Are We Ever Going Back to Work?

By -- 2021-07-10 in Blog

Vaccine rollout in the United States is going fairly well.  Some states like Virginia have vaccinated close to 41% of their population, meaning that in some areas, we are halfway to reaching the levels needed for herd immunity.

While the pandemic is still ongoing, and precautions are still necessary, many decision makers are looking to plan for a post-COVID future. What was originally thought to be a month long shutdown, a temporary state, has evolved into a year long cultural shift that is sure to leave an indelible impact on our way of life.  Or perhaps everything will go back to normal–there’s no way of being certain.

Some environmentalists point to the impact climate change has on the emergence of novel viruses as a reason to believe that the coronavirus may not be the last major pandemic in the lifetime of Millennials and Generation Z.

What comes next?

With this uncertainty over what the future holds, the economy seems to be split on the question of whether employees should return to in-person work at all.

Major tech companies like Facebook and Google have already announced that a percentage of their workforce will continue to work remotely.  Workers themselves seem to prefer remote work as an option–54% of people currently working remotely want to continue the arrangement after the pandemic ends–and research hasn’t shown a definitive drop in productivity.  In fact, some studies suggest that post-pandemic remote work could create a 5% boost to overall productivity.

Workers take fewer sick days, office spaces can be downsized to save on rent, and corporate expenditures on making the office bearable can be eliminated.

Cybersecurity Risks of Remote Work

On the other side, working from home creates undeniable cybersecurity risks for an organization.  Workers who aren’t digitally literate are more likely to take risky actions without their colleagues in IT to watch over them.  In fact, almost 20% of data breaches over the past year were due to worker negligence.  If organizations cannot develop a robust cybersecurity program to train their remote workers, it may bring more harm than good.

Ultimately, the decision to allow remote work is one that is unique to each organization.  There are tangible benefits to allowing the practice to continue, along with moral improvements and increased retention rates to consider.  However, it’s still important to keep cybersecurity in mind.  Without it, you put your organization at risk.

OptfinITy Ranked Among Elite Managed Service Providers on Channel Futures 2021 NextGen 101 List

By -- 2021-07-1 in OptfinITy News

The NextGen 101 List Honors Partners Building MSP Practices

JULY 01, 2021: OptfinITy has been named as one of the world’s premier managed service providers on the prestigious Channel Futures 2021 NextGen 101 rankings.

The NextGen 101 list, honors industry-leading managed services and technology providers who are driving a new wave of growth and innovation for the tech channel via the groundbreaking solutions they deliver for their customers. The Channel Futures NextGen 101 are those companies that hold great promise given the leading-edge information technology and communication solutions they offer. Many of those business models revolve around generating recurring revenue from cloud, security and unified communications, among others.

Channel Futures is pleased to name OptfinITy to the 2021 NextGen 101.

“It is an honor to be recognized as one of the top 101 IT companies among my peers in the NextGen101 list. This recognition further demonstrates the dedication of our team, all of whom are committed to helping our small business and non-profit organization clients transition into this “new normal,” said Michael Drobnis, CEO OptfinITy.

Channel Futures always wants to ensure that their partner communities are being recognized for what they do best and are therefore creating programs targeted toward their needs. The Nextgen 101 represents that effort.

“The NextGen 101 represents those organizations and leaders ushering in a new wave of growth for the technology industry. The customer experience is at the very heart of their businesses and thinking and they approach partnering in a unique way,” said Robert DeMarzo, vice president of content for Informa Tech Channels.

“The NextGen 101 is designed specifically to honor partners dedicating resources to building out their practices — all while maintaining the integrity of their core businesses,” said Allison Francis, editor and content producer at Channel Partners and Channel Futures. “Given that these companies represent the future of the technology channel and IT industry, the Channel Futures NextGen 101 are the most watched of all organizations in the channel today.”

The data collected by the annual NextGen 101 and MSP 501 drives Channel Futures’ market intelligence insights, creating robust data sets and data-based trend reports that support our editorial coverage, event programming, community and networking strategies and educational offerings.

 

Background

The 2021 MSP 501 and NextGen 101 lists are based on data collected by Channel Futures. Data was collected online from March 1 through May 24, 2021. The MSP 501 list recognizes top managed service providers based on metrics including recurring revenue, profit margin and other factors.

OptfinITy Acquires Fairfax IT Firm

By -- 2021-07-1 in OptfinITy News

Springfield, VA July 1, 2021– OptfinITy, LLC, one of the world’s premier managed service providers as ranked on the prestigious 2020 Channel Futures MSP 501 list, is proud to announce the acquisition of Metro Managed IT. Since 2004, Metro Managed IT has established a sterling reputation for delivering enterprise-level managed IT solutions for small and medium-sized businesses (SMB) in the Washington DC market, including recognition by several local chambers as the top-rated IT Support Company in the area.

