By -- 2017-03-28 in Blog, Uncategorized

A website cookie is a file that helps websites identify who you are and whether you have been to a website before.  This is useful for remembering your preferences or items you may have ordered, making your website experience a better one.  The problem occurs when hackers can manipulate this data, as evidenced in this article about the recent Yahoo hacker attacks.

What happened with Yahoo was that hackers could forge cookies for Yahoo’s users which would potentially allow them access to accounts without the need for a password because your cookie and history identified you and Yahoo accepted that information as authentic.

Additionally, browsers use other methods to identify you including your active logins, browsing and download history, cache, cookies, form and search bar data, offline website data, and site preferences.  As a result, you want to regularly wipe clean this information from your computer. 

For more information on this issue you can read the linked article or give us a call at Optfinity (703-790-0400) and we will help ensure all your computers and servers are constantly cleared of possibly damaging items that pose threats to you and your company’s data. 

 

By -- 2017-03-27 in Blog

Recently, a terrorist used WhatsApp to send and receive encrypted messages to help plan an attack, and there have been demands by some that there should be a weakening or banning of this type of encryption.  Would this help prevent this type of terrorist communication?  Absolutely not.

Some have also called for backdoor systems to allow our politicians and law enforcement agencies access to this data.  The danger therein is a surrender of our personal liberties and right to privacy.  Not to mention that criminals would just find other ways around these channels, like compiling their own end-to-end encryption messaging system.

We must remember that encryption protects everyone, which unfortunately includes the “bad guys”, and prevents hackers from gaining access to our sensitive data which abounds on the internet.  Every time you make an online purchase or access your bank account, these encryptions are ensuring your safety and security.  Be wary of those fighting to weaken your privacy rights and ensure your systems are set up accordingly, and don’t forget, Optfinity provides free assessments to make your business life a little easier.

By -- 2017-02-27 in Blog

There is a new phish in town, and now its targeting iTunes users trying to access their personal information.  This attack is emailed in the form of a receipt which appears to come from your iTunes account listing movies the victim supposedly purchased.

There is a link at the bottom which, when clicked, directs the victim to a page asking for personal information in order to obtain a full refund including credit card numbers, social insurance numbers, and even mother’s maiden name.  It is quite obvious what they can then do with all this sensitive data once it is stolen.

To stay ahead of the curve, be sure you are always reviewing the source of the email, sender’s email address, and the actual URLs of the links being suggested, among other things.  And of course, double check your credit card and bank accounts to see if these charges are, in fact, real.  Once you realize these charges are not even listed on your accounts, it is more obvious that this potentially is a scam.

While this current scam is aimed at our Canadian neighbors up north, it won’t be long till it makes its way down to the lower 48.  Always be suspect of any email asking for you to click on a link.  If you’re not sure all your employees are properly trained on how to look out for these types of scams, Optfinity provides training and testing for you and your staff to prevent security breaches by victimized employees.

By -- 2017-02-15 in OptfinITy News

Springfield, VA

February 13, 2017 – This week, Michael Drobnis from OptfinITy, LLC joined the CompTIA DC Fly-In to advocate for IT sector priorities on Capitol Hill during the association’s annual Fly-In to Washington, DC. CompTIA, the Computing Technology Industry Association, through its advocacy arm, champions member-driven business and IT priorities that impact all information technology companies – from small managed solutions providers and software developers to large internet companies, equipment manufacturers, and communications service providers.

As a CompTIA DC Fly-In participant,  Drobnis met with Senator Warner, Senator Kaine, Congressman Beyer and Congressman Wittman’s office to focus their attention on policies that develop skills for the 21st century workforce, advance tax and regulatory policies that spur innovation, lead in secure internet-based platform technologies, support new and emerging technology platforms through policies, address availability and delivery of broadband communications and expand markets and advocate for sensible rules of global trade. “Innovation in the tech sector is a key force behind a strong 21st century economy and Congress should prioritize issues that affect technology companies,” said Drobnis.

“One of the most important issues facing the technology industry today is the availability of a skilled workforce. We shared with our elected officials the importance of internships and apprenticeships as an avenue to train the next generation of IT workers and incentivize educators, students, and employers to adopt alternative education models that will spur economic growth.  We look forward to the 2017 legislative agenda and remain encouraged by the conversations on Capitol Hill about issues critical to our membership,” said Todd Thibodeaux, president and CEO of CompTIA. “We will work closely with congressional leaders to push legislation that boosts the digital economy and fosters American innovation.”

