Home/Blog

Blog

Cloudflare announces possible breach of user credentials

Make sure you change duplicate passwords immediately!

On Thursday of last week, website security provider Cloudflare announced a major security vulnerability affecting their service. This vulnerability has caused sensitive user data to be exposed across a number of popular websites, like Yelp, Uber, and others.

To protect yourself, make sure you are not reusing any passwords on multiple accounts. If you are reusing passwords, we suggest changing them to unique passwords immediately. People often get into trouble when a breach compromises one of their passwords, and they also use that password for their bank account, credit cards, or other sensitive logins.

We know it’s tough to make sure every single password is unique, so we recommend using a tool like LastPass. To learn more about LastPass, check out this article and One-Minute Wednesday video on our favorite password manager. You can also watch the video below:

 
February 27th, 2017|

Cybersecurity Alert: Latest Scam Combines CEO Fraud With W-2 Phishing

Tax season kicks off with W-2 phishing and wire transfer scams

These days, most of us are probably aware of CEO fraud, where cybercriminals impersonate high-level executives and trick employees into wiring company funds to an external account. And you may remember hearing about W-2 phishing during last year’s tax season, where scammers impersonated CEOs to extract employee tax forms from unsuspecting finance employees.

A W-2 Wage and Tax StatementRecently we’ve been seeing these two scams combined into a one-two punch. The IRS has released a security alert warning that scammers have started W-2 phishing much earlier than normal this year. Scammers have already extracted W-2 data from a number of U.S. companies, which have subsequently been used to file fraudulent tax returns. What’s worse is that these scammers are following up on their W-2 scam emails with a second set of phishing attacks, where they send a spoofed “executive” email to someone in the finance department demanding an urgent wire transfer.

“This is one of the most dangerous email phishing scams we’ve seen in a long time,” IRS Commissioner John Koskinen said. “Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars.” A recent Federal Trade Commission report indicated that tax fraud contributed to a 50% increase in identity theft in 2015, and we think the upward trend will likely continue.

What should you do about this?

Most importantly, we suggest you send this email to anyone you feel may be at risk, whether employees, friends, or family. Feel free to modify the email to fit your needs:

[ALERT] Cybercriminals are starting their tax scams early this season! They are now combining two scams into a strong one-two punch. First, they ask you to send them the W-2 forms for all employees, with the email looking like it comes from the CEO or a C-level executive. Next, they follow up with an urgent request to transfer a large sum of money to a bank account controlled by these cybercriminals.

Remember: requests like this should raise a red flag. You should verify that the request is legitimate by calling the sender directly or, better yet, talking to them in person. These scam emails are often pushy and urgent, but don’t be afraid to spend five minutes verifying them, even if it’s the CEO making the request!

To learn more about how to spot phishing attacks, check out this helpful video. Cybercriminals are out in force this tax season, so make sure you stay alert and think before you click!

After educating your team, make sure you report any suspicious emails. According to the IRS, organizations receiving a W-2 phishing email should immediately forward it to phishing@irs.gov with “W2 Scam” as the subject line. Anyone receiving phishing scams or falling victim to one should also file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

If you think your W-2 form has been stolen: you should review the Federal Trade Commission’s recommendations at www.identitytheft.gov or the IRS’s steps at www.irs.gov/identitytheft. If your tax return was rejected because of a duplicate (likely stolen) Social Security number, you should immediately file a Form 14039 Identity Theft Affidavit with the IRS.

Finally, we suggest filing your taxes as soon as you can this year—a fraudulent tax return will be rejected if you beat the cybercriminals to the punch.

If you’re not sure whether your company is protected from the latest cybersecurity threats, we’d love to help you assess your vulnerabilities and then work with you to take action. Click here to make an appointment to discuss your security assessment. And don’t forget to stay safe out there!

February 14th, 2017|

TechMD Named Top Workplace in Orange County!

Orange County Register Recognizes TechMD

At TechMD, we believe in investing in others so they may prosper. For our employees, this means developing a hard-working, fun-loving company culture and investing in their careers.

