By -- 2019-12-19 in Blog


Technology over the past year has improved drastically and while this is a great thing as it relates to productivity, it has also meant a rise in security breachesand attacks.   Unfortunately, it is not looking much better for 2020.  According to recent articles, here are  three predictions as it relates to Cybersecurity for 2020:

       1. Voting machine hacks

It has been shown that network-attached voting machines can be hacked and with a large presidential election coming up in 2020, this is going to be a major issue.  Will  machines be breached and votes changed?


         2. A massive cloud data breach
For a few years now, everyone has been moving to the cloud because it is represented as elastic, secure and cost-effective.   So what happens if a massive breach affects one or many of these major cloud providers?   A breach like this may cause a shift regarding how cloud providers handle security.


          3. Smarter Al Cybersecurity attacks

AI is revolutionary in the way it solves challenges but what happens when AI is used for nefarious reasons?  It is believed that hackers may use AI technology to trick people into installing applications and/or giving up credentials in a much smarter process than exists currently.


Are you worried yet?  Is your team trained for this?  If you are not sure and need more information, contact PerusITy, the cybersecurity team of OptfinITy.. Give us a call at 703-790-0400 or email us at

By -- 2019-12-16 in Blog

If you haven’t received an email yet that accuses you of watching porn, it may be arriving soon.  A familiar scheme with updated context has been making the rounds lately.  The scam involves data from a previous breach which had emails and associated passwords.  Assuming the end-user uses passwords across multiple sites, the perpetrator contacts individuals claiming that they have the recipients email password and has installed a malicious malware on their computer which has captured them masturbating while watching porn.

Although the scam may seem convincing since the perpetrator offers the recipient their actual current or former password, it is unlikely that there is malware inside the computer itself.  Unfortunately, people who may have in fact gone to such a site (pornography is still a top searched item on the web) may fall for the scam and send money.

Our advice to you is to generally ignore these scams and if you are concerned, talk to your trusted IT provider.  If you don’t have one, give OptfinITy a call.

By -- 2019-12-11 in Blog

It’s December and that means OptfinITy once again exhibited and attended the ASAE technology conference. More than 1,000 industry professionals, associations and non-profit organizations come together to examine how technology impacts the association industry on December 3rd and 4th at the DC Convention Center.

As one of the leading providers of technology and cybersecurity solutions to associations, OptfinITy was there to speak with and help various associations with all of their needs as the event relates to infrastructure, cyber security, website development, mobile apps, phone systems and IT Support.

Congratulations to Rob Gates who was the winner of our beer pong contest.

If you or someone you know could benefit from IT solutions that will help run your business better, give us a call at 703-790-0400 or via email at

By -- 2019-12-10 in Uncategorized

In today’s day of cyber attacks, viruses and ransomware, business owners and executives are always asking what can we do to limit our exposure?

One of the easiest things we tell them and is considered an industry standard is to never allow end-users to have administrative access to their computers.

In our over 17 years of being in business, it is really easy for us to pull up thousands of tickets related to viruses, computer slowness, and operating system issues that are a direct result of an end user having local administrator access to their computer. In fact, giving users administrative access not only can make your staff less productive, it raises the cost of doing business (e.g. fixing computer issues, employee downtime, data loss from virus infections). Administrator accounts on a computer allow the user to install software, make any change to the system settings, and override local folder permissions. This might not seem like a big deal, but let’s consider the possible issues which result from that:

  • Unauthorized software can be installed on the computer, leading to non-work-related activities and possible computer slowdowns or shutdowns.
  • Unlicensed software can be installed, opening your business up to potentially hefty fines from software vendors.
  • Users can intentionally or unintentionally execute a malicious program, leading to infections that could potentially span many computers on your network. These are often undetectable by anti-virus programs (frequently because the user specifically allows them to execute so the antivirus does not stop them).
  • If multiple users use a single PC, the administrator account can be used to access data in other user profiles. This could allow for data breaches, theft, and privacy concerns.
  • Operating system settings can be changed intentionally or unintentionally causing potentially unfavorable consequences.

While limiting users access might seem like an inconvenience for some, mitigating the significant risks and costs associated with running with Administrator access, is well worth any inconvenience, especially when you have a 24 x 7 helpdesk to provide that access and oversight to make sure the right components are being installed. We have seen firsthand the devastation that can occur when malware can run with full admin access and today’s day, that cost can easily exceed hundreds of thousands of dollars.

By -- 2019-12-5 in Blog

A large-scale threat campaign used several fake IRS websites to target over 100,000 people this summer. Researches at cloud security solutions provider Akamai, discovered that the phishing campaign used hundreds of different types of domains and URLS to imitate the Internal Revenue Service of the United States for over two months. Victims of this threat campaign were directed to a fake IRS login, asked to enter their email address and password, and were tricked out of offering personal information. The fake campaign in total used at least 289 distinctive domains and 832 URLS to target people from all over the world.

It also appears that the threat actors have targeted legacy websites. Katz, principal lead security researcher at Akamai expressed that he believes that a lot of the websites that hosts the IRS phishing page are legit websites that have been compromised and hijacked by cyber criminals mostly because of the public’s trust in these websites.  Katz also predicts that it is not a coincidence that the hacking began in August. Research has indicated that August is a good time for criminals to receive engagements from victim since it is a time for vacationing where victims have more  time to read personal email, open suspicious links and browse the internet.


