When it comes to cybersecurity, securing your network and having a solid training program in place that promotes good judgement should go hand in hand. If you have one but not the other, the consequences can be catastrophic. Unfortunately, a school district and a bank in Indiana learned this the hard way. A recently published article reports how a school district and bank lost $120,882.83 via a fraudulent wire transfer.

The issue began when the email account of a business manager who worked for the school district and was authorized to sign off on payment requests was hacked and requested $120,882.83 to be wired to several different people listed as contractors for a project. Although the request was different from ones in the past, especially the request for a wire transfer instead of a check, the bank didn’t double check the request and sent the money to criminals who are believed to have been operating from an off-shore location.  Once a second request was received a few days later, the bank caught on and stopped the transfer before more money could be stolen.

There were two layers of security that were breached in this incident. The first was the school district’s network being hacked which made the fraudulent email that much more believable when sent to the bank. The second was the bank not double-checking with the school district regarding the large sum of money being requested.

Cyber criminals everywhere are constantly trying to hack organizations and this type of scam could happen to anyone. That is why you need to make sure your network is secured and protected and that your organization has a solid cybersecurity training program implemented. If you have any questions about the security of your organization or cyber security standards or would like to enroll your organization in a cybersecurity training program, don’t hesitate to contact us at 703-790-0400, info@optfinity.com, or visit our website at www.optfinity.com.

Thanksgiving has passed and the holiday shopping season is officially here, and if you’re like a lot of people, you’ll be doing a lot of your shopping online. It is important, however, to beware of malicious copycat websites and emails advertising deals that appear to be too good to pass up. A recent CNET article reports that an alarmingly high number of consumers are willing to risk having their data and information stolen if it means they have a chance at a good bargain. This makes the holidays a prime time for cybercriminals to trick people into giving away their information. Don’t be the next victim. A few suggestions to shop safely online and prevent your data from being stolen are as follows:

1. Double-check the validity of all websites before downloading anything or inputting any personal information. A good way to spot a fake website is in the URL. An example would be www.target.net or www.targt.com instead of www.target.com. Also, only purchase from sites that follow https protocol.
2. Beware of phishing emails that advertise deals that are tempting to jump on, but instead direct you to a malicious website or automatically infect your device with malware. The best ways to spot phishing emails are spelling, grammatical and punctuation errors.
3. If you plan on downloading shopping apps, be sure they are only apps from either the official Google or Apple store, and remember, always be suspicious of shopping apps that ask for access to unnecessary information such as contacts or passwords.

While you may not have been exposed to any of these threats in the past, they are out there. According to a study performed by RiskIQ, 5% of Black Friday and Cyber Monday apps found in the app store are malicious, and for the top 10 retailers of Black Friday last year, there were over 6,000 malicious apps that offered fake deals. If you have any questions or concerns about safe online shopping practices this holiday season feel free to give us a call at 703-790-0400, send us an email at info@optfinity.com or visit us on our website at www.optfinity.com.

The holiday season is once again upon us and for many that means lots of traveling. This also means, of course, that everyone’s technology will be traveling with them. Unfortunately, the holiday season is a special time for hackers as well, as many people’s devices are outside of their secure office and home networks. A recent CNET article provides some tips on keeping your devices secure while traveling during the holidays.

The first thing you’ll want to avoid is something you’ve probably seen at the airport, public charging stations. While the availability of these may be very tempting to use since you can charge your device that extra 5% before getting on a long flight, don’t do it. Hackers are able to use the shared USB port to infect your device with malware or even take control of your camera. To avoid this, it is best to bring your own USB cable and AC adapter to plug directly into wall outlets.

The second item to beware of is free public Wi-Fi. While it may be cheap and convenient to connect to the internet and save data, connecting to a public Wi-Fi network can be dangerous since hackers are usually lurking on the same network and intercepting your information. The best alternatives to using a public Wi-Fi are setting up a VPN, only visiting encrypted sites (HTTPS instead of HTTP) or eating the extra data charges because the extra money you pay will always be way cheaper than having your device compromised.

Finally, it would be in your best interest to turn off GPS, Wi-Fi and Bluetooth altogether to prevent your device from automatically connecting to unsecure networks or devices owned by cybercriminals, and to encrypt your own device. Google and Apple both offer security setups that will encrypt your device and make it impossible for hackers to make sense of your data.