For more information on OptfinITy, please see www.optfinity.com and more information on CompTIA can be found at www.comptia.org.

By -- 2017-02-9 in Blog

WordPress recently released a new version of their software which also included an update that fixed a previously undisclosed critical vulnerability.   If left unpatched, hackers could possibly modify the content of any post or page on a WordPress website.

Initially this vulnerability was not made public in the hopes of staving off hackers; however, it didn’t take long for hackers to strike after the news broke, and it seems over 100,000 webpages may have been the victim of defacement.

You should always ensure you and your company are running the most current version of any software and are constantly downloading the updates provided.  If you can, automatic updates will help alleviate the need to manually check for these. 

Optfinity provides this level of support for all our clients, so they never have to worry about using an old version of any software or not being up-to-date on any security patches.  If you’re not sure of how robust your systems are or whether or not auto-updates are configured, Optfinity can provide you with a free assessment to help you determine how susceptible your data may be.

By -- 2017-02-9 in Blog

How to Stay Safe on Public Wi-Fi: Protecting Your Personal Data

Have you ever stopped to think about the safety of the free Wi-Fi network you’re connecting to at your local coffee shop? If you’re like most people, you probably haven’t. But here’s something you might not know—scammers often set up fake Wi-Fi hotspots to steal your personal data. The next time you’re sipping your latte, take a moment to verify that the network you’re joining is actually from the store, not a malicious hacker sitting nearby.

Why Should You Worry About Public Wi-Fi?

Public Wi-Fi networks are a convenient way to browse the web, check your email, or catch up on social media while on the go. However, they come with significant risks. If you’re connecting to a network set up by a scammer (also known as a “honeypot” Wi-Fi), any data you send over that network could be intercepted. This includes sensitive information like passwords, credit card details, and addresses. If the hacker gains access to your private data, it could lead to identity theft, financial loss, and much more.

How to Protect Your Personal Information

Here are a few essential steps you can take to stay safe while using public Wi-Fi:

  1. Verify the Network: Always confirm the Wi-Fi network name with the staff before connecting. Don’t just assume the free network in a coffee shop is the legitimate one. Scammers are skilled at creating networks with similar names to confuse unsuspecting users.
  2. Look for HTTPS: When visiting websites that require you to input sensitive information—such as passwords or credit card details—make sure the website URL starts with “HTTPS” rather than “HTTP.” HTTPS means the site is using encryption to protect your data, even if you’re on a potentially risky Wi-Fi network. If you don’t see HTTPS, don’t enter any personal information.
  3. Use a VPN (Virtual Private Network): A VPN encrypts your internet connection, making it much harder for anyone to intercept your data. This is particularly useful when using public Wi-Fi.
  4. Turn Off Sharing: Disable file sharing and Bluetooth on your device when using public Wi-Fi. This reduces the chances of someone accessing your files or connecting to your device remotely.
  5. Keep Your Device Updated: Ensure your device’s software is up-to-date with the latest security patches. Regular updates protect you from known vulnerabilities that hackers may exploit.

Unsure About Public Wi-Fi Safety? Contact Optfinity

If you’re still uncertain about using public Wi-Fi or want additional tips on securing your personal data, contact us at Optfinity. Our experts are ready to provide you with advice on how to stay safe online and offer your business a free security assessment. Don’t let hackers steal your data—take the steps necessary to protect yourself today!

By staying vigilant and following these simple precautions, you can enjoy public Wi-Fi without putting your personal information at risk. Stay safe, and always make security a top priority!

By -- 2017-01-24 in Blog

Arkansas police are hoping they can use an Echo found at a murder scene, and its recordings, to help with the investigation of a murder.  Echoes only begin recording after hearing the wake word, but background noise/chatter could have activated the device. 

Amazon stores all the voice recordings from its devices on its servers.  As a user, you can delete your personal voice data, but there’s no way to prevent Amazon from saving that data on their servers.  Amazon has said they do not release customer information without a “valid and binding legal demand”.

