The OG of IT - Joe Popper, Author at Popper Tech Team

The OG of IT - Joe Popper / August 29, 2025

BCDR vs. Backup: What’s the Difference for Your Business?

When your business grinds to a halt, every minute feels like a countdown. A server crash, ransomware attack or even a simple power outage can throw operations off track. That’s when the question hits hard: Can you bounce back quickly enough to keep customers and revenue safe?

It’s easy to assume backups are enough, but that’s only part of the picture.

Backups preserve data, but they don’t restore your systems, applications or processes. That’s the role of a business continuity and disaster recovery (BCDR)plan. It’s the difference between having a backup of your data and having your entire business operational when things go wrong.

Why backup sand BCDR must work together

While backups restore what you had, a BCDR plan ensures you can keep running. A cyberattack can encrypt your systems, a flood can knock out your hard ware or a simple misconfiguration can lock users out of critical tools. Even with perfect backups, you can still face days of downtime.

Downtime is expensive and can cost you more than lost revenue. It damages customer trust, stalls operations and causes missed opportunities. Without a BCDR plan, you’re patching holes instead of steering the ship. That’s why a strong strategy combines reliable backups with a robust BCDR plan to cover both your data and your operations.

What a complete BCDR plan includes

A strong BCDR plan doesn’t just save data—it keeps your business alive and serves customers when everything else falls apart. Here’s what a solid plan should include:

Reliable, tested backups : Backups are only as good as the last time they were tested. A BCDR plan ensures they’re verified under real conditions so you know they’ll work when disaster strikes.
System and application recovery : Restoring files isn’t enough. Your business depends on critical systems and applications that must run smoothly around the clock. BCDR focuses on rebuilding your operational backbone so your teams can get back to work fast.
Failover capabilities : When primary systems fail, you need a way to switch to an alternate infrastructure, such as cloud environments, without missing a beat. A solid BCDR plan provides a safety net and keeps essential services running while you repair the damage.
Defined roles and clear procedures : In a crisis, hesitation can be costly. A BCDR plan outlines who acts, how decisions are made and how communication flows—so every second counts toward recovery.
Regular testing and updates : Threats evolve, and so should your plan. Ongoing drills and updates keep your BCDR plan aligned with your business and the risks you face today.

Protect more than data; protect your business

Backups are a good starting point, but they’re not the finish line. A well-built BCDR plan turns disruption into a test you’re ready to pass. It keeps your business resilient, responsive and running.

Not sure where to begin? You’re not alone. An expert IT service provider like us can help you build a plan that protects more than just files and safeguards the future of your entire business.

Book a no-obligation consultation today. Let’s talk about building resilience that lasts.

Blog

The OG of IT - Joe Popper / August 2, 2025

Facing the Fear: Why Now Is the Time to Embrace AI

Split-screen image of two CEOs: one panicked while viewing a declining sales chart labeled "My Company Sales" and "AI is taking our business away," and the other confident and smiling while viewing an accelerating sales chart powered by AI. — On the left, fear grips a CEO as sales plummet and competitors thrive with AI. On the right, success shines through as AI drives growth and confidence.

Facing the Fear: Why Now Is the Time to Embrace AI

There’s no question that AI is a game changer. From transforming how we work to unlocking new business models, AI has the power to dramatically accelerate both company-wide productivity and individual performance. Whether it’s automating repetitive tasks, surfacing insights faster, or enabling entirely new ways of thinking, AI is already reshaping the future of work. But despite the promise, one thing continues to hold us back: fear.

👔 Executive Fear: “Will AI Make Us Obsolete?”

At the leadership level, the fear is existential. What if AI disrupts our current business model? What if competitors adopt faster and leave us behind? These are valid concerns—but they’re also signals that it’s time to act. The companies that win in the AI era won’t be the ones who wait. They’ll be the ones who lead with clarity, communicate transparently, and build AI into their strategy. If you’re an executive, now is the time to:

Adopt an AI policy that clearly outlines your goals and strategic direction.
Identify where AI can improve operations, customer experience, or innovation.
Communicate openly about how AI will affect the company—positively and realistically.

