It is becoming increasingly common for people to have their home devices interconnected via Universal Plug and Play (UPnP) due to the added convenience it brings to completing daily tasks such as dimming the lights or picking your playlist while you clean the house. Unfortunately, many people remain unaware of the dangers of not securing these devices. As a result, their devices are vulnerable to botnets, which are collections of devices infected with a common type of malware that are being controlled by a cybercriminal remotely, usually to distribute spam email.

A recent tripwire.com article discusses a recently discovered botnet that has been actively infiltrating around 100,000 home routers per day this past month and is using them to distribute spam messages. The BCUMUPnP_Hunter botnet, which has been growing in strength, exploits a 5-year-old UPnP vulnerability found in many familiar branded router models including CenturyLink, Linksys, NetComm, Technicolor and a few more. According to researchers, the exploitation of this vulnerability could have been avoided had the vendors issued a security update to the users and in turn the users installed the latest update onto their routers. While it is not yet known whether a security update was issued for the infected devices, consumers should beware of IoT devices that are not offered with security patches and updates. If you are using an IoT device that does not offer updates, it may be best to disable the UPnP setting to avoid being exploited by malicious botnets, and if you are using one that does offer updates, be sure to stay on top of them.

If you have any questions or concerns about the security of your IoT devices, OptfinITy is here to answer them. Feel free to give us a call at 703-790-0400, send us an email at info@optfinity.com, or visit our website at www.optfinity.com to learn more about securing your IoT devices or any other security concerns you may have related to your technology.

With the prevalence of apps continuously on the rise, more and more businesses are developing their own, and it is more important than ever to keep them secure. A recent itnews.com article provides some useful tools and methods that can prevent your apps from being compromised by cybercriminals and keep your business protected.

There are many application security tools available that can be broken down into two main categories: security testing tools and shielding products. Testing tools focus on finding vulnerabilities in the app to prevent attacks while shielding products focus on hardening the application to make attacks more difficult to be carried out.

Security testing tools are available in many different types including static, dynamic, interactive, and mobile. Depending on your app portfolio and what you believe to be the best way to protect it will determine which of type of security testing tool you will use. For example, if you are looking to check your code as you are writing it, you would want to go with one that offers static testing, but if you want one that analyzes running code and has the ability to simulate attacks on production systems, you would elect to go with one that offers dynamic testing. A combination of the elements provided in static and dynamic testing tools is available via an interactive testing tool. Finally, there are security testing tools that focus specifically on mobile apps that examine how attackers could potentially leverage mobile operating systems.

App shielding tools also contain different features including runtime application self-protection (RASP), code obfuscation, encryption and anti-tampering tools, and threat detection tools. Again, what you believe is the best way to protect your app portfolio will determine which type of shielding tool you end up using. If you’re looking for a tool that continuously monitors an app’s behavior, sends alerts and terminates errant processes or the app itself if it becomes compromised, an RASP tool would be the option to go with. However, there are other types of tools available such as code obfuscation, encryption, and threat detection tools. The latter provides device fingerprints that determine whether a mobile device has been compromised by a malicious party.

As always, OptfinITy is happy to answer any questions you may have regarding your IT needs. Feel free to give us a call at 703-790-0400, shoot us an email at info@optfinity.com, or visit our website at www.optfinity.com if you have any questions about the security of your applications or application development in general.

The saying “you are only as strong as your weakest link” applies to any team effort and cybersecurity for your organization is no exception. The best defense against a cybersecurity attack starts from the inside. Therefore, if you don’t already have a cybersecurity training program in place, you should. A recent itnews.com article provides some important topics that should be covered in your organization’s cybersecurity training program.

The first thing you need to establish is what is and is not acceptable to do while using company technology. Employees should know not to use the technology for anything other than work-related tasks and should not expect anything they use a company device for to remain private. If this is not established and people treat their devices as personal ones you can run into a lot of trouble.

Once acceptable use is established, it is important to cover data protection, security updates, and safe password practices. Employees should understand the importance of constantly backing up all data, staying on top of updates, and locking their computer screen when they leave their office. They should also frequently change their password using a complex system of letters, numbers and symbols. While these practices may be tedious or inconvenient, this protocol is critical in preventing malware from infiltrating your organization’s system.

After laying down the protocol for updates and data protection, employees should be educated on social engineering scams such as phishing emails. Employees should be suspicious of any unexpected emails, especially ones that demand immediate action, and check the spelling of URLs in emails to be sure they will be directed to a safe website and not to one that will expose them to malware. It is important your employees understand how legitimate these false emails can look so they don’t fall for their tricks. To test how employees will respond to a phishing attempt it is best to conduct internal phishing tests.

