Google’s Android Security Update Decision

What Android Security Update means for Your Business Devices

If you use Android for work, there’s an urgent new Android security update risk you need to know about. Google has just cut off security update access for Android devices running anything older than Android 11. That may sound technical, but the bottom line is simple. Half of all Android users are now more vulnerable to cybersecurity threats, and many don’t even realize it.

As your IT partner, SoftTouch Systems (STS) is here to explain what’s going on, what it means, and how to respond before it becomes a costly issue.

What Changed: Google Tightens Android Security Policies

In a move aimed at streamlining and strengthening mobile security, Google announced it will no longer provide Play Protect security updates for Android versions below 11.

Why does this matter?
Play Protect is Google’s real-time scanning system that flags malicious apps, helps detect harmful behavior, and protects users from phishing or spyware. Without updates, it’s like locking your front door but leaving the windows wide open.

According to industry data, nearly 50% of Android devices worldwide are still running Android 10 or older. That includes popular, budget-friendly phones and tablets commonly used in field operations, volunteer programs, and small business settings.

Why This Creates Risk for Small Businesses & Nonprofits

Older Android devices won’t suddenly stop working—but they will stop receiving the protections needed to guard against:

  • Malicious app downloads
  • Phishing attempts disguised as push notifications
  • Backdoor exploits used to access sensitive files, emails, or passwords

For many small business owners or nonprofit leaders, these devices are used for:

  • Email access
  • Calendar and event management
  • Social media or bank account logins
  • Internal file sharing and password storage

If even one of these devices gets compromised, it could expose the entire network or lead to data loss that violates compliance regulations—especially for nonprofits handling donations, volunteer data, or sensitive community records.

Google Android Security Updates

Who’s Responsible Now? It’s Not Google

This is where things get complicated.

Google is shifting the responsibility for security updates to device manufacturers—companies like Samsung, LG, or Xiaomi. But here’s the catch: most brands don’t support updates past 2–3 years, and many budget devices are abandoned much sooner.

So unless you’re using a newer Google Pixel or flagship Samsung Galaxy, it’s likely your Android device is now unsupported and unprotected.

For business owners and nonprofit leaders trying to stretch budgets, this silent shift can introduce unexpected cybersecurity exposure with zero warning.

How to Tell If You’re Affected

Here’s a quick test you can do right now:

  1. Open your Android device.
  2. Go to Settings → About Phone → Android Version.
  3. If it says Android 10 or earlier, your device is no longer receiving Play Protect updates.

If you’re running Android 11 or newer, you’re still protected—for now. But that doesn’t guarantee long-term safety, especially if you’re nearing the update support cutoff window.

STS Recommendations: What You Should Do Right Now

We recommend a 3-step response plan to reduce your risk:

1. Audit Your Team’s Devices

List every Android device used for business operations—phones, tablets, point-of-sale systems, etc. Check their version and support status.

2. Retire At-Risk Devices

Any device below Android 11 should be marked for replacement ASAP. We recommend transitioning to devices with guaranteed long-term support (such as Google Pixel or Samsung Enterprise models).

3. Implement Mobile Security & Management

If your team uses personal devices for work (BYOD), consider Mobile Device Management (MDM) tools or endpoint protection software. STS can help you set this up for as little as a few dollars per month per user.

Why This Matters More for Community-Focused Organizations

If you serve your community—whether as a small-town business, school district, or local nonprofit, your reputation depends on trust. A single mobile breach can lead to:

  • Embarrassing data leaks
  • Lost donor or customer confidence
  • Potential compliance fines (especially with HIPAA, FERPA, or donor protection laws)

That’s why proactive IT—checking before a breach happens—is always cheaper and smarter than reacting after the fact.

SoftTouch Systems Can Help

At STS, we specialize in helping Texas-based businesses and nonprofits navigate the complex world of cybersecurity with clarity, care, and community values at heart.

If you’re unsure how exposed your devices might be, or how to upgrade without breaking the bank, let’s talk.

We offer:

  • ✅ Free mobile device audits
  • ✅ Budget-friendly security bundles
  • ✅ Policy templates for BYOD and mobile use
  • ✅ Support choosing and configuring secure phones

Final Thought: Don’t Let a Phone Be Your Weakest Link

In today’s mobile-first world, smartphones are more than communication tools—they’re gateways to your operations. Don’t wait for an incident to find out your protections have expired.

Reach out to SoftTouch Systems today and we’ll help you secure what matters, before it becomes a liability.

Hackers Are Using Zoom Malware Attack: How to Stay Protected

Hackers Are Using Zoom to Spread Malware: How to Stay Protected

In today’s interconnected world, video conferencing is essential for many businesses. However, new threats are emerging that target these very tools we rely on. A recent report highlights that hackers are now using Zoom to spread malware and take control of computers. At SofTouch Systems, we want our clients to be ahead of these risks. That is why understanding zoom malware attack prevention is critical for your cybersecurity strategy.

Warning Hackers are using Zoom. Why you need Zoom malware attack prevention.

How Hackers Are Exploiting Zoom

Cybercriminals have found creative ways to abuse Zoom’s popularity. They set up fake Zoom websites and send phishing emails to trick users into downloading malicious software. These downloads often look like legitimate Zoom installers but instead install malware capable of stealing information or granting remote access to your device.

Once a system is infected, attackers can monitor activities, steal credentials, plant ransomware, or even manipulate financial transactions. Without proper defenses, businesses could face costly downtime, legal issues, and serious damage to their reputation.

Common Tactics Used by Attackers

  1. Phishing Emails: Messages pretending to be from Zoom support or alerting you of missed meetings.
  2. Fake Zoom Installers: Malicious websites offering supposed updates to Zoom software.
  3. Remote Access Trojans (RATs): Malware that gives attackers full control over infected machines.

