It seems that nowadays every device we use is “smart.” We have access to everything from smart speakers to smart vacuums, and their prevalence is on the rise. According to a recent FBI public service announcement, the number of Internet of Things (IoT) or “smart” devices is expected to increase by anywhere between 300% to 1000% by 2020. While it’s undoubtedly convenient to have all our devices interconnected with each other and the internet, unsecure devices are at a very high risk of being exploited by cyber criminals. To best keep your IoT devices secure, the following actions are recommended:

1. While shopping for new devices
   1. Research your options on reputable websites that specialize in cyber security analysis.
   2. Search for products with a good reputation for providing security for their IoT products.
   3. Search for products that offer software or firmware updates and find out how often they are provided.
   4. Find out the types of data that is collected and stored on the device.
   5. Find out how long the data will remain stored on the device, whether or not the storage is encrypted, and whether or not the data will be shared with a third party.
   6. Check to see if opting out of the collection of data is an option and if there are any policies in place in the case of a data breach.
2. For recently purchased devices or ones you already own
   1. Change default usernames and passwords. Create STRONG passwords. Never use common words such as sports teams or children’s names.
   2. Isolate them on their own protected network and configure their network firewalls to have traffic blocked from unauthorized IP addresses and be sure port forwarding is disabled.
   3. Implement the security recommendations that are provided by the device manufacturer, be on top of updates and implement security patches where available.
   4. Invest in a secure router that allows you to whitelist (only allow specific devices to connect to your network).

Although these smart devices aren’t computers with screens, it is important to remember that they require the same cyber security measures as your laptop, desktop or cell phone. As these IoT devices become more prevalent, it is more important than ever to make sure they are secure and safe from cyberattacks. If you have any questions about the security of your IoT devices don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

According to a recent servethehome.com article, it has been discovered that one of the most respected brands in the server industry contains a vulnerability in its 13^th generation and older PowerEdge servers. This vulnerability, which was brought to light in the STH discussion forums, allows users to bypass the Dell EMC iDRAC firmware protections and load their own firmware via both local and remote access methods. If this vulnerability were to be exploited by a cybercriminal they would have complete remote control of the server.

Although this vulnerability that has been named iDRACula (integrated Dell Remote Access Controller unauthorized load access) is not an issue for Dell’s newest 14^th generation PowerEdge server, there are still millions of older generations in use and in distribution. Therefore, it is important to be aware of this vulnerability if you are using a 13^th generation or older PowerEdge server.

The good news is that for iDRACula to be taken advantage of, a lapse in security would need to take place, such as someone being allowed physical access to a machine or remote access with valid login credentials. The bad news is that Dell is a leader in the industry for server security. Since this vulnerability was discovered in Dell, it is highly likely that other types of servers contain similar vulnerabilities.

The iDRACula vulnerability serves as a reminder that even reliable brands such as Dell are not immune to security breaches. Even if you don’t use a Dell server or if you have the latest generation, it is important to always practice safe security measures and stay on top of software updates. Never give strangers direct or remote access to your electronic devices and get the latest software updates since they are created to fix bugs or vulnerabilities found in previous versions. If you have any more questions about the iDRACula vulnerability or how to best keep yourself protected don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

Unfortunately, data breaches occur often. Even if you are taking all the necessary precautions to avoid them, they can still happen. Therefore, it is important to have a plan of action to follow in the event of a data breach. A recent itnews.com article suggests how to best deal with a data breach and avoid catastrophic monetary loss and/or identity theft.

Step 1: The first thing you will want to do is figure out exactly what information was stolen. Once you figure out what was taken (usernames, passwords, credit card information etc.) your next course of action will be determined by step 2.

Step 2: Determine whether the hackers will be able to use the stolen data. If your data is in the form of cleartext, then chances are the data will be decoded easily. However, if it has been hashed, salted, or encrypted, there is a chance that although the hacker has stolen your data, it will not be able to be decoded and is therefore useless to the hacker.