👩‍💻 Employee Fear: “Will AI Take My Job?”

At the employee level, the fear is personal. Will AI replace me? Will I be left behind because I don’t know how to use it? These fears are real—but they don’t have to define the future. The truth is, AI isn’t just about replacement. It’s about augmentation. It’s about giving people tools to do more, faster, and better. If you’re leading a team, start by:

Offering AI training that’s practical, hands-on, and inclusive.
Creating space for internal conversations about how AI can improve workflows.
Encouraging experimentation so employees feel empowered, not threatened.

🛠️ IT’s Role: Enabler or Bottleneck?

AI is no longer just a data science project—it’s an IT function. That means your IT team needs to be ready to:

Support AI workflows across departments.
Provide education and onboarding for new tools.
Ensure governance and compliance are built in from the start.

Ask yourself: Is your IT team equipped to enable AI adoption at scale? If not, it’s time to reevaluate.

🚀 The Bottom Line

AI is here. The question isn’t whether to adopt it—it’s how. And the answer starts with acknowledging the fear, building trust, and taking action. At Popper Tech, we believe the future belongs to the teams who are bold enough to lead through uncertainty—and smart enough to bring everyone along for the ride.

august 2025 newsletter, Blog

The OG of IT - Joe Popper / July 30, 2025

IT and Cyber Insurance: Why You Can’t Afford to Ignore Either

Cyberthreats are evolving fast, especially with the rise of AI-powered attacks. That’s why a solid IT strategy is your first line of defense, while cyber insurance acts as your financial safety net when threats break through.

In this blog, we’ll explore why combining a strong IT strategy with comprehensive cyber insurance isn’t just smart—it’s essential for protecting your business in today’s AI-driven threat landscape.

How IT and Insurance work together

Many businesses mistakenly view IT and cyber insurance as unrelated, but in reality, they should work together to strengthen your overall resilience. A strong IT strategy not only protects your business but also improves your eligibility for cyber coverage and helps you get the most from your policy.

An experienced IT service provider can guide you through this process and help you qualify and maintain your coverage. Here’s how:

Assess your current security posture: Your IT partner will evaluate your current landscape, identify vulnerabilities and develop a plan of action. On going risk assessments strengthen your defense sand demonstrate to insurers that you actively manage risk and prioritize data protection.

Implement required controls and best practices: Once gaps are identified, your IT service provider will implement the proper security measures and best practices, such as multifactor authentication (MFA) and access controls. These keep the hackers away and demonstrate to the insurers that you take security seriously.

Document policies and procedures: An experienced IT partner helps you document essential procedures, security policies, and response plans, which are key elements insurers look for when approving claims and maintaining coverage.

Create and test incident response plans: An incident response plan is vital. Your IT partner can help you build and test it thoroughly, ensuring you are prepared for various scenarios and can bounce back quickly. This readiness also signals to insurers that your business is resilient and well-managed.

Conduct ongoing monitoring: Your business operates in a threat landscape that is constantly evolving. A trusted IT partner can provide regular monitoring to keep your defenses current. This shows insurers that you’re committed to staying protected.

Align Your IT With Cyber Insurance

When your IT and insurance strategies are aligned, you’re not just protected but also prepared. Managing IT alone is challenging, and aligning it with cyber insurance requirements can feel overwhelming. That’s exactly where we come in.

We’ll help you put all the pieces together, make sense of the jargon and create an IT strategy that gives you clarity and confidence. Let’swork together to secure your business. Schedule a no-obligation call today.

august 2025 newsletter, Blog

The OG of IT - Joe Popper / July 30, 2025

Cyber Insurance Basics : What Every Business Needs to Know

Cyber attacks rarely come with a warning, and when they hit, the damage can be fast and costly. From data recovery to managing the fallout, a single breach can derail your operations for days or weeks.

That’s where cyber insurance can step into reduce the financial impact of an attack.

