By -- 2018-11-12 in Blog

The saying “you are only as strong as your weakest link” applies to any team effort and cybersecurity for your organization is no exception. The best defense against a cybersecurity attack starts from the inside. Therefore, if you don’t already have a cybersecurity training program in place, you should. A recent article provides some important topics that should be covered in your organization’s cybersecurity training program.

The first thing you need to establish is what is and is not acceptable to do while using company technology. Employees should know not to use the technology for anything other than work-related tasks and should not expect anything they use a company device for to remain private. If this is not established and people treat their devices as personal ones you can run into a lot of trouble.

Once acceptable use is established, it is important to cover data protection, security updates, and safe password practices. Employees should understand the importance of constantly backing up all data, staying on top of updates, and locking their computer screen when they leave their office. They should also frequently change their password using a complex system of letters, numbers and symbols. While these practices may be tedious or inconvenient, this protocol is critical in preventing malware from infiltrating your organization’s system.

After laying down the protocol for updates and data protection, employees should be educated on social engineering scams such as phishing emails. Employees should be suspicious of any unexpected emails, especially ones that demand immediate action, and check the spelling of URLs in emails to be sure they will be directed to a safe website and not to one that will expose them to malware. It is important your employees understand how legitimate these false emails can look so they don’t fall for their tricks. To test how employees will respond to a phishing attempt it is best to conduct internal phishing tests.

Finally, it is imperative your employees know who to call and immediately report incidents when they occur instead of waiting for them to be found by a security check or external virus scan. The average amount of time it takes for an organization to discover a system hack is 8 months. By that time, it could be too late, especially for smaller organizations.

If you have any questions or concerns about the cybersecurity protocol for your organization, OptfinITy is here to help. Give us a call at 703-790-0400, visit us on our website at, or send us an email at if you have any questions about establishing a sound cybersecurity protocol for your organization.

By -- 2018-11-5 in OptfinITy News

OptfinITy Recognized Again on 2018 CRN Next-Gen 250 List

Annual List Recognizes Solution Providers Transforming Business with Emerging Technologies


Springfield, VA, November 5, 2018 – OptfinITy, the DC area’s leading IT provider for small businesses and non-profit associations announced today that CRN®, a brand of The Channel Company, has named OptfinITy to its 2018 Next-Gen 250 list. The annual list identifies IT solution providers who have embraced emerging technologies and are setting the pace for the rest of the channel in their adoption. Those on the list have been able to meet their customers’ ever-changing IT needs in leading-edge technologies such as cloud computing, IoT, virtualization, mobility, business analytics and business intelligence.

OptfinITy believes Cyber Security and Business Continuity will be one of the greatest challenges organizations will face this year and going forward. It is necessary for smaller organizations to partner with the proper provider to make sure that they not only have a proper security plan in place but a plan that helps them recover should a cyber event occur. We’re honored to be added once again to the Next-Gen 250 list of companies who will help organizations face these challenges,” says Michael Drobnis, Founder & CEO of OptfinITy.

“These innovative solution providers have adapted to a rapidly-evolving marketplace and learned to leverage new technology as a competitive advantage,” said Bob Skelley, CEO of The Channel Company. “Our 2018 Next-Gen 250 list is comprised of forward-thinking companies who deliver solutions designed to meet an unprecedented set of customer needs. We congratulate each team on its vision and influence in the overall progression of the IT channel.”

A sampling of the Next-Gen 250 list will be featured in the December issue of CRN. The complete list will be available online at

By -- 2018-11-1 in Blog

As social media continues to become a bigger part of our everyday lives, it is more important than ever for small businesses and organizations to effectively use social media to promote themselves. While social media can act as a great tool to improve and promote your business, there are certain things you should avoid if you don’t want social media to have the opposite effect on your organization. A recent itnews article provides some things to keep in mind when it comes to using social media for your small business or organization.

