By -- 2018-10-18 in Blog

According to a recent servethehome.com article, it has been discovered that one of the most respected brands in the server industry contains a vulnerability in its 13th generation and older PowerEdge servers. This vulnerability, which was brought to light in the STH discussion forums, allows users to bypass the Dell EMC iDRAC firmware protections and load their own firmware via both local and remote access methods. If this vulnerability were to be exploited by a cybercriminal they would have complete remote control of the server.

Although this vulnerability that has been named iDRACula (integrated Dell Remote Access Controller unauthorized load access) is not an issue for Dell’s newest 14th generation PowerEdge server, there are still millions of older generations in use and in distribution. Therefore, it is important to be aware of this vulnerability if you are using a 13th generation or older PowerEdge server.

The good news is that for iDRACula to be taken advantage of, a lapse in security would need to take place, such as someone being allowed physical access to a machine or remote access with valid login credentials. The bad news is that Dell is a leader in the industry for server security. Since this vulnerability was discovered in Dell, it is highly likely that other types of servers contain similar vulnerabilities.

The iDRACula vulnerability serves as a reminder that even reliable brands such as Dell are not immune to security breaches. Even if you don’t use a Dell server or if you have the latest generation, it is important to always practice safe security measures and stay on top of software updates. Never give strangers direct or remote access to your electronic devices and get the latest software updates since they are created to fix bugs or vulnerabilities found in previous versions. If you have any more questions about the iDRACula vulnerability or how to best keep yourself protected don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

By -- 2018-10-16 in Blog

Unfortunately, data breaches occur often. Even if you are taking all the necessary precautions to avoid them, they can still happen. Therefore, it is important to have a plan of action to follow in the event of a data breach. A recent itnews.com article suggests how to best deal with a data breach and avoid catastrophic monetary loss and/or identity theft.

Step 1: The first thing you will want to do is figure out exactly what information was stolen. Once you figure out what was taken (usernames, passwords, credit card information etc.) your next course of action will be determined by step 2.

Step 2: Determine whether the hackers will be able to use the stolen data. If your data is in the form of cleartext, then chances are the data will be decoded easily. However, if it has been hashed, salted, or encrypted, there is a chance that although the hacker has stolen your data, it will not be able to be decoded and is therefore useless to the hacker.

Step 3: Change your password. This should be done whether your data is usable or not. If you are using the same password across multiple sites now is the time to stop doing that. At this time, you should also consider using a password manager such as LastPass and enable two-factor authentication on any accounts that will support it.

Step 4: If you don’t already have one, create a dedicated password recovery email. Be sure this email doesn’t hint at your identity at all. For example, a good recovery email address would be something like okurdone@outlook.com, while a bad one would be one that contains your name or initials such as jsmith@outlook.com.

Step 5: If your credit card information was stolen, contact your credit card provider and get a fraud alert on your credit card with the three major credit bureaus. Consider putting a credit freeze on your records to prevent the hacker from using your information to open any credit cards in your name.

Step 6:  Determine who you need to report the data breach to.   In many states, there are laws which require you to report certain data breaches.

Don’t panic, for data breaches occur frequently. If you have been taking the necessary actions to protect your information, a cybercriminal can only do so much; if anything at all, with your data. If you experience a data breach or have any questions about a plan of action to take in the event of one, don’t hesitate to give us a call here at OptfinITy at 703-790-0400 or visit us on our website at www.optfinity.com.

By -- 2018-10-11 in Blog

A recent CNET article reports that the Port of San Diego experienced a ransomware attack during the last week of September. The attacker apparently demanded a payment of an undisclosed amount in bitcoins. The attack left employees with limited access to their computers which caused a huge inconvenience for people who needed access to items such as public records and park permits. While it is yet to be determined how costly this security breach will be for the Port of San Diego, ransomware attacks in the past have been notoriously expensive.

Ransomware attacks are extremely costly forms of cyberattacks because they simultaneously encrypt all your data and demand a ransom for it to be unlocked. Therefore, you are not only losing money during the time it takes to unlock your data or pay the ransom, you lose even more if you end up having to pay the ransom. Ransomware attacks have cost cities and companies up to $300 million in lost revenue and can be a death sentence for small businesses and organizations.

