By -- 2021-09-29 in OptfinITy News

October 1, 2021 — OptfinITy today announced its commitment to Cybersecurity Awareness Month, held annually in October, by signing up as a 2021 Champion and joining a growing global effort to promote the awareness of online safety and privacy. The Cybersecurity Awareness Month Champions Program is a collaborative effort among businesses, government agencies, colleges and universities, associations, nonprofit organizations and individuals committed to the Cybersecurity Awareness Month theme of ‘Do Your Part. #BeCyberSmart.’

More than ever before, technology plays a part in almost everything we do. Connected devices have been woven into society as an integral part of how people communicate and access services essential to their wellbeing. Despite these great advances in technology and the conveniences this provides, recent events have shown us how quickly our lives and businesses can be disrupted when cyber criminals and adversaries use technology to do harm.

Cybersecurity Awareness Month aims to shed light on these security vulnerabilities, while offering actionable guidance surrounding behaviors anyone can take to protect themselves and their organizations. Everyone has a responsibility to do their part in securing our interconnected world.

This year, the Cybersecurity Awareness Month’s main weekly focus areas will revolve around:

  • Understanding and implementing basic cyber hygiene, including the importance of strong passphrases, using multi-factor authentication, performing software updates and backing up data.
  • Recognizing and reporting phishing attempts whether it’s through email, text messages, or chat boxes.
  • Empowering individuals to not only practice safe online behavior, but consider joining the mission of securing our online world by considering a career in cybersecurity!
  • Making cybersecurity a priority in business by making products and processes “secure by design” and considering cybersecurity when purchasing new internet-connected devices.

If everyone does their part – implementing stronger security practices, raising community awareness, educating vulnerable audiences or training employees – our interconnected world will be safer and more resilient for everyone.

Now in its 18th year, Cybersecurity Awareness Month continues to build momentum and impact with the ultimate goal of providing everyone with the information they need to stay safer and more secure online. OptfinITy is proud to support this far-reaching online safety awareness and education initiative which is co-led by the National Cyber Security Alliance and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security.

About OptfinITy

OptfinITy continues to grow as a leading provider of enterprise quality managed services for the SMB market. We offer comprehensive on-premise and cloud solutions ranging from Managed IT, Managed VOIP, Managed Security to a full suite of Professional Services, including Software Development, Website Development and Cyber security solutions through our PerusITy division. Our team of proven leaders and technical experts, paired with a focus on operational excellence, has earned us a reputation for world-class customer service, long-lasting client relationships, and numerous industry awards and recognition.

 

About Cybersecurity Awareness Month
Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come.

About National Cyber Security Alliance

The National Cyber Security Alliance is a nonprofit alliance on a mission to create a more secure connected world.  We enable powerful, public-private partnerships in our mission to educate and inspire individuals to protect themselves, their families and their organizations for the collective good.

By -- 2021-09-17 in Blog

The Rise of End-to-End Encryption: Security Meets Privacy

In recent years, end-to-end encryption has risen in popularity as cybersecurity concerns have become more prevalent in popular culture.

End to end encryption makes it very difficult for anyone to be able to see messages and platforms like Google, Facebook, and Twitter have taken to implementing this encryption method for the safety of their users- a beneficial feature for users, but very frustrating for governments trying to spy on terrorists and criminals.

Enter Pegasus: A Surveillance Solution by NSO Group

It recently came to light  that the Israeli tech firm NSO created a software called Pegasus to alleviate this issue for governments and other entities, although the firm doesn’t disclose which entities have purchased it.

The software can stealthily infiltrate a smartphone and gain access to everything on it, including the camera and mic. Gaining access to devices running on Blackberry, iOS, Android, and Symbian operating systems allows governments to turn them into surveillance devices.

Are You at Risk? Protecting Your Device Against Spyware

One of the most popular ways it does this is through spearfishing, in which accepting an unsuspecting call on WhatsApp gives the software unbridled access to the device’s capabilities. Recently, we have learned that the software now is a zero-click exploit, in which the software can simply call a user’s WhatsApp number, delete the call, and gain access to a smartphone without the user ever knowing anything suspicious occurred.

