By -- 2019-03-21 in Blog

While it is important to maintain a high level of cybersecurity for your organization to protect your customer’s data, it is equally as important to ensure the vendors you are doing business with are demonstrating the same commitment to security. A recent article provides some of the threats associated with third-party hacks and how to prevent the negative consequences that come with these breaches.

According to a survey conducted by the Ponemon Institute, more than half of the organizations who experienced a data breach resulted from vendor breaches. However, only 35 percent of organizations had documented specifically which third parties they were sharing sensitive information with, and only 18 percent knew if those vendors were in turn sharing that same information with other parties.

The reason these statistics are alarming is because customers do not care how their data was stolen. They care about who they trusted their information with in the first place. Therefore, organizations who don’t know with whom their data is being shared with or are not sure about the cybersecurity standards of their vendors are putting themselves at risk of not only being breached but also risk being sued by their clients.

Organizations can protect themselves from supply chain breaches by evaluating the cybersecurity policies of their vendors and ensuring that they are performing self-assessments and purchasing cyber insurance. They can also audit their vendors by performing penetration tests, which check to see where data is being held and how well protected it is.

As a company who works with smaller businesses and organizations, OptfinITy understands the importance of data security across all vendors and is always happy to answer any questions you may have related to cybersecurity. If you have any questions or concerns, give us a call at 703-790-0400 or send us an email at

By -- 2019-03-12 in Blog

Without a doubt, artificial intelligence (AI) has already increased business productivity and will continue to do so in the future. However, if in the wrong hands, AI can be used to execute cyberattacks more efficiently than ever seen before, and we can expect to see more automated attacks in the next few years. A recent article covers some of the ways cybercriminals will use AI to carry out catastrophic cyberattacks and how to best prepare your organization.

The first area of security that AI is already assisting malicious hackers with is password guessing. Hackers can use AI to locate previously stolen passwords and use them to hack into other accounts, or even predict people’s future passwords.

The second form of AI that is increasingly becoming more of an issue is the use of malicious bots. In less than 15 seconds, bots can take full control of a network, scan for employee workstations and begin stealing data, making it difficult for an IT team to fix the issue before it’s too late. Chatbots can also be manipulated to steal personal information, which is already a problem in dating apps and websites.

It is important that organizations act now to limit their exposure to AI cyberattacks. A couple recommendations include moving critical assets to a secure cloud platform and implementing a strong password policy. It is also important to have a plan in place for when a disaster strikes, and finally, consider using a Managed Service Provider that offers 24×7 network monitoring. Fortunately, OptfinITy offers this as part of our services and we are always happy to answer any of your questions or concerns regarding IT. If you have any questions, give us a call at 703-790-0400, send us an email at or visit our website at

By -- 2019-03-8 in Blog

There have been many ransomware attacks in the news over the past year involving major cities including San Diego and Atlanta, but the latest reported attack reminds us that smaller jurisdictions are susceptible as well. A recent article reported that the Jackson County, Georgia, a county of merely 60,000 residents, was hit with a ransomware attack and ended up paying the $400,000 ransom.

In the aftermath of the attack the county’s agencies were locked out of most of their systems and forced to carry out their operations on paper. After consulting with cybersecurity experts, the county manager made the decision to pay the ransom rather than rebuild the county’s networks, which would have ended up costing more time and money than paying the ransom itself.

This recent attack should serve as a reminder to small business owners on the importance of cybersecurity. Although you hear mainly about data breaches occurring in larger companies or cities such as Marriott or Atlanta, these attacks can target smaller businesses as well and can be even more catastrophic. If you have any questions or concerns about ransomware or cybersecurity infrastructure for your organization, don’t hesitate to give us a call at 703-790-0400, shoot us an email at or visit us on our website at

By -- 2019-03-4 in Blog

Has your password been stolen in the past? If so, it can still affect you in the present if you haven’t switched up your login info. While it is constantly preached that people refrain from reusing usernames and passwords, people continue to do so, putting their accounts and information at risk. A recent CNET article reports that Google Chrome users will now be provided a warning when they are putting themselves at risk.

Chrome’s new extension will monitor publicly leaked password databases and check against its own database for matches. If the user’s email address and username match with what is found in the database, Chrome will recommend a change of login credentials, leaving no excuse to fall victim to a hack due to a repeat password.

Considering that 65% of people polled in a recent survey reported reusing passwords across different accounts, this new extension should serve as a great reminder of the dangers that come with using repeat passwords. As always, OptfinITy is happy to answer any questions you may have. If you have any questions or concerns about safe password practices or technology in general, don’t hesitate to give us a call at 703-790-0400, visit us on our website at or shoot us an email at

By -- 2019-02-6 in Blog

With people conducting more online transactions than ever before, it important for people to be wary of online scams. Whether it’s business related or a personal transaction, people unfortunately have a bad habit of being too trusting of the internet. A recent CNET article provides four good ways to avoid becoming the victim of an online scam.

