If you own any piece of Apple technology in your home or office, you’ll probably want to update its software as soon as possible, as Apple just issued security patches for all of its major operating systems.

There are a few serious flaws and vulnerabilities that, if left unpatched, could allow hackers to have access to your devices and thus be victim to some dangerous malware.  When a company takes these risks and subsequent updates this seriously, you should too.

To update your iPhone or iPad, select “Settings / General / Software update”.  To update your Apple desktop and laptop computers, open the “App Store” and choose “Updates” from the top right corner of the window.

If you’re having a hard time keeping up with all these various updates for all your work and personal devices, perhaps it’s time to hire an IT company who can manage these for you, helping to keep all your data safe and secure.  Contact Optfinity today for a free assessment to see exactly how secure you really are.

Arkansas police are hoping they can use an Echo found at a murder scene, and its recordings, to help with the investigation of a murder.  Echoes only begin recording after hearing the wake word, but background noise/chatter could have activated the device. 

Amazon stores all the voice recordings from its devices on its servers.  As a user, you can delete your personal voice data, but there’s no way to prevent Amazon from saving that data on their servers.  Amazon has said they do not release customer information without a “valid and binding legal demand”.

While this might all not sound like much for the average user, just remember that the Echo could possibly be picking up any background conversations you might be having, including you talking about personal information such as credit card numbers, addresses, social security numbers, or any other self-identifying data.

Be aware of the cache on your Echo and frequently delete those files.  While there have been no cases yet of mass hacking of these devices, you do not want to make things easier for criminals to have access to your personal data by leaving the information on your Echo.  This is especially true if you utilize one at your place of business. 

Those one billion Yahoo! users’ account information, which was stolen back in 2013, is now for sale on the computer underground market for a total of a little less than one million dollars.

So not only is the data currently in the hands of criminals and probably being utilized, but if you have not changed your passwords that were also similar to your Yahoo password, all your other accounts might be jeopardized.

And this is just the tip of the iceberg because not only were passwords taken, but so were security questions and answers.  These are also reused by many of us throughout multiple accounts.  So not only should you utilize a password manager and generator for your passwords, but also for security questions.  At the very least, keep the passwords and answers in a simple spreadsheet.  Remember, your security answer does not actually have to be Spot, your first pet.  It could be jIes92#lf!FW.

Recently, three British hospitals were infected by malware, forcing their IT systems to shutdown as well as the cancellation of routine patient operations. The few days this went on was an obvious detriment to the hospitals’ job of keeping people healthy and saving lives.

What made this particular ransomware especially dangerous, which was a variant of the Globe ransomware, is that it deletes your PC’s backups. These backups are compiled daily and allow you to revert your system back to an earlier version. By not having access to this backup data, its virtually impossible to get your systems back up and running without paying the ransom.

If you’re still not concerned that this is a serious issue, especially because the hospital was able to be fully up and running within 48 hours without needing to pay the ransom, keep in mind this breach forced the cancellation of 2,800 patient operations. Not only is that potentially dangerous to the patients involved, but it is also time and money lost for the hospital.

Could your business survive being shut down for 48 hours? Worse, could you afford the $17,000 ransom other hospitals have shelled out to get their data back? Contact Optfinity today for a free assessment to see just how secure and safe your systems are and how effective your backup systems may be, if at all. Don’t wait till it’s too late to know where your company’s weaknesses are.

We talk a lot about ransomware, but phishing scams are still just as prevalent and are just as dangerous to companies, their employees, and their clients. This year, a hacker comprised the data of over three quarters of a million LA County employees. This not only includes their employee’s personal information, but also client/patient information stored in their email accounts.

The information stolen includes names, social security numbers, credit card information, medical records, and many other sensitive pieces of data.

Thankfully, law enforcement launched a criminal investigation and have issued an arrest warrant for one felon and are still looking for potentially any others who might have been involved.

This all began because a thousand county employee email users reportedly received phishing email from the hacker and a few fell victim to the bait. This is a perfect example of how employee training to ensure staff do not click on unfamiliar links as well as two step authentication to prevent unauthorized access could have prevented this large-scale hack. Are all of your employees knowledgeable on how to avoid phishing scams? Are you aware of the dangers if an employee accidentally opens themselves up, and your systems, to a hacker’s scheme? Optfinity can provide you and your staff with all the necessary tools, software, hardware, and training you need to ensure your IT safety and security.

A couple is suing a Toyota dealership for stealing an intimate photo off of the husband’s smartphone and uploading it to a swinger’s website. He did this because he saved his pre-approved financing document for a new car on his phone and the salesperson needed to show the document to his manager.

