How often do you verify that the free Wi-Fi that you’re connecting to at your local coffee shop is actually provided by the store and not a hotspot that a scammer sitting two seats away from you has set up?  Did you even know this is something people do to get access to all your personal data you are sending through the sites you are visiting?

That’s right!  If you’re not careful, you could be giving away all your personal information.  First off, double check that the Wi-Fi you are connecting to is the legitimate one from the shop employee.  Next, always be sure you’re on an HTTPS site when typing in passwords, addresses, credit cards, etc.  This way, in the event you’re accidentally utilizing a scammer’s Wi-Fi, your data is secured and encrypted.  If the site you’re visiting only says HTTP, it is not secure and that scammer can be capturing all your data. 

If you’re still uncertain about public Wi-Fi and whether or not you should be accessing it, contact us here at Optfinity and we’ll gladly give you more pointers and provide your business with a free assessment.

If you own any piece of Apple technology in your home or office, you’ll probably want to update its software as soon as possible, as Apple just issued security patches for all of its major operating systems.

There are a few serious flaws and vulnerabilities that, if left unpatched, could allow hackers to have access to your devices and thus be victim to some dangerous malware.  When a company takes these risks and subsequent updates this seriously, you should too.

To update your iPhone or iPad, select “Settings / General / Software update”.  To update your Apple desktop and laptop computers, open the “App Store” and choose “Updates” from the top right corner of the window.

If you’re having a hard time keeping up with all these various updates for all your work and personal devices, perhaps it’s time to hire an IT company who can manage these for you, helping to keep all your data safe and secure.  Contact Optfinity today for a free assessment to see exactly how secure you really are.

Arkansas police are hoping they can use an Echo found at a murder scene, and its recordings, to help with the investigation of a murder.  Echoes only begin recording after hearing the wake word, but background noise/chatter could have activated the device. 

Amazon stores all the voice recordings from its devices on its servers.  As a user, you can delete your personal voice data, but there’s no way to prevent Amazon from saving that data on their servers.  Amazon has said they do not release customer information without a “valid and binding legal demand”.

While this might all not sound like much for the average user, just remember that the Echo could possibly be picking up any background conversations you might be having, including you talking about personal information such as credit card numbers, addresses, social security numbers, or any other self-identifying data.

Be aware of the cache on your Echo and frequently delete those files.  While there have been no cases yet of mass hacking of these devices, you do not want to make things easier for criminals to have access to your personal data by leaving the information on your Echo.  This is especially true if you utilize one at your place of business. 

So not only is the data currently in the hands of criminals and probably being utilized, but if you have not changed your passwords that were also similar to your Yahoo password, all your other accounts might be jeopardized.

And this is just the tip of the iceberg because not only were passwords taken, but so were security questions and answers.  These are also reused by many of us throughout multiple accounts.  So not only should you utilize a password manager and generator for your passwords, but also for security questions.  At the very least, keep the passwords and answers in a simple spreadsheet.  Remember, your security answer does not actually have to be Spot, your first pet.  It could be jIes92#lf!FW.

British Hospitals Hit by Ransomware: Are Your Business Systems Safe?

Recently, three British hospitals fell victim to a **ransomware attack**, forcing their IT systems offline and leading to the cancellation of routine patient operations. The attack lasted several days, significantly disrupting the hospitals’ ability to provide essential care and services, highlighting the critical impact that **cybersecurity breaches** can have on organizations.

The Dangers of Globe Ransomware: Data Loss and Business Disruption

The ransomware in this case was a variant of the **Globe ransomware**, which is particularly dangerous because it not only encrypts data but also **deletes system backups**. Backups, typically generated daily, allow businesses and institutions to restore their systems to a previous state after an attack. However, without access to these critical backups, **recovering from a cyberattack becomes nearly impossible** without paying the ransom.

Many organizations rely heavily on their backup systems as a safety net in case of IT disasters. When those backups are compromised, businesses are left with few options to restore operations, leading to downtime, lost revenue, and potentially life-threatening consequences in the healthcare sector.

2,800 Patient Operations Cancelled: A Wake-Up Call

Though the hospitals managed to recover their systems within 48 hours without paying the ransom, the incident resulted in the cancellation of **2,800 patient operations**. Not only did this create potential health risks for patients, but it also led to substantial financial and operational losses for the hospitals involved.

This case raises the question: Could your business survive being shut down for 48 hours? Worse, could you afford the ransom costs, which in some cases have reached **$17,000 or more**, to restore your data?

Protect Your Business from Ransomware Attacks

Don’t wait until your business is hit by a cyberattack to assess the strength of your IT security and backup systems. At Optfinity, we specialize in cybersecurity and can help you evaluate how well-protected your organization is against ransomware and other threats. We offer a free assessment to identify potential vulnerabilities and ensure your backups are secure and effective.