The best way to protect yourself from ransomware attacks is to back up all your data. If you don’t need the data they stole, the criminal has no collateral and your business can carry on as usual. In addition to constantly backing everything up, you should be implementing safe cybersecurity practices for your organization such as using strong passwords and educating employees about phishing scams. If you have any questions on how to avoid becoming the next victim of a ransomware attack don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

By -- 2018-10-9 in Blog

Even if you work with a trusted IT provider, you need to be alert for remote tech support scams. Remote tech support scams involve cybercriminals pretending to be a help desk employee from an IT company and reaching out to fix a problem with your computer remotely. Once they are given the credentials needed to access your computer remotely, they will either steal your data, install malware or spyware, or both. They then often proceed to request a payment for “fixing” a problem that never existed. These scams are becoming increasingly prevalent and are causing millions of dollars in losses. A recent article provides some advice on how to prevent yourself from falling victim to a remote tech support scam.

The main thing to remember is to be suspicious of anyone who reaches out to you to and offers to fix something. Do not respond to unsolicited calls or emails even if they appear to be legitimate. It is not uncommon for cybercriminals to disguise themselves using the name of a trusted tech company that will even show up on a caller ID. Remote tech supports scams implement the same fear tactics that are used in phishing scams such as sending an email message or calling claiming you need to click on a link or call a phone number right away to protect your computer from being infected with a virus.

What you need to remember, however, is that legitimate tech companies will never call or send an email to offer remote support services or push you to make a quick decision. If you receive an unsolicited call or email from what appears to be a trusted IT services provider, always double check with a trusted tech company before giving out personal information, calling phone numbers or clicking on links.

Being a trusted IT service provider ourselves, we at OptfinITy want you to remain safe from all types of scams and cyberattacks. If you have any doubts about how to protect yourself or your organization from falling victim to these attacks and scams, or if someone contacts you pretending to be us, don’t hesitate to give us a call at 703-790-0400. You can also visit us on our website at www.optfinity.com.

By -- 2018-10-4 in Blog

In the current technological age, a website is now the face of an organization. When people hear about a new business or organization, the first thing they’ll do is check out their website. While having a secure, well-functioning website for your organization can help raise the reputation of your brand, having one that is not secure and puts visitor’s information at risk can have the opposite effect. A recent article provides some preventative measures you can take to keep your website and online reputation secure.

  1. Have a protocol in place for your organization outlining what to do in the case of a security breach. The better prepared you and your employees are, the quicker you will be able to stop or contain a cyberattack.
  2. Be sure you have access to a long history of logs and be sure you are checking in on your website daily for spam activity, security plugins and updates. If an update is available, be sure to go forward with it since outdated software is prime real estate for hackers.
  3. Do frequent backups, at least once a month, on everything! Creating backups takes away any opportunity for a ransomware attack.

As always, OptfinITy is here to answer any questions related to your IT needs. If you have any questions or concerns about the security of your organization’s website, please don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

By -- 2018-10-2 in Blog

While running a small organization, getting your name out there is critical for your success. While using social media and online advertising are available options, the best way to become recognized by the largest audience possible is to appear at the top or near the top of an online search engine. A recent article from entrepreneur.com provides some tips on how to make this happen.

The first step to take is to make sure your website runs efficiently. This includes eliminating lag time between pages, and allowing for easy navigation and smart phone optimization. If your website runs slow or is confusing to navigate, people will more than likely become frustrated and leave your website never to return.

A great way to ensure your website runs at a fast speed is to optimize your images, which essentially means not using images at a size that is larger than necessary. Since more than 50% of a website’s memory load on average consists of images, having an image on your website that is unnecessarily large can be the difference between a fast and slow loading website. For example, if you are placing an image into a box that is only a 500 pixel square, uploading an image that is 5,000 by 5,000 pixels is only going to slow your website down.

Optimizing your website for mobile is now more critical than ever since consumers now spend around 69% of their time on their smartphones. To improve your website’s mobile performance, you should research which web-hosting site will work best for your content, or if you are developing your own, implement accelerated mobile pages to speed up your website.