The main thing to remember is to avoid being tempted by convenience. Yes, it is tempting to save money and have your device set up to automatically connect to Wi-Fi. It is also tempting to take advantage of what seems to be a great resource in public charging stations. Remember, however, that the added convenience, extra battery, or saving a bit of money on data isn’t worth your privacy, and it could break your bank as well. You’re already spending lots of money over the holidays, so paying to fix a compromised device or buy a new one is an avoidable added expense. If you have any questions or concerns about traveling with your electronic devices don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

It is becoming increasingly common for people to have their home devices interconnected via Universal Plug and Play (UPnP) due to the added convenience it brings to completing daily tasks such as dimming the lights or picking your playlist while you clean the house. Unfortunately, many people remain unaware of the dangers of not securing these devices. As a result, their devices are vulnerable to botnets, which are collections of devices infected with a common type of malware that are being controlled by a cybercriminal remotely, usually to distribute spam email.

A recent tripwire.com article discusses a recently discovered botnet that has been actively infiltrating around 100,000 home routers per day this past month and is using them to distribute spam messages. The BCUMUPnP_Hunter botnet, which has been growing in strength, exploits a 5-year-old UPnP vulnerability found in many familiar branded router models including CenturyLink, Linksys, NetComm, Technicolor and a few more. According to researchers, the exploitation of this vulnerability could have been avoided had the vendors issued a security update to the users and in turn the users installed the latest update onto their routers. While it is not yet known whether a security update was issued for the infected devices, consumers should beware of IoT devices that are not offered with security patches and updates. If you are using an IoT device that does not offer updates, it may be best to disable the UPnP setting to avoid being exploited by malicious botnets, and if you are using one that does offer updates, be sure to stay on top of them.

If you have any questions or concerns about the security of your IoT devices, OptfinITy is here to answer them. Feel free to give us a call at 703-790-0400, send us an email at info@optfinity.com, or visit our website at www.optfinity.com to learn more about securing your IoT devices or any other security concerns you may have related to your technology.

With the prevalence of apps continuously on the rise, more and more businesses are developing their own, and it is more important than ever to keep them secure. A recent itnews.com article provides some useful tools and methods that can prevent your apps from being compromised by cybercriminals and keep your business protected.

There are many application security tools available that can be broken down into two main categories: security testing tools and shielding products. Testing tools focus on finding vulnerabilities in the app to prevent attacks while shielding products focus on hardening the application to make attacks more difficult to be carried out.

Security testing tools are available in many different types including static, dynamic, interactive, and mobile. Depending on your app portfolio and what you believe to be the best way to protect it will determine which of type of security testing tool you will use. For example, if you are looking to check your code as you are writing it, you would want to go with one that offers static testing, but if you want one that analyzes running code and has the ability to simulate attacks on production systems, you would elect to go with one that offers dynamic testing. A combination of the elements provided in static and dynamic testing tools is available via an interactive testing tool. Finally, there are security testing tools that focus specifically on mobile apps that examine how attackers could potentially leverage mobile operating systems.

App shielding tools also contain different features including runtime application self-protection (RASP), code obfuscation, encryption and anti-tampering tools, and threat detection tools. Again, what you believe is the best way to protect your app portfolio will determine which type of shielding tool you end up using. If you’re looking for a tool that continuously monitors an app’s behavior, sends alerts and terminates errant processes or the app itself if it becomes compromised, an RASP tool would be the option to go with. However, there are other types of tools available such as code obfuscation, encryption, and threat detection tools. The latter provides device fingerprints that determine whether a mobile device has been compromised by a malicious party.

As always, OptfinITy is happy to answer any questions you may have regarding your IT needs. Feel free to give us a call at 703-790-0400, shoot us an email at info@optfinity.com, or visit our website at www.optfinity.com if you have any questions about the security of your applications or application development in general.

The saying “you are only as strong as your weakest link” applies to any team effort and cybersecurity for your organization is no exception. The best defense against a cybersecurity attack starts from the inside. Therefore, if you don’t already have a cybersecurity training program in place, you should. A recent itnews.com article provides some important topics that should be covered in your organization’s cybersecurity training program.

The first thing you need to establish is what is and is not acceptable to do while using company technology. Employees should know not to use the technology for anything other than work-related tasks and should not expect anything they use a company device for to remain private. If this is not established and people treat their devices as personal ones you can run into a lot of trouble.

Once acceptable use is established, it is important to cover data protection, security updates, and safe password practices. Employees should understand the importance of constantly backing up all data, staying on top of updates, and locking their computer screen when they leave their office. They should also frequently change their password using a complex system of letters, numbers and symbols. While these practices may be tedious or inconvenient, this protocol is critical in preventing malware from infiltrating your organization’s system.