  1. Check merchant or buyer score- This information will display the level of credibility held by the person you are doing business with.
  2. Confirm payment has been received- If you are the seller, make sure the money is in your account before shipping the item. If it is requested that you ship your item before payment is received, report the buyer to the proper authorities.
  3. Double check addresses- Make sure the sender’s email address matches the company’s official email address found on its website. If they don’t match, it’s a major red flag and you should consider doing business elsewhere. You can also find out who owns the account by searching the address on Whois.
  4. Cross reference photos- You can use, or to find out if the image on the person’s social media with whom you are conducting business with belongs to them.

If you realize you have fallen victim to a scam, immediately contact the carrier and try to cancel the shipment. If it has already been shipped, contact the local police department in the jurisdiction of the recipient, file a report, and request that the police retrieve the item. Finally, file a complaint on the FBI’s website, which will help law enforcement catch repeat offenders. If you have any questions about safely conducting online transactions, feel free to send us an email at or give us a call at 703-790-0400.

By -- 2019-01-28 in Blog

The dark web, to say the least, is a very shady place. It’s the unindexed part of the internet that cannot be accessed via search engines and is swarming with criminal activity. While the dark web itself is not illegal, it’s a popular place to conduct illegal transactions on the web since user’s location and identity remain anonymous. It’s not uncommon for stolen personal information such as bank account numbers and social security numbers, or driver license or passport information to be sold on the dark web at low prices. A recent article explains why the dark web should be a concern for small businesses and ways to deal with these threats.

First and foremost, the dark web should be such a high concern for small businesses due to the rapid rate at which sensitive information can be bought and sold. For example, if your organization experiences a data breach and customer credit card information is stolen, it can be bought and sold by criminals before you even notice your data has been breached. This obviously can lead to a lack of trust your customers have towards your organization and could possibly lead to lawsuits as well.

Even if you know that you’ve experienced a data breach and think your stolen information is somewhere on the dark web, good luck finding it. The dark web is full of websites constantly changing addresses and extremely messy and volatile. Small businesses that attempt to manually search the dark web for their stolen information usually end up exposing themselves to even greater threats.

There are, however, ways small organizations can address the threat of their information winding up on the dark web. In addition to implementing training exercises and educating employees on good cyber habits such as not using the same password across multiple accounts or clicking on phishing emails, it is recommended to deploy dark web monitoring response tools, which alert companies when any activity associated with sensitive data is found on the dark web. With the information provided by these tools, organizations can decide which information to monitor. This information may also alert organizations of breaches sooner as well as shorten disaster recovery response times.

As always, OptfinITy has tools and solutions available if this is a concern of yours or your organization.  Feel free to give us a call at 703-790-0400 or send us an email at if you have any questions or concerns regarding the security of your data and how to best keep it off the dark web.

By -- 2019-01-22 in Blog

Still using Windows 7? Now may be the time to upgrade. Beginning January 14th, 2020 Microsoft will no longer offer support or security updates for Windows 7. This means that any issues with Windows 7, including security holes will not be able to be fixed by Microsoft after that date.

While other software company’s antivirus tools may still be available, they won’t be enough to stop larger threats, and although not right away, these will gradually stop supporting Windows 7 as well. To give an idea of the expected timeline for support to end, Microsoft’s support for Windows XP ended in April of 2014. However, Chrome didn’t stop supporting it until April of 2016, and Mozilla Firefox didn’t stop until June 2018.

There is also a chance that new hardware will no longer work on your system since manufacturers will stop creating hardware drivers for out-of-date operating systems. In fact, the latest Intel CPU platforms already do not support Windows 7 or 8.1, although the operating systems technically remain on “extended support.”

It’s no secret when Microsoft ends their support for its software products. They have a well-defined life cycle and recommend upgrading to newer versions to maintain the highest level of security possible. Therefore, to best protect yourself from security breaches, it is recommended that you upgrade as soon as possible. If you have any questions or concerns about upgrading or Windows in general, feel free to give us a call at 703-790-0400, or shoot us an email at

By -- 2018-12-20 in Blog

With more and more IoT devices becoming available, it can be very tempting to take advantage of their capabilities and incorporate them into your business. However, like all other business decisions, poor planning can lead to serious consequences. A recent article suggests some common mistakes business owners should try to avoid when it comes to the implementation of IoT devices for their organizations.

First and foremost, don’t be cheap. As the saying goes, you get what you pay for. Cheap IoT devices are extremely dangerous because they usually lack any sort of built in security and don’t offer regular security updates which makes them vulnerable to hackers. Therefore, while choosing the IoT devices for your business, it is important that you choose ones that offer security patches and updates, and make sure to update the default username and password of the device to stronger login credentials. In addition to selecting devices that offer patches and updates, you need to take advantage of them! If you let your device become outdated it can create a security hole in your organization, which can be catastrophic due to the nature of IoT devices being interconnected with an array of different devices.

