By -- 2021-09-1 in Blog

Since the onset of the coronavirus pandemic, remote work has become a large aspect of the new normal. Subsequently, there has been an increase in attacks launched by cyber criminals, including a wave of large-scale attacks has rendered critical infrastructure unusable. The SolarWinds hack, JBS hack, and Colonial Pipeline hack have all been hailed as powerful signals to governments and organizations alike that more investment and research into cybersecurity is necessary.

In an attempt to avoid these types of incidents occurring over and over again, the Senate recently approved $1.9 billion dollars in cybersecurity infrastructure bills. This comes as part of a $1 trillion dollar infrastructure package approved August 10th. This money will be used for securing critical infrastructure against attacks, helping vulnerable organizations defend themselves, funding for a key federal cyber office, and to strengthen cybersecurity for state and local governments.

One of the most notable bills is the State and Local Cybersecurity Improvement Act. This act would give one billion dollars to government entities over 4 years, with a quarter of that being allocated to vulnerable rural communities. This act in particular is much needed, as an attack on a school system or electrical grid could put crucial services in jeopardy- and many state and local governments do not have sufficient resources to defend against these types of attacks. If you’ve found yourself a victim of the onslaught of recent cyberattacks, feel free to reach out to us about malware protection and data recovery at info@optfinity.com.

By -- 2021-08-30 in Blog

Corporate websites have become a must-have for modern organizations.  Corporations, non-profits, and even government bodies maintain websites in order to reach consumers, host information, and provide a means of contact. There are even professionals dedicated to creating content, improving how high a website appears in searches, and maintaining website functionality.  When a website goes down unexpectedly, it can lead to lost revenue for companies and lost donations for non-profits.  For government entities, there isn’t a risk of lost revenue–rather, it removes what could be an important source of information for website visitors.  It can also create a sense of panic when an institution has an unexplained outage.  So what happens when an incredible amount of websites for a variety of important organizations all go down simultaneously?

Early this morning, websites from entities including government websites for the White House and Gov.uk, social media platform Reddit, and news websites including ones for the New York Times, Forbes, and the BBC were down due to a widespread outage apparently linked to the popular content-delivery network Fastly. Fastly, a content-delivery network made newly popular by the pandemic-driven boom for many of its technology-focused clients, has not yet elaborated on what exactly happened to cause the outage, only that it has been resolved.  Larger companies with in-house content delivery systems, such as Netflix and Facebook, were unaffected.

As of now, there’s no indication that a digital threat actor was involved. That makes it a teaching moment for the small companies that rely on other services, whether it’s a content-delivery network like Fastly or a hosting site like WordPress, in order to do business.  While these services are incredibly useful for small-business owners looking to save money, they can also fail unexpectedly, leaving you without much recourse.  Whether its a hacker or a system failure that results in your downtime, it’s important to have a backup plan. If you’re interested in creating one, reach out to us at info@optfinITy.com to learn more.

By -- 2021-08-20 in Blog, Uncategorized

The healthcare industry has become more important than ever during the coronavirus pandemic, as the majority of Americans have had to interact with a provider in order to get a coronavirus vaccine, test, or care.  This has resulted in an influx of personal medical information to these institutions. That coincided with a global increase in cybercrime as work-from-home policies led to lax cybersecurity enforcement.  For an industry with so much sensitive data, it was particularly susceptible to data breaches and ransomware attacks.  Furthermore, HIPAA compliance requirements add another layer to security changes to how client data is stored.

This has resulted in a string of attacks against healthcare providers over the past year.  In 2020, at least 560 healthcare facilities were impacted by 80 separate cybersecurity attacks, and healthcare was ranked as the second most frequently targeted industry by multiple studies. Entities in the healthcare industry have been forced to overhaul their security practices in order to protect their client data. Multi-factor authentication, single sign-on portals, weekly security checks, and data encryption have all become more prevalent in the industry over the past year in response to increased threats.  However, these individual actions may not be enough to protect the industry as a whole.