Finally, it is imperative your employees know who to call and immediately report incidents when they occur instead of waiting for them to be found by a security check or external virus scan. The average amount of time it takes for an organization to discover a system hack is 8 months. By that time, it could be too late, especially for smaller organizations.

If you have any questions or concerns about the cybersecurity protocol for your organization, OptfinITy is here to help. Give us a call at 703-790-0400, visit us on our website at www.optfinity.com, or send us an email at info@optfinity.com if you have any questions about establishing a sound cybersecurity protocol for your organization.

As social media continues to become a bigger part of our everyday lives, it is more important than ever for small businesses and organizations to effectively use social media to promote themselves. While social media can act as a great tool to improve and promote your business, there are certain things you should avoid if you don’t want social media to have the opposite effect on your organization. A recent itnews article provides some things to keep in mind when it comes to using social media for your small business or organization.

1. Never create a social media account and then leave it unattended. If you have a Facebook or Instagram page that hasn’t been updated for weeks or months, people will be under the impression that either you don’t care, or you have gone out of business.
2. Consistently post. The easiest way to achieve this is to use a tool such as Hootsuite which allows you to schedule multiple posts in advance. If you are constantly posting, your name will always be on people’s minds and therefore they will be more likely to contact you instead of your competitors.
3. If you re-post any user-generated content, be sure you have permission first to maintain a high level of trust between your organization and social media followers.
4. Be sure to respond to all comments in a timely fashion. If someone has a question about a post or they leave a comment on your page regarding their recent customer experience, don’t wait to respond. The quicker you respond, the better it makes your organization look and people will be more likely to direct their questions at you instead of your competitors.
5. Keep sales promotion posts to a minimum. While it is not a bad idea to mix in a few sales promotions here and there, it is important to remember that social media posts should mainly be about building rapport with clients and potential customers.
6. Do not treat your organization’s social media page like you would your personal page. It’s best to keep out any personal social or political views out of posts, and instead stick to content that directly relates to your organization’s industry.

You want to be as active as possible on social media without overwhelming people with sales promotions or unrelated content. As always, OptfinITy is here to answer any questions you have related to your technological needs. If you have any questions or concerns, give us a call at 703-790-0400 or visit our website at www.optfinity.com.

Stay in Good Standing with Search Engines

Optimizing your website for high visibility on search engines is essential. However, to maintain a strong ranking, you must follow specific guidelines. A recent Entrepreneur.com article shares helpful tips for avoiding penalties and improving your page rank if issues like cloaking, spam, or low-value content arise.

Avoid Cloaking: Be Transparent with Content

Cloaking occurs when a website shows one version of its content to search engines and a different one to users. This deceptive tactic applies to all types of content, including photos and text. To stay in compliance and avoid penalties or bans from platforms like Google, regularly monitor your site. Crosscheck what users see against what search engines detect. Use free tools to perform these checks and keep your website’s integrity intact.

Eliminate Spam to Protect Your Ranking

Spam can quickly damage your website’s reputation and ranking. Choose an automated messaging system with built-in anti-spam features, and regularly scan your site for spam from external sources. Remove any suspicious or harmful content immediately. A spam-free website not only improves user experience but also increases your chances of ranking higher on search engines.

Create Valuable, High-Quality Content

Content quality has the biggest impact on your search engine ranking. Both algorithms and human reviewers assess the value of your site’s content. Keep all information relevant, concise, and original. Avoid keyword stuffing, irrelevant links, and especially plagiarism. Focus on providing real value to your audience.

Recover Quickly from SEO Penalties

If your website experiences a ranking drop due to any of these issues, act quickly to correct them. Even some of the internet’s most popular websites have faced SEO penalties and bounced back. Resolving problems promptly can help your rankings recover over time.

Need Help? OptfinITy Is Here for You

At OptfinITy, we specialize in building high-quality, SEO-optimized websites. If you have questions about avoiding penalties or want help improving your site, give us a call at 703-790-0400 or visit www.optfinity.com. Let’s build a website that sets you up for success.

