How Changes to the Microsoft Donation Program will Affect You

By -- 2022-03-17 in Blog, Uncategorized

If you’re like many non-profits, you may benefit from the Microsoft Non-profit program. This endeavor has enabled nearly 400,000 organizations worldwide to access top-notch technology at discounted rates.  However, there are going to be some major changes to the software donation program that will take place on April 4, 2022 that you should be aware of.

Arguably, the largest change that will take place is that on-premises products will no longer be available to nonprofits as a donation. Microsoft defines on-premises products as “standalone, perpetual licenses that users install on specific computers and that can be used without an internet connection (e.g., Office Standard)”. Instead, the majority of on-premises solutions will continue to be available through cloud donations, but organizations can still request these products through until April 4, 2022.  Windows Pro, Windows Server and SQL Server will still be part of the catalog of on-premises Microsoft software. Organizations operating computer labs, training centers, or providing public-access computers will still be able to access specific on-premises product donations.

Below are some of the cloud donations that will be available for your organization following this change:

  • Microsoft 365 Business Premiumwill continue to be free for up to 10 users
  • Microsoft 365 Business Basiclicenses will continue to be free for up to 300 users
  • The Power Apps Per App planto build low-code and no-code custom workflows is available for free for up to 10 seats.
  • Organizations can also leverage up to $3,500 in Azure services yearly directly from Microsoft in markets where Azure is available.

If you have any questions or concerns regarding this change, feel free to reach out to us at info@OptfinITy.com or call us at (703) 790-0400.

Are you being tracked by an Apple AirTag?

By -- 2022-03-4 in Blog

Understanding the Risks of Apple AirTags

Apple’s AirTag devices have gained popularity since their release in 2021. Designed to help users track items like keys or bags, these tracking devices have also been misused for nefarious purposes. Some individuals have slipped AirTags into someone’s bag or car without their consent. This secret tracking poses a serious threat to survivors of domestic abuse and has been used for stalking and car theft.

How to Detect an Unwanted AirTag

If you suspect someone is tracking you with an AirTag, start by manually searching your belongings for any hidden devices. However, because of its small size, finding an AirTag can be difficult. To improve your chances, use a Bluetooth tracking app to scan your surroundings for unknown AirTags.

Finding the Serial Number

If you discover an AirTag nearby, you may want to find its serial number in case law enforcement needs it. Use Apple’s Find My app by holding the AirTag near your phone, tapping on its name, and viewing the serial number. Alternatively, place an NFC-capable smartphone against the white side of the AirTag. A webpage will appear displaying the serial number.

Disabling an Unwanted AirTag

To prevent the owner from tracking your location, disable the AirTag by twisting the back counterclockwise near the Apple logo and removing the battery.

Seek Assistance if Needed

If you believe someone is tracking you, contact law enforcement. For further discussions on online safety, reach out to us at info@OptfinITy.com or call (703) 790-0400.

Cyberattacks on US Infrastructure likely to Increase Amidst Russia Sanctions

By -- 2022-02-28 in Blog

Cybersecurity Attacks Expected to Rise

Cybersecurity experts and the FBI warn that cyberattacks against U.S. citizens and companies will likely increase. This comes after Western nations imposed sanctions on Russia following its invasion of Ukraine and related malware attacks.

Escalating Tensions and Cyberwarfare

Tensions have risen further after the U.S. and its allies blocked some Russian banks from the SWIFT international payment system. Experts predict hackers will retaliate with ransomware, malware, data theft, and denial-of-service attacks.

Small Businesses at High Risk

Small and medium-sized businesses face the greatest risk. Many lack strong cybersecurity defenses, making them easy targets for sophisticated attacks.

How to Stay Protected

Cybersecurity experts recommend taking these steps:

  • Keep software and antivirus systems updated.
  • Enable two-factor authentication.
  • Develop a crisis response plan.

Ensure your organization’s cybersecurity is up to date. Contact us at info@optfinity.com or call (703) 790-0400.

How to Play Wordle for Free after it’s Behind a Paywall

By -- 2022-02-24 in Blog

The Rise of Wordle

If you’re like millions of other Americans, you’ve probably played or at least heard of Wordle. This simple yet addictive word game skyrocketed in popularity thanks to its viral appeal, ad-free experience, and zero cost. However, that might change soon.

The New York Times Acquisition

In late January, the New York Times purchased Wordle, sparking concerns among players. Many fear the game will end up behind a paywall, similar to the Times’ other games and articles. The Times fueled this worry by stating that Wordle would “initially remain free” for new and existing users.

How to Keep Playing Wordle for Free

Fortunately, you can still play Wordle for free—even if it moves behind a paywall. Since Wordle runs in a browser, its code exists as plaintext on the game’s website. To save the game:

  1. Right-click in your browser.
  2. Select “Save Page As” and choose Webpage, Complete.
  3. Save the file as an HTML document.