However, not all policies offer the same protection. What is and isn’t covered often depends on whether your business met the insurer’s security expectations before the incident.

In the sections ahead, we’ll break down what that means and how to prepare.

What is cyber insurance and why does it matter?

Cyber insurance is a policy designed to help businesses recover from digital threats like data breaches and ransomware attacks. It can cover the cost of cleanup when systems are compromised and reputations are on the line.

Depending on the policy, cyber insurance may cover:
Data recovery and system restoration
Legal fees and regulatory fines
Customer notification and credit monitoring
Business interruption losses
Ransom payments (in some cases)

While cyber insurance is a smart investment, getting insured is only the first step. What you do afterward, like maintaining strong cyber hygiene, can determine whether your claim holds up.

Why cyber insurance claims are often denied

A cyber insurance policy doesn’t guarantee a payout. Insurers carefully assess cybersecurity measures before paying out. Common reasons for denied claims include:

Lack of proper security controls
Outdated software or unpatched systems
Incomplete or insufficient documentation
Improper incident response plan

A policy only goes so far; you need to prove that your digital house was in order before the incident occurred.

How to strengthen your cyber insurance readiness

To avoid costly claim denials, your security posture needs to match the expectations of your insurer. That means implementing the very safeguards many underwriters now require:

Strong cybersecurity fundamentals like multi-factor authentication (MFA), backup systems and endpoint protection
A documented incident response plan
Routine updates and patching
Continuous employee training focused on cyber hygiene
Regular risk assessments and remediation

This is where working with the right IT partner can make all the difference.

The role of your IT partner in cyber insurance

An experienced IT service provider like us can help you close the security gaps that insurers look for, ensuring your infrastructure meets their standards and your business is ready to respond when it matters most.

Let’s talk about how we can turn your IT strategy into a true asset that protects your business and strengthens your insurance position.

Blog, july 2025 blogs

The OG of IT - Joe Popper / July 3, 2025

The Role of IT Service Providers in Mitigating IT Risks

In today’s fast-moving business landscape, change is constant and often unpredictable. Markets can be disruptive, volatile and even devastating. As a business leader, one of your most pressing concerns should be: Can your IT strategy withstand the pressure when things get tough? Are you keeping pace with emerging technologies? And is your infrastructure equipped to handle the ever-evolving landscape of cybersecurity threats?

That’s where a strategic IT partner comes in. The right IT service provider doesn’t just react to risks—they anticipate them. They build resilient systems that can absorb the shocks of economic turbulence and cyberattacks.

In this blog post, we’ll explore how IT service providers help you mitigate risk and, most importantly, what makes one truly reliable.

Let’s dive in.

What makes an IT service provider reliable

A reliable service provider gives you the confidence to navigate the worst storms. Here’s how a reliable service provider keeps your business safe and reduces risks:

Proven experience and expertise: A reliable service provider has a track record of successfully managing IT for businesses like yours. They also have an army of highly skilled and trained IT professionals who keep up with the latest tech trends and best practices so they can use their knowledge to help their clients manage risks.

Robust security measures: A trusted partner leaves no stone unturned when it comes to cybersecurity. They implement extensive security measures that continuously monitor, detect and respond to risks.

Transparent communication: A great IT service provider never keeps you guessing and understands that IT risk grows when leaders are kept in the dark. That’s why they maintain clear communication to ensure you know exactly what’s happening. You get timely updates, security audit reports and IT performance reports, and most importantly, their support is always prompt and reliable.

Operational efficiency: Unplanned down time can be devastating for your business, especially during a markets lowdown. A good partner ensures minimal disruptions and keeps your systems up and running while ensuring your data is backed up, systems are updated, and a recovery plan is in place.

Predictable pricing and value: When times are uncertain, it’s important that you get the most value out of every penny you spend. A reliable IT service provider offers prices that are transparent with no hidden fees and offers services that maximize your return on investment.