Virtual appointments, and telehealth more generally, is rapidly expanding within the healthcare industry. Yet, this rapid expansion of telehealth services by a growing number of private and public providers, as aforementioned, comes at a time when the healthcare industry is particularly vulnerable to cyber attacks. Protecting client data after the fact is inadequate when the meetings themselves may be compromised.  The challenge of keeping patient information secure with regards to telehealth is unfortunately one that has yet to be adequately addressed. Another concern is lax security protocols and regulations surrounding telehealth specifically–the immediate necessity brought about by the pandemic overrode the long-term security concerns.

As we move towards a post-coronavirus world, the security concerns that fell by the wayside need to now come to front of mind.  If you’re interested in learning more about how to bring a security mindset to healthcare, check out our page on IT and security solutions for healthcare or leave a comment!

By -- 2021-08-10 in Uncategorized

Self-driving cars have become an iconic part of the early 21st century.  Tech companies like Uber, Google, and Apple have all made forays into self-driving vehicles to media fanfare.  Self-driving car company Tesla has a legion of devoted fans, partially due to CEO Elon Musk’s purposeful cultivation of that base, and the stock price to back up the hype.  However, fully autonomous cars are still unavailable, with technological and ethical barriers making their development difficult.  Despite that, modern automobile manufacturers have been able to integrate increasing amounts of technology into their products.  Safety features like automatic braking are especially popular–but they currently rely on visual feedback to work.  That’s where V2 technology comes in.

V2X, or “Vehicle to Everything” technology, refers to various different technologies that allow a vehicle to communicate with other objects.  The overall idea is that a vehicle is able, or will be able to, use its on-board communication tools to deliver real-time traffic information, preemptively react to changing road conditions, signs, and other feedback. While V2X functions alone won’t be able to replace a driver, they are important building blocks in a self-driving vehicle’s ability to create a map of its environment. These technologies allow a vehicle to share information with various other devices, such as a pedestrian’s smart phone, a traffic light, or other vehicles.

While V2X provides many advantages, proponents of the technology have to overcomes many hurdles before it can become mainstream.  The infrastructure changes necessary to take advantage of V2X systems are far-reaching and costly.  Privacy concerns about location privacy, hacking or malware, and personal safety have led many people to be skeptical of novel technologies, especially ones that rely on autonomous communication.  Finally, adding comprehensive V2X technology to cars is expensive, and the tech itself is still in its relative infancy.

For now, true self-driving cars are still years away from the commercial market.  Still, the issues surrounding their deployment and usage need to be addressed before they become mainstream, so that we have systems and structures to accommodate them.

By -- 2021-08-4 in Uncategorized

The 2020 Summer Olympics are finally here! After a year of waiting, your favorite Olympians are taking the world stage. With over 200 countries competing, it’s sure to be a must-watch event. Unfortunately, as one of the first global events to occur since the pandemic, this also makes Tokyo a prime target for cyberattacks. It was recently revealed by the Japanese Olympic Committee that they experienced a ransomware attack in April. While no ransom was demanded and all infected computers were replaced, it was followed by an attack that was intended to wipe files on Japanese networks

 

This is a common pattern at the Olympics. In 2016, the Rio de Janeiro games underwent hacking and data leaks and two years later at the 2018 PyeongChang Olympics, hackers knocked out WiFi, disabled security gates, and distributed phishing emails that targeted both athletes and company partners. While the Olympics are a large event, they are not the only ones who need to be concerned.  Small businesses and non-profit organizations don’t have the expertise that the International Olympic Committee does, so it is important that they take precautions to keep their network safe.

 

If you’ve recently been hit by ransomware or want to ensure that you have a security plan ready, feel free to contact us at info@optfinity.com or via phone at 703-790-0400.

By -- 2021-08-4 in Blog

Happy National Chocolate Chip Cookie Day!

While you celebrate today by enjoying one of America’s favorite types of cookies, remember to also keep in mind the not-so-sweet cookies in your life. Internet cookies are tiny pieces of data sent to your browser from the websites you visit. They contain information such as your username, password, and site preferences. Though they can be convenient by saving information so that you don’t have to re-enter it every time you visit a website you frequent, they can compromise your privacy, security, and even your device’s performance.