After getting his phone back five minutes later, the husband noticed that an intimate photo of his wife had been recently selected and emailed out to another couple as well as the adult website. The couple called the police right away and once on the scene, discovered that the dealership’s owner had emailed the photos to himself, first, before uploading it to his profile on the website.

Luckily, the husband had an app installed on his phone which was able to recover the emails on his phone which the dealership owner had deleted to try and cover his tracks. But this problem would never had happened had he not hand his phone over to a complete stranger. He could have printed out the document beforehand, or just emailed the document to the salesperson, himself, from his smartphone.

There should be no reason you hand your phone over to a stranger, unless it’s to the manufacturer for a technical issue. Remember, if you do, they now have access to not only your files, but sometimes many apps/websites that you may be logged in to. Be smart and keep your belongings secure, don’t be your own point of failure.

Remember, anytime a company sends an email asking you for more information, there are some ways to identify if it’s a scam and to protect yourself. You can read the full article for every tip. However, the easiest way to protect yourself in these circumstances is just to go directly to the site yourself without using the provided “link”. This way you know you’re going to the right site.

The other major way to protect yourself is by using two-step authentication whenever it’s available. We have blogged about this several times over the past year. This, and many other tips, are just some of the things you should be training your employees on to avoid having your company’s systems breached. If you want more information on this, or want someone to train your staff for you, contact Optfinity today. We also provide free assessments so you can know for yourself just how secure you really are.

Several weeks ago, the MUNI, San Francisco’s transportation system, was hit hard by a ransomware attack which forced its systems to allow passengers to ride for free. The hackers demanded 100 Bitcoins, which, at a conversion rate of $700/1btc, equates to $70,000. SFMTA has not paid the ransom; however, for fear that it will only encourage future attacks.

Experts think the hack was not deliberate, but rather a chance infection by an employee who unwittingly opened an infected file on their computer, allowing the malware to make its way to over 2,000 systems including servers, workstations, and ticketing machines.

The San Francisco Municipal Transport Agency (SFMTA) had their systems back up and running by the Sunday of the weekend in which it was affected and were able to start charging fares again. But imagine if this were your company affected because of a single careless employee. A huge organization can withstand the loss of revenue over the course of several days, but can your company?

Also, the SFMTA was able to get their systems back up and running in a few days. Do you know how quickly you would be able to recover without having to pay the ransom? How secure and reliable are your backups, if you have any at all? Lucky for you, Optfinity offers free assessments so you know exactly how vulnerable and protected your systems are. Don’t wait till you’re a victim. Secure yourself and your company today.

This group has attacked other businesses before, demanding large ransoms in return for not posting their sensitive data. When WestPark Capital, a recent victim, turned down their “handsome business proposal”, The Dark Overlord published several sensitive documents.

What can these companies do now? Nothing, really; at this point there is no way for them to steal back their information from the thieves. But you can learn a lesson the easy way by boosting your business’ defenses.

You can implement layered defenses, review your security policies, and think about training your employees to be wary of scams and other attacks. If you’re not sure if your company has these or how robust they might be, Optfinity provides free assessments to all companies. Contact us right away and we can let you know just how vulnerable your data may be, what steps you need to take to improve your security, and if there are any other weaknesses regarding your full IT infrastructure. IT safety and security are our number one concerns with regards to our clients.

As published by MSPMentor: Michael Drobnis, president and CEO of Springfield, VA-based OptfinITy, shares three suggestions he’d apply if he were launching an MSP from scratch today.

1. Leverage cloud internally – From the business perspective, utilizing cloud-based PSA tools, RMM tools, virus-monitoring, backups, etc., the cloud is probably the best way with no or very minimal capital expenses to get started. And it’s an operating expense. You can ramp up and pay as you need to. That gives you a lot more flexibility than in the past, where you had to acquire servers, acquire data center space, acquire everything else and pay for the licenses, which made it very difficult to start up.

2. Sell cloud – As you’re dealing on the smaller business side, a business up to 200 employees, the cloud is providing a lot of benefits. From scalability and elasticity, to the ability to ramp up clients, you can do things that you couldn’t have done in the past because they didn’t have those capabilities, financial and otherwise. Understand the cloud and be able to offer cloud services.

3. Hire with service in mind – As a service provider, you’re selling a service – a solution. Yes, you can productize it, but you’re not selling a product. You’re being judged by the services you provide. Hire people that are going to be personable; that are going to be able to help a customer get through a problem, whether it means knowing the answer right away or not. You can always teach the technical skills. You need to focus on hiring the right people internally that can do the projects that you need as well as focus on your core strengths. Outsource the rest: your human resources, your payroll. You can go as far as your sales.