This approach has been a key factor in delivering our exceptional customer experience: we hire passionate, friendly employees and treat them like family, and in turn everyone is excited about their work and takes great care of our clients.

We’re proud to announce that our work has paid off again, and we’ve been named one of Orange County’s Top Workplaces by the Orange County Register.

This is our second year on the OC Register’s Top Workplaces list, and our fifth year being named to one of Orange County’s “best workplace” lists. We are excited about this award and are looking forward to placing again next year!

December 15th, 2016|

Five Tips for Shopping Securely Online

Shop Smart and Secure This Holiday Season!

Christmas is just around the corner, and while you might have all your shopping done already, most of us are still looking around for the perfect gift! And like many people, you’ll do a good portion (or even all) of your shopping online.

However, is your financial data protected? Have you taken the proper measures to make sure your online purchases are protected? Finding the perfect gift may be stressful, but cybersecurity doesn’t have to be too—here are a few tips for staying safe while shopping online:

#1: Create Secure Passwords

    Checking out online can be a tedious process. You often have to sign-up for an account, fill out your name and shipping information, and choose a username and password to log in to your account.

    A crucial part of this process is making sure you choose a secure password. While choosing a password you’ve already memorized is often the easiest route, it is not the safest way to do things. If a cybercriminal breaches an online vendor and gains access to your username and password, they will test those login credentials against more sensitive websites, like you bank or credit card.

    The best way to prevent this is to use a different password for every website. This can quickly become overwhelming—to manage all those passwords, we highly recommend our favorite password management tool: LastPass.

#2: Shop on a Secure Website

    Shopping on websites through a secure HTTPS connection is one of the most important things you can do to stay safe during the holiday season. A website with HTTPS enabled means that any information you submit will be encrypted rather than being sent over the network in plain text. This helps keep you protected from cybercriminals intercepting and stealing your credit card data.

    One way to tell if a website is secure is to look for a padlock icon to the left of the website address in the navigation bar, and “https” at the beginning of the web address. Most common web browsers, including Chrome, Firefox, and Safari, will display this icon.

    The Firefox navigation bar showing a secure connection

    You can learn more about secure HTTPS connections here.

#3: Avoid Shopping on Public Wi-Fi Networks

    Public wi-fi networks are convenient, allowing you to browse the internet for free while on the go. However, public wi-fi networks are rarely secure, and purchasing gifts or logging into online accounts while connected to one can be a huge risk. Any data sent through a free public connection is vulnerable to being observed and captured by malicious cybercriminals.

    If you’d like to learn more about some best practices for browsing on public wi-fi networks, don’t miss our One-Minute Wednesday episode on wi-fi security!

#4: Just Say No to Unsolicited Email Offers

    Getting deep discounts on your purchases is always exciting, but you should be wary of any email offers coming from stores you don’t commonly shop with. This is a big red flag that could indicate a phishing attempt.

    Scammers often send out emails posing as online shopping outlets, tempting consumers to click on malicious links with “can’t-miss” deals and offers. Clicking on these links will allow cybercriminals to steal any information you submit, including usernames and passwords as well as credit card data. If you’ve received a suspicious email like this and have clicked on the link, close the window and type in the online store’s web address directly, just in case.

    To learn more about phishing scams and how to spot them, check out our One-Minute Wednesday episode covering the Target Data Breach.

#5: Use a Credit Card, Not a Debit Card

    Even if you follow all the best practices outlined above, there’s always a small chance that your financial data will be compromised. Because of this, it’s a smart idea to use a credit card rather than a debit card for online purchases, since most credit cards are covered with fraud protection and credit card companies are incentivized to resolve any fraudulent activity quickly.

    Fraudulent activity on your credit card is also better for you because there’s no immediate impact to your cash flow—if someone steals $1000 from your checking account, you’re out of luck until you get it back. But if someone charges up $1000 on your credit card, you aren’t obligated to pay off the charges while you wait for them to be reversed.

Above all, Christmas is a time to celebrate and enjoy your loved ones. Avoid having to worry about your cybersecurity and privacy during the holiday season by following our tips and tricks above.

