Your Security Toolkit: Password Manager

By -- 2021-04-20 in Blog

With work-from-home becoming the new normal, companies are scrambling to adapt their security practices.  Some are hiring an outside firm to handle their transition, while others are trying to cobble together an in-house solution.  Security is difficult to maintain at the best of times, and 2020 is most definitely not the best of times.  Security experts have noticed a large increase in cyberattacks over the course of 2020.  Threat actors have created over 5.5 million Trojan attacks.  Malware has increased by 2000%.  Threat actors are taking advantage of the pandemic, resulting in the loss of crucial data and massive amounts of money.  With all of these threats out there, what can you do to keep your company safe?

In times like these, you need expertise.  While you could hire an outside firm to handle your transition, small businesses often can’t afford that option.  This series of blog posts will go over some of the steps you can take to keep your company’s data safe without going over-budget.  If you’re looking for an in-depth explanation of any of these topics, you can leave a comment here or on any of our social media posts.  We also have a free webinar series starting in January that will cover this transition to the “New Normal” that you can sign up for soon. In the meantime, we’ll be discussing a new step you can take to improve your business’s security every week.

Consider A Password Manager

Do you know how common bad passwords are?  Over 25 million people use “123456”, and another 8 million use “123456789”.  4 million people are still using “password” to secure their data.  Each of these can be cracked in under a second — not much better than no password at all.  One common reason for why people choose non-secure terms for password is their difficulty in remembering complex passwords.  If your company’s security protocols require a certain degree of password complexity, workers might then store their passcodes in a text document that itself is not password-protected.  So how do you solve these issues? A password manager!

A password manager allows employees to generate, store, and fill passwords for various sites. This allows each employee to easily follow uniqueness and complexity requirements. Some password managers even allow employees to securely share passwords with other employees, without allowing them to see the password itself.  Furthermore, password managers are usually either free or available at a low monthly cost, making them a fantastic option for small businesses on a budget. In short, a password manager is the way to go for anyone concerned with improving business security.

Do you use a password manager? Are there questions or concerns you have about using one? Leave a comment here, or email us at info@optfinITy.com.  We’d love to hear from you!

 

Homeland Security Gives SolarWinds Update

By -- 2021-04-10 in Blog

The SolarWinds Cyberattack: A Wake-Up Call for the Tech Industry

In late 2020, a massive cyberattack targeted SolarWinds, a creator of popular networking software used by over 300,000 customers worldwide, including 412 Fortune 500 companies. Initially, many believed the attack focused on the software corporation and its high-profile clients due to malicious code embedded in SolarWinds’ software. The overlap between SolarWinds’ clientele and the victims reinforced this assumption.

Unraveling the Scope of the Attack

Recent discoveries revealed that over one-third of the known victims had no connection to SolarWinds, suggesting multiple, yet unidentified, attack vectors. Even significant government entities, such as the National Telecommunications and Information Administration and the Treasury Department, reported breaches. Hackers gained limited access to sensitive data, including internal government emails. Despite ongoing investigations, the complete list of compromised data, the identities of the attackers, and the methods they used remain uncertain.

The Ripple Effect of Far-Reaching Cyberattacks

Far-reaching cyberattacks like this create chaos for all affected. Private citizens may face the exposure of sensitive data to malicious actors, corporations suffer financial losses and a hit to consumer trust, and national security risks remain unresolved. SolarWinds continues investigating the root cause and has pointed to Microsoft’s cloud as a possible attack vector. However, federal law enforcement and Microsoft have yet to confirm this claim.

Moving Forward: Cybersecurity Vigilance Is Key

As of early 2021, the SolarWinds attack leaves many unanswered questions, from the full list of impacted entities to the attackers’ motivations. In the face of uncertainty, organizations must prioritize robust cybersecurity measures and stay informed about emerging threats.

If your company needs expert assistance in creating a comprehensive cybersecurity plan, contact us at info@optfinity.com. We’re here to help protect your organization from future threats.

Does Remote Work Impact Security?

By -- 2021-03-30 in Blog

Remote work has become a way of life for so many of us. It makes a lot of things harder. Communication, focus, and task management have all become more difficult. One of the things hardest hit by remote work is our online security. An overall increase in teleworking makes it harder for companies and workers to maintain cybersecurity standard for several reasons. This means that cybercrime has been more effective during the pandemic. Staying safe despite these threats means that decision makers need to make changes to how telework functions at their companies.

