Outages Affect Websites from Spotify to the White House

By -- 2021-08-30 in Blog

Corporate websites have become a must-have for modern organizations.  Corporations, non-profits, and even government bodies maintain websites in order to reach consumers, host information, and provide a means of contact. There are even professionals dedicated to creating content, improving how high a website appears in searches, and maintaining website functionality.

Impact of Website Outages

When a website goes down unexpectedly, it can lead to lost revenue for companies and lost donations for non-profits.  For government entities, there isn’t a risk of lost revenue–rather, it removes what could be an important source of information for website visitors.

It can also create a sense of panic when an institution has an unexplained outage.

So, what happens when an incredible number of websites for a variety of important organizations all go down simultaneously?

Widespread Outage Recap

Early this morning, websites from entities including government websites for the White House and Gov.uk, social media platform Reddit, and news websites including ones for the New York Times, Forbes, and the BBC were down due to a widespread outage apparently linked to the popular content-delivery network Fastly.

Fastly, a content-delivery network made newly popular by the pandemic-driven boom for many of its technology-focused clients, has not yet elaborated on what exactly happened to cause the outage, only that it has been resolved.

Larger companies with in-house content delivery systems, such as Netflix and Facebook, were unaffected.

What happens next?

As of now, there’s no indication that a digital threat actor was involved. That makes it a teaching moment for the small companies that rely on other services, whether it’s a content-delivery network like Fastly or a hosting site like WordPress, in order to do business.

While these services are incredibly useful for small-business owners looking to save money, they can also fail unexpectedly, leaving you without much recourse.  Whether it’s a hacker or a system failure that results in your downtime, it’s important to have a backup plan. 

If you’re interested in creating one, reach out to us at info@optfinITy.com to learn more.

Healthcare’s Struggle with Cybersecurity

By -- 2021-08-20 in Blog, Uncategorized

The healthcare industry has become more important than ever during the coronavirus pandemic, as the majority of Americans have had to interact with a provider in order to get a coronavirus vaccine, test, or care.  This has resulted in an influx of personal medical information to these institutions.

That coincided with a global increase in cybercrime as work-from-home policies led to lax cybersecurity enforcement.  For an industry with so much sensitive data, it was particularly susceptible to data breaches and ransomware attacks.  Furthermore, HIPAA compliance requirements add another layer to security changes to how client data is stored.

Healthcare Industry at Risk

In 2020, at least 560 healthcare facilities were impacted by 80 separate cybersecurity attacks, and healthcare was ranked as the second most frequently targeted industry by multiple studies. Entities in the healthcare industry have been forced to overhaul their security practices in order to protect their client data.

Multi-factor authentication, single sign-on portals, weekly security checks, and data encryption have all become more prevalent in the industry over the past year in response to increased threats.

However, these individual actions may not be enough to protect the industry as a whole.

The Importance of Client Confidentiality

Virtual appointments, and telehealth more generally, is rapidly expanding within the healthcare industry. Yet, this rapid expansion of telehealth services by a growing number of private and public providers, as aforementioned, comes at a time when the healthcare industry is particularly vulnerable to cyber attacks.

Protecting client data after the fact is inadequate when the meetings themselves may be compromised.

The challenge of keeping patient information secure with regards to telehealth is unfortunately one that has yet to be adequately addressed. Another concern is lax security protocols and regulations surrounding telehealth specifically–the immediate necessity brought about by the pandemic overrode the long-term security concerns.

What are the next steps?

As we move towards a post-coronavirus world, the security concerns that fell by the wayside need to now come to front of mind.  If you’re interested in learning more about how to bring a security mindset to healthcare, check out our page on IT and security solutions for healthcare or leave a comment!

What is V2X Technology?

By -- 2021-08-10 in Uncategorized

Self-driving cars have become an iconic part of the early 21st century.  Tech companies like Uber, Google, and Apple have all made forays into self-driving vehicles to media fanfare.  Self-driving car company Tesla has a legion of devoted fans, partially due to CEO Elon Musk’s purposeful cultivation of that base, and the stock price to back up the hype.  However, fully autonomous cars are still unavailable, with technological and ethical barriers making their development difficult.

Despite that, modern automobile manufacturers have been able to integrate increasing amounts of technology into their products.  Safety features like automatic braking are especially popular–but they currently rely on visual feedback to work.  That’s where V2 technology comes in.

V2X Technology on the Rise

V2X, or “Vehicle to Everything” technology, refers to various different technologies that allow a vehicle to communicate with other objects.  The overall idea is that a vehicle is able, or will be able to, use its on-board communication tools to deliver real-time traffic information, preemptively react to changing road conditions, signs, and other feedback.

