What are the opening hours?

Monday 7am - 6pm Tuesday 7am - 6pm Wednesday 7am - 6pm Thursday 7am - 6pm Friday 7am - 6pm

nDataStor

Beginning in 2011 we expanded on a new technology solution in the form of cloud computing.

Although founded in Fairfield California on March of 2008, the nDataStor team for the past 23 years has been providing businesses locally and across the country with IT support, enterprise data storage networking and computing solutions. We have adapted our business model to accommodate and help a wider group of businesses ranging from small 10 -100 person operations to 100 – 5 ,000 person mid-siz

ed companies; from small commercial business and contracting engineers to the needs of architectural firms, real estate companies and mid-sized local companies. The immediate benefit for businesses, particularly newer business is not having to invest large amounts of capital in hardware, the longer term is being able to work unencumbered by the need to be at a specific location to work effectively and efficiently. The fundamental blocks of building and running a stable business would not be complete without a simple, secure and cost-effective IT infrastructure.

05/28/2026

The invoice looked normal.
The AP clerk scanned the QR code, approved MFA, and moved on.

An hour later, the attacker created a forwarding rule and started monitoring invoices quietly in the background.

Most breaches don’t start with ransomware.
They start silently.

Want help finding the quiet signs before money moves?
Book a time on our calendar.

05/26/2026

Most people think phishing starts with a suspicious link.

Now attackers are hiding the link inside QR codes embedded in PDFs and email images so security filters miss them completely.

One scan from a personal phone can bypass company protection and hand over credentials instantly.

This is how invoice fraud and account takeovers start.

If you want to see how businesses are stopping QR phishing before it spreads internally, check my featured section or reply to this newsletter.

05/21/2026

One employee.
One AI app.
One click on “Accept.”

That’s all it takes to give a third-party AI tool access to your Microsoft 365 emails, files, and data for 90 days.

No phishing. No breach.
They authorized it themselves.

If you don’t know what AI apps are connected to your environment, now’s the time to check.

Book a quick call through my featured section or send me a DM.
https://www.ndatastor.com/contact-us

05/19/2026

A lot of the risk in your business is being added by your own employees, one "Sign in with Microsoft" click at a time.

Every approval can give an outside app permission to read mail, read files, and keep access when nobody is signed in.

That is not a login. That is a key.

Check my featured section to grab a time, or reply to this newsletter.
https://www.linkedin.com/pulse/your-employees-installing-next-breach-ndatastor-ydmjc

05/18/2026

I need to tell you something that will make you uncomfortable.

A lot of the risk in your business is being added by your own employees, one “Sign in with Microsoft” click at a time.

I am not talking about someone intentionally doing something reckless.

I am talking about a well-meaning person who just wants to move faster. They try an AI note taker. A PDF tool. A calendar add-on. A “deal room” portal. A new CRM integration. The login screen looks normal, so they approve it.

Then they forget about it.

Here is the part most SMB leaders miss.

That approval is not just a login. It is an authorization.

When an employee clicks “Accept,” they can be granting an outside application continuing access to their mailbox, files, contacts, and calendar. Not for one day. Sometimes not even for one month. Potentially indefinitely.

And if that outside application gets compromised, the attacker does not need to phish your employee again. They already have a valid token that says, “This app is allowed to act as this user.”

If you want to know exactly what third-party apps can see inside your tenant, and shut down the risky ones without breaking the business, let's talk.

Check my featured section to grab a time, or reply to this newsletter.

05/16/2026

Quick question for any business owner watching this. If an employee got an email today asking them to type a six-digit code into a real Microsoft login page, would they do it?

Most would. That is exactly how attackers are taking over Microsoft 365 accounts right now, with no password theft and no failed MFA.

I am running a few free 30-minute reviews this month. Reply with the word "Assessment"

05/14/2026

If anyone ever asks one of your employees to type a verification code into a real Microsoft login page, your MFA did not fail. Your process did.

Attackers do not need to break MFA anymore. They just ask your team to log them in. And your team does.

Want to know if this would work against your business? Check my featured section to grab a time, or reply to this newsletter.

https://www.linkedin.com/pulse/your-mfa-can-still-talked-around-ndatastor-thisc

05/12/2026

A practice manager called me last month. Front desk staff got an email about an insurance authorization. The link sent her to a real Microsoft page that asked for a verification code. She typed it.

She did not give up a password. She did not fall for a fake page. She authorized the attacker's login, and three days later her practice paid $42,000 to the wrong account.

Check my featured section to grab a time!
https://www.linkedin.com/pulse/your-mfa-can-still-talked-around-ndatastor-thisc

05/11/2026

Your MFA Can Still Be

I need to tell you something that will make you uncomfortable.

If one of your employees ever types a “verification code” into a Microsoft login page because someone told them to, your MFA did not fail. Your process did.

This is not a password-stealing trick.

The attacker never needs your employee’s password in their hands. They just need your employee to approve the attacker’s session.

And the scary part is the URL can be real.

Here is the stakes.

Email is still the control panel for your business. Reset links. Vendor invoices. Patient statements. HR documents. Bank alerts. Everything.

If an attacker gets a working session into Microsoft 365, they can read quietly, learn how you pay people, and then wait for a moment when you are busy.

That is how an “IT issue” becomes a wire mistake, a payroll diversion, or a breach report you never expected to make.

Let me make it concrete.

Picture a 74-employee healthcare practice with two locations. Scheduling runs through email. Billing runs through email. The practice manager is in Outlook all day, and a handful of staff share mailboxes for referrals and patient intake.

An attacker sends a message that looks like a normal business email. It is not an obvious scam. It references an invoice, an ACH issue, or a document that needs review.

When the employee clicks, they end up on a legitimate Microsoft page, like microsoft.com/devicelogin. That is the point. The attacker is not trying to fool the browser.

05/09/2026

A CPA firm got hit during busy season after one employee clicked what looked like a normal client document request.

The attacker didn’t steal the password. They stole the employee’s session cookie after a real Microsoft login.

That gave them access to the mailbox, client conversations, and invoice workflows.

A client eventually paid fraudulent ACH details.

This is what modern attacks look like now. Criminals using your normal workflow against you.

If you want to know where your firm is exposed, check my featured section or reply to this video.

https://www.linkedin.com/posts/ndatastor_your-browser-session-is-a-master-key-activity-7457101893136429056-N9AM?utm_source=share&utm_medium=member_desktop&rcm=ACoAAFlowu8BZ8LIaiB_zJPfzIay2rX1J2IKgl0

05/07/2026

Your passwords are not the most valuable thing in your business anymore.

The most valuable thing is the browser session your employee already has open.

When your team logs into Microsoft 365 or Google Workspace, the browser stores a session cookie that proves they already passed MFA.

If an attacker steals that session, they can log in as your employee without the password or MFA prompt.

Attackers are not picking locks anymore. They are stealing the wristband after entry.

If you want to know where your business is exposed, check my featured section on my linkedin.⬇️

https://www.linkedin.com/pulse/your-browser-session-master-key-ndatastor-c7mec

Address

836 57th Street
Sacramento, CA
95819

Opening Hours

Monday	7am - 6pm
Tuesday	7am - 6pm
Wednesday	7am - 6pm
Thursday	7am - 6pm
Friday	7am - 6pm

Website

https://ndatastor.com/managed-it-services-sacramento/

Alerts

Be the first to know and let us send you an email when nDataStor posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Shortcuts

Want your business to be the top-listed Computer & Electronics Service in Sacramento?