Step 3: Change your password. This should be done whether your data is usable or not. If you are using the same password across multiple sites now is the time to stop doing that. At this time, you should also consider using a password manager such as LastPass and enable two-factor authentication on any accounts that will support it.

Step 4: If you don’t already have one, create a dedicated password recovery email. Be sure this email doesn’t hint at your identity at all. For example, a good recovery email address would be something like okurdone@outlook.com, while a bad one would be one that contains your name or initials such as jsmith@outlook.com.

Step 5: If your credit card information was stolen, contact your credit card provider and get a fraud alert on your credit card with the three major credit bureaus. Consider putting a credit freeze on your records to prevent the hacker from using your information to open any credit cards in your name.

Step 6:  Determine who you need to report the data breach to.   In many states, there are laws which require you to report certain data breaches.

Don’t panic, for data breaches occur frequently. If you have been taking the necessary actions to protect your information, a cybercriminal can only do so much; if anything at all, with your data. If you experience a data breach or have any questions about a plan of action to take in the event of one, don’t hesitate to give us a call here at OptfinITy at 703-790-0400 or visit us on our website at www.optfinity.com.

A recent CNET article reports that the Port of San Diego experienced a ransomware attack during the last week of September. The attacker apparently demanded a payment of an undisclosed amount in bitcoins. The attack left employees with limited access to their computers which caused a huge inconvenience for people who needed access to items such as public records and park permits. While it is yet to be determined how costly this security breach will be for the Port of San Diego, ransomware attacks in the past have been notoriously expensive.

Ransomware attacks are extremely costly forms of cyberattacks because they simultaneously encrypt all your data and demand a ransom for it to be unlocked. Therefore, you are not only losing money during the time it takes to unlock your data or pay the ransom, you lose even more if you end up having to pay the ransom. Ransomware attacks have cost cities and companies up to $300 million in lost revenue and can be a death sentence for small businesses and organizations.

The best way to protect yourself from ransomware attacks is to back up all your data. If you don’t need the data they stole, the criminal has no collateral and your business can carry on as usual. In addition to constantly backing everything up, you should be implementing safe cybersecurity practices for your organization such as using strong passwords and educating employees about phishing scams. If you have any questions on how to avoid becoming the next victim of a ransomware attack don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

Even if you work with a trusted IT provider, you need to be alert for remote tech support scams. Remote tech support scams involve cybercriminals pretending to be a help desk employee from an IT company and reaching out to fix a problem with your computer remotely. Once they are given the credentials needed to access your computer remotely, they will either steal your data, install malware or spyware, or both. They then often proceed to request a payment for “fixing” a problem that never existed. These scams are becoming increasingly prevalent and are causing millions of dollars in losses. A recent article provides some advice on how to prevent yourself from falling victim to a remote tech support scam.

The main thing to remember is to be suspicious of anyone who reaches out to you to and offers to fix something. Do not respond to unsolicited calls or emails even if they appear to be legitimate. It is not uncommon for cybercriminals to disguise themselves using the name of a trusted tech company that will even show up on a caller ID. Remote tech supports scams implement the same fear tactics that are used in phishing scams such as sending an email message or calling claiming you need to click on a link or call a phone number right away to protect your computer from being infected with a virus.

What you need to remember, however, is that legitimate tech companies will never call or send an email to offer remote support services or push you to make a quick decision. If you receive an unsolicited call or email from what appears to be a trusted IT services provider, always double check with a trusted tech company before giving out personal information, calling phone numbers or clicking on links.

Being a trusted IT service provider ourselves, we at OptfinITy want you to remain safe from all types of scams and cyberattacks. If you have any doubts about how to protect yourself or your organization from falling victim to these attacks and scams, or if someone contacts you pretending to be us, don’t hesitate to give us a call at 703-790-0400. You can also visit us on our website at www.optfinity.com.