Once you have a flawless, fast-running website that is fully optimized for mobile devices, your next priority should be to establish authority and use keywords in your website that will direct as many people to your site as possible. While establishing authority can take some time, you can speed up the process by encouraging people to share your news and blog posts on social media.

The use of specific and direct keywords will raise the likelihood of your website showing up in searches. For example, if your website contains an article about how to make lemonade, you will want to go with clear, direct keywords in the title and throughout the article that will show up in people’s searches. A good example would be “How to Make Great Lemonade.”

What you will want to avoid is trying to get creative and titling your post something like “Lemonaide: How to Create a Perfect Blend of Sugar, Water, and Lemons.” None of those terms are going to be something someone searches for while looking up how to make lemonade, and as a result, people will likely be directed to another website and not yours.

To recap, having a well-functioning website that is optimized for all platforms combined with the strategic implementation of keywords will result in a successful, well-known organization. OptfinITy provides assistance with website development and would be happy to answer any questions you may have regarding website development or any other of your business’ IT needs. For more information give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

By -- 2018-09-27 in Blog

Beware of Malicious Emails

You probably receive hundreds of emails daily. Did you know that one in every 244 emails contains malware (according to IT World)? Stay alert for suspicious emails to protect yourself.

Red Flags to Watch For

1. Poor Spelling and Grammar
Scammers often disguise emails to look like they’re from trusted sources like your bank or Amazon. However, bad spelling or grammar is a major giveaway. Don’t trust emails with these errors.

2. Urgent Warnings or Threats
Phishing scams often use scare tactics. Emails urging immediate action or threatening severe consequences (e.g., from the IRS or FBI) are usually fake. Legitimate agencies won’t email you in this way.

3. Suspicious Attachments or Links
Unexpected attachments or strange links are red flags. Verify attachments with the sender before opening. Always hover over links to check the URL. If it looks odd or overly long, don’t click.

OptfinITy Can Help

Need guidance on phishing or safe email practices? OptfinITy is here to help! This month’s webinar covers these topics—sign up for free today. Call 703-790-0400 or visit us at www.optfinity.com.

By -- 2018-09-25 in Blog

Enhancing File Sharing Security in Your Organization

File-sharing software has become an essential tool for modern organizations, enabling more effective communication and collaboration on documents. While it boosts efficiency, improperly protected files can fall into the wrong hands, leading to serious risks such as fraud and identity theft. Understanding and addressing these vulnerabilities is critical to safeguarding your organization’s sensitive data.

Why Are Shared Files Vulnerable?

The primary reason shared files are at risk is that much of the data is stored by the organization’s internet service provider. Without proper security measures, this data can become an easy target for unauthorized access.

A recent Entrepreneur.com article offers actionable steps to prevent your shared files from falling into the wrong hands.

Educate Employees About File-Sharing Risks

The first step is to raise employee awareness about the risks associated with file sharing. Educate your team on general security practices to ensure they understand the potential consequences of mishandling sensitive files. When employees recognize these risks, they are more likely to adopt the necessary precautions to protect the data they manage.

Control Access to Cloud-Based Files

If your organization uses cloud storage to save and edit shared files, restrict access to authorized users only. Consider upgrading to a service that allows you to set file permissions, such as OptfinITy Sync. Many cloud-based systems also provide tracking features to monitor who has sent, received, opened, or shared a document. These features ensure your files remain secure and inaccessible to unauthorized individuals.

Keep Systems and Staff Updated

Ensure all content management systems (CMS) are regularly updated to protect sensitive files effectively. At the same time, continuously educate staff on the latest software updates and security protocols. This dual approach enhances your CMS’s ability to safeguard files while empowering employees to uphold strong security practices.

Implement an Integrated Security System

Deploy a comprehensive, integrated security system that addresses all potential threats. While standalone security solutions can focus on specific areas like email or file sharing, an all-encompassing system provides more practical and robust protection for your organization.