Strategic IT planning: IT is the backbone of your business, and if it’s outdated, it will only hurt your growth. Astrong IT partner ensures that your tech strategy aligns with your business goals. They ensure that your tech is efficient and ready to scale up and down along with your business needs.

Mitigating IT risks is non-negotiable

A solid IT strategy is the best defense against the unknown. And that’s something only a reliable IT partner can help you build—not by promising the universe but by standing firm when the unexpected strikes.

We can help you proactively manage risks, keep your systems secure and help you build resilience. Ready to take the next steps? Schedule a no-obligation consultation today to learn how we can help you reduce IT risks, maintain stability and stay prepared.

Blog, july 2025 blogs

The OG of IT - Joe Popper / July 2, 2025

Top 4 Business Risks of Ignoring IT Strategy

A weak technology strategy rarely announces it self. At first, it may look like a few scattered tech issues, such a slagging systems, integration failure and unexpected system out ages. In reality, these aren’t random problems but signs of a deeper issue: an IT strategy that hasn’t kept up with the business.

Most companies don’t intentionally overlook strategy; it just falls behind while day-to-day operations take over. But without a clear roadmap, the cracks start to show fast.

In this blog, we’ll discuss the top four business risks of ignoring your IT strategy and why addressing it early matters.

The fallout of a poor IT strategy

A risky IT strategy impacts more than your tech stack. It affects how your business runs, grows and stays competitive.

Operational disruptions

Without a structured IT roadmap that prioritizes coordination, your tools and platforms start working in silos. Updates clash, integrations break and routine processes turn into time-consuming work arounds. What should be seamless becomes a source of friction. Your team ends up wasting time fixing problems that a proper strategy would have prevented.

Reputational damage

Customers and partners may not see the backend, but they definitely feel its failures. Whether it’s a delayed delivery, a dropped interaction or a visible security lapse, each one chips away at your credibility. Even a small issue can lead someone to question whether your business is equipped to support them reliably.

Financial losses

When your IT evolves without structure, spending becomes reactive and unpredictable. You pay more for emergency support, last-minute licenses and rushed fixes. Meanwhile, cost-saving opportunities, like consolidating vendors and automating manual tasks, go unexplored. Over time, unplanned spending adds up to real damage to your budget.

Employee frustration

Even the most skilled employees struggle with unreliable tools. Lagging systems and repeated outages create constant interruptions that drain focus and energy. Productivity suffers, morale drops and internal confidence in the company’s direction starts to erode. The wrong setup not only slows down the work but also slows down the people.

It’s time to shift from reactive to resilient

A smart IT strategy effectively connects your systems, aligns them with your goals and removes the guess work from your technology decisions. It helps you reduce friction, limit surprises and prepare for growth with confidence.

If your team spends more time trouble shooting than executing, it’s a sign that your tech is running ahead of your strategy, or worse, without one.

You don’t need to overhaul everything. You just need a clearer plan. One that simplifies operations, improves performance and supports your team as your business moves forward.

Need help? We’re by your side. Our expertise might be exactly what your business needs. Contact us today to schedule a no-obligation consultation.

Blog

The OG of IT - Joe Popper / May 27, 2025

Who Touches Money in Your Organization?

A discreet exchange of cash highlighting financial risk and responsibility — *Anyone who moves money is a target—and a responsibility.*

Who Touches Money?

In every business, there are people who manage, move, and authorize the flow of funds. These individuals aren’t just important to your operations—they’re prime targets for cybercriminals.

If someone touches money, they touch risk. And your job is to protect them—and your business.

Why Financial Roles Are High-Risk Targets

Cyberattacks don’t happen at random. They’re engineered. And threat actors know exactly where to aim:

Accounts payable
Payroll
Finance managers
Executives with wire transfer approval
Anyone with access to banking platforms or sensitive customer data

These team members are targeted with phishing emails, business email compromise (BEC) scams, and social engineering attacks designed to trick them into wiring funds, revealing credentials, or paying fake invoices.

Real-World Example

A CFO receives an urgent email from the CEO—asking for a wire transfer to close a deal. The email looks legitimate. The language sounds right. The pressure is high.