  1. Never create a social media account and then leave it unattended. If you have a Facebook or Instagram page that hasn’t been updated for weeks or months, people will be under the impression that either you don’t care, or you have gone out of business.
  2. Consistently post. The easiest way to achieve this is to use a tool such as Hootsuite which allows you to schedule multiple posts in advance. If you are constantly posting, your name will always be on people’s minds and therefore they will be more likely to contact you instead of your competitors.
  3. If you re-post any user-generated content, be sure you have permission first to maintain a high level of trust between your organization and social media followers.
  4. Be sure to respond to all comments in a timely fashion. If someone has a question about a post or they leave a comment on your page regarding their recent customer experience, don’t wait to respond. The quicker you respond, the better it makes your organization look and people will be more likely to direct their questions at you instead of your competitors.
  5. Keep sales promotion posts to a minimum. While it is not a bad idea to mix in a few sales promotions here and there, it is important to remember that social media posts should mainly be about building rapport with clients and potential customers.
  6. Do not treat your organization’s social media page like you would your personal page. It’s best to keep out any personal social or political views out of posts, and instead stick to content that directly relates to your organization’s industry.

You want to be as active as possible on social media without overwhelming people with sales promotions or unrelated content. As always, OptfinITy is here to answer any questions you have related to your technological needs. If you have any questions or concerns, give us a call at 703-790-0400 or visit our website at

By -- 2018-10-30 in Blog

While it is undoubtedly important to optimize your website so that it appears near the top of search engines allowing for the highest amount of exposure, there are rules you need to be aware of if you want to remain in good standing with search engines like Google. A recent article provides some tips on avoiding having your page rank drop on search engines and the actions to take if something such as cloaking, spam, or lack of value causes your page rank to drop.

The first technique you need to beware of referred to as cloaking involves displaying the content of a website differently for the search engine than for users who visit the site. Cloaking can affect all types of content on websites including photos and text, so to avoid being penalized or even banned from a site like Google, you should constantly monitor your website and crosscheck the content that is on your webpage with the content that is being fetched by the search engine. There are many free tools available to perform these checks and they should be taken advantage of to avoid a penalty or drop in rank.

Another issue that will cause your rank to drop is having spam or using spam techniques on your website. To prevent this, be sure to choose an automated messaging system that has anti-spam functionality. You should also constantly check your page for spam from other sources and promptly remove them to protect the people who view your website. Spam is a huge nuisance on the internet, and if you keep your website spam-free your webpage will be much more likely to appear near the top of search engines.

Finally, perhaps the element that you have the most control over attributing to the ranking of your website is the overall value of content. Search engines use software as well as human employees to determine the quality of the content on websites. Therefore, to retain a high ranking, you should always make sure all content on your website is direct and to the point. There shouldn’t be any irrelevant information or unnatural reference links on the site and you should never plagiarize.

If you are quick to correct any of the above issues with your website, you should be in good standing with Google and other search engines. However, if you receive an SEO penalty, don’t be discouraged, for some of the most popular sites have received SEO penalties. It is always in your best interest to fix the problem quickly and your site’s ranking will eventually go back up. OptfinITy offers services in website development, and we would be happy to assist you with creating a quality website that is optimized for your success. If you have any questions about avoiding SEO penalties or website optimization, give us a call at 703-790-0400 or visit our website at

By -- 2018-10-25 in Blog

It’s no secret that small businesses and organizations are the main target of cyberattacks. According to a recent article from, the FBI has received more than 4 million complaints from small businesses regarding internet crime between 2000 and 2017. Unfortunately, smaller organizations generally don’t have the budget for advanced levels of cybersecurity. However, if the proper standards are implemented, you don’t need to spend a fortune on cybersecurity for your organization.  A few standards and recommendations to best keep your business protected on a budget are as follows:

  1. Implement email sender authentication standards for your organization and your business partners which include: Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, and Reporting and Conformance.
  2. Take a layered approach to security. In addition to sender authentication standards, implement impersonation filtering to identify domains that are a character off from a trusted domain. It is also useful to implement an internal email filter that blocks external emails that make themselves appear as though they are from an internal user.
  3. Be sure there is a protocol for authorizing wire transfers. Be sure your employees and partners confirm the legitimacy of any wire transfer or change of payment address requested via email. Never use the contact information from the email to confirm the request, instead confirm the legitimacy by calling a verified phone number.
  4. Educate your employees and partners on the risks associated with careless email and online practices. Hold cybersecurity training courses regularly and reward your employees for good cybersecurity habits. If you don’t have an educated workforce, all other layers of security are rendered useless.
  5. Partner with or consult an outside expert. If you’re not sure how to best implement any of the sender standards mentioned above or how to best educate your employees on the ever-increasing amount of cyber threats, consult a trusted provider to answer any of the questions or concerns you may have.

