With more and more IoT devices becoming available, it can be very tempting to take advantage of their capabilities and incorporate them into your business. However, like all other business decisions, poor planning can lead to serious consequences. A recent entrepreneur.com article suggests some common mistakes business owners should try to avoid when it comes to the implementation of IoT devices for their organizations.

First and foremost, don’t be cheap. As the saying goes, you get what you pay for. Cheap IoT devices are extremely dangerous because they usually lack any sort of built in security and don’t offer regular security updates which makes them vulnerable to hackers. Therefore, while choosing the IoT devices for your business, it is important that you choose ones that offer security patches and updates, and make sure to update the default username and password of the device to stronger login credentials. In addition to selecting devices that offer patches and updates, you need to take advantage of them! If you let your device become outdated it can create a security hole in your organization, which can be catastrophic due to the nature of IoT devices being interconnected with an array of different devices.

It is also important to remember why you are implementing these devices in the first place, which is to improve business functions and increase productivity. Therefore, you shouldn’t invest in a device just because other businesses are using it, or it seems like a cool gadget. Instead, you should have a goal in place and establish metrics to measure the effectiveness of each one of your IoT devices. Furthermore, it is important to make sure your employees understand how to use the devices to best increase productivity and understand the problems these devices can cause if used improperly or in a careless manner. If your organization has a BYOD policy, they should be required to stay on top of patches and updates for their own devices to avoid breaches of devices that give criminals access to confidential company information.

Finally, don’t count on your IoT devices being connected 100% of the time. Power outages and internet crashes are common, and you should make sure the devices have the ability to operate offline which will allow you to continue to function and experience the same level of productivity while the internet is down.

As always, OptfinITy is here to answer any questions you may have related to technology. If you have any questions about the use of IoT devices for your organization don’t hesitate to give us a call at 703-790-0400, send us an email at info@optfinity.com, or visit our website at www.optfinity.com.

When it comes to cybersecurity, securing your network and having a solid training program in place that promotes good judgement should go hand in hand. If you have one but not the other, the consequences can be catastrophic. Unfortunately, a school district and a bank in Indiana learned this the hard way. A recently published article reports how a school district and bank lost $120,882.83 via a fraudulent wire transfer.

The issue began when the email account of a business manager who worked for the school district and was authorized to sign off on payment requests was hacked and requested $120,882.83 to be wired to several different people listed as contractors for a project. Although the request was different from ones in the past, especially the request for a wire transfer instead of a check, the bank didn’t double check the request and sent the money to criminals who are believed to have been operating from an off-shore location.  Once a second request was received a few days later, the bank caught on and stopped the transfer before more money could be stolen.

There were two layers of security that were breached in this incident. The first was the school district’s network being hacked which made the fraudulent email that much more believable when sent to the bank. The second was the bank not double-checking with the school district regarding the large sum of money being requested.

Cyber criminals everywhere are constantly trying to hack organizations and this type of scam could happen to anyone. That is why you need to make sure your network is secured and protected and that your organization has a solid cybersecurity training program implemented. If you have any questions about the security of your organization or cyber security standards or would like to enroll your organization in a cybersecurity training program, don’t hesitate to contact us at 703-790-0400, info@optfinity.com, or visit our website at www.optfinity.com.

As the number of employees accessing company data from their smartphones continues to grow, mobile threats are becoming greater concerns for businesses and organizations. Thankfully, the inherent protections that are built into mobile operating systems have been able to keep mobile devices malware-free for the most part up to this point. However, there are other security hazards that businesses should be concerned about that could become increasingly more prevalent in the near future. A recent article from itnews.com covers the mobile security hazards that are expected to be the most problematic in the upcoming year.

1. Data Leakage- This commonly occurs when users download apps and allow them access to unnecessary information. Individuals should take care while deciding on whether to allow apps access to their information, especially when users contain sensitive business information on their mobile device. To combat this issue, educate your employees on the threats and consequences of data leakage and consider using mobile threat defense solutions products that can be used to scan apps for “leaky behavior.”
2. Phishing Attacks– Mobile users are three times more susceptible to phishing attacks because the emails generally show only the senders name which makes it easier for cyber criminals to pretend to be someone they’re not. Phishing attacks can best be prevented by raising employee awareness and by conducting internal phishing tests.
3. Cryptojacking– This form of cyberattack has found its way into mobile devices in late 2017 and early 2018 and is expected to continue to be an issue. Cryptojacking attacks on mobile devices have commonly been carried out via malicious mobile websites or downloaded third-party apps and cause devices to run slower, overheat, and have a shorter battery life. The best way to avoid cryptojacking attacks is to be make sure you only visit legitimate websites and download legitimate apps.
4. Careless Use of Devices in Public – An alarmingly high number of people (roughly 25%) using corporate mobile devices regularly connect to open and insecure WiFi networks. This gives hackers easy access to sensitive corporate data which obviously puts your organization at risk. Employees also commonly lose or leave devices unattended which for obvious reasons poses a major security risk if the device isn’t password protected and fully encrypted.
5. Lack of Patching and Old Devices- Finally, one of the most careless mistakes people continue to make is not regularly updating their devices. Security updates are essential in the prevention of cyber criminals accessing data and are very easy to perform. Some older devices may not offer updates which makes them more vulnerable than newer devices. Therefore, if employees are using mobile devices for work they should be sure they are kept up to date.