Top 3 Reasons Why you Should Consider Deleting your Cookies:

  1. For Privacy– If you share a device with others or use a public device, you may want to delete cookies if you don’t want others seeing your browsing history. Even if you’re the only person who uses your device, deleting cookies may be beneficial if you’re concerned with the amount of PII (personally identifiable information) the internet has about you. Sites that use persistent cookies (cookies that get saved for long periods of time) may be especially worrying if you’re trying to keep your PII under wraps. If you disable or delete cookies on sites you don’t want keeping track of your information, they won’t be able to track the count number of times you visit their site, and they can’t create a digital persona based on that activity. As a result, you will likely see fewer targeted ads. Deleting existing cookies allows you to start fresh and choose the types of cookies you want on each site.
  2. For Security- Hackers can and have accessed browser sessions and stolen personal info stored in a website’s cookies. Credit card information, home addresses, email addresses, and a slew of other information can be retrieved based on the types of sites hackers are able to get into. Additionally, third-party cookies are especially worrisome if you’re concerned about security. These cookies allow website owners to sell your browsing data to third parties like advertisers. Unfortunately, once they’re sold, you have no control over what third parties use your data for and could use personal data to commit online crimes like identify theft.
  3. For Performance– Lastly, stored data in cookies may conflict with the website they’re related to if the page gets updates. If this happens, the site may load errors. Further, cookies are actually stored files on your hard drive, so they do take up some space on computer. If left untouched for long enough, the small amount of storage cookies typically hold adds up and can slow down the speed of your device.

To delete cookies from a browser, generally, you’ll go to your “Settings” and “Privacy” tabs. Then, you can clear the cookies stores in your website browsing data and history. You can also customize which cookies you want deleted based on specific time ranges and other specifications. Cookies for websites that hold especially sensitive information, such as your banking website, should always be declined or deleted to protect yourself from potential cybercrimes. Additionally, if your antivirus software flags site cookies as suspicious, you should delete them. If you’re concerned with the capabilities of your antivirus software or are in need of one, consider reaching out to us at info@optfinity.com!

By -- 2021-07-30 in Blog

Cyber threats increased dramatically during the coronavirus pandemic.  Individual members of vulnerable populations, small businesses, large corporations, and even the federal governments were hit by major attacks that stole millions of dollars along with sensitive data.  One of the largest, most damaging events to come out of this surge in digital crime was the Solarwinds hack that dominated headlines throughout late 2020 and early 2021.  Major players like Microsoft and the titular company Solarwinds were affected by the data breach, along with 9 federal agencies.  Most worrying is the fact that its still unknown who was behind the hack.  Speculation ranges from foreign governments to independent hacking groups, but nothing is definite.

This hack revealed how unprepared most entities are for preventing and mitigating the effects of cybercrime.  This week, the Justice Department announced that it would be investigating the U.S. response to cybercrime. Newly confirmed Deputy Attorney General Lisa Monaco announced the review at the Munich Cyber Security Conference, stating that the U.S. was at a “pivot point” around how it approaches concerns around cybersecurity. While details are understandably scarce, she elaborated that the review would focus on issues such as digital currency, supply chain attacks such as the SolarWinds attack, and state-sponsored cyber-terrorism.

This is the second announcement from the government addressing cybersecurity concerns, following the Justice Department’s creation of a Ransomware and Digital Extortion Task Force to tackle the past year’s spike in ransomware attacks against critical infrastructure and organizations.  It’s always encouraging to see increased awareness surrounding cybersecurity, especially from an organization as large as the federal government.  Now is a great time for any organization, large or small, to re-evaluate how they are approaching security concerns and their information systems more generally.  If you’re interested in learning more about how you can improve business security, reach out to us at info@optfinITy.com or leave us a comment.  Stay safe!

By -- 2021-07-20 in Uncategorized

Data breaches are devastating for an organization.  Like any cyberattack, a data breach requires an immediate response.  The victim has to identify the scope and scale of the breach, whether it is limited to a data breach or whether other systems were affected, and take steps to prevent further access from the perpetrator.  Some data breaches come as part of a larger ransomware attack, were the threat of releasing sensitive data is used to leverage payment instead of more traditional ransomware that holds physical devices ‘hostage’.  Payment is often ineffective, with perpetrators releasing the data anyways one they’ve received their untraceable ransom money.