In the current technological age, a website is now the face of an organization. When people hear about a new business or organization, the first thing they’ll do is check out their website. While having a secure, well-functioning website for your organization can help raise the reputation of your brand, having one that is not secure and puts visitor’s information at risk can have the opposite effect. A recent article provides some preventative measures you can take to keep your website and online reputation secure.

1. Have a protocol in place for your organization outlining what to do in the case of a security breach. The better prepared you and your employees are, the quicker you will be able to stop or contain a cyberattack.
2. Be sure you have access to a long history of logs and be sure you are checking in on your website daily for spam activity, security plugins and updates. If an update is available, be sure to go forward with it since outdated software is prime real estate for hackers.
3. Do frequent backups, at least once a month, on everything! Creating backups takes away any opportunity for a ransomware attack.

As always, OptfinITy is here to answer any questions related to your IT needs. If you have any questions or concerns about the security of your organization’s website, please don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

While running a small organization, getting your name out there is critical for your success. While using social media and online advertising are available options, the best way to become recognized by the largest audience possible is to appear at the top or near the top of an online search engine. A recent article from entrepreneur.com provides some tips on how to make this happen.

The first step to take is to make sure your website runs efficiently. This includes eliminating lag time between pages, and allowing for easy navigation and smart phone optimization. If your website runs slow or is confusing to navigate, people will more than likely become frustrated and leave your website never to return.

A great way to ensure your website runs at a fast speed is to optimize your images, which essentially means not using images at a size that is larger than necessary. Since more than 50% of a website’s memory load on average consists of images, having an image on your website that is unnecessarily large can be the difference between a fast and slow loading website. For example, if you are placing an image into a box that is only a 500 pixel square, uploading an image that is 5,000 by 5,000 pixels is only going to slow your website down.

Optimizing your website for mobile is now more critical than ever since consumers now spend around 69% of their time on their smartphones. To improve your website’s mobile performance, you should research which web-hosting site will work best for your content, or if you are developing your own, implement accelerated mobile pages to speed up your website.

Once you have a flawless, fast-running website that is fully optimized for mobile devices, your next priority should be to establish authority and use keywords in your website that will direct as many people to your site as possible. While establishing authority can take some time, you can speed up the process by encouraging people to share your news and blog posts on social media.

The use of specific and direct keywords will raise the likelihood of your website showing up in searches. For example, if your website contains an article about how to make lemonade, you will want to go with clear, direct keywords in the title and throughout the article that will show up in people’s searches. A good example would be “How to Make Great Lemonade.”

What you will want to avoid is trying to get creative and titling your post something like “Lemonaide: How to Create a Perfect Blend of Sugar, Water, and Lemons.” None of those terms are going to be something someone searches for while looking up how to make lemonade, and as a result, people will likely be directed to another website and not yours.

To recap, having a well-functioning website that is optimized for all platforms combined with the strategic implementation of keywords will result in a successful, well-known organization. OptfinITy provides assistance with website development and would be happy to answer any questions you may have regarding website development or any other of your business’ IT needs. For more information give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

You probably receive hundreds of emails per day, and more than likely, one of those emails contains malware. According to a recent IT World article, one out of every 244 emails contains malware. This means you need to be on the lookout for suspicious looking emails at all times. Here are a few red flags to look out for so you don’t click on a malicious email and infect your computer with malware:

1. Improper spelling or grammar. You may receive an email that attempts to disguise itself as coming from a legitimate source such as your bank or Amazon, but if the spelling or grammar is off then it would be in your best interest to not trust that email.
2. Must act now warnings or other scare tactics. Anything that prompts you to act quickly or threatens you with unreasonably severe consequences for not taking some sort of action is likely a phishing scam. Also, don’t be fooled by emails that claim to be from the IRS or FBI since these agencies are never going to contact you via email.
3. Suspicious attachments or links. If you are not expecting an attachment or receive an email with a link to click on, double check with the source to make sure the attachment is safe to open and always hover your mouse over a link before clicking on it. If the link is a mile long or has improper spelling, it is most likely malware and should not be opened.