It is also important to remember why you are implementing these devices in the first place, which is to improve business functions and increase productivity. Therefore, you shouldn’t invest in a device just because other businesses are using it, or it seems like a cool gadget. Instead, you should have a goal in place and establish metrics to measure the effectiveness of each one of your IoT devices. Furthermore, it is important to make sure your employees understand how to use the devices to best increase productivity and understand the problems these devices can cause if used improperly or in a careless manner. If your organization has a BYOD policy, they should be required to stay on top of patches and updates for their own devices to avoid breaches of devices that give criminals access to confidential company information.

Finally, don’t count on your IoT devices being connected 100% of the time. Power outages and internet crashes are common, and you should make sure the devices have the ability to operate offline which will allow you to continue to function and experience the same level of productivity while the internet is down.

As always, OptfinITy is here to answer any questions you may have related to technology. If you have any questions about the use of IoT devices for your organization don’t hesitate to give us a call at 703-790-0400, send us an email at, or visit our website at

By -- 2018-12-18 in Blog

When it comes to cybersecurity, securing your network and having a solid training program in place that promotes good judgement should go hand in hand. If you have one but not the other, the consequences can be catastrophic. Unfortunately, a school district and a bank in Indiana learned this the hard way. A recently published article reports how a school district and bank lost $120,882.83 via a fraudulent wire transfer.

The issue began when the email account of a business manager who worked for the school district and was authorized to sign off on payment requests was hacked and requested $120,882.83 to be wired to several different people listed as contractors for a project. Although the request was different from ones in the past, especially the request for a wire transfer instead of a check, the bank didn’t double check the request and sent the money to criminals who are believed to have been operating from an off-shore location.  Once a second request was received a few days later, the bank caught on and stopped the transfer before more money could be stolen.

There were two layers of security that were breached in this incident. The first was the school district’s network being hacked which made the fraudulent email that much more believable when sent to the bank. The second was the bank not double-checking with the school district regarding the large sum of money being requested.

Cyber criminals everywhere are constantly trying to hack organizations and this type of scam could happen to anyone. That is why you need to make sure your network is secured and protected and that your organization has a solid cybersecurity training program implemented. If you have any questions about the security of your organization or cyber security standards or would like to enroll your organization in a cybersecurity training program, don’t hesitate to contact us at 703-790-0400,, or visit our website at

By -- 2018-12-12 in Blog

As the number of employees accessing company data from their smartphones continues to grow, mobile threats are becoming greater concerns for businesses and organizations. Thankfully, the inherent protections that are built into mobile operating systems have been able to keep mobile devices malware-free for the most part up to this point. However, there are other security hazards that businesses should be concerned about that could become increasingly more prevalent in the near future. A recent article from covers the mobile security hazards that are expected to be the most problematic in the upcoming year.

  1. Data Leakage- This commonly occurs when users download apps and allow them access to unnecessary information. Individuals should take care while deciding on whether to allow apps access to their information, especially when users contain sensitive business information on their mobile device. To combat this issue, educate your employees on the threats and consequences of data leakage and consider using mobile threat defense solutions products that can be used to scan apps for “leaky behavior.”
  2. Phishing Attacks– Mobile users are three times more susceptible to phishing attacks because the emails generally show only the senders name which makes it easier for cyber criminals to pretend to be someone they’re not. Phishing attacks can best be prevented by raising employee awareness and by conducting internal phishing tests.
  3. Cryptojacking– This form of cyberattack has found its way into mobile devices in late 2017 and early 2018 and is expected to continue to be an issue. Cryptojacking attacks on mobile devices have commonly been carried out via malicious mobile websites or downloaded third-party apps and cause devices to run slower, overheat, and have a shorter battery life. The best way to avoid cryptojacking attacks is to be make sure you only visit legitimate websites and download legitimate apps.
  4. Careless Use of Devices in Public – An alarmingly high number of people (roughly 25%) using corporate mobile devices regularly connect to open and insecure WiFi networks. This gives hackers easy access to sensitive corporate data which obviously puts your organization at risk. Employees also commonly lose or leave devices unattended which for obvious reasons poses a major security risk if the device isn’t password protected and fully encrypted.
  5. Lack of Patching and Old Devices- Finally, one of the most careless mistakes people continue to make is not regularly updating their devices. Security updates are essential in the prevention of cyber criminals accessing data and are very easy to perform. Some older devices may not offer updates which makes them more vulnerable than newer devices. Therefore, if employees are using mobile devices for work they should be sure they are kept up to date.

Mobile devices are rapidly becoming more intertwined with business functions, and along with becoming more intertwined comes potential threats. If you have any questions about safe mobile practices for your organization, don’t hesitate to give us a call at 703-790-0400, send us an email at or visit us on our website at