This acquisition is part of OptfinITy’s commitment to growing a stronger presence in the Washington, DC area in offering enterprise quality managed services for SMB clients in this market.

Michael Drobnis, CEO of OptfinITy, stated, “Our focus from day one has been in building a leading presence to better serve our clients and to offer enterprise quality, concierge level services to satisfy all of our clients IT needs. We are delighted to welcome Metro Managed IT to the OptfinITy family. The addition of Metro Managed IT expands our capabilities and coverage and enhances our position in the Washington DC market.

Ed Finn, CEO of Metro Managed IT, stated, “We are pleased to become part of the OptfinITy family. Not only will this allow us to better serve our clients, but it also offers our team a great opportunity and provides added value to all of our clients. OptfinITy truly cares about clients and people as demonstrated by their 20 years in business”

About OptfinITy

OptfinITy continues to grow as a leading provider of enterprise quality managed services for the SMB market. We offer comprehensive on-premise and cloud solutions ranging from Managed IT, Managed VOIP, Managed Security to a full suite of Professional Services, including Software Development, Website Development and Cyber security solutions through our PerusITy division. Our team of proven leaders and technical experts, paired with a focus on operational excellence, has earned us a reputation for world-class customer service, long-lasting client relationships, and numerous industry awards and recognition.

# # #

For more information, please contact Michael Drobnis at (703) 790-0400 or email at info@optfinity.com.

Insurance Giant Struck by Ransomware Attack

By -- 2021-06-30 in Uncategorized

The Rise in Cybercrime and Cyber Insurance

Over the past year, we have profiled major cyberattacks to raise awareness about the surge in cybercrime after 2020. Businesses continue to struggle with balancing remote work and the need for stronger security measures. Some companies, unwilling or unable to invest in structural security improvements, choose to take out cyber insurance policies instead.

How Cyber Insurance Aims to Help

Cyber insurance, also known as “cyber-liability insurance,” helps companies recover from cyber threats and attacks. A policy reduces disruptions and downtime during an incident and helps absorb the financial costs of dealing with and recovering from a cyberattack. But what happens when a leading cyber insurance provider becomes the target?

CNA Hit by a Major Cyberattack

CNA, a well-known insurance company, offers a range of insurance solutions, including cyber insurance policies that protect against ransomware attacks. In a public statement, CNA confirmed that “on March 21, 2021, CNA determined that it sustained a sophisticated cybersecurity attack” and that “the attack caused a network disruption and impacted certain CNA systems, including corporate email.”

The hacking group known as Phoenix encrypted data on over 15,000 CNA devices, potentially compromising sensitive client information. While CNA is working with the FBI to mitigate the fallout, this attack could signal the start of a ‘second wave’ of cyberattacks.

Why This Attack Matters

This breach raises a critical concern: cybercriminals now see cyber-insured organizations as prime targets. While cyber insurance is designed to counter cyber threats, threat actors recognize that insured organizations are more likely to pay ransom demands.

If Phoenix accessed CNA’s client data, the organizations that purchased cyber insurance may become future targets. This attack highlights the evolving strategies of cybercriminals and the increasing risks companies face.

Steps to Protect Your Business

If your organization has purchased cyber insurance through CNA, take these steps to protect yourself:

  • Acknowledge that your risk of attack has increased.
  • Monitor the news for updates on compromised information.
  • Strengthen your business’s cybersecurity measures beyond just insurance.

If you need help identifying vulnerabilities in your business’s security, reach out to us at info@optfinity.com for more information.

Cyber Resilience and Data – Centric Security

By -- 2021-06-20 in Uncategorized

2020 shifted the business world’s mindset on a lot of important issues.  Policies about time off, remote work, sick policies, and office communication have all adapted in response to the pressures of the coronavirus pandemic. However, the dramatic global increase in cybercrime, especially ransomware attacks, have created a new pressure on businesses to adapt their security policies as well.  This shift in security has resulted in relatively new products like cyber insurance increasing in popularity, as smaller companies look for a one-step security solution.  However, experts in the field are promoting a more holistic style of digital threat prevention called “cyber resilience.  But what is cyber resilience, and you can you implement it at your organization?

Cyber resilience is the ability to predict, resist, recover from, and adapt to both adverse and changing business conditions. By creating a cyber resilient business, you increase your ability to respond flexibly and efficiently to a multitude of potential attacks or general failures.  Implementing cyber resilience at your place of business means creating backups, strategies to minimize downtime, disaster response plans, managing cyber decisions from a business-oriented perspective, and finally, using a data-centric security strategy.

Data-centric models deliver the most value when they are used to create visibility throughout a business.  Endpoint security, IAM, and security controls are all examples of how to provide that increased visibility that makes data-centric models so valuable.  Finally, zero-trust models are becoming ever-more popular.  The NSA went so far as to issue guidance on implementing a zero-trust model, saying that “Zero trust is a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgment that threats exist both inside and outside traditional network boundaries.”