Why is cybercrime so effective now? One reason is that the devices that cybercriminals target are more important than ever. It used to be that if a cybercriminal locked an employee out of their computer, they could get a replacement and report the problem easily. Now, that same computer could take days to fix, with critical work halted in the meantime. A second reason is the added complexity that comes from having employees out of the office. Losing the office firewall means more vulnerable employees. Employees don’t have a security team in their house reminding them to change their passcodes or not to click on strange emails. Finally, work-from-home puts stress on remote security teams. With workers operating from changing locations and at changing times, it’s harder to identify irregular behavior.

You can take control of your business’s cybersecurity with a few simple steps.

  1. Regularly remind your employees about your business’s security protocols and cybersecurity best practices.
  2. Keep personal and work devices separate. Opening personal email or going shopping on a work device exposes a business to increased attacks.
  3. Enable multi-factor authentication on your devices. This is an easy way to keep threat actors from accessing any secure account.

These steps are just the beginning. While individuals should do their best to keep their devices secure, they can’t do it alone. Maintaining security for your business is complex. As cyberattacks become harder to identify and prevent, businesses’ security needs increase. If you want to design a security strategy that takes your work-from-home risk into account, email us at info@optfinITY.com or call us at 703 – 790 – 0400.

 

Data Leakage Attacks are Here to Stay

By -- 2021-03-20 in Uncategorized

What does a cyberattack look like? There’s no specific technique, target, or goal to unite them.  They can be part of an anti-terrorism campaign, like the United States’ Stuxnet attack on Iranian nuclear refineries.  They can be motivated by financial gain, like the recent trend of ransomware attacks that demand payment in Bitcoin before unlocking the target’s data.

Some attacks are simply done for hacker clout, like the spade of DDoS attacks done in the 90s and early 00s.  As time goes on, new cyberattack strategies are emerging that may define the rest of the decade.

In 2020, observers noticed an uptick in attacks that focused on securing and/or releasing corporate data.  Attacks that resulted in a data ‘leakage” increased over the past year, and 2021 has continued that trend through January.  On the first day of the year, over nine thousand data leakages occurred, a larger single day number than any day from 2020.  With 2020 already representing a 93% increase in leakages over 2019, any continuation of the trend is threatening.  Without a strong response to this trend from the

What Does a Cyberattack Look Like?

Cyberattacks vary widely in technique, target, and goal. Some align with anti-terrorism campaigns, such as the United States’ Stuxnet attack on Iranian nuclear refineries. Others aim for financial gain, like ransomware attacks that demand Bitcoin payments to unlock a target’s data. Some hackers execute attacks purely for clout, exemplified by the wave of DDoS attacks in the 90s and early 00s. As time progresses, emerging cyberattack strategies could shape the rest of the decade.

The Rise of Data Leakage Attacks

In 2020, attackers ramped up efforts to secure or release corporate data. Data leakage incidents rose dramatically throughout the year, and 2021 continued this trend. On the first day of 2021, attackers caused over 9,000 data leakages, surpassing any single day from 2020. Since 2020 saw a 93% increase in leakages compared to 2019, this escalation poses a severe threat. Without decisive action from public and private sector organizations that handle sensitive consumer data, the trend will likely continue to grow at an alarming rate.

Steps to Minimize Risk
Organizations can take the following steps to reduce their risk of cyberattacks:

– Identify sensitive data and its storage locations.
– Periodically review and delete unnecessary sensitive data.
– Monitor user activity involving sensitive data and restrict non-essential access.

Responding to a Data Breach

When prevention fails and attackers breach data, timing becomes critical. Developing a strategy for security response teams before an attack ensures faster identification, effective containment, and a reduced scope of leakage.

For help in creating a tailored response plan, contact us at info@optfinity.com.

public and private sector actors who work with confidential consumer data, it is likely to continue its astronomic growth.

So what are some of the steps that possible targets of these attacks can take to minimize their risk?

  • identify what sensitive data your company holds and where it is stored
  • periodically review whether the sensitive data your company holds can be deleted
  • monitor user activity as it relates to sensitive data and limit non-essential access

In the case that prevention fails, and your business is affected by a possible data leakage attack, time is essential.  Creating a strategy for security response teams prior to an attack is crucial to properly identifying the attack, quarantining the data, and limiting the scope of the leakage.  If you or your company are looking for assistance in creating that plan, reach out to us at info@optfinity.com.

VoIP: Risk and Reward

By -- 2021-03-10 in Blog

The Evolution of Workplace Communication
Workplace communication has changed significantly over the years. Online messaging services and email have become vital tools. However, the office phone has remained an essential part of communication for decades. Advancements in technology have transformed traditional phone systems, with Voice over Internet Protocol (VoIP) replacing landlines in many offices. VoIP systems enable phone calls over the internet and offer advantages such as lower costs, portability, and accessibility. These features make them especially appealing to small businesses transitioning to remote work.