OptfinITy is here to answer any questions you may have regarding phishing and safe email practices, which also happens to be the topic of this month’s webinar! To sign up for free click here. If you have any other questions related to technology don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

Many organizations today use file-sharing software to allow for more effective communication and collaboration on documents in the office. While the ability to share files is undoubtedly useful as it improves efficiency, files that aren’t properly protected and land in the wrong hands can lead to serious issues ranging from fraud to identity theft. The reason these shared files are vulnerable is because much of the data is stored by the organization’s internet service provider. A recent entrepreneur.com article provides some suggestions on how to prevent your organization’s shared files from falling into the wrong hands.

1. The first step to take is to make your employees aware of the risks associated with file sharing and be sure they are educated about security practices in general. If your employees have a good understanding of the risks involved they will be more likely to take the necessary precautions to protect the files they are working with.
2. If you are using the cloud as a location to save and edit your shared files, you need to be sure only authorized users have access to them. To achieve this, you will want to consider upgrading to a service that allows you to set permissions so that files can only be accessed by authorized users such as OptfinITy Sync. Some cloud-based file storage systems even offer tracking features which show who has sent, received, opened and shared a document. With these cloud service features, you can have peace of mind knowing your files are not being accessed by unauthorized users.
3. Make sure all your content management systems are up to date and make sure your staff is constantly educated on the latest software. This will allow your content-management system to better protect sensitive files and ensure that your employees are doing their part to keep the information safe and secure.
4. Implement an integrated security system that covers all bases when it comes to security threats. While it is an option to use stand-alone security systems that focus on specific areas, such as one for email security and another for file-sharing, it is most practical to use one that covers all your bases.

Being cloud users ourselves with a great product like OptfinITy Sync we would be happy to answer any questions you may have regarding the security of the file sharing software you are using. Please don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

When a natural disaster or great tragedy occurs such as a massive hurricane or the Boston bombing, your immediate reaction may be to want to help those who are suffering during these circumstances by sending monetary donations. Unfortunately, cybercriminals know this and take advantage of people’s good will through phishing scams and the creation of fraudulent websites that ask for monetary relief. According to a recent cyber intel advisory, there has been a spike in the number of registered domains containing words such as “claims,” “compensation,” “lawyers,” “relief,” and “funds” in the wake of the formation of Hurricane Florence, which suggests there are many new fraudulent websites being created targeting people who want to donate to disaster relief efforts. To best protect your technology from being exposed to malware, here are a few guidelines to follow in the wake of a disaster:

1. Highly question any individual plea for financial assistance. This includes solicitations on social media, direct emails and crowd funding websites. Even if it appears to come from a trusted source, always double check with the Federal Trade Commission Consumer Information website or National Voluntary Organizations Active in Disaster website for guidance.
2. Beware of emails containing links that claim to lead to a website with “more information” or photos. Although the photos and information may be relevant, it is extremely important to double check if it is a trusted website before clicking on the link.
3. A good way to check to see if a website is legitimate is to scroll over the URL. If the URL says something different than where you are trying to go, you know it’s a fraudulent website. For example, you may receive an email that says donate here for hurricane disaster relief efforts at www.madeupdomain.org, but when you scroll over the hyperlink it would say www.madeupdomain.com.
4. Never even open a spam email, let alone click on the attachments or links inside, and never reply to an email with or give any personal information to a website that you are not 100% positive is legitimate.

You should always be following safe email practices, but in the wake of disastrous events it is especially important to be on the lookout for phishing and malware schemes since they routinely spike under these circumstances. Once your technology is compromised, it is expensive to fix, so don’t put yourself in that position. If you have any questions about how to prevent yourself from becoming a victim of a malware or phishing attack, don’t hesitate to give us a call here at OptfinITy at 703-790-0400 or visit us on our website at www.optfinity.com.