It’s no secret that small businesses and organizations are the main target of cyberattacks. According to a recent article from entrepreneur.com, the FBI has received more than 4 million complaints from small businesses regarding internet crime between 2000 and 2017. Unfortunately, smaller organizations generally don’t have the budget for advanced levels of cybersecurity. However, if the proper standards are implemented, you don’t need to spend a fortune on cybersecurity for your organization.  A few standards and recommendations to best keep your business protected on a budget are as follows:

1. Implement email sender authentication standards for your organization and your business partners which include: Sender Policy Framework, DomainKeys Identified Mail and Domain-based Message Authentication, and Reporting and Conformance.
2. Take a layered approach to security. In addition to sender authentication standards, implement impersonation filtering to identify domains that are a character off from a trusted domain. It is also useful to implement an internal email filter that blocks external emails that make themselves appear as though they are from an internal user.
3. Be sure there is a protocol for authorizing wire transfers. Be sure your employees and partners confirm the legitimacy of any wire transfer or change of payment address requested via email. Never use the contact information from the email to confirm the request, instead confirm the legitimacy by calling a verified phone number.
4. Educate your employees and partners on the risks associated with careless email and online practices. Hold cybersecurity training courses regularly and reward your employees for good cybersecurity habits. If you don’t have an educated workforce, all other layers of security are rendered useless.
5. Partner with or consult an outside expert. If you’re not sure how to best implement any of the sender standards mentioned above or how to best educate your employees on the ever-increasing amount of cyber threats, consult a trusted provider to answer any of the questions or concerns you may have.

OptfinITy happens to be a trusted MSP with over 15 years of experience. If you are worried about how to best protect your business or organization from cyber threats or don’t understand the items above,  don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

It seems that nowadays every device we use is “smart.” We have access to everything from smart speakers to smart vacuums, and their prevalence is on the rise. According to a recent FBI public service announcement, the number of Internet of Things (IoT) or “smart” devices is expected to increase by anywhere between 300% to 1000% by 2020. While it’s undoubtedly convenient to have all our devices interconnected with each other and the internet, unsecure devices are at a very high risk of being exploited by cyber criminals. To best keep your IoT devices secure, the following actions are recommended:

1. While shopping for new devices
   1. Research your options on reputable websites that specialize in cyber security analysis.
   2. Search for products with a good reputation for providing security for their IoT products.
   3. Search for products that offer software or firmware updates and find out how often they are provided.
   4. Find out the types of data that is collected and stored on the device.
   5. Find out how long the data will remain stored on the device, whether or not the storage is encrypted, and whether or not the data will be shared with a third party.
   6. Check to see if opting out of the collection of data is an option and if there are any policies in place in the case of a data breach.
2. For recently purchased devices or ones you already own
   1. Change default usernames and passwords. Create STRONG passwords. Never use common words such as sports teams or children’s names.
   2. Isolate them on their own protected network and configure their network firewalls to have traffic blocked from unauthorized IP addresses and be sure port forwarding is disabled.
   3. Implement the security recommendations that are provided by the device manufacturer, be on top of updates and implement security patches where available.
   4. Invest in a secure router that allows you to whitelist (only allow specific devices to connect to your network).

Although these smart devices aren’t computers with screens, it is important to remember that they require the same cyber security measures as your laptop, desktop or cell phone. As these IoT devices become more prevalent, it is more important than ever to make sure they are secure and safe from cyberattacks. If you have any questions about the security of your IoT devices don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.

According to a recent servethehome.com article, it has been discovered that one of the most respected brands in the server industry contains a vulnerability in its 13^th generation and older PowerEdge servers. This vulnerability, which was brought to light in the STH discussion forums, allows users to bypass the Dell EMC iDRAC firmware protections and load their own firmware via both local and remote access methods. If this vulnerability were to be exploited by a cybercriminal they would have complete remote control of the server.

Although this vulnerability that has been named iDRACula (integrated Dell Remote Access Controller unauthorized load access) is not an issue for Dell’s newest 14^th generation PowerEdge server, there are still millions of older generations in use and in distribution. Therefore, it is important to be aware of this vulnerability if you are using a 13^th generation or older PowerEdge server.

The good news is that for iDRACula to be taken advantage of, a lapse in security would need to take place, such as someone being allowed physical access to a machine or remote access with valid login credentials. The bad news is that Dell is a leader in the industry for server security. Since this vulnerability was discovered in Dell, it is highly likely that other types of servers contain similar vulnerabilities.

The iDRACula vulnerability serves as a reminder that even reliable brands such as Dell are not immune to security breaches. Even if you don’t use a Dell server or if you have the latest generation, it is important to always practice safe security measures and stay on top of software updates. Never give strangers direct or remote access to your electronic devices and get the latest software updates since they are created to fix bugs or vulnerabilities found in previous versions. If you have any more questions about the iDRACula vulnerability or how to best keep yourself protected don’t hesitate to give us a call at 703-790-0400 or visit us on our website at www.optfinity.com.