Hackers Target VoIP Systems
The growing popularity of VoIP has attracted the attention of hackers. Over the summer, a cyberattack compromised VoIP systems in more than 1,000 companies worldwide. Hackers exploited the systems to dial premium numbers they owned, eavesdrop on private calls, and mine cryptocurrency using business networks. While researchers identified the vulnerability that enabled the attack, law enforcement has yet to determine the responsible parties. Despite the benefits of VoIP, the risks of these systems cannot be ignored.

Steps to Protect Your Business

  1. Identify Your VoIP System
    Determine the brand of VoIP system your company uses. The recent attacks targeted Sangoma and Asterisk systems.
  2. Ensure the System is Patched
    If your system is one of the affected brands, check whether the vulnerability has been patched. Apply the update immediately if it has not.
  3. Consult with Experts
    If you are concerned about your VoIP system’s security, contact us at info@optfinity.com. A managed services provider can help safeguard your business from exploits like these.

Confidentiality in the COVID-19 Era

By -- 2021-02-28 in Uncategorized

The Impact of Remote Work on Productivity and Mental Health

The coronavirus has dramatically changed how we work. With new methods of communication, emerging threats, and less time in the office, some businesses have discovered that remote work is boosting productivity. Many remote workers report higher levels of job satisfaction and improved mental health due to gaining more control over their workday.

However, not all work is equally suited to this new normal. Businesses that regularly process confidential information are struggling to adapt their in-office privacy standards for remote work.

The Privacy Risks of Home Printing

A recent study by Go Shred revealed alarming trends in remote work practices. Nearly two-thirds of home workers admitted to printing office documents on their home printers. While some of these materials were not sensitive, others confessed to printing documents containing confidential client and employee data, such as home addresses and personal medical information.

The issues don’t stop at the printer. Disposal methods for these documents are often inadequate. According to the survey, 24% of respondents who printed confidential information had not disposed of the materials at the time of the survey. Of the 76% who destroyed the documents, approximately 20% relied on home shredders and municipal trash removal—another significant privacy failure.

Why Convenience Can Compromise Privacy

Convenience often takes precedence in the home office, leading to risky practices. While understandable, this behavior significantly increases business liability and consumer risk. Remote workers need defined procedures to follow, along with clear consequences for non-compliance. Decision-makers must navigate COVID safety protocols and confidentiality best practices to create these guidelines.

The Path Forward: Balancing Safety and Security

To address these challenges, businesses must prioritize:

  • Worker safety: Ensuring employees feel secure and supported in their work environment.
  • Data privacy: Establishing clear procedures for handling sensitive information.
  • Ease of use: Designing solutions that are practical for remote workers.

Creating comprehensive guidelines is the only way to address confidentiality concerns effectively—at least until we’re back in the office.

Learn More About Data Privacy

If you want to learn more about data privacy, check out this article summarizing Go Shred’s findings. For help developing a comprehensive compliance plan for your company or to explore everyday IT solutions, reach out to us via email at info@optfinity.com or call us at (703) 790-0400.

OptfinITy Recognized as “Best Mid-Sized Business”

By -- 2021-01-29 in Uncategorized

As a leading managed server in the Mid-Atlantic region, we are pleased to announce today that the Mount Vernon-Lee Chamber of Commerce has named OptfinITy as its Best Mid-Sized Business of 2020. This award recognizes exemplary local businesses who best embody the values of the Chamber.

In today’s new and often uncertain business environment, OptfinITy plays an important role in helping companies adopt the technologies they need to stay afloat without straining shrinking budgets. OptfinITy combines efficiency with cost-effectiveness to better serve their clientele, allowing small businesses to make the most of their investments into IT and digital security.

The list of all Mount Vernon-Lee Chamber of Commerce honorees is featured online at https://mountvernonleechamber.org/business-awards/.

Ransomware: Why You Shouldn’t Pay to Get Data Back

By -- 2020-12-28 in Blog

Ransomware attacks have been on the rise for years.  The software necessary for these attacks are more sophisticated, anonymous currencies like Bitcoin are more prevalent, and companies are collecting more data, creating a perfect storm for bad actors looking to make money off of security lapses.  These scams take several forms.  The group could lock workers out of their devices, delete important data and offer to restore it upon payment, or steal data and threaten to release it to the public.  When people are victims of this kind of scam, the hacker offers to delete the data if the victim pays the group.  Some companies take the offer–but the hacker rarely delivers on their end of the deal.

Nearly half of all ransomware attacks include the threat to publish stolen data.  This was not always the case.  Previously, companies with a secure backup of their data could restore their data and ignore the hacker’s threats.  The threat of releasing data removes any leverage the company would have from a backup.  In addition, a company can never have a full guarantee that their data was deleted.  Both sides of the interaction know this, so why do companies pay? Research suggests that fear of the public’s response to a data breach is a major factor.  The backlash against companies who have lost sensitive data to hacks in the past has been severe.  This public pressure combined with hope for a return to before the security breach took place is part of what pushes companies to make deals that are not in their best interest.

