Protect Your Business from Ransomware Attacks

Ransomware attacks often begin with a simple email that tricks an employee into clicking a link or downloading an attachment. The email might appear harmless, mentioning a resume, tracking number, or another innocuous topic. Once the employee engages, the company’s files become inaccessible, the server stops functioning, and operations come to a screeching halt. These scenarios may sound like science fiction, but they occur daily across thousands of companies worldwide.

Understanding Legal Consequences of Cyber-Attacks

In some U.S. states, businesses face penalties for falling victim to cyber-attacks, depending on how they handle the aftermath. Victims may be legally obligated to notify authorities about data breaches and publicly disclose the incident. This requirement can damage a company’s reputation, alienate clients, and create financial strain with lenders, banks, and other stakeholders.

Prepare with Backups and Insurance

Ensure your business has properly set up and tested backups. Invest in comprehensive insurance that covers losses due to malware, viruses, and other electronic scams. These steps are essential to safeguard your business from potential disasters.

Partner with the Right IT Company

Choose an IT company that prioritizes your best interests. The right partner will help you survive a cyber-attack or, better yet, prevent one from occurring in the first place.

OptfinITy: Your Security Partner

At OptfinITy, we prioritize security at every level. We protect your business by stopping threats at the door, on the network, in the cloud, and, most importantly, through employee training. Our proactive training programs are integrated into our managed services to ensure comprehensive protection.

If you want to evaluate your current security measures, contact us for a free, no-obligation assessment. We will identify vulnerabilities and offer solutions to help you mitigate future threats.

A two-year investigation has led to the arrest of two telephone scammers who were preying on vulnerable victims, tricking them into thinking their electronic devices were affected by malware. This investigation was conducted by Microsoft and British police.

One of the ways the scammers tricked their victims into believing their PCs had been infected was by asking them to look for warning or error messages in their Windows Event Viewer’s application logs. While those in the know understand these to be harmless, to someone not very tech savvy, these messages can seem ominous and will more easily pay for someone to help “fix” their computer problems.

It is important to remember no tech company will ever make an unsolicited call to help you fix any problems you might have. So, if you think you may have a problem, or some website or email is convincing you that your computer is at risk, don’t just talk to anyone, call us at OptfinITy anytime and we’ll be glad to assist. Don’t forget, we offer free assessments, so you won’t even need to worry about opening your wallet to get help!

Just when you thought you were safe from WannaCry, a new bully is on the playground called Fireball. And this malware has already infected over a quarter billion computers worldwide! One of out every five corporate networks have been compromised. Most of these are in other countries as the US, thankfully for now, only accounts for 2.2% of the infected devices.

How does this malware differ from the others? It sneaks its way onto user’s devices through bundling, where it is paired with other freeware products. Once it is installed, it then utilizes the victim’s browser to turn their search engines and home pages into fake ones. It then installs plugins to boost advertisements and generate ad revenue for the hacker who created Fireball.

We recently covered this seemingly benign threat. While it appears the only current downside is a hacker using your computer to blindly help them make money, don’t forget, they have access to your electronic device. So, at any point, they could change their code and do some serious damage to individuals and corporate enterprises! Remember, free is almost never “free”.

If you’re uncertain if you’ve become a victim of this or any other malware, or just want a good assessment of your systems and their structure and security, contact Optfinity and we’ll provide you with a free, no obligation assessment to help give you peace of mind.

New NIST Password Guidelines: A Step Towards Simpler, Stronger Security

The US National Institute of Standards and Technology (NIST) is introducing new password guidelines aimed at eliminating outdated security practices, such as frequent password changes and mandatory special characters. These changes will impact both government and business password policies, providing a more user-friendly approach to cybersecurity.

Why Current Password Guidelines Aren’t Working

Many traditional password policies demand complex combinations of characters, which are difficult for users to remember. As a result, users often resort to simple, easy-to-guess passwords. Research shows that these overly complicated passwords do not significantly improve security and, instead, hinder usability and memorability.

The New NIST Guidelines: A Better Way to Manage Passwords

Under the updated NIST guidelines, password complexity requirements, such as special characters, may no longer be necessary. Instead, passwords can be longer, up to 64 characters, and may even include spaces. This shift will encourage users to create passphrases—longer, more memorable strings of words or phrases—that are much harder for computers to crack but easier for humans to remember.