While V2X functions alone won’t be able to replace a driver, they are important building blocks in a self-driving vehicle’s ability to create a map of its environment.

These technologies allow a vehicle to share information with various other devices, such as a pedestrian’s smart phone, a traffic light, or other vehicles.

Potential Obstacles in the Future

While V2X provides many advantages, proponents of the technology have to overcomes many hurdles before it can become mainstream.  The infrastructure changes necessary to take advantage of V2X systems are far-reaching and costly.  Privacy concerns about location privacy, hacking or malware, and personal safety have led many people to be skeptical of novel technologies, especially ones that rely on autonomous communication.

Finally, adding comprehensive V2X technology to cars is expensive, and the tech itself is still in its relative infancy.

For now, true self-driving cars are still years away from the commercial market.  Still, the issues surrounding their deployment and usage need to be addressed before they become mainstream, so that we have systems and structures to accommodate them.

Microsoft Announces Major Vulnerability

By -- 2021-07-12 in Blog

Microsoft recently announced that the Windows Print Spooler service could be exploited by hackers- a flaw now known as PrintNightmare.

While you may not think having your printer hacked is a major concern, this vulnerability could allow hackers to remotely access one’s PC including allowing hackers to delete data, install programs, or create new user accounts with full user rights. This critical flaw could affect both Windows 10 and Windows 7 users.

Unfortunately for Windows users, this is only one of a slew of security issues the tech company has experienced within the past year.

In 2020, the National Security Agency warned the company that their windows operating system contained a major flaw that could allow hackers to impersonate legitimate software companies. Additionally, earlier this year hundreds of thousands of Exchange users were targeted after multiple vulnerabilities in its software allowed hackers access to its servers.

Though Windows has since released an update to remedy the Print Spooler flaw, the security patch itself comes with its own issue.

Some users who installed the update discovered that the connection to their printer stopped working. An update to remedy this error will soon be released, according to Microsoft.

Is your system in need of security updates or patching? Have you experienced a breach? If so, reach out to us at info@optfinity.com for more information. Current OptfinITy users will have this patch installed as part of our standard monitoring and maintenance program.

Are We Ever Going Back to Work?

By -- 2021-07-10 in Blog

Vaccine rollout in the United States is going fairly well.  Some states like Virginia have vaccinated close to 41% of their population, meaning that in some areas, we are halfway to reaching the levels needed for herd immunity.

While the pandemic is still ongoing, and precautions are still necessary, many decision makers are looking to plan for a post-COVID future. What was originally thought to be a month long shutdown, a temporary state, has evolved into a year long cultural shift that is sure to leave an indelible impact on our way of life.  Or perhaps everything will go back to normal–there’s no way of being certain.

Some environmentalists point to the impact climate change has on the emergence of novel viruses as a reason to believe that the coronavirus may not be the last major pandemic in the lifetime of Millennials and Generation Z.

What comes next?

With this uncertainty over what the future holds, the economy seems to be split on the question of whether employees should return to in-person work at all.

Major tech companies like Facebook and Google have already announced that a percentage of their workforce will continue to work remotely.  Workers themselves seem to prefer remote work as an option–54% of people currently working remotely want to continue the arrangement after the pandemic ends–and research hasn’t shown a definitive drop in productivity.  In fact, some studies suggest that post-pandemic remote work could create a 5% boost to overall productivity.

Workers take fewer sick days, office spaces can be downsized to save on rent, and corporate expenditures on making the office bearable can be eliminated.

Cybersecurity Risks of Remote Work

On the other side, working from home creates undeniable cybersecurity risks for an organization.  Workers who aren’t digitally literate are more likely to take risky actions without their colleagues in IT to watch over them.  In fact, almost 20% of data breaches over the past year were due to worker negligence.  If organizations cannot develop a robust cybersecurity program to train their remote workers, it may bring more harm than good.

Ultimately, the decision to allow remote work is one that is unique to each organization.  There are tangible benefits to allowing the practice to continue, along with moral improvements and increased retention rates to consider.  However, it’s still important to keep cybersecurity in mind.  Without it, you put your organization at risk.

OptfinITy Ranked Among Elite Managed Service Providers on Channel Futures 2021 NextGen 101 List

By -- 2021-07-1 in OptfinITy News

The NextGen 101 List Honors Partners Building MSP Practices

JULY 01, 2021: OptfinITy has been named as one of the world’s premier managed service providers on the prestigious Channel Futures 2021 NextGen 101 rankings.

The NextGen 101 list, honors industry-leading managed services and technology providers who are driving a new wave of growth and innovation for the tech channel via the groundbreaking solutions they deliver for their customers. The Channel Futures NextGen 101 are those companies that hold great promise given the leading-edge information technology and communication solutions they offer. Many of those business models revolve around generating recurring revenue from cloud, security and unified communications, among others.