December 8th, 2016|

TechMD Announces Acquisition of StoneHill Technical Solutions

TechMD Acquires Local Managed Services Provider

We are excited to announce that we have acquired StoneHill Technical Solutions, an established managed services provider with a strong client base in South Orange County.

Since 2003, we have offered managed IT services to small and medium businesses in Southern California. It is our mission to revolutionize the way our partners leverage technology and empower them with the best strategy to fulfill their goals. With that in mind, we are eager to pursue this opportunity to bring our perspective and our industry-leading services to new clients in Southern California.

TechMD and StoneHill have a long history of collaboration. For nearly five years, we compared notes as we grew side-by-side, developed many of the same service offerings, and cultivated very similar company cultures. After a while it became obvious that joining forces would allow us to provide maximum value to our clients and partners.

With this acquisition, StoneHill CEO David Bryden will be transitioning into an active role on our leadership team. We are looking forward to his contributions as we improve our services and grow our company.

“I have known David for nearly five years now, and we’ve always talked about joining forces. By acquiring their managed services business, we’ll be able to expand our reach throughout Southern California,” said Mark Perez, TechMD CEO. “We’re also excited about leveraging David’s expertise to provide enhanced offerings around network security, the cloud, and other emerging technologies—a huge win for our existing clients. We’re really happy to see StoneHill finally join the TechMD family.”

A Refined Focus on Emergent Technologies

The technology landscape is rapidly changing, particularly in the cyber security arena, and we are excited to refine our focus on emerging technologies to meet new threats and opportunities. Our strategic acquisition of StoneHill will allow us to leverage their knowledge and expertise to pursue enhanced service offerings around cutting-edge technologies. For example:

  • Cyber Security: rest easy with your network security and business continuity in good hands
  • Cloud Services: increase system reliability while reducing ongoing hardware replacement costs
  • Unified Communications: remove barriers to team collaboration and efficient communication

And we’re excited about the possibilities: as the technology landscape continues to develop, we believe we’ll be able to arm small and medium-sized businesses with the tools to compete on an enterprise level.

By teaming up with StoneHill, we will be able to refine and expand our services as we help many more Southern California businesses achieve their technology goals. And from instant support and security solutions to cloud integration and strategic consulting, our team will continue to provide world-class IT support to our clients and partners.

We look forward to a day when small business technology meets enterprise-level reliability, allowing anyone to compete with even the largest corporations. With a world-class team and our fantastic clients, we’re excited to work together toward our vision of a world where technology is nothing less than perfectly seamless.

October 13th, 2016|

Yahoo Announces Largest Security Breach of All Time

the Yahoo sign at company headquarters

On Thursday, Yahoo announced a massive security breach involving user account credentials for its services.

According to Yahoo’s investor relations page, “a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor”. The account information in question includes names, email addresses, passwords, birthdays, telephone numbers, and some potentially-unencrypted security questions and answers”. Yahoo says it does not believe any credit card or bank account information was included in the breach.

Initial accounts from Yahoo indicate that at least 500 million user account credentials were stolen, making this the largest security breach of all time. If you use any of Yahoo’s services, we strongly recommend changing your password and security answers as soon as possible.

To learn more about creating strong passwords and protecting them from hackers, check out our One-Minute Wednesday episode by clicking here or watching below:

 


You can watch our One-Minute Wednesday episode on LastPass here.

See below for the full message from Yahoo’s investor relations page:

A recent investigation by Yahoo! Inc. has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter.

Yahoo is notifying potentially affected users and has taken steps to secure their accounts. These steps include invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords. Yahoo is also recommending that users who haven’t changed their passwords since 2014 do so.

Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account. The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information. Additionally, Yahoo asks users to consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.

Online intrusions and thefts by state-sponsored actors have become increasingly common across the technology industry. Yahoo and other companies have launched programs to detect and notify users when a company strongly suspects that a state-sponsored actor has targeted an account. Since the inception of Yahoo’s program in December 2015, independent of the recent investigation, approximately 10,000 users have received such a notice.