How Optfinity Can Help You Manage Your Passwords

Until these new password standards are fully rolled out, managing multiple passwords can still be a challenge. Optfinity is here to help you secure your passwords and streamline your security processes. If you’re looking for advice on better password management practices, contact Optfinity today for personalized solutions.

Even a company as large as Disney has fallen victim to hackers, having had files of their recent movie stolen and threatened to be released online if ransoms were not paid.  They refused, and clips have since surfaced.  Its great news that they refused to pay and instead worked with authorities to try and bring the scammers to justice.

This goes to show that every company, large and small, must do more to protect themselves including security awareness training with employees.  Optfinity, through Knowbe4, offers this type of security awareness training to all our clients.  Not only does this entail online tutorials and test emails which assess which employees are vulnerable and likely to click on phishing scams, but also reports back to the client to see where their company’s weaknesses lie.

Don’t wait till a naïve employee innocently clicks on a wayward word document emailed to them by a hacker, thus giving them access to every bit of data on your servers.  Contact Optfinity today for a free assessment.

Previously, we have shown you how to delete and clear these pesky, residual elements in Internet Explorer that stick around on your computer after you’re finished searching the web.  This time, we will be showing you how to do it for Microsoft Edge, their newest web browser.  You’ll find updating to this browser comes with many benefits, it’s much faster than IE, and most elements are more user friendly, including spring cleaning of your data.

There are now two easy ways to clear all your data.  The first is to click on the three lines in the upper right-hand corner which are the history icon. 

Once there, you can individually delete websites by clicking the “X” to the right of each site listed.  Or you can delete all by clicking “Clear all history”.  This will take you to the next screen where you can select up to eleven different data sets you wish you clear out, including your history, cache, cookies, and form data.

The other way you can access this same information is by clicking on the “more” icon in the upper right hand corner represented by three dots.  From there you select “Settings”.  On this page you can change your theme, make changes to how your tabs operate, and clear your browsing history, among other things.  Once you click on “Choose what to clear”, it will take you to the same screen as shown above.

As you can see, this is far easier as you can delete all your data in one move, as opposed to having to delete your cache/cookies and history separately; not to mention any other data sets you wish to have stricken from the records.  If you have any other questions, feel free to contact Optfinity anytime.

The largest ransomware attack in history has already infected over 114,000 Windows systems worldwide.  Many of these infections were on older, unsupported versions of Windows such as XP, Vista, and Windows 8.  There is a reason any IT professional will advise you to upgrade to any current OS; these systems are constantly supported and updated to ensure the highest level of safety and security.

But in the wake of this unprecedented infection, Microsoft has released an emergency security patch update for all its versions of Windows, including those no longer supported.  So, if you’re still utilizing one of these operating systems, download and update now!

This security breach has not only affected small businesses and individuals in over 99 countries, it has also infected such large corporations as Spain’s Telefonica, Russia’s MegaFon, FedEx, and the National Health Service in the U.K.  The latter of these forcing the rejection of patients, cancelation of operations, and rescheduling of appointments due to the infection.

What can you do?  For starters, follow the seven steps listed in the article, including keeping your system up-to-date and be mindful of phishing emails, which is the main way this ransomware affects users.  You should also hire professional IT support to ensure you’re always protected, including having a secure and robust back-up system.  Optfinity offers free assessments, so if you’re unsure if your company will survive a possible infection, contact us today.  No pressure, no sales gimmicks, just honest care and advice to help small businesses stay safe in this highly dangerous cyber world.

Recently, both Google and Facebook were victims of fraud in which the criminal managed to convincingly impersonate an Asian manufacturer, generate fraudulent emails from the company, and invoice those huge companies for millions of dollars.  This was done by simply forging invoices, contracts, and letters from the victim companies.

Luckily, Google and Facebook are large enough to have weathered this crime and could recover almost all the money that was swindled away.  But could your company survive a similar fraud attempt, if even for a small fraction of the dollars stolen?

How often are you double checking invoices, letters, and contracts to ensure they are legally representative of the company you are doing business with?  It doesn’t take but a minute to call your trusted point of contact at the company you’re contracting with to verify addresses, bank accounts, etc.  You may think this is redundant or a waste of employees’ time, but don’t forget that a simple verification task can potentially save you from sending your money to a fraudster trying to steal your hard-earned money.