The problem? It wasn’t the CEO. It was a cybercriminal who had studied the organization and spoofed the email address.

One click. One transfer. One mistake. Tens of thousands lost.

Questions Every Business Should Ask

Who in your organization can authorize payments?
Who can initiate a wire transfer?
Who reconciles bank statements?
Who can change vendor or payroll information?

Now ask this:

Are those people trained to spot phishing and social engineering attacks?
Is multi-factor authentication enabled on every financial system?
Are approval processes clearly defined—and hard to bypass?

How to Protect the People Who Touch Money

Especially for finance teams. Make sure they can recognize fake emails, spoofed domains, and suspicious requests.
Segregation of Duties
No single person should have end-to-end control of financial transactions.
Verification Procedures
Require verbal confirmation or dual sign-off for any significant financial action.
Email Authentication & Filtering
Use SPF, DKIM, and DMARC to reduce spoofing. Set up filters for flagged keywords like “urgent,” “wire,” or “invoice.”
Audit Trails & Alerts
Implement activity monitoring and alerts for changes to vendor accounts or unusual transfer behavior.

Final Thought

If you’re not securing the people who touch your money, you’re not securing your business. Cybersecurity is no longer just an IT issue—it’s a finance issue, a leadership issue, and a trust issue.

So ask yourself: Who touches money in your company?

Now—what are you doing to protect them?

Blog

The OG of IT - Joe Popper / May 27, 2025

Your Weakest Point Is Your Weakest User

In cybersecurity, the strongest firewall, most advanced encryption, and latest security software can all be undone by one careless click.

That’s why the harsh truth is this: your weakest point is your weakest user.

The Human Factor in Cybersecurity

While businesses invest heavily in IT infrastructure, many overlook the most exploited vulnerability—human behavior. Social engineering, phishing, and credential theft remain top attack methods because they target people, not machines.

According to Verizon’s Data Breach Investigations Report, over 80% of breaches involve the human element. This includes employees clicking on malicious links, using weak passwords, or unknowingly granting access to cybercriminals.

Real-World Impact

It only takes one person:

Opening an infected attachment.
Reusing a password across work and personal accounts.
Approving an MFA prompt they didn’t initiate.

And just like that, attackers have a foothold into your network.

Strengthening Your Human Firewall

Here’s how to reduce user-based vulnerabilities:

1. Ongoing Security Awareness Training

Train your staff regularly—not just once a year. Make it engaging and scenario-based so users can recognize phishing, vishing, smishing, and pretexting in real life.

2. Simulated Phishing Campaigns

Test your users with fake phishing emails. Track who clicks, who reports, and who ignores. Then coach accordingly.

3. Multi-Factor Authentication (MFA)

Require MFA across all systems. It won’t stop all attacks, but it dramatically reduces the risk of compromised credentials being abused.

4. Access Control & Least Privilege

Employees should only have access to the systems and data they need. If a user account is compromised, limited access means limited damage.

5. Incident Response Training

Don’t just protect—prepare. Teach employees how to respond if they suspect they’ve made a mistake or see something suspicious.

Leadership Responsibility

Cybersecurity isn’t just IT’s job. It’s a business-wide priority. Leadership must foster a culture where security is everyone’s responsibility—not just an afterthought.

Final Thoughts

Your technology is only as strong as the people using it. Empower your employees with the tools, training, and awareness they need to become your first line of defense—not your biggest liability.

Because your weakest point should never be your weakest user.

A photorealistic image of a chain of people pointing at one another, starting with a large authoritative hand at the top pointing down. Each person in the sequence points to someone smaller, visually representing the passing of blame.

Blog

The OG of IT - Joe Popper / May 26, 2025

You Can’t Outsource Responsibility

Why relying on third-party vendors doesn’t exempt you from accountability in cybersecurity

In today’s digital-first world, organizations of all sizes rely on third-party vendors to manage IT, cloud services, and security infrastructure. This makes sense—outsourcing brings expertise, efficiency, and scalability. But there’s one thing you can never outsource:

Responsibility.