While this might all not sound like much for the average user, just remember that the Echo could possibly be picking up any background conversations you might be having, including you talking about personal information such as credit card numbers, addresses, social security numbers, or any other self-identifying data.

Be aware of the cache on your Echo and frequently delete those files.  While there have been no cases yet of mass hacking of these devices, you do not want to make things easier for criminals to have access to your personal data by leaving the information on your Echo.  This is especially true if you utilize one at your place of business. 

By -- 2017-01-4 in Blog

Those one billion Yahoo! users’ account information, which was stolen back in 2013, is now for sale on the computer underground market for a total of a little less than one million dollars.

So not only is the data currently in the hands of criminals and probably being utilized, but if you have not changed your passwords that were also similar to your Yahoo password, all your other accounts might be jeopardized.

And this is just the tip of the iceberg because not only were passwords taken, but so were security questions and answers.  These are also reused by many of us throughout multiple accounts.  So not only should you utilize a password manager and generator for your passwords, but also for security questions.  At the very least, keep the passwords and answers in a simple spreadsheet.  Remember, your security answer does not actually have to be Spot, your first pet.  It could be jIes92#lf!FW.

By -- 2016-12-20 in Blog

British Hospitals Hit by Ransomware: Are Your Business Systems Safe?

Recently, three British hospitals fell victim to a **ransomware attack**, forcing their IT systems offline and leading to the cancellation of routine patient operations. The attack lasted several days, significantly disrupting the hospitals’ ability to provide essential care and services, highlighting the critical impact that **cybersecurity breaches** can have on organizations.

The Dangers of Globe Ransomware: Data Loss and Business Disruption

The ransomware in this case was a variant of the **Globe ransomware**, which is particularly dangerous because it not only encrypts data but also **deletes system backups**. Backups, typically generated daily, allow businesses and institutions to restore their systems to a previous state after an attack. However, without access to these critical backups, **recovering from a cyberattack becomes nearly impossible** without paying the ransom.

Many organizations rely heavily on their backup systems as a safety net in case of IT disasters. When those backups are compromised, businesses are left with few options to restore operations, leading to downtime, lost revenue, and potentially life-threatening consequences in the healthcare sector.

2,800 Patient Operations Cancelled: A Wake-Up Call

Though the hospitals managed to recover their systems within 48 hours without paying the ransom, the incident resulted in the cancellation of **2,800 patient operations**. Not only did this create potential health risks for patients, but it also led to substantial financial and operational losses for the hospitals involved.

This case raises the question: Could your business survive being shut down for 48 hours? Worse, could you afford the ransom costs, which in some cases have reached **$17,000 or more**, to restore your data?

Protect Your Business from Ransomware Attacks

Don’t wait until your business is hit by a cyberattack to assess the strength of your IT security and backup systems. At Optfinity, we specialize in cybersecurity and can help you evaluate how well-protected your organization is against ransomware and other threats. We offer a free assessment to identify potential vulnerabilities and ensure your backups are secure and effective.

Contact Optfinity today to safeguard your business from ransomware and other cyber threats. Stay proactive—don’t wait until it’s too late to secure your company’s most valuable assets.

By -- 2016-12-20 in Blog

Ransomware Attack Impacts LA Population

We talk a lot about ransomware, but phishing scams are still just as prevalent and are just as dangerous to companies, their employees, and their clients. This year, a hacker comprised the data of over three quarters of a million LA County employees. This not only includes their employee’s personal information, but also client/patient information stored in their email accounts.

What does the stolen information include?

The information stolen includes names, social security numbers, credit card information, medical records, and many other sensitive pieces of data.

Aftermath of the Attack

Thankfully, law enforcement launched a criminal investigation and have issued an arrest warrant for one felon and are still looking for potentially any others who might have been involved.

This all began because a thousand county employee email users reportedly received phishing email from the hacker and a few fell victim to the bait. This is a perfect example of how employee training to ensure staff do not click on unfamiliar links as well as two step authentication to prevent unauthorized access could have prevented this large-scale hack.

Next Steps for Your Organization

Are all of your employees knowledgeable on how to avoid phishing scams? Are you aware of the dangers if an employee accidentally opens themselves up, and your systems, to a hacker’s scheme? Optfinity can provide you and your staff with all the necessary tools, software, hardware, and training you need to ensure your IT safety and security.