Additional information will be available on the Yahoo Security Issue FAQs page, beginning at 11:30 am Pacific Daylight Time (PDT) on September 22, 2016.

September 26th, 2016|

TechMD Makes the Inc. 5000 List Again in 2016

TechMD ranked 3028 on the Inc. 5000

For the third consecutive year, TechMD has been featured on the Inc. 5000 List. This year, we were named the 3028th fastest-growing company in the United States, with 113% three-year growth. For more than 30 years now, Inc. Magazine has been ranking the fastest-growing private US businesses across all industries. We are honored to be featured on their list three years in a row!

2016 has been a big year for us. After months of renovation work, we finally finished our new building and moved in. We have grown to 48 team members, launched a new website, and continued to refine and perfect our services. And, of course, we’ve partnered with several new clients and are looking forward to serving them for years to come!

And with our new building comes new opportunities: we’ve already hosted a Lunch and Learn in our awesome kitchen and lounge space, and we’re looking forward to hosting many more. Stay tuned for more information about workshops on network security, business intelligence, and many other important topics!

We look forward to being included on the Inc. 5000 list for a fourth year in a row in 2017!

September 9th, 2016|

The 2016 TechMD Olympics Have Begun!

The 2016 Olympics have begun in Rio de Janeiro, and so have our office Olympics! Some of our highly-anticipated tournaments include Super Smash Bros., Foosball, and our highlight tournament of the week: Ping Pong. When your favorite analysts aren’t spending time doing IT right, you can find them in our lounge battling it out for gold and glory!

David and Nate face off in their Round 3 match

David and Nate face off in their Round 3 match

Ping Pong is one of our most highly-anticipated and well-attended sports here at TechMD. This tournament (like many of our previous ones) has been graciously organized by one of our favorite Professional Services Consultants, Cory “BigJeffrey” Hanley, the reigning Ping Pong champion.

While it’s no secret that Cory is one of our toughest competitors, Jr. Developer David Larsen has provided some strong competition in this tournament, knocking Cory into the loser’s bracket after their Semi-Final match!

The TechMD Ping Pong Tournament Bracket

Will Cang “CD#1” Dao recover from early losses and fight his way back into the championship match? Will “NastyNate” Emenaker succeed in his face-off against Cang, only to meet Cory at the top of the loser’s bracket? Will newcomer David Larsen be able to defeat Cory for the second time and take the throne as Supreme Champion?

Stay tuned to find out!

August 8th, 2016|

We’ve Moved Into Our New Building

After a year of renovation, we are excited to announce that we have moved into our new office building! Purchased in August of 2015, our new home-away-from-home is finished and occupied.

The New TechMD Building

President and Co-Founder Sebastian Igreti was the visionary behind the new space, working around the clock with the architectural firm and general contractor to create a truly impressive building. Concrete floors and natural wood elements give the space a contemporary and comfortable environment. Our teams have been organized into pods that effectively facilitate collaboration and team building. And the full kitchen and spacious lounge provides us with ample space to relax, have lunch, and play games together, all while being the perfect place to host and entertain our clients.

The TechMD Lounge and Kitchen

The TechMD lobby

The new building also features several outdoor patios, a fully-functioning gym, widescreen game systems, a foosball table, and a ping pong table (where our first tournament is already underway!). Our new home was purchased and built with our rapid growth in mind: transitioning from multiple separate suites in a shared building to a modern and spacious building of our own will give us the room to expand and continue to perfect our service offering.

We are all thrilled to have finally settled into a new space that fits our needs and allows us to better serve our clients!

June 15th, 2016|

OC Register Covers TechMD’s 2015 Volunteering Program


We made the paper! This year we set a company goal to complete at least 500 hours of volunteering, and on December 3rd, 2015, the Orange County Register profiled our volunteering program, along with several other Orange County companies.

We are honored to have so many employees who are willing to sacrifice their time and invest their efforts in helping the less fortunate thrive and flourish. Check out the OC Register article, and don’t miss the photos in the slideshow!

Giving Tree

December 4th, 2015|