Get Expert Help with File-Sharing Security

As cloud users with a robust product like OptfinITy Sync, we are here to help ensure the security of your file-sharing software. If you have any questions about protecting your organization’s files, call us at 703-790-0400 or visit us at www.optfinity.com.

Safeguarding your shared files is crucial—take these steps today to secure your data and prevent potential security breaches.

By -- 2018-09-19 in Blog

Protect Yourself from Phishing Scams During Natural Disasters

When a major tragedy like a hurricane or the Boston bombing strikes, your first instinct may be to help those affected by donating money. Unfortunately, cybercriminals exploit people’s goodwill by launching phishing scams and fraudulent websites designed to solicit donations. According to a recent cyber intelligence advisory, the number of newly registered domains containing words like “claims,” “compensation,” “lawyers,” “relief,” and “funds” has spiked following Hurricane Florence, indicating that fraudsters are targeting individuals eager to contribute to disaster relief efforts.

Be Cautious of Pleas for Donations

Always approach individual pleas for financial assistance with skepticism. This includes requests through social media, direct emails, and crowdfunding sites. Even if a request appears to come from a trusted source, verify the legitimacy by checking reliable resources like the Federal Trade Commission Consumer Information website or the National Voluntary Organizations Active in Disaster website.

Beware of Suspicious Links

Phishing emails often contain links that claim to lead to “more information” or images. While the content may seem relevant, always verify the legitimacy of the website before clicking any links. Check the URL carefully to ensure that it matches the trusted organization’s website.

Check the URL to Identify Fraudulent Websites

A simple way to identify fraudulent websites is by hovering over the link. If the URL displayed doesn’t match the expected destination, it’s likely a scam. For instance, an email that directs you to donate for hurricane relief at www.madeupdomain.org might actually link to www.madeupdomain.com.

Avoid Spam Emails and Suspicious Links

Never open spam emails, click on attachments, or follow links in unsolicited messages. Avoid providing any personal information to a website unless you are absolutely sure of its legitimacy.

Stay Vigilant and Follow Safe Email Practices

While it’s always important to follow safe email practices, it’s especially crucial during times of crisis. Phishing and malware attacks tend to surge in the aftermath of disasters. Once your technology is compromised, fixing the damage can be costly and time-consuming. Protect yourself by staying vigilant and cautious.

If you have any questions about how to avoid phishing scams or malware attacks, feel free to contact OptfinITy at 703-790-0400 or visit our website at www.optfinity.com.

By -- 2018-09-18 in Blog

Protect Your Small Business from Ad Fraud

As a small business or organization, you cannot afford to waste money on anything that doesn’t directly boost awareness or increase revenue. While paying for ad space on high-traffic websites can effectively promote your brand, beware of fraudulent websites that drain your advertising budget.

Beware of Fraudulent Websites

Fraudulent websites often appear legitimate but are filled with keywords designed to manipulate Google’s ranking system. These sites may seem like good options but are designed to trick you into spending money with no real return. Always research websites thoroughly before investing in ad space.

Understand the Impact of Ad Fraud

Ad fraud can devastate small businesses, draining advertising budgets and leaving organizations with no return on their investment. Thousands of businesses fall victim to ad fraud, and without caution, your business could become the next target.

Verify Traffic Sources

When purchasing ad space, always question the sources of traffic. Use third-party verification tools to run buying tests and identify non-human or invalid traffic. This approach ensures you’re not wasting money on fake traffic.

Work Directly with Advertisers

Only work with advertisers who can prove their identities and provide direct communication. Scammers often hide their identities to avoid being caught. By working with verified advertisers, you reduce the risk of falling for scams.

Leverage AI to Combat Ad Fraud

AI is a powerful tool in the fight against ad fraud. It can filter fraudulent IP addresses, clean spam bots, monitor site traffic, and detect click fraud. AI’s ability to analyze complex data and self-learn makes it the most effective defense mechanism against ad fraud.

Stay Vigilant to Protect Your Budget

Ad fraud continues to thrive, especially as technology evolves. Stay aware of the risks your organization faces and take proactive steps to protect your advertising investments. If you need help securing your business from ad fraud, contact us at OptfinITy at 703-790-0400 or visit www.optfinity.com.