5 Common Digital Threat Misconceptions

By -- 2021-06-10 in Uncategorized

With the increase in digital threats and cyber attacks over the past two years, experts are recommending for organizations to take another look at their security protocols.  However, some people are falling prey to common misconceptions about digital threats and cybersecurity and leaving their organization vulnerable as a result.  Here are 5 of the most common misconceptions about digital threats and cybersecurity.

Myth #1 : THREAT ACTORS ONLY TARGET BIG BUSINESSES

Many small-to-medium business owners don’t view ransomware and other digital threats as real dangers for their organization.  Because SMBs have fewer employees, store  locations, and revenue than large conglomerates like Google or Target, decision makers often assume that threat actors like hackers will view them as too small a fish.  The truth is that 76% of all cyberattacks are against businesses with less than 100 employees.

MYTH #2 : CYBERSECURITY IS TOO EXPENSIVE

The coronavirus affected many small business’s ability to pay their bills.  Many are cutting down on spending that the organization’s decision makers have deemed frivolous.  Cybersecurity spending has been one of those expenses–but it shouldn’t be! Basic security protocols, like multi-factor authentication, password managers, and phishing awareness campaigns are inexpensive ways to protect your business from real threats.

MYTH #3 : you need an in-house expert

Some people believe that an in-house expert is necessary for business security.  However, the expense of a full-time, salaried employee can be too much for a small business to afford.  Furthermore, one employee rarely has the experience, expertise, or time to fully meet the security needs of an organization.  However, one option that isn’t often considered is outsourcing your security concerns to another company. By outsourcing, you can take advantage of a full suite of security experts, for less cost than an in-house team.

myth #4 : anti-virus software is good enough

Anti-virus and anti-malware programs are an important tool in ensuring your devices’ security.  Despite their usefulness, they are not a substitute for strong security policies and enforcement. If the hackers use a new kind of malware to infect your network or PC then there’s a high chance that these anti-virus software won’t be able to detect those. These programs are only the first line of defense for your system.

Myth #5 : threats are from the outside

When people consider what cybersecurity threats look like, they often imagine a lone hacker sitting in a dark basement.  Most attacks, in fact, are internal, with over 75% of data breaches coming from insiders at an organization.  Security protocols need to take into account that not everyone within an organization needs access to sensitive information and tools.  Take a look at our article on internal threats if you’re interested in learning more.

How Texas Snowstorms Impact Tech Companies Worldwide

By -- 2021-05-30 in Blog

It’s been a cold month in Texas–an Arctic front covered most of the middle and southern American states in snow.  Some parts of the southernmost state received over a foot of icy accumulation, and temperatures fell to single digits.  While areas of the US can handle those conditions, Texas’s infrastructure was drastically unsuited to the task.  When you combine houses with little to no insulation, a lack of snowplows, and a failing electrical grid, you get the kind of tragedy that Texas is slowly recovering from.  So much of the damage done has been to the state’s citizens.  However, the continual power outages and shutdowns are also impacting technology-focused businesses around the world in unexpected ways.

First, some background: a large proportion of the world’s technology requires semiconductors in order to operate.  These are substances that help form most modern circuits, including those in everything from cars to iPhones to refrigerators.  Without semiconductor chips, most modern technology cannot function.  Because they are so important to modern manufacturing, a shortage of semiconductors can transform from a supply issue to a national crisis.  In 2020, experts predicted that a such a shortage was imminent as consumer demand for products like cars outpaced corporate expectations.  By January 2021, that shortage was fully realized. Then, the blizzard hit Texas.

Texas hosts the largest amount of semiconductor manufacturing facilities in the country, each of which relies on Texas’s energy grid in order to function.  When the blizzard began disabling power plants, several of these manufacturers were forced to halt production indefinitely. For some companies, the uncertainty surrounding the power grid made work impossible.  Others shut down voluntarily  so that power could be redirected to nearby hospitals and residential areas.  Either way, the gap in production represents another blow to semiconductor supply.

As of now, the ultimate impact of the semiconductor deficit is unknown. More important than the immediate supply chain failure is what the situation signifies: uncontrollable physical disasters can have major ripple effects.  Whether your business is a semiconductor manufacturing firm or a small local bakery, our modern economy requires some degree of interdependence.  You cannot predict everything, which is why a disaster recovery plan is a crucial aspect of any business.  If you don’t currently have a disaster recovery plan for your business, consider reaching out to us at info@optfinity.com–we’re always happy to help!

 

An Update Turned This App Into Malware. Were You Affected?

By -- 2021-05-20 in Uncategorized

Popular Barcode Scanner App Turns Malicious, Affects Millions

A once-trusted barcode and QR code scanner app has turned on its users, compromising nearly 10 million devices.