Additionally, the spyware can infiltrate devices through sending messages that contain gifs. A user doesn’t even need to open the message; once it’s received, the phone is compromised.  Are you safe?

If you’re wary of falling victim to spyware or malware, you can reach out to us at info@optfinity.com

By -- 2021-09-9 in Blog

Cryptocurrency platform Poly Network revealed recently that they were hacked. The over $600 million dollar theft is the largest crypto hack to date, although the hacking itself was not a hack of the technology.  Instead, the hackers exploited a vulnerability within Poly Network’s system that allowed them to assign themselves the ownership of money processed through the platform. The site reported that $611 million in digital tokens were stolen although a significant portion of the assets were redirected to nonprofits and charities in a modern-day Robin Hood scenario.

As various cryptocurrencies like Bitcoin and Ethereum rise in investment popularity, more attempted hacks into cryptocurrency firms may occur as they have in the past.  In 2019, we saw the Italian exchange BitGrail lose $195 million in assets and in 2018, the Tokyo-based firm Coincheck was hacked and lost $530 million in digital tokens. If you’re concerned where the next attack is coming from and want to be protected, feel free to contact us about virus protection at info@optfinity.com.

By -- 2021-09-3 in Blog

Happy Labor Day Weekend! While you celebrate your extended weekend with cookouts, parades, and enjoying time off from work , you might want to know that hackers may be watching closely. Holidays are notorious magnets for hackers because of online sales, where people are quick to input their personal info and payment information.

To avoid falling victim to these attacks, there are several steps that consumers can take.

  • Make sure that all your devices are up to date and have the latest operating system.
    • This helps to ensure that you have the latest security patches and limits the vulnerabilities that hackers can exploit.
  • If you choose to travel, be wary of pop-up ads on travel sites and strange emails promoting airline or hotel deals. These may be attempting to harvest your personal information or financial information. Whether you’re purchasing airline tickets, hotel rooms, or items online, don’t allow sites to save your credit card information in their system.
    • If a site you’ve used your card on gets exploited, your card credentials, name, and address can be accessed by hackers.
  • Keep and eye on your email and bank account statements for any signs of suspicious activity, and enjoy your weekend safely!

 

If you find yourself concerned about your network’s security capabilities, feel free to reach out to us at info@optfinity.com

By -- 2021-09-1 in Blog

Since the onset of the coronavirus pandemic, remote work has become a large aspect of the new normal. Subsequently, there has been an increase in attacks launched by cyber criminals, including a wave of large-scale attacks has rendered critical infrastructure unusable. The SolarWinds hack, JBS hack, and Colonial Pipeline hack have all been hailed as powerful signals to governments and organizations alike that more investment and research into cybersecurity is necessary.

In an attempt to avoid these types of incidents occurring over and over again, the Senate recently approved $1.9 billion dollars in cybersecurity infrastructure bills. This comes as part of a $1 trillion dollar infrastructure package approved August 10th. This money will be used for securing critical infrastructure against attacks, helping vulnerable organizations defend themselves, funding for a key federal cyber office, and to strengthen cybersecurity for state and local governments.

One of the most notable bills is the State and Local Cybersecurity Improvement Act. This act would give one billion dollars to government entities over 4 years, with a quarter of that being allocated to vulnerable rural communities. This act in particular is much needed, as an attack on a school system or electrical grid could put crucial services in jeopardy- and many state and local governments do not have sufficient resources to defend against these types of attacks. If you’ve found yourself a victim of the onslaught of recent cyberattacks, feel free to reach out to us about malware protection and data recovery at info@optfinity.com.

By -- 2021-08-30 in Blog

Corporate websites have become a must-have for modern organizations.  Corporations, non-profits, and even government bodies maintain websites in order to reach consumers, host information, and provide a means of contact. There are even professionals dedicated to creating content, improving how high a website appears in searches, and maintaining website functionality.

Impact of Website Outages

When a website goes down unexpectedly, it can lead to lost revenue for companies and lost donations for non-profits.  For government entities, there isn’t a risk of lost revenue–rather, it removes what could be an important source of information for website visitors.