Once saved, you can open the HTML file in a browser and play offline anytime.

The Catch

While this offline version lets you enjoy Wordle indefinitely, it comes with a few drawbacks. You may not be able to save your streak, and sharing results could be difficult or even impossible. Still, with over 2,000 five-letter words in the game’s word bank, you could keep playing daily for nearly seven years.

Want more tips on optimizing your technology? Contact us at info@optfinity.com.

OptfinITy Recognized on CRN’s 2022 MSP 500 List

By -- 2022-02-14 in OptfinITy News

FEBRUARY 14, 2022: OptfinITy announced today that CRN®, a brand of The Channel Company, has named OptfinITy to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2022. CRN’s annual MSP 500 list identifies the leading service providers in North America whose forward-thinking approaches to managed services are changing the landscape of the IT channel, helping end users increase efficiency and simplify IT solutions, while maximizing their return on investment.

 

With many customers still recovering from the impact of the ongoing pandemic, MSPs have become a vital part of the success of businesses worldwide. MSPs not only empower organizations to leverage intricate technologies but also help them keep a strict focus on their core business goals without straining their budgets.

 

OptfinITy was recognized as an MSP Pioneer 250 company due to its extensive managed services portfolio, including on-premises and off-premises capabilities, weighted toward managed services while largely focusing on the SMB market.

 

 

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

 

 

 

 

 

Follow The Channel Company: Twitter, LinkedIn, and Facebook.

© 2022 The Channel Company LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.

The Channel Company Contact:

Jennifer Hogan

The Channel Company

jhogan@thechannelcompany.com

 

Is Zoom Sharing your Data?

By -- 2022-01-25 in Blog

Zoom’s Popularity and Privacy Concerns

Zoom has become one of the most widely used video conferencing platforms, with over 300 million daily meeting participants. The surge in remote work has significantly contributed to its widespread adoption. While many users appreciate its user-friendly interface and convenience, Zoom presents several privacy risks.

Past Security Issues

Privacy experts have scrutinized Zoom since 2019, when the software played a role in a webcam hacking scandal and contained a bug that let uninvited users snoop on password-protected meetings—a phenomenon now known as “Zoom-bombing.” Since then, Zoom has improved its security by removing problematic features like built-in attention tracking and enabling end-to-end encryption. However, some privacy concerns remain.

Non-Attendees May Watch Your Recordings

If you use a paid Zoom subscription, carefully manage who can access cloud recordings. This feature records meetings, generates text transcriptions, and saves active chats. While useful for attendees, other authorized company users—who may not have attended the session—can also access these recordings. To protect sensitive information, administrators can limit access to specific preapproved IP addresses.

Zoom May Share Your Information with Third Parties

In 2020, an analysis by Vice’s Motherboard revealed that Zoom shared user analytics with Facebook, even for users without Facebook accounts. Zoom later removed this feature, but its privacy policy remained unclear about data sharing with third parties. Zoom has since clarified that it does not share video, audio, or chat content with third parties for advertising purposes. However, you should still review your Zoom and device security settings, minimize permissions when possible, and keep your app updated to ensure all security patches are installed.

If you want to discuss software security and account privacy, contact us at info@optfinity.com.

Here’s Why you Should Clear your Android’s Cached Data

By -- 2022-01-24 in Blog

Though cookies and cached data within your mobile phone browser can improve your browsing experience by keeping you logged into websites and saving website preferences, they can also become burdensome. Cookies are used by websites to track your browsing history so that they can more easily serve you with personalized ads- which can be an annoying and intrusive experience for some. Additionally, too much cached information can slow down your browser’s speed. So, if you own an Android and are interested in clearing your cached data and browser cookies, continue reading to learn how to do so.

If You Use Google Chrome:

  • Navigate to the top right corner of the browser and click the “More” button (symbolized by 3 vertical dots)
  • Select “History”, then “Clear browsing data”
    • Within this setting, you can also choose whether to clear data from the last 24 hours, the last month, or all data history
  • By selecting the “Advanced” option, you can also delete saved passwords, site settings, and autofill form data
  • After selecting what you want to delete, click the blue “Clear data” button

If You Use Samsung Internet:

  • Navigate to your phone’s settings
  • Next, click on “Apps”
  • Scroll down and click “Samsung Internet”, then “Storage”
  • At the bottom of “Storage”, you can choose to either “Clear cache”, “Clear data”, or both
    • Clicking “Clear data” will bring up a prompt warning that all the app’s data will be deleted permanently
    • This includes files, settings, accounts, and databases

If you Use Mozilla Firefox:

  • Navigate to the browser, and select the “More” button in the top right corner (symbolized by 3 vertical dots)
  • Click “Settings”
  • Go to the “Delete Browsing Data” menu
  • Select “Delete any existing open tabs”
    • From this menu, you can also delete your browsing data, site data, site permissions, cookies, and cached images and files

Hope you found this helpful! If you have other questions about how best to secure your devices when browsing online, feel free to reach out to us at info@optfinity.com.