If you are worried about fake websites for you or your company and would like to setup security awareness training, OptfinITy can help.  Give us a call at 703-790-0400 or via email at

By -- 2019-11-21 in Blog

Did you know  that Windows 7 will officially be End of Life in less than 2 months?  For most companies, this has become common knowledge and unfortunately, this has provided scammers an opportunity to  infect your machine with ransomware.

According to a report released by a security firm, attackers have educated themselves on the upgrade and have already begun attacking Microsoft users with a fake Windows update E-mail that infects the computer with ransomware. Ransomware is a specific type of malware that invades your computer and locks all of your valuable information. The spammers will then contact you and threaten to destroy all the data stored if you do not pay a ransom fee.

The spammers are currently sending Window users emails with subject lines such as “Install Latest Microsoft Windows Update now!” or “Critical Microsoft Windows Update” unveiling a sense of urgency to open the Email. They will urge users to click on an attachment downloaded to the Email usually titled as “latest critical update.” The attachment will seem to have an attachment with a .jpg file extension which is a .NET downloader that will infest malware into your device. The ransomware will then encrypt the recipients files and leaves a ransom note asking for $500 dollars in bitcoin in order to unlock and restore files.
If your organization is looking to upgrade your devices or you are worried about your employees clicking on potentially hazardous emails, contact OptfinITy today for information on how we can upgrade you and educate your employees.


By -- 2019-11-20 in Blog

Disney’s new demand streaming service has been available for less than two weeks and  that is all it took before hackers were able to compromise the streaming service , selling hacked accounts for as little as $1.

On November 12th, only hours after the service launched, Disney + users took to social media outraged that they have been locked out of their accounts and had received alerts stating that their account information and details have been changed. The hacked users claimed that a fake email was sent to them as a service subscriber, warning them that their account had been locked. Once the email was opened, the subscriber was requested to supply their credit card details and account information.

If you are worried about your accounts being hacked and information compromised, it is best to put a multiple layered approach to your security, including but not limited to email controls and online training of your employees.  For more information on these types of solutions, please contact OptfinITy via email at or via phone at 703-790-0400.

By -- 2019-11-18 in Blog

Have you ever traveled before with a phone lower on power and tried one of those “free” USB charging stations?  According to a recent report, it turns out the convenient USB power charging stations found in airports and malls may come with a cost.  Officials are warning that  that travelers should be wary of using USB ports when charging smartphones since hackers have devised ways to download and steal data from phones and tablets by modifying USB connections and installing malware onto your phone without your knowledge. This technique is known as ‘juice-jacking.’

Although, the general notion of juice-jacking is viewed as a relatively new hacking threat, it is not as new as it seems. In fact, attendees of security conferences back in 2011 have been warned about the dangers of plugging their devices into public charging kiosks.  The concept of juice-jacking has also been proven at hacker conventions and seen by many travels who have had the unfortunate encounter of having their personal information and data stolen due to juice-jacking. For more information on your latest security concerns and other technology related resources, check out our website at

By -- 2019-09-30 in Blog

Having a solid IT infrastructure is the absolute bare minimum if you want your organization to grow and prosper in the 21st century. With the technology age in full swing, organizations that don’t adapt and implement the latest technologies will be left in the dust. A recent article lists a few areas that business owners should focus on to ensure present and future success.

  1. Don’t just move to the cloud. Adopt the cloud- The cloud itself is not going to transform your business. You need to take advantage of its functionalities to make your organization operate more efficiently.
  2. Constantly upgrade your networks and move to software-based networking- Network upgrades are necessary to eliminate vulnerabilities and optimize proficiency. However, if your network updates require downtime and changes in hardware, you are quickly falling behind. Many organizations have already switched over to software-based networking which allows for small updates to be sent regularly without disrupting users and in turn eliminating downtime.
  3. Know your software and don’t let it become outdated- Software is the backbone of a company’s IT structure and can be used to run its networking systems. Through analytics and machine learning, certain types of software now are able to adapt the system in real time, essentially maintaining themselves virtually.

The window is rapidly closing for companies to jump on board of the technology train. If your organization hasn’t already began looking into or adapting the aforementioned practices, or if you have any questions regarding your IT infrastructure, don’t hesitate to give us a call at 703-790-0400 or shoot us an email at

By -- 2019-09-25 in Blog

Elaborate phishing scams are already a massive problem that continue to cost organizations thousands of dollars as a result of employees clicking on malicious links or sending money to someone claiming to be their boss. Thanks to technological advances in AI, there is a new threat to look out for, vishing (voice phishing), that allows criminals to mimic the voices of employee supervisors and demand large transfers of money from employees, passwords, or other critical information. A recent article discussed a situation in which $243,000 was transferred to cybercriminals from a CEO thinking he was speaking with his boss who worked at a parent company.

Back in March, a CEO of a UK-based energy firm received a call from whom he believed to be his boss at a German parent company requesting a prompt wiring of $243,000 to a Hungarian supplier. The cybercriminals had used voice-generating AI software to mimic the German accent of the British CEO’s boss, which lead the unsuspecting chief executive to proceed to wire the money. It was only after a second request to wire more money that the executive became suspicious, refused, and alerted authorities.

This isn’t the last time this will happen. With the improvement of voice mimicking software comes more opportunities for criminals to exploit their capabilities. If you have any questions or concerns related to cybersecurity, vishing, or phishing, please don’t hesitate to give us a call at 571-370-5777 or visit our cybersecurity division’s website at