costs in this market, and a few Virginia providers we know and can recommend.
https://www.encomputers.com/2026/04/best-managed-it-for-virginia-healthcare-providers/
Best managed IT for Virginia healthcare providers Virginia healthcare providers evaluating managed IT options in 2026: here's who we recommend, what to look for, and what it costs.
26/05/2026
Six years ago, Amy Birckhead and Andrea Smith joined the E-N Computers team. Today, we're celebrating both of them.
If you've worked with us, there's a good chance one of them helped make something easier for you behind the scenes.
What stands out about Amy and Andrea isn't just the years they've put in. It's how they show up. Both are the kind of teammates who say yes when someone needs a hand, no matter what's already on their plate.
They're loyal, dedicated, and a real pleasure to work with.
Six years is a long time in this industry. We're lucky to have them, and we're not taking it for granted.
Happy work anniversary, Amy and Andrea. Thank you for everything!
20/05/2026
A small defense contractor we worked with spent between $100,000 and $120,000 in year one getting onto Microsoft 365 GCC High.
About 20-25 users. Two clear reasons it made sense: their prime required GCC High for collaboration, and they handle ITAR-controlled CAD files.
For them, the math worked.
But here's what we see all the time. Contractors come to us either chasing GCC High when a less expensive option would cover their requirements, or writing it off because they assume it's beyond their budget when it isn't.
CMMC itself doesn't require GCC High. Your contract might, but not always.
The decision usually comes down to three questions:
Do you handle export-controlled data?
What does your prime actually require?
Do you want to migrate once or twice?
One more thing worth knowing if you're a smaller contractor: a lower-cost licensing option launched in late 2025 that wasn't on the table the last time most people looked at this.
Our full guide walks through how to make the call without overspending or under-protecting your business.
Read our full article: https://www.encomputers.com/2023/10/what-is-microsoft-office-365-gcc-high/
What's been the biggest factor pushing your GCC High decision so far?
Contact the business
Telephone
Website
Opening Hours
| Monday | 08:00 - 17:00 |
| Tuesday | 08:00 - 17:00 |
| Wednesday | 08:00 - 17:00 |
| Thursday | 08:00 - 17:00 |
| Friday | 08:00 - 17:00 |