Mobile devices are rapidly becoming more intertwined with business functions, and along with becoming more intertwined comes potential threats. If you have any questions about safe mobile practices for your organization, don’t hesitate to give us a call at 703-790-0400, send us an email at info@optfinity.com or visit us on our website at www.optfinity.com.

Thanksgiving has passed and the holiday shopping season is officially here, and if you’re like a lot of people, you’ll be doing a lot of your shopping online. It is important, however, to beware of malicious copycat websites and emails advertising deals that appear to be too good to pass up. A recent CNET article reports that an alarmingly high number of consumers are willing to risk having their data and information stolen if it means they have a chance at a good bargain. This makes the holidays a prime time for cybercriminals to trick people into giving away their information. Don’t be the next victim. A few suggestions to shop safely online and prevent your data from being stolen are as follows:

1. Double-check the validity of all websites before downloading anything or inputting any personal information. A good way to spot a fake website is in the URL. An example would be www.target.net or www.targt.com instead of www.target.com. Also, only purchase from sites that follow https protocol.
2. Beware of phishing emails that advertise deals that are tempting to jump on, but instead direct you to a malicious website or automatically infect your device with malware. The best ways to spot phishing emails are spelling, grammatical and punctuation errors.
3. If you plan on downloading shopping apps, be sure they are only apps from either the official Google or Apple store, and remember, always be suspicious of shopping apps that ask for access to unnecessary information such as contacts or passwords.

While you may not have been exposed to any of these threats in the past, they are out there. According to a study performed by RiskIQ, 5% of Black Friday and Cyber Monday apps found in the app store are malicious, and for the top 10 retailers of Black Friday last year, there were over 6,000 malicious apps that offered fake deals. If you have any questions or concerns about safe online shopping practices this holiday season feel free to give us a call at 703-790-0400, send us an email at info@optfinity.com or visit us on our website at www.optfinity.com.

The holiday season is once again upon us and for many that means lots of traveling. This also means, of course, that everyone’s technology will be traveling with them. Unfortunately, the holiday season is a special time for hackers as well, as many people’s devices are outside of their secure office and home networks. A recent CNET article provides some tips on keeping your devices secure while traveling during the holidays.

The first thing you’ll want to avoid is something you’ve probably seen at the airport, public charging stations. While the availability of these may be very tempting to use since you can charge your device that extra 5% before getting on a long flight, don’t do it. Hackers are able to use the shared USB port to infect your device with malware or even take control of your camera. To avoid this, it is best to bring your own USB cable and AC adapter to plug directly into wall outlets.

The second item to beware of is free public Wi-Fi. While it may be cheap and convenient to connect to the internet and save data, connecting to a public Wi-Fi network can be dangerous since hackers are usually lurking on the same network and intercepting your information. The best alternatives to using a public Wi-Fi are setting up a VPN, only visiting encrypted sites (HTTPS instead of HTTP) or eating the extra data charges because the extra money you pay will always be way cheaper than having your device compromised.

Finally, it would be in your best interest to turn off GPS, Wi-Fi and Bluetooth altogether to prevent your device from automatically connecting to unsecure networks or devices owned by cybercriminals, and to encrypt your own device. Google and Apple both offer security setups that will encrypt your device and make it impossible for hackers to make sense of your data.

The main thing to remember is to avoid being tempted by convenience. Yes, it is tempting to save money and have your device set up to automatically connect to Wi-Fi. It is also tempting to take advantage of what seems to be a great resource in public charging stations. Remember, however, that the added convenience, extra battery, or saving a bit of money on data isn’t worth your privacy, and it could break your bank as well. You’re already spending lots of money over the holidays, so paying to fix a compromised device or buy a new one is an avoidable added expense. If you have any questions or concerns about traveling with your electronic devices don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

It is becoming increasingly common for people to have their home devices interconnected via Universal Plug and Play (UPnP) due to the added convenience it brings to completing daily tasks such as dimming the lights or picking your playlist while you clean the house. Unfortunately, many people remain unaware of the dangers of not securing these devices. As a result, their devices are vulnerable to botnets, which are collections of devices infected with a common type of malware that are being controlled by a cybercriminal remotely, usually to distribute spam email.