It can also create a sense of panic when an institution has an unexplained outage.

So, what happens when an incredible number of websites for a variety of important organizations all go down simultaneously?

Widespread Outage Recap

Early this morning, websites from entities including government websites for the White House and Gov.uk, social media platform Reddit, and news websites including ones for the New York Times, Forbes, and the BBC were down due to a widespread outage apparently linked to the popular content-delivery network Fastly.

Fastly, a content-delivery network made newly popular by the pandemic-driven boom for many of its technology-focused clients, has not yet elaborated on what exactly happened to cause the outage, only that it has been resolved.

Larger companies with in-house content delivery systems, such as Netflix and Facebook, were unaffected.

What happens next?

As of now, there’s no indication that a digital threat actor was involved. That makes it a teaching moment for the small companies that rely on other services, whether it’s a content-delivery network like Fastly or a hosting site like WordPress, in order to do business.

While these services are incredibly useful for small-business owners looking to save money, they can also fail unexpectedly, leaving you without much recourse.  Whether it’s a hacker or a system failure that results in your downtime, it’s important to have a backup plan. 

If you’re interested in creating one, reach out to us at info@optfinITy.com to learn more.

By -- 2021-08-20 in Blog, Uncategorized

The healthcare industry has become more important than ever during the coronavirus pandemic, as the majority of Americans have had to interact with a provider in order to get a coronavirus vaccine, test, or care.  This has resulted in an influx of personal medical information to these institutions.

That coincided with a global increase in cybercrime as work-from-home policies led to lax cybersecurity enforcement.  For an industry with so much sensitive data, it was particularly susceptible to data breaches and ransomware attacks.  Furthermore, HIPAA compliance requirements add another layer to security changes to how client data is stored.

Healthcare Industry at Risk

In 2020, at least 560 healthcare facilities were impacted by 80 separate cybersecurity attacks, and healthcare was ranked as the second most frequently targeted industry by multiple studies. Entities in the healthcare industry have been forced to overhaul their security practices in order to protect their client data.

Multi-factor authentication, single sign-on portals, weekly security checks, and data encryption have all become more prevalent in the industry over the past year in response to increased threats.

However, these individual actions may not be enough to protect the industry as a whole.

The Importance of Client Confidentiality

Virtual appointments, and telehealth more generally, is rapidly expanding within the healthcare industry. Yet, this rapid expansion of telehealth services by a growing number of private and public providers, as aforementioned, comes at a time when the healthcare industry is particularly vulnerable to cyber attacks.

Protecting client data after the fact is inadequate when the meetings themselves may be compromised.

The challenge of keeping patient information secure with regards to telehealth is unfortunately one that has yet to be adequately addressed. Another concern is lax security protocols and regulations surrounding telehealth specifically–the immediate necessity brought about by the pandemic overrode the long-term security concerns.

What are the next steps?

As we move towards a post-coronavirus world, the security concerns that fell by the wayside need to now come to front of mind.  If you’re interested in learning more about how to bring a security mindset to healthcare, check out our page on IT and security solutions for healthcare or leave a comment!

By -- 2021-08-10 in Uncategorized

Self-driving cars have become an iconic part of the early 21st century.  Tech companies like Uber, Google, and Apple have all made forays into self-driving vehicles to media fanfare.  Self-driving car company Tesla has a legion of devoted fans, partially due to CEO Elon Musk’s purposeful cultivation of that base, and the stock price to back up the hype.  However, fully autonomous cars are still unavailable, with technological and ethical barriers making their development difficult.

Despite that, modern automobile manufacturers have been able to integrate increasing amounts of technology into their products.  Safety features like automatic braking are especially popular–but they currently rely on visual feedback to work.  That’s where V2 technology comes in.

V2X Technology on the Rise

V2X, or “Vehicle to Everything” technology, refers to various different technologies that allow a vehicle to communicate with other objects.  The overall idea is that a vehicle is able, or will be able to, use its on-board communication tools to deliver real-time traffic information, preemptively react to changing road conditions, signs, and other feedback.