The consequences are severe. Attackers gaining control of a single workstation can quickly pivot across networks, causing broader organizational breaches.

SofTouch Systems

How SofTouch Systems Helps with Zoom Malware Attack Prevention

Protecting your business starts with layered defenses. Here are proven strategies we help our clients implement:

1. Verified Software Sources Only
Always download Zoom and other apps directly from official websites. At SofTouch Systems, we help clients lock down systems to prevent unauthorized software downloads.

2. Advanced Endpoint Protection
Basic antivirus is no longer enough. We deploy next-generation endpoint detection and response (EDR) solutions that can identify and quarantine malware before it causes harm.

3. Staff Cybersecurity Training
Hackers rely on human error. Our security awareness training programs teach employees how to recognize phishing emails and avoid dangerous downloads.

4. Web Filtering and Firewall Protection
We set up content filtering and firewalls that block access to known malicious domains automatically, reducing the chance of successful phishing attempts.

5. Routine Patch Management
Regular updates to Zoom and all other critical software reduce vulnerabilities. We manage patching to ensure your environment is always secure and up to date.

Zoom remains a powerful communication tool, but businesses must be proactive about security. A single mistake can open the door to devastating cyberattacks.

Final Thoughts

Zoom is not inherently unsafe, but attackers exploit user habits and trust. Understanding and implementing zoom malware attack prevention measures is crucial for any business using video conferencing tools. SofTouch Systems is here to guide you through securing your operations against these evolving threats.

If you are unsure whether your organization is adequately protected, contact us today for a free consultation. Together, we can keep your business safe in the digital world.

When Trusted Emails Turn Against You: What Google’s DKIM Exploit Means for Your Business

What is Google’s DKIM Exploit Email

Imagine getting an email from Google, a security alert, invoice notification, or login verification. Everything looks legitimate. The domain checks out, the formatting is right, and even the signature passes security checks like DKIM. But here’s the twist: it’s a weaponized fake. Here we’ll explain exactly what Google DKIM exploit email means.

Fake Google Emails can be difficult to spot.

That’s exactly what cybersecurity researchers uncovered in a recent exploit targeting Google’s DomainKeys Identified Mail (DKIM) system—one of the internet’s most trusted tools for email authentication. This flaw bypasses DKIM protections, allowing attackers to send highly convincing spoofed emails that appear to come directly from Google itself.

As a Managed Service Provider (MSP) committed to protecting small and mid-sized businesses in Texas, SofTouch Systems is raising the flag—because this isn’t just a Google problem. It’s a client problem, and here’s why.

What’s the DKIM Exploit?

DKIM works like a wax seal on an envelope. When Google sends an email, it “signs” it with a special encrypted signature. If that signature matches the one stored on their servers, the email is considered legitimate.

The new exploit lets attackers reuse legitimate DKIM-signed content. Some ways are through Google alert emails, while inserting malicious content into hidden areas or headers. Since the signature still matches the original signed portion, it passes DKIM checks even though the email’s payload has changed. Google DKIM exploit email isn’t just smart it’s genius.

Scenarios That Could Impact SofTouch Clients

Here’s where it gets dangerous. This exploit isn’t theoretical, it could directly affect your business in the following ways:

1. Fake Security Alerts That Trick Staff

A fake “Security Alert from Google” might urge an employee to change their password. The link sends them to a lookalike login page. Once entered, the attacker owns that account—and any connected systems (Gmail, Drive, Admin Panel).

Impact: Unauthorized access to sensitive business data, client files, or even internal HR and accounting documents.

2. Fake Google Workspace Billing Emails

An attacker could send a spoofed invoice from “Google Workspace,” requesting payment or prompting a credit card update.

Impact: Financial loss and compromised banking details.

3. Weaponized Email Threads

An attacker could reply to a real email thread (say, between your business and a vendor), hijacking the conversation midstream using a spoofed email that passes DKIM.

Impact: Wire fraud, phishing, or data leaks—especially if your team assumes legitimacy based on appearance.

Humans are the weakest link in the communication industry.

How People Can Protect Themselves

While Google is actively working to close the loophole, protection must begin at the inbox. Here’s how we help against “Google DKIM exploit email”:

✅ 1. Enable DMARC Enforcement

DMARC (Domain-based Message Authentication, Reporting & Conformance) works with DKIM and SPF to enforce strict rules about which servers can send mail on your domain’s behalf. SofTouch helps clients configure these correctly, so fakes are rejected immediately.

✅ 2. Advanced Email Filtering (Beyond Google)

Many businesses rely solely on Google or Microsoft’s native spam filters. We recommend—and deploy—advanced email security layers that scan for suspicious payloads, sender anomalies, and hidden exploits.

If you’re using only the default spam protection, you’re flying blind in a storm.

✅ 3. Real-Time Phishing Simulation & Training

We simulate phishing attacks for clients to test staff awareness. It’s not about “catching” someone—it’s about building a team that knows what to look for and stays skeptical of anything that feels off.

✅ 4. Alert & Quarantine Monitoring

We install systems that quarantine suspicious emails and notify your team and ours before they hit your inbox. That means fewer false alarms, fewer mistakes—and less time lost second-guessing every message.

Fear of losing a password could be your demise.

Final Thoughts

The lesson here is clear: even trusted senders can be spoofed when security protocols are exploited. In a world where hackers don’t break in—they log in—email is the front door, and it’s often left wide open.

At SofTouch Systems, we’re not just watching the headlines—we’re implementing solutions today to protect our clients from tomorrow’s threats.

If you want to know whether your email system is protected against this kind of attack, reach out for a free security checkup. You might be surprised what we find.