OptfinITy happens to be a trusted MSP with over 15 years of experience. If you are worried about how to best protect your business or organization from cyber threats or don’t understand the items above,  don’t hesitate to give us a call at 703-790-0400 or visit us on our website at

By -- 2018-10-23 in Blog

It seems that nowadays every device we use is “smart.” We have access to everything from smart speakers to smart vacuums, and their prevalence is on the rise. According to a recent FBI public service announcement, the number of Internet of Things (IoT) or “smart” devices is expected to increase by anywhere between 300% to 1000% by 2020. While it’s undoubtedly convenient to have all our devices interconnected with each other and the internet, unsecure devices are at a very high risk of being exploited by cyber criminals. To best keep your IoT devices secure, the following actions are recommended:

  1. While shopping for new devices
    1. Research your options on reputable websites that specialize in cyber security analysis.
    2. Search for products with a good reputation for providing security for their IoT products.
    3. Search for products that offer software or firmware updates and find out how often they are provided.
    4. Find out the types of data that is collected and stored on the device.
    5. Find out how long the data will remain stored on the device, whether or not the storage is encrypted, and whether or not the data will be shared with a third party.
    6. Check to see if opting out of the collection of data is an option and if there are any policies in place in the case of a data breach.
  2. For recently purchased devices or ones you already own
    1. Change default usernames and passwords. Create STRONG passwords. Never use common words such as sports teams or children’s names.
    2. Isolate them on their own protected network and configure their network firewalls to have traffic blocked from unauthorized IP addresses and be sure port forwarding is disabled.
    3. Implement the security recommendations that are provided by the device manufacturer, be on top of updates and implement security patches where available.
    4. Invest in a secure router that allows you to whitelist (only allow specific devices to connect to your network).

Although these smart devices aren’t computers with screens, it is important to remember that they require the same cyber security measures as your laptop, desktop or cell phone. As these IoT devices become more prevalent, it is more important than ever to make sure they are secure and safe from cyberattacks. If you have any questions about the security of your IoT devices don’t hesitate to give us a call at 703-790-0400 or visit us on our website at

By -- 2018-10-18 in Blog

According to a recent article, it has been discovered that one of the most respected brands in the server industry contains a vulnerability in its 13th generation and older PowerEdge servers. This vulnerability, which was brought to light in the STH discussion forums, allows users to bypass the Dell EMC iDRAC firmware protections and load their own firmware via both local and remote access methods. If this vulnerability were to be exploited by a cybercriminal they would have complete remote control of the server.

Although this vulnerability that has been named iDRACula (integrated Dell Remote Access Controller unauthorized load access) is not an issue for Dell’s newest 14th generation PowerEdge server, there are still millions of older generations in use and in distribution. Therefore, it is important to be aware of this vulnerability if you are using a 13th generation or older PowerEdge server.

The good news is that for iDRACula to be taken advantage of, a lapse in security would need to take place, such as someone being allowed physical access to a machine or remote access with valid login credentials. The bad news is that Dell is a leader in the industry for server security. Since this vulnerability was discovered in Dell, it is highly likely that other types of servers contain similar vulnerabilities.

The iDRACula vulnerability serves as a reminder that even reliable brands such as Dell are not immune to security breaches. Even if you don’t use a Dell server or if you have the latest generation, it is important to always practice safe security measures and stay on top of software updates. Never give strangers direct or remote access to your electronic devices and get the latest software updates since they are created to fix bugs or vulnerabilities found in previous versions. If you have any more questions about the iDRACula vulnerability or how to best keep yourself protected don’t hesitate to give us a call at 703-790-0400 or visit us on our website at

By -- 2018-10-16 in Blog

Unfortunately, data breaches occur often. Even if you are taking all the necessary precautions to avoid them, they can still happen. Therefore, it is important to have a plan of action to follow in the event of a data breach. A recent article suggests how to best deal with a data breach and avoid catastrophic monetary loss and/or identity theft.

Step 1: The first thing you will want to do is figure out exactly what information was stolen. Once you figure out what was taken (usernames, passwords, credit card information etc.) your next course of action will be determined by step 2.