Channel Futures is pleased to name OptfinITy to the 2021 NextGen 101.

“It is an honor to be recognized as one of the top 101 IT companies among my peers in the NextGen101 list. This recognition further demonstrates the dedication of our team, all of whom are committed to helping our small business and non-profit organization clients transition into this “new normal,” said Michael Drobnis, CEO OptfinITy.

Channel Futures always wants to ensure that their partner communities are being recognized for what they do best and are therefore creating programs targeted toward their needs. The Nextgen 101 represents that effort.

“The NextGen 101 represents those organizations and leaders ushering in a new wave of growth for the technology industry. The customer experience is at the very heart of their businesses and thinking and they approach partnering in a unique way,” said Robert DeMarzo, vice president of content for Informa Tech Channels.

“The NextGen 101 is designed specifically to honor partners dedicating resources to building out their practices — all while maintaining the integrity of their core businesses,” said Allison Francis, editor and content producer at Channel Partners and Channel Futures. “Given that these companies represent the future of the technology channel and IT industry, the Channel Futures NextGen 101 are the most watched of all organizations in the channel today.”

The data collected by the annual NextGen 101 and MSP 501 drives Channel Futures’ market intelligence insights, creating robust data sets and data-based trend reports that support our editorial coverage, event programming, community and networking strategies and educational offerings.

 

Background

The 2021 MSP 501 and NextGen 101 lists are based on data collected by Channel Futures. Data was collected online from March 1 through May 24, 2021. The MSP 501 list recognizes top managed service providers based on metrics including recurring revenue, profit margin and other factors.

OptfinITy Acquires Fairfax IT Firm

By -- 2021-07-1 in OptfinITy News

Springfield, VA July 1, 2021– OptfinITy, LLC, one of the world’s premier managed service providers as ranked on the prestigious 2020 Channel Futures MSP 501 list, is proud to announce the acquisition of Metro Managed IT. Since 2004, Metro Managed IT has established a sterling reputation for delivering enterprise-level managed IT solutions for small and medium-sized businesses (SMB) in the Washington DC market, including recognition by several local chambers as the top-rated IT Support Company in the area.

This acquisition is part of OptfinITy’s commitment to growing a stronger presence in the Washington, DC area in offering enterprise quality managed services for SMB clients in this market.

Michael Drobnis, CEO of OptfinITy, stated, “Our focus from day one has been in building a leading presence to better serve our clients and to offer enterprise quality, concierge level services to satisfy all of our clients IT needs. We are delighted to welcome Metro Managed IT to the OptfinITy family. The addition of Metro Managed IT expands our capabilities and coverage and enhances our position in the Washington DC market.

Ed Finn, CEO of Metro Managed IT, stated, “We are pleased to become part of the OptfinITy family. Not only will this allow us to better serve our clients, but it also offers our team a great opportunity and provides added value to all of our clients. OptfinITy truly cares about clients and people as demonstrated by their 20 years in business”

About OptfinITy

OptfinITy continues to grow as a leading provider of enterprise quality managed services for the SMB market. We offer comprehensive on-premise and cloud solutions ranging from Managed IT, Managed VOIP, Managed Security to a full suite of Professional Services, including Software Development, Website Development and Cyber security solutions through our PerusITy division. Our team of proven leaders and technical experts, paired with a focus on operational excellence, has earned us a reputation for world-class customer service, long-lasting client relationships, and numerous industry awards and recognition.

# # #

For more information, please contact Michael Drobnis at (703) 790-0400 or email at info@optfinity.com.

Insurance Giant Struck by Ransomware Attack

By -- 2021-06-30 in Uncategorized

For the past year, we’ve been profiling major cyberattacks in order to raise awareness about the increase in cybercrime after 2020.  Businesses have been struggling to balance remote work with the increased security necessary. Some, unable or unwilling to invest in structural security improvements, are instead choosing to take out insurance policies against cyberattacks.  Cyber insurance or “cyber-liability insurance” helps companies recover from cyber threats and attacks. Having a cyber insurance policy reduce disruptions and downtime during an incident, as well as potentially helping to absorb the financial cost of dealing with and recovering from the cyberattack. But what happens when a giant in the cyber-insurance field is the one targeted?

Insurance company CNA offers many different insurance solutions to its customers, including cyber insurance policies to protect against ransomware attacks.  In a public statement, CNA confirmed that “on March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack” and that “the attack caused a network disruption and impacted certain CNA systems, including corporate email”.  The hacking group known as Phoenix also encrypted data on over 15,000 CNA devices, potentially compromising sensitive client information.  While CNA is working with the FBI to mitigate the fallout from this attack, it may be the start of a ‘second wave’ of cyberattacks.