Contact Optfinity today to safeguard your business from ransomware and other cyber threats. Stay proactive—don’t wait until it’s too late to secure your company’s most valuable assets.

Ransomware Attack Impacts LA Population

We talk a lot about ransomware, but phishing scams are still just as prevalent and are just as dangerous to companies, their employees, and their clients. This year, a hacker comprised the data of over three quarters of a million LA County employees. This not only includes their employee’s personal information, but also client/patient information stored in their email accounts.

What does the stolen information include?

The information stolen includes names, social security numbers, credit card information, medical records, and many other sensitive pieces of data.

Aftermath of the Attack

Thankfully, law enforcement launched a criminal investigation and have issued an arrest warrant for one felon and are still looking for potentially any others who might have been involved.

This all began because a thousand county employee email users reportedly received phishing email from the hacker and a few fell victim to the bait. This is a perfect example of how employee training to ensure staff do not click on unfamiliar links as well as two step authentication to prevent unauthorized access could have prevented this large-scale hack.

Next Steps for Your Organization

Are all of your employees knowledgeable on how to avoid phishing scams? Are you aware of the dangers if an employee accidentally opens themselves up, and your systems, to a hacker’s scheme? Optfinity can provide you and your staff with all the necessary tools, software, hardware, and training you need to ensure your IT safety and security.

Remember, anytime a company sends an email asking you for more information, there are some ways to identify if it’s a scam and to protect yourself. You can read the full article for every tip. However, the easiest way to protect yourself in these circumstances is just to go directly to the site yourself without using the provided “link”. This way you know you’re going to the right site.

The other major way to protect yourself is by using two-step authentication whenever it’s available. We have blogged about this several times over the past year. This, and many other tips, are just some of the things you should be training your employees on to avoid having your company’s systems breached. If you want more information on this, or want someone to train your staff for you, contact Optfinity today. We also provide free assessments so you can know for yourself just how secure you really are.

Several weeks ago, the MUNI, San Francisco’s transportation system, was hit hard by a ransomware attack which forced its systems to allow passengers to ride for free. The hackers demanded 100 Bitcoins, which, at a conversion rate of $700/1btc, equates to $70,000. SFMTA has not paid the ransom; however, for fear that it will only encourage future attacks.

Experts think the hack was not deliberate, but rather a chance infection by an employee who unwittingly opened an infected file on their computer, allowing the malware to make its way to over 2,000 systems including servers, workstations, and ticketing machines.

The San Francisco Municipal Transport Agency (SFMTA) had their systems back up and running by the Sunday of the weekend in which it was affected and were able to start charging fares again. But imagine if this were your company affected because of a single careless employee. A huge organization can withstand the loss of revenue over the course of several days, but can your company?

Also, the SFMTA was able to get their systems back up and running in a few days. Do you know how quickly you would be able to recover without having to pay the ransom? How secure and reliable are your backups, if you have any at all? Lucky for you, Optfinity offers free assessments so you know exactly how vulnerable and protected your systems are. Don’t wait till you’re a victim. Secure yourself and your company today.

This group has attacked other businesses before, demanding large ransoms in return for not posting their sensitive data. When WestPark Capital, a recent victim, turned down their “handsome business proposal”, The Dark Overlord published several sensitive documents.

What can these companies do now? Nothing, really; at this point there is no way for them to steal back their information from the thieves. But you can learn a lesson the easy way by boosting your business’ defenses.

You can implement layered defenses, review your security policies, and think about training your employees to be wary of scams and other attacks. If you’re not sure if your company has these or how robust they might be, Optfinity provides free assessments to all companies. Contact us right away and we can let you know just how vulnerable your data may be, what steps you need to take to improve your security, and if there are any other weaknesses regarding your full IT infrastructure. IT safety and security are our number one concerns with regards to our clients.

1. Leverage cloud internally – From the business perspective, utilizing cloud-based PSA tools, RMM tools, virus-monitoring, backups, etc., the cloud is probably the best way with no or very minimal capital expenses to get started.

It’s an operating expense. You can ramp up and pay as you need to. That gives you a lot more flexibility than in the past, where you had to acquire servers, acquire data center space, acquire everything else and pay for the licenses, which made it very difficult to start up.

2. Sell cloud – The cloud provides a lot of benefits. From scalability and elasticity, to the ability to ramp up clients, you can do things that you couldn’t have done in the past because they didn’t have those capabilities, financial and otherwise. Understand the cloud and be able to offer cloud services.

3. Hire with service in mind – As a service provider, you’re selling a service – a solution. Yes, you can productize it, but you’re not selling a product. You’re being judged by the services you provide. Hire people that are going to be personable, that are going to be able to help a customer get through a problem, whether it means knowing the answer right away or not. You can always teach the technical skills. You need to focus on hiring the right people internally that can do the projects that you need as well as focus on your core strengths.

Outsource the rest: your human resources, your payroll. You can go as far as your sales.