Step 2: Determine whether the hackers will be able to use the stolen data. If your data is in the form of cleartext, then chances are the data will be decoded easily. However, if it has been hashed, salted, or encrypted, there is a chance that although the hacker has stolen your data, it will not be able to be decoded and is therefore useless to the hacker.

Step 3: Change your password. This should be done whether your data is usable or not. If you are using the same password across multiple sites now is the time to stop doing that. At this time, you should also consider using a password manager such as LastPass and enable two-factor authentication on any accounts that will support it.

Step 4: If you don’t already have one, create a dedicated password recovery email. Be sure this email doesn’t hint at your identity at all. For example, a good recovery email address would be something like, while a bad one would be one that contains your name or initials such as

Step 5: If your credit card information was stolen, contact your credit card provider and get a fraud alert on your credit card with the three major credit bureaus. Consider putting a credit freeze on your records to prevent the hacker from using your information to open any credit cards in your name.

Step 6:  Determine who you need to report the data breach to.   In many states, there are laws which require you to report certain data breaches.

Don’t panic, for data breaches occur frequently. If you have been taking the necessary actions to protect your information, a cybercriminal can only do so much; if anything at all, with your data. If you experience a data breach or have any questions about a plan of action to take in the event of one, don’t hesitate to give us a call here at OptfinITy at 703-790-0400 or visit us on our website at

By -- 2018-10-11 in Blog

A recent CNET article reports that the Port of San Diego experienced a ransomware attack during the last week of September. The attacker apparently demanded a payment of an undisclosed amount in bitcoins. The attack left employees with limited access to their computers which caused a huge inconvenience for people who needed access to items such as public records and park permits. While it is yet to be determined how costly this security breach will be for the Port of San Diego, ransomware attacks in the past have been notoriously expensive.

Ransomware attacks are extremely costly forms of cyberattacks because they simultaneously encrypt all your data and demand a ransom for it to be unlocked. Therefore, you are not only losing money during the time it takes to unlock your data or pay the ransom, you lose even more if you end up having to pay the ransom. Ransomware attacks have cost cities and companies up to $300 million in lost revenue and can be a death sentence for small businesses and organizations.

The best way to protect yourself from ransomware attacks is to back up all your data. If you don’t need the data they stole, the criminal has no collateral and your business can carry on as usual. In addition to constantly backing everything up, you should be implementing safe cybersecurity practices for your organization such as using strong passwords and educating employees about phishing scams. If you have any questions on how to avoid becoming the next victim of a ransomware attack don’t hesitate to give us a call at 703-790-0400 or visit us on our website at

By -- 2018-10-9 in Blog

Even if you work with a trusted IT provider, you need to be alert for remote tech support scams. Remote tech support scams involve cybercriminals pretending to be a help desk employee from an IT company and reaching out to fix a problem with your computer remotely. Once they are given the credentials needed to access your computer remotely, they will either steal your data, install malware or spyware, or both. They then often proceed to request a payment for “fixing” a problem that never existed. These scams are becoming increasingly prevalent and are causing millions of dollars in losses. A recent article provides some advice on how to prevent yourself from falling victim to a remote tech support scam.

The main thing to remember is to be suspicious of anyone who reaches out to you to and offers to fix something. Do not respond to unsolicited calls or emails even if they appear to be legitimate. It is not uncommon for cybercriminals to disguise themselves using the name of a trusted tech company that will even show up on a caller ID. Remote tech supports scams implement the same fear tactics that are used in phishing scams such as sending an email message or calling claiming you need to click on a link or call a phone number right away to protect your computer from being infected with a virus.

What you need to remember, however, is that legitimate tech companies will never call or send an email to offer remote support services or push you to make a quick decision. If you receive an unsolicited call or email from what appears to be a trusted IT services provider, always double check with a trusted tech company before giving out personal information, calling phone numbers or clicking on links.

Being a trusted IT service provider ourselves, we at OptfinITy want you to remain safe from all types of scams and cyberattacks. If you have any doubts about how to protect yourself or your organization from falling victim to these attacks and scams, or if someone contacts you pretending to be us, don’t hesitate to give us a call at 703-790-0400. You can also visit us on our website at