Bystanders may be wondering why this attack is so significant. Simply put, threat actors, especially those utilizing ransomware, are incentivized to target organizations with cyber insurance.  This may seem counterintuitive, given that cyber insurance is marketed as a product that counters cyber attacks.  However, threat actors have realized that when they attack an insured organization, they are more likely to receive payment.  If Phoenix was able to identify CNA clients who have purchased cyber insurance, those organizations may be future targets.

If you’ve purchased cyber insurance for your organization through CNA, acknowledge that your risk of attack has increased, and monitor the news for more information on what information was compromised.  Additionally, consider improving your business’s other cybersecurity measures. Finally, if you’re interested in help identifying flaws in your business’s security, reach out to us at info@optfinity.com for more information.

Cyber Resilience and Data – Centric Security

By -- 2021-06-20 in Uncategorized

2020 shifted the business world’s mindset on a lot of important issues.  Policies about time off, remote work, sick policies, and office communication have all adapted in response to the pressures of the coronavirus pandemic. However, the dramatic global increase in cybercrime, especially ransomware attacks, have created a new pressure on businesses to adapt their security policies as well.  This shift in security has resulted in relatively new products like cyber insurance increasing in popularity, as smaller companies look for a one-step security solution.  However, experts in the field are promoting a more holistic style of digital threat prevention called “cyber resilience.  But what is cyber resilience, and you can you implement it at your organization?

Cyber resilience is the ability to predict, resist, recover from, and adapt to both adverse and changing business conditions. By creating a cyber resilient business, you increase your ability to respond flexibly and efficiently to a multitude of potential attacks or general failures.  Implementing cyber resilience at your place of business means creating backups, strategies to minimize downtime, disaster response plans, managing cyber decisions from a business-oriented perspective, and finally, using a data-centric security strategy.

Data-centric models deliver the most value when they are used to create visibility throughout a business.  Endpoint security, IAM, and security controls are all examples of how to provide that increased visibility that makes data-centric models so valuable.  Finally, zero-trust models are becoming ever-more popular.  The NSA went so far as to issue guidance on implementing a zero-trust model, saying that “Zero trust is a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgment that threats exist both inside and outside traditional network boundaries.”

5 Common Digital Threat Misconceptions

By -- 2021-06-10 in Uncategorized

With the increase in digital threats and cyber attacks over the past two years, experts are recommending for organizations to take another look at their security protocols.  However, some people are falling prey to common misconceptions about digital threats and cybersecurity and leaving their organization vulnerable as a result.  Here are 5 of the most common misconceptions about digital threats and cybersecurity.

Myth #1 : THREAT ACTORS ONLY TARGET BIG BUSINESSES

Many small-to-medium business owners don’t view ransomware and other digital threats as real dangers for their organization.  Because SMBs have fewer employees, store  locations, and revenue than large conglomerates like Google or Target, decision makers often assume that threat actors like hackers will view them as too small a fish.  The truth is that 76% of all cyberattacks are against businesses with less than 100 employees.

MYTH #2 : CYBERSECURITY IS TOO EXPENSIVE

The coronavirus affected many small business’s ability to pay their bills.  Many are cutting down on spending that the organization’s decision makers have deemed frivolous.  Cybersecurity spending has been one of those expenses–but it shouldn’t be! Basic security protocols, like multi-factor authentication, password managers, and phishing awareness campaigns are inexpensive ways to protect your business from real threats.

MYTH #3 : you need an in-house expert

Some people believe that an in-house expert is necessary for business security.  However, the expense of a full-time, salaried employee can be too much for a small business to afford.  Furthermore, one employee rarely has the experience, expertise, or time to fully meet the security needs of an organization.  However, one option that isn’t often considered is outsourcing your security concerns to another company. By outsourcing, you can take advantage of a full suite of security experts, for less cost than an in-house team.

myth #4 : anti-virus software is good enough

Anti-virus and anti-malware programs are an important tool in ensuring your devices’ security.  Despite their usefulness, they are not a substitute for strong security policies and enforcement. If the hackers use a new kind of malware to infect your network or PC then there’s a high chance that these anti-virus software won’t be able to detect those. These programs are only the first line of defense for your system.

Myth #5 : threats are from the outside

When people consider what cybersecurity threats look like, they often imagine a lone hacker sitting in a dark basement.  Most attacks, in fact, are internal, with over 75% of data breaches coming from insiders at an organization.  Security protocols need to take into account that not everyone within an organization needs access to sensitive information and tools.  Take a look at our article on internal threats if you’re interested in learning more.