So what should you do if a ransomware attack breaches your company’s security? First of all, do not engage with the hackers.  Their goal is to make money, not to help you.  Second, contact a legal expert to understand what liability you might have, and what your options are.  Finally, invest in your security.  Once data has been stolen, it is difficult to get back to ‘normal’.  Prevention is key to keeping you and your data safe.  If you or your company are in need of increased security, you can always reach out to us at info@optfinity.com.

How Hackers Monetize Email Access and How to Protect Your Business

By -- 2020-12-23 in Blog

Cybercriminals are constantly finding new ways to infiltrate corporate data and systems. But what happens after they gain access? One of the most lucrative methods hackers use to profit from their breaches is by exploiting email services—leading to staggering financial losses. In fact, a recent report highlights how a hacker group leveraged compromised email accounts to steal $1.7 billion.

How Hackers Gain Access and Monetize Email Infiltration

Threat actors typically gain access to an email network through social engineering—a technique where they manipulate employees into providing login credentials or access to sensitive areas. Once inside, hackers observe internal communication patterns, learning how to impersonate legitimate employees convincingly.

At this stage, cybercriminals can initiate fraudulent transactions by redirecting payments to their own bank accounts. This method, known as business email compromise (BEC), remains one of the most financially devastating cyber threats today.

FBI Warning: Email Forwarding Exploits

The FBI recently issued a warning about hackers using email forwarding rules to evade detection:

“The web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cybersecurity administrators. While IT personnel traditionally implement auto-alerts through security monitoring appliances to alert when rule updates appear on their networks, such alerts can miss updates on remote workstations using web-based email.”

This means that without proper security measures, hackers can create hidden forwarding rules that allow them to monitor and manipulate business transactions undetected.

The Costliest Cyber Attack—And How to Prevent It

Although only 7% of spear-phishing attacks use this technique, it is highly effective—causing nearly $2 billion in losses over the past two years. However, businesses can prevent these attacks by implementing strong cybersecurity practices.

Steps to Protect Your Business from Email-Based Cyber Threats

  1. Ensure Email Synchronization & Updates: Make sure your mobile and desktop email applications synchronize properly and are updated with the latest security patches.
  2. Monitor Email Forwarding Rules: Set up alerts to flag emails where the sender’s address and reply-to address do not match.
  3. Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security, making it harder for attackers to gain unauthorized access.

Protect Your Business with Expert Support

Cyber threats are evolving, but proactive security measures can keep your business safe. If you need help securing your email systems, or if you’re looking for advanced IT solutions, contact our team at info@optfinity.com. Let’s safeguard your business against costly cyber attacks.

Google’s Blackout: What Caused It?

By -- 2020-12-20 in Uncategorized

For 45 minutes on Monday morning, a variety of Google services were inaccessible across Europe and North America.  Google Search, Gmail, and a variety of Drive programs were all down.  Google’s physical devices also reported critical errors during the outage.  Initial reports blamed this on an error in the service’s authentication system, but a new report from the company shows that the problem was more widespread than initially thought.Google revealed that the root issue was a flaw with the company’s storage management system.  The issues only cascaded from there: limiting the authentication system’s capacity meant that the entire identity-management system was broken.  All users of Google Cloud Platform and Google Workspace at the time of the outage were affected.

So what lessons do this outage teach?

Big Tech Companies Aren’t Infallible

This is the third major failure in as many months, along with the five hours Amazon Web Services was disrupted in November and Microsoft Azure’s outage in October.  It can be tempting to trust blindly when a company has a track record of reliability and success, but track records won’t keep you afloat if a failure occurs.

Diversify and Monitor

If all your tools for support, monitoring, servicing, collaborating, etc. are on the same platform, you’ll be wiped out by those platform’s errors.  While it can be tempting to unify your systems for simplicity’s sake, your monitoring tools should always be separate so that you can be notified in case of an outage.  End-to-end visibility is the goal.

Backups Are Your Friend!

Having independent access to your data is crucial when your cloud host fails.  Backups create overlapping coverage so that no one failure impacts your company.  On top of that need for access, backups remove any worries about losing data that’s stored remotely.

 

In short, these failures should keep us from becoming complacent.  Security isn’t just about preventing attacks, it’s about preventing all disruptions in service. Take care of your technology, be aware of what these outages can do to your business, and take steps to prevent failure before it happens.

If you need more information on preventing service disruptions, leave a comment or email us at info@optfinity.com.