While V2X functions alone won’t be able to replace a driver, they are important building blocks in a self-driving vehicle’s ability to create a map of its environment.

These technologies allow a vehicle to share information with various other devices, such as a pedestrian’s smart phone, a traffic light, or other vehicles.

Potential Obstacles in the Future

While V2X provides many advantages, proponents of the technology have to overcomes many hurdles before it can become mainstream.  The infrastructure changes necessary to take advantage of V2X systems are far-reaching and costly.  Privacy concerns about location privacy, hacking or malware, and personal safety have led many people to be skeptical of novel technologies, especially ones that rely on autonomous communication.

Finally, adding comprehensive V2X technology to cars is expensive, and the tech itself is still in its relative infancy.

For now, true self-driving cars are still years away from the commercial market.  Still, the issues surrounding their deployment and usage need to be addressed before they become mainstream, so that we have systems and structures to accommodate them.

By -- 2021-07-12 in Blog

Microsoft recently announced that the Windows Print Spooler service could be exploited by hackers- a flaw now known as PrintNightmare.

While you may not think having your printer hacked is a major concern, this vulnerability could allow hackers to remotely access one’s PC including allowing hackers to delete data, install programs, or create new user accounts with full user rights. This critical flaw could affect both Windows 10 and Windows 7 users.

Unfortunately for Windows users, this is only one of a slew of security issues the tech company has experienced within the past year.

In 2020, the National Security Agency warned the company that their windows operating system contained a major flaw that could allow hackers to impersonate legitimate software companies. Additionally, earlier this year hundreds of thousands of Exchange users were targeted after multiple vulnerabilities in its software allowed hackers access to its servers.

Though Windows has since released an update to remedy the Print Spooler flaw, the security patch itself comes with its own issue.

Some users who installed the update discovered that the connection to their printer stopped working. An update to remedy this error will soon be released, according to Microsoft.

Is your system in need of security updates or patching? Have you experienced a breach? If so, reach out to us at info@optfinity.com for more information. Current OptfinITy users will have this patch installed as part of our standard monitoring and maintenance program.

By -- 2021-07-10 in Blog

Vaccine rollout in the United States is going fairly well.  Some states like Virginia have vaccinated close to 41% of their population, meaning that in some areas, we are halfway to reaching the levels needed for herd immunity.

While the pandemic is still ongoing, and precautions are still necessary, many decision makers are looking to plan for a post-COVID future. What was originally thought to be a month long shutdown, a temporary state, has evolved into a year long cultural shift that is sure to leave an indelible impact on our way of life.  Or perhaps everything will go back to normal–there’s no way of being certain.

Some environmentalists point to the impact climate change has on the emergence of novel viruses as a reason to believe that the coronavirus may not be the last major pandemic in the lifetime of Millennials and Generation Z.

What comes next?

With this uncertainty over what the future holds, the economy seems to be split on the question of whether employees should return to in-person work at all.

Major tech companies like Facebook and Google have already announced that a percentage of their workforce will continue to work remotely.  Workers themselves seem to prefer remote work as an option–54% of people currently working remotely want to continue the arrangement after the pandemic ends–and research hasn’t shown a definitive drop in productivity.  In fact, some studies suggest that post-pandemic remote work could create a 5% boost to overall productivity.

Workers take fewer sick days, office spaces can be downsized to save on rent, and corporate expenditures on making the office bearable can be eliminated.

Cybersecurity Risks of Remote Work

On the other side, working from home creates undeniable cybersecurity risks for an organization.  Workers who aren’t digitally literate are more likely to take risky actions without their colleagues in IT to watch over them.  In fact, almost 20% of data breaches over the past year were due to worker negligence.  If organizations cannot develop a robust cybersecurity program to train their remote workers, it may bring more harm than good.

Ultimately, the decision to allow remote work is one that is unique to each organization.  There are tangible benefits to allowing the practice to continue, along with moral improvements and increased retention rates to consider.  However, it’s still important to keep cybersecurity in mind.  Without it, you put your organization at risk.