Why we don’t list our customers
Many IT companies showcase customer names and logos on their websites. For technology and security providers, that practice creates a clear target list for attackers. Publishing who we work with makes it easier for criminals to launch supply‑chain and vendor‑impersonation attacks against our clients—pretending to be “with Lowcountry Computing” to trick staff into sharing passwords, changing banking details, or installing malware.
Out of respect for our customers’ security, we do not publish their names or logos. If your current IT provider is listing your business publicly, consider asking them to remove it. Protecting your organization should come before marketing, especially when it comes to reducing supply‑chain and impersonation risk.
Request References
Insert all the buzz words here:
- install, configure, and optimize nextgen software.
- New Installation or Version Upgrades of core business solution
- Legacy Support and System Migration
- Data Exports, Cloud Migration, and Parallel Systems
- agentic and human in the middle ai
What we actually do to help a business:
- Show up on-site Columbia, Walterboro, Folly Beach, Isle of Palms and anywhere in between (aka the Lowcountry)
- Ask who/what/when for information in the software
- Listen to users to find pain points, double entry, over complex operations, and missing data collection (data kept in spreadsheets or on paper)
- Contact software / web site vendor for training resources - is this the correct software and is it being used correctly
- Document processes, both existing and proposed changes
- Automate systems, cleanup processes, and remove unneeded steps
- Hand ownership of on-going processes and procedures to the owners and operators of the business
No, it’s not you. Computers and software are changing for the sake of change faster than ever, and it’s completely normal to feel like you’re always catching up.
Below are just a few of the software and resources that we are helping our customers with.
Umbrella Policy: consistent security rules all endpoints
If it’s unexpected, treat it as suspicious
Whether it’s an email, phone call, visitor, website popup, or even a package—if you weren’t expecting it, slow down and verify before acting.
Verify with the right person, not the closest person
Always confirm unusual requests with a supervisor or authorized contact—not a co-worker who might be guessing just like you.
Don’t click, download, or plug in without thinking
Avoid clicking unknown links, opening unexpected attachments, or plugging in unfamiliar USB devices. When in doubt, don’t proceed.
When something feels off, report it immediately
You’re not expected to be a security expert—just a good observer. Reporting early can prevent bigger problems later.
Zero trust: trust nothing, verify everything
Do not trust by default.
A person, device, email, website, or app should be treated as untrusted until it is verified.
Verify every request.
Even if someone is already inside the network, they still need to prove who they are and what they need
Give only the access needed.
Users should get the minimum access required to do their job, and nothing
Assume something may already be compromised.
Security should be designed so a breach is contained quickly instead of spreading freely.
Email Filtering: block phishing, spam, and malicious messages
Block known bad messages.
Filter systems should stop phishing, spam, and malicious attachments or links before they reach the inbox.
Quarantine suspicious email.
Messages that are not clearly safe should be held for review instead of delivered directly to the user.
Report suspicious email quickly.
Users should forward or report questionable messages so IT can investigate and update protection rules.
Prevent Email Spoofing: Verify with SPF / DKIM / DMARC
Use your company email address for business.
Business messages should come from your company domain, not a personal mailbox.
These settings help prove your email is legitimate and make spoofing much harder.
Don’t trust email just because it looks familiar.
Check the sender carefully, especially if the message asks for money, passwords, or urgent action.
If something looks wrong, verify it another way.
Confirm by phone or through a known company contact before responding.
Call Verification: confirm request using trusted number
Never trust a callback number from the caller.
Scammers can fake caller ID and direct you to the wrong number.
Call the company, vendor, or supervisor using a number from your records, website, or directory.
Verify the request before taking action.
Make sure the person and the request are both legitimate before you share information or approve changes.
When in doubt, stop and report it.
If the call feels suspicious, do not continue the conversation until it has been checked.
Bookmarked Sites: use saved links over typing or searching
Use saved links for trusted sites.
Open company, bank, vendor, and service sites from bookmarks or approved shortcuts.
Small typing mistakes can send you to the wrong site.
Do not use search results for login pages.
Search results can be copied or manipulated, so use the saved link instead.
If the site looks different, stop and verify.
A changed page, strange address, or unexpected login prompt should be treated as suspicious.
Traditional Scanning: Identify / Remove malicious files
Use the company-approved security product only.
Every device should run the same managed protection so security is consistent everywhere.
Scanning must stay enabled to keep threats from slipping through unnoticed.
Keep security alerts off the user desktop.
Expired service notices, renewal messages, and other administrative alerts should go to IT, not to the end user.
Central reporting and monitoring only.
IT should handle alerts, logs, renewals, and investigation from a central console.
Tested Restore: Monitoring of backups w/ periodic restores
Back up company data regularly.
Important files, systems, and settings should be protected on a schedule.
A backup is not complete until it has been proven to restore correctly.
Monitor backups, don’t just assume they worked.
IT should check backup status, failures, and alerts so problems are caught early.
Keep access to critical cloud information when a provider is unavailable.
If cloud services are down, the company should still have a tested way to reach essential data or continue operating.
Limiting Exposer: Turn it off when you are not using it
Turn off what you are not using.
Disabled features and unused services cannot be attacked as easily as active ones.
Unused remote access, shared drives, wireless connections, and apps should be shut down when they are not required.
Limit user logon hours and access to only what is needed.
Give users access only to the systems they need, and only during the hours they need them.
Reduce exposure after hours.
For example, Lowcountry Computing’s Internet turns off at 6pm and back on at 7am because you cannot attack what is not there. Use caution to turn off access to systems while leaving service on for cameras, alarms, and phones.
User Training: First and Last line of defense
Know what to look for.
Training helps users spot phishing, spoofing, bad links, unusual requests, and other signs of trouble.
If something feels off, stop and verify before clicking, replying, approving, or sharing information.
Report concerns early.
Users should feel comfortable asking questions and reporting suspicious activity without fear of being blamed.
Use testing carefully.
If your industry requires email testing, it should support education and improvement, not embarrassment or punishment.