Files in Microsoft may not be as safe as they appear

By -- 2022-01-10 in Blog

ZLoader Malware Exploits Microsoft Vulnerability

How Hackers Use ZLoader to Steal Sensitive Information
Hackers favor ZLoader malware for its ability to steal user credentials and other sensitive data. Recently, cybercriminals have exploited a vulnerability in Microsoft’s digital signature verification to deploy ZLoader effectively.

How This Threat Affects You
Microsoft’s signature verification tool, Authenticode, ensures that files are legitimate and trustworthy. However, researchers at Check Point Research (CPR) identified that the cybercriminal group Malsmoke has been tricking victims into running a corrupt file disguised as a legitimate and safe program. Once activated, hackers use the ZLoader trojan banking tool to steal cookies, passwords, and other sensitive information directly from an infected computer.

How to Protect Yourself
If you use Microsoft products, CPR strongly recommends installing Microsoft’s security patch for Authenticode verification immediately. Microsoft first released this patch in 2013, but it has not been mandatory since 2014. Installing this update, along with practicing safe browsing habits—such as avoiding unfamiliar links and refraining from downloading email attachments from unknown sources—offers the best defense against ZLoader malware.

For expert guidance on cybersecurity patches and best practices for your organization, contact us at info@OptfinITy.com.

The VA General Assembly was Attacked- What Happens Now?

By -- 2021-12-27 in Blog

Ransomware Hits Virginia General Assembly

On December 12th, ransomware struck the Virginia General Assembly, targeting the Legislative Automated Systems branch. This department, the IT arm of the state legislature, manages tasks like publishing, computer technology, and legislative information. Upon discovering the attack, the department quickly shut down most servers to contain the spread. A top agency official called the malware “extremely sophisticated,” but the ransom note included no payment amount or deadline.

Business Operations Severely Disrupted

Although representatives claimed the department remained operational, the attack severely disrupted business, cutting employees off from key systems. Legislators and staff lost access to systems critical for managing bills, a significant issue during December’s busy legislative preparation period. The attack also disabled the Virginia Law Portal, blocking access to the state code and Constitution, and took down the Capitol Police’s internal site, though communication tools stayed functional.

Virginia’s Response and Recovery Efforts

Virginia hired cybersecurity firm Mandiant to investigate and develop recovery plans. However, with the backup system potentially compromised, paying the ransom might be the only way to recover encrypted data.

How to Protect Your Organization

If you’ve experienced a ransomware attack or want to discuss backup and prevention strategies, contact us at info@OptfinITy.com or (703) 790-0400.

The Log4j Bug is of the Most Serious Threats in Recent Years

By -- 2021-12-20 in Blog

The Log4Shell Exploit

On December 9, 2021, a zero-day exploit targeting Log4j, an open-source logging tool, came to light. Log4j helps programs track application errors. The exploit, called Log4Shell, impacts thousands of systems globally, including those of major vendors like Cisco, VMware, Twitter, Amazon, Google Cloud, IBM, and Microsoft.

Hackers have likely exploited this vulnerability since early December. The public announcement triggered a surge in attacks. The Cybersecurity & Infrastructure Security Agency (CISA) estimates hundreds of millions of devices are affected, calling this one of the most severe threats in recent memory.

Why This Vulnerability is Critical

The Log4j flaw has existed for about eight years. It allows hackers to remotely control systems using this software. Exploitation can be as simple as posting a message in a chatbox, as seen in Minecraft.

Hackers are launching hundreds of attacks per minute, using the exploit to steal data, mine cryptocurrency, and deploy tools like Cobalt Strike. Log4j’s widespread use makes the threat long-lasting, as many organizations might not realize it’s part of their network.

What It Means for You

Fortunately, most affected applications are cloud-based, enabling vendors to patch the systems without end-user intervention. Software providers are working quickly to release updates.

Stay vigilant by monitoring notifications from trusted sources about patches for vulnerable systems. Update your software as soon as patches become available.

Need Help?

If you have questions about Log4Shell, email us at info@optfinity.com. We’re here to assist you.

The good news is that most of the affected applications are cloud-based applications, which makes it easier for companies and developers to update the component without having to touch millions of end-users’ devices. Software vendors will be applying these patches as soon as they become available. Additionally, look out for notifications from trusted sources that inform and allow you to update potentially vulnerable systems, as these updates should include a patch.

Should you have any questions about this vulnerability, please feel free to reach out to us at info@optfinity.com.