Then, there is the additional legal and economic fallout to a company after the data has been released.  These data breaches don’t just hurt a major corporation, they also reveal sensitive information about that organizations clients, partners, and prospects.  With data collection on individuals becoming more expansive, and digital privacy rights eroding, the potential impact of data breaches on the individual increases dramatically.  Anything from your browsing history, recent purchases, family information, medical details, banking and financial information, or social security number could be revealed without you even knowing it happened. The latest example of a major data breach shows just how sensitive this released data can be.

London-based security firm TurgenSec announced that nearly 345,000 files from the solicitor-general of the Philippines, including sensitive information for ongoing legal cases, have allegedly been breached and made publicly available. The released documents included hundreds of thousands of files ranging from “documents generated in the day-to-day running of the solicitor-general’s office, to staff training documents, internal passwords and policies, staffing payment information, information on financial processes, and activities including audits, and several hundred files titled with keywords such as “private, confidential, witness, and password”.” TurgenSec said after discovering the breach that the “data breach is particularly alarming as it is clear that this data is of governmental sensitivity and could impact on-going prosecutions and national security.”

By -- 2021-07-12 in Blog

Microsoft recently announced that the Windows Print Spooler service could be exploited by hackers- a flaw now known as PrintNightmare.  While you may not think having your printer hacked is a major concern, this vulnerability could allow hackers to remotely access one’s PC including allowing hackers to delete data, install programs, or create new user accounts with full user rights. This critical flaw could affect both Windows 10 and Windows 7 users.

Unfortunately for Windows users, this is only one of a slew of security issues the tech company has experienced within the past year. In 2020, the National Security Agency warned the company that their windows operating system contained a major flaw that could allow hackers to impersonate legitimate software companies. Additionally, earlier this year hundreds of thousands of Exchange users were targeted after multiple vulnerabilities in its software allowed hackers access to its servers.

Though Windows has since released an update to remedy the Print Spooler flaw, the security patch itself comes with its own issue. Some users who installed the update discovered that the connection to their printer stopped working. An update to remedy this error will soon be released, according to Microsoft.

Is your system in need of security updates or patching? Have you experienced a breach? If so, reach out to us at info@optfinity.com for more information. Current OptfinITy users will have this patch installed as part of our standard monitoring and maintenance program.

By -- 2021-07-10 in Blog

Vaccine rollout in the United States is going fairly well.  Some states like Virginia have vaccinated close to 41% of their population, meaning that in some areas, we are halfway to reaching the levels needed for herd immunity. While the pandemic is still ongoing, and precautions are still necessary, many decision makers are looking to plan for a post-COVID future. What was originally thought to be a month long shutdown, a temporary state, has evolved into a year long cultural shift that is sure to leave an indelible impact on our way of life.  Or perhaps everything will go back to normal–there’s no way of being certain.  Some environmentalists point to the impact climate change has on the emergence of novel viruses as a reason to believe that the coronavirus may not be the last major pandemic in the lifetime of Millennials and Generation Z.

With this uncertainty over what the future holds, the economy seems to be split on the question of whether employees should return to in-person work at all.  Major tech companies like Facebook and Google have already announced that a percentage of their workforce will continue to work remotely.  Workers themselves seem to prefer remote work as an option–54% of people currently working remotely want to continue the arrangement after the pandemic ends–and research hasn’t shown a definitive drop in productivity.  In fact, some studies suggest that post-pandemic remote work could create a 5% boost to overall productivity. Workers take fewer sick days, office spaces can be downsized to save on rent, and corporate expenditures on making the office bearable can be eliminated.

On the other side, working from home creates undeniable cybersecurity risks for an organization.  Workers who aren’t digitally literate are more likely to take risky actions without their colleagues in IT to watch over them.  In fact, almost 20% of data breaches over the past year were due to worker negligence.  If organizations cannot develop a robust cybersecurity program to train their remote workers, it may bring more harm than good.

Ultimately, the decision to allow remote work is one that is unique to each organization.  There are tangible benefits to allowing the practice to continue, along with moral improvements and increased retention rates to consider.  However, it’s still important to keep cybersecurity in mind.  Without it, you put your organization at risk.