A recent incident involving a prominent nonprofit in San Francisco highlights this truth. The organization experienced a ransomware attack that exposed sensitive donor and customer data. While the technical services had been outsourced, the public and legal backlash fell squarely on the organization itself—not the vendor.

Why? Because your customers don’t care who manages your systems. They care that their data is safe.

🔐 What This Means for Your Organization

1. You are still accountable—no matter who you hire.

Your name is on the domain, the donation page, and the privacy policy. If something goes wrong, clients, regulators, and the media will look to you, not your MSP or hosting provider.

2. Vendor oversight is a cybersecurity control.

Hiring a third-party vendor doesn’t end your responsibility—it begins a new phase of oversight. Are they following best practices? Are their policies audited? Have you reviewed their breach history or security certifications?

3. Security must be baked into your contracts and culture.

Make sure your contracts with third parties include clauses around breach notification, liability, minimum security standards, and regular testing. But just as importantly, foster an internal culture where security is everyone’s job—from staff to board members.

✅ What You Can Do Today

Review your vendor relationships and ensure security obligations are clearly defined.
Implement a vendor risk management program if you don’t have one.
Conduct tabletop exercises involving third-party incidents.
Communicate clearly and transparently with stakeholders about how their data is protected.

Final Thought

Cybersecurity isn’t something you buy once and forget. It’s an ongoing responsibility—and while partners can support your mission, they can’t shield you from the consequences of failure.

When it comes to protecting your data, your people, and your reputation:

You can outsource the service. But not the responsibility.

Blog, June newsletter 2025

The OG of IT - Joe Popper / May 26, 2025

Watch Out for These Phishing and Social Engineering Techniques

As a business owner, you understand the risks that phishing and social engineering attacks pose to your business. But the challenge now for leaders like you is that these threats are constantly evolving and have become more sophisticated than ever.

What should concern you most is that hackers are targeting your employees. One mistake by an untrained employee can have serious financial and reputational damage. That’s why you should make awareness your first line of defense.

In this blog, we’ll show you what to watch out for. The better you understand the se phishing and social engineering techniques, the better you’ll be able to protect your business.

Common tactics used by attackers

Gone are the days when bad grammar was a telltale sign of a phishing attempt. Thanks to AI, hackers have levelled up their game. Here are some common tactics they’ re using to lure their victims:

URL spoofing: Imagine walking into your favorite ice cream shop to discover that it only looks familiar because the store copied the logo and brand colors, but it’s actually a fake store. Similarly, hackers overlay the image of an authentic website with a malicious link. The website uses the logo, URL, color and branding of a trusted website to trick you into revealing sensitive information.
Link manipulation: To carry out this type of scam, hackers create links that appear legitimate until you look closely. You may have clicked the link and expected it to take you to one website, but the link will direct you to a malicious website. It’s dangerous because a single click could launch malware or steal sensitive data without you realizing it.
Link shortening: Most of us have used link shorteners because they’re convenient. For cybercriminals, link shorteners are a way to inject dangerous malware or steal data. That’s why it’s important to preview any link before clicking on it; otherwise, you won’t know if you’re getting directed to a trusted website or a phishing trap.
AI voice spoofing: This is a really scary one and can challenge your idea of what is real. Cybercriminals are now using AI-based technology to imitate anyone’s voice. They can trick you into believing that you’re talking to someone from your family or work. Imagine your son or your boss calling you asking for money or asking you to share a password. Wouldn’t you want to help? These calls feel urgent and real, and that’s exactly how these scammers trick you.

Beat the hackers by staying a step ahead

Phishing and social engineering attacks count on the fact that your employees are human and that they’re going to make mistakes. That’s why you have to be one step ahead. As an experienced IT service provider, we understand that your business security needs to stay resilient even as phishing attacks evolve.

Let’s start by building a stronger human shield. Do you need help training your employees? Reach out to us today to develop a security awareness program that’s best suited for your business needs!