Network Support Programs


Does your business need help with IT? Consider RemoteNet:

  • Knowledgeable, friendly helpdesk
  • Super fast response times
  • The best engineers
  • Affordable rates for small businesses
  • Proactive monitoring and maintenance

Learn More »

Cloud Computing


Ready to move your business to the cloud? Tired of dealing with crashing servers, constant maintenance, power outages, backups, viruses, etc? Direct iT is your one stop cloud provider:

  • Hosted mail solutions including Office 365™ and Google Apps™
  • Virtualize your servers and desktops into the cloud
  • Cloud-based backup
  • Cloud-based disaster recovery     Learn More »
Social Media Websites


Ready to jumpstart your marketing into the social media age?  Our blog-based websites will let you connect with current and potential customers like never before!

  • Blog-based site lets you easily post relevant news and articles
  • Connect with Facebook, Twitter, and LinkedIn
  • Professional-looking templates get you up and running very quickly

Learn More »

My Efact: Paperless Office


Ready to go paperless?  My Efact: Paperless Office is our cloud-based paperless office document management and scanning system.  Features include:

  • Scan and access documents from anywhere
  • Secure encrypted email for regulatory compliance
  • Unlimited users and scanners
  • Full DVD backup of your files mailed to you every 3 months
  • Free telephone support and training      Learn More »
Hosted Email: Office 365


Direct iT is an authorized reseller of Office 365™, Microsoft's new cloud-based email hosting system. Office 365™ brings you the features of Microsoft Exchange without the headaches of hosting your own.  Features include:

  • Share calendars with your co-workers
  • Outlook Web Access lets you access mail from anywhere
  • Outlook 2007™ and Outlook 2010™ support
  • 25GB mailbox - plenty of storage Watch a short video »

Direct IT Blog

  • Massive Stolen Password Lists From LinkedIn and MySpace Put Over 500 Million Passwords in Hackers’ Clutches

    Massive Password Lists Stolen and Shared

    In the past few weeks, there has been a massive uptick in cyber attacks involving the use of stolen passwords to gain access to corporate email and other IT systems.  This increase can be traced to two recent events from May.  First