Lavabird Ltd’s Barcode Scanner gained popularity on the Google Play Store as a go-to solution for Android users. Unlike Apple’s newer devices, Android phones don’t come with built-in QR code or barcode scanning capabilities, making apps like Lavabird’s essential for many consumers. For years, the app maintained a clean security certificate, earned thousands of positive reviews, and showed no signs of malicious code.

Security-conscious users trusted the app—until a routine update transformed it into malware.

Malwarebytes Identifies the Threat

In late December, Malwarebytes, a cybersecurity company focused on malware detection and prevention, started receiving complaints from users. These users reported that their devices began launching ads automatically through the built-in internet browser.

This behavior resembled “malvertising”—a form of malware usually linked to newly installed apps. However, affected users hadn’t downloaded any new apps recently. Malwarebytes eventually traced the source of the infection to Lavabird’s Barcode Scanner, which had been operating safely on devices for years.

Removing the App Removes the Threat

Fortunately, uninstalling the app appears to eliminate the malware. However, the bigger concern lies in how easily an app built up trust, only to later deliver a malicious update without raising red flags.

For today’s consumers, checking reviews and permissions before downloading an app no longer offers sufficient protection.

How to Protect Yourself and Your Devices

Start by reviewing the apps on your phone. Delete any that you no longer use, and keep an eye out for unusual behavior after installing or updating an app.

If you manage a business and issue work phones to employees, consider restricting app downloads and updates. Doing so gives you more control over device performance and security.

Need help creating a mobile device security strategy for your organization? Reach out to us at info@optfinITy.com—we’re here to help.

Combo Phishing Attacks Target VPN

By -- 2021-05-10 in Blog

Everyone is familiar with the uptick in email phishing scams that have come with the COVID-19 pandemic. Workers and employers alike are adapting their security practices to defend company and consumer data. However, cybercriminals are adapting too. One group is combining phone calls and custom phishing sites to corporate VPN credentials. This group acts on a ‘bounty’ system, where a person hires the group to attack a specific company. Worst of all? The attacks have been remarkably successful.

So what does this attack look like? First, the group receives a request to target a specific company. They then create a site that mimics that company’s VPN portal. Once the setup is finished, the group makes a series of phone calls to employees working from home. The callers inform the target that they are with the company’s IT department trying to troubleshoot VPN issues. They then try to coerce the target into revealing their log-in information over the phone or entering their credentials into the fake website. At that point, the phishers have access to the company’s internal information.

This combination of fake websites and fraudulent calls have been more effective than traditional email phishing attempts. Despite that, workers can take steps to prevent being caught up in this scheme. If you receive a call from someone you don’t recognize who is asking for sensitive information, take these steps before disclosing anything.

  1. Ask for the caller’s name.
  2. Hang up and call your company’s IT department or managed services provider—do not just redial the number that called you.
  3. When you reach your company’s tech support, explain that you received a call from someone claiming to be from their department. Once you explain what the caller was asking for, they can confirm whether the call was legitimate.

If the call was legitimate, no harm done! You can continue troubleshooting the issue with only a small delay. If not, you’ve saved yourself and your company a lot of trouble. If you’re concerned about your company’s vulnerability to these types of combination attacks, OptfinITy is here to help! You can email us at info@optfinITy.com or call us at (703) 790 – 0400 to discuss all your cybersecurity needs

Add Me as an Admin: A 5-Word IT Horror Story

By -- 2021-04-30 in Uncategorized

Why Can’t I Be the Admin of My Own Computer?

Everyone who works in IT dreads hearing this question. Admin privileges provide powerful access, enabling major system changes like editing files and downloading software.

Calling your IT provider just to type in a passcode can feel frustrating. If your job involves frequent software downloads, it’s easy to see why you might want to “cut out the middleman.” But what’s the worst that could happen?

Principle of Least Privilege

No two IT providers are exactly the same—each operates with unique approaches. Still, many core principles of IT and cybersecurity remain consistent across the industry. One of these is the principle of least privilege. This concept ensures that users receive only the level of access necessary to perform their tasks. While some users may need admin-level privileges, most do not.

The principle of least privilege aims to minimize the damage that any single account can inflict on a system. For example, a user might delete an important file or accidentally download malware. In other cases, a cybercriminal may compromise the account. By applying the principle of least privilege, organizations can reduce or even prevent these risks.

Every additional admin account on a device increases its vulnerability to threats. When that device serves a business purpose, these risks extend to the entire organization. Threat actors with admin access can make destructive changes that ripple across the company, potentially causing widespread damage before anyone can stop them—if they can stop them at all.

The Bottom Line

Is the principle of least privilege inconvenient? Yes. But it’s far less inconvenient than dealing with a major security breach.