After laying down the protocol for updates and data protection, employees should be educated on social engineering scams such as phishing emails. Employees should be suspicious of any unexpected emails, especially ones that demand immediate action, and check the spelling of URLs in emails to be sure they will be directed to a safe website and not to one that will expose them to malware. It is important your employees understand how legitimate these false emails can look so they don’t fall for their tricks. To test how employees will respond to a phishing attempt it is best to conduct internal phishing tests.

Finally, it is imperative your employees know who to call and immediately report incidents when they occur instead of waiting for them to be found by a security check or external virus scan. The average amount of time it takes for an organization to discover a system hack is 8 months. By that time, it could be too late, especially for smaller organizations.

If you have any questions or concerns about the cybersecurity protocol for your organization, OptfinITy is here to help. Give us a call at 703-790-0400, visit us on our website at www.optfinity.com, or send us an email at info@optfinity.com if you have any questions about establishing a sound cybersecurity protocol for your organization.

As social media continues to become a bigger part of our everyday lives, it is more important than ever for small businesses and organizations to effectively use social media to promote themselves. While social media can act as a great tool to improve and promote your business, there are certain things you should avoid if you don’t want social media to have the opposite effect on your organization. A recent itnews article provides some things to keep in mind when it comes to using social media for your small business or organization.

1. Never create a social media account and then leave it unattended. If you have a Facebook or Instagram page that hasn’t been updated for weeks or months, people will be under the impression that either you don’t care, or you have gone out of business.
2. Consistently post. The easiest way to achieve this is to use a tool such as Hootsuite which allows you to schedule multiple posts in advance. If you are constantly posting, your name will always be on people’s minds and therefore they will be more likely to contact you instead of your competitors.
3. If you re-post any user-generated content, be sure you have permission first to maintain a high level of trust between your organization and social media followers.
4. Be sure to respond to all comments in a timely fashion. If someone has a question about a post or they leave a comment on your page regarding their recent customer experience, don’t wait to respond. The quicker you respond, the better it makes your organization look and people will be more likely to direct their questions at you instead of your competitors.
5. Keep sales promotion posts to a minimum. While it is not a bad idea to mix in a few sales promotions here and there, it is important to remember that social media posts should mainly be about building rapport with clients and potential customers.
6. Do not treat your organization’s social media page like you would your personal page. It’s best to keep out any personal social or political views out of posts, and instead stick to content that directly relates to your organization’s industry.

You want to be as active as possible on social media without overwhelming people with sales promotions or unrelated content. As always, OptfinITy is here to answer any questions you have related to your technological needs. If you have any questions or concerns, give us a call at 703-790-0400 or visit our website at www.optfinity.com.

While it is undoubtedly important to optimize your website so that it appears near the top of search engines allowing for the highest amount of exposure, there are rules you need to be aware of if you want to remain in good standing with search engines like Google. A recent entrepreneur.com article provides some tips on avoiding having your page rank drop on search engines and the actions to take if something such as cloaking, spam, or lack of value causes your page rank to drop.

The first technique you need to beware of referred to as cloaking involves displaying the content of a website differently for the search engine than for users who visit the site. Cloaking can affect all types of content on websites including photos and text, so to avoid being penalized or even banned from a site like Google, you should constantly monitor your website and crosscheck the content that is on your webpage with the content that is being fetched by the search engine. There are many free tools available to perform these checks and they should be taken advantage of to avoid a penalty or drop in rank.

Another issue that will cause your rank to drop is having spam or using spam techniques on your website. To prevent this, be sure to choose an automated messaging system that has anti-spam functionality. You should also constantly check your page for spam from other sources and promptly remove them to protect the people who view your website. Spam is a huge nuisance on the internet, and if you keep your website spam-free your webpage will be much more likely to appear near the top of search engines.

Finally, perhaps the element that you have the most control over attributing to the ranking of your website is the overall value of content. Search engines use software as well as human employees to determine the quality of the content on websites. Therefore, to retain a high ranking, you should always make sure all content on your website is direct and to the point. There shouldn’t be any irrelevant information or unnatural reference links on the site and you should never plagiarize.

If you are quick to correct any of the above issues with your website, you should be in good standing with Google and other search engines. However, if you receive an SEO penalty, don’t be discouraged, for some of the most popular sites have received SEO penalties. It is always in your best interest to fix the problem quickly and your site’s ranking will eventually go back up. OptfinITy offers services in website development, and we would be happy to assist you with creating a quality website that is optimized for your success. If you have any questions about avoiding SEO penalties or website optimization, give us a call at 703-790-0400 or visit our website at www.optfinity.com.