A recent tripwire.com article discusses a recently discovered botnet that has been actively infiltrating around 100,000 home routers per day this past month and is using them to distribute spam messages. The BCUMUPnP_Hunter botnet, which has been growing in strength, exploits a 5-year-old UPnP vulnerability found in many familiar branded router models including CenturyLink, Linksys, NetComm, Technicolor and a few more. According to researchers, the exploitation of this vulnerability could have been avoided had the vendors issued a security update to the users and in turn the users installed the latest update onto their routers. While it is not yet known whether a security update was issued for the infected devices, consumers should beware of IoT devices that are not offered with security patches and updates. If you are using an IoT device that does not offer updates, it may be best to disable the UPnP setting to avoid being exploited by malicious botnets, and if you are using one that does offer updates, be sure to stay on top of them.

If you have any questions or concerns about the security of your IoT devices, OptfinITy is here to answer them. Feel free to give us a call at 703-790-0400, send us an email at info@optfinity.com, or visit our website at www.optfinity.com to learn more about securing your IoT devices or any other security concerns you may have related to your technology.

With the prevalence of apps continuously on the rise, more and more businesses are developing their own, and it is more important than ever to keep them secure. A recent itnews.com article provides some useful tools and methods that can prevent your apps from being compromised by cybercriminals and keep your business protected.

There are many application security tools available that can be broken down into two main categories: security testing tools and shielding products. Testing tools focus on finding vulnerabilities in the app to prevent attacks while shielding products focus on hardening the application to make attacks more difficult to be carried out.

Security testing tools are available in many different types including static, dynamic, interactive, and mobile. Depending on your app portfolio and what you believe to be the best way to protect it will determine which of type of security testing tool you will use. For example, if you are looking to check your code as you are writing it, you would want to go with one that offers static testing, but if you want one that analyzes running code and has the ability to simulate attacks on production systems, you would elect to go with one that offers dynamic testing. A combination of the elements provided in static and dynamic testing tools is available via an interactive testing tool. Finally, there are security testing tools that focus specifically on mobile apps that examine how attackers could potentially leverage mobile operating systems.

App shielding tools also contain different features including runtime application self-protection (RASP), code obfuscation, encryption and anti-tampering tools, and threat detection tools. Again, what you believe is the best way to protect your app portfolio will determine which type of shielding tool you end up using. If you’re looking for a tool that continuously monitors an app’s behavior, sends alerts and terminates errant processes or the app itself if it becomes compromised, an RASP tool would be the option to go with. However, there are other types of tools available such as code obfuscation, encryption, and threat detection tools. The latter provides device fingerprints that determine whether a mobile device has been compromised by a malicious party.

As always, OptfinITy is happy to answer any questions you may have regarding your IT needs. Feel free to give us a call at 703-790-0400, shoot us an email at info@optfinity.com, or visit our website at www.optfinity.com if you have any questions about the security of your applications or application development in general.

The saying “you are only as strong as your weakest link” applies to any team effort and cybersecurity for your organization is no exception. The best defense against a cybersecurity attack starts from the inside. Therefore, if you don’t already have a cybersecurity training program in place, you should. A recent itnews.com article provides some important topics that should be covered in your organization’s cybersecurity training program.

The first thing you need to establish is what is and is not acceptable to do while using company technology. Employees should know not to use the technology for anything other than work-related tasks and should not expect anything they use a company device for to remain private. If this is not established and people treat their devices as personal ones you can run into a lot of trouble.

Once acceptable use is established, it is important to cover data protection, security updates, and safe password practices. Employees should understand the importance of constantly backing up all data, staying on top of updates, and locking their computer screen when they leave their office. They should also frequently change their password using a complex system of letters, numbers and symbols. While these practices may be tedious or inconvenient, this protocol is critical in preventing malware from infiltrating your organization’s system.

After laying down the protocol for updates and data protection, employees should be educated on social engineering scams such as phishing emails. Employees should be suspicious of any unexpected emails, especially ones that demand immediate action, and check the spelling of URLs in emails to be sure they will be directed to a safe website and not to one that will expose them to malware. It is important your employees understand how legitimate these false emails can look so they don’t fall for their tricks. To test how employees will respond to a phishing attempt it is best to conduct internal phishing tests.

Finally, it is imperative your employees know who to call and immediately report incidents when they occur instead of waiting for them to be found by a security check or external virus scan. The average amount of time it takes for an organization to discover a system hack is 8 months. By that time, it could be too late, especially for smaller organizations.

If you have any questions or concerns about the cybersecurity protocol for your organization, OptfinITy is here to help. Give us a call at 703-790-0400, visit us on our website at www.optfinity.com, or send us an email at info@optfinity.com if you have any questions about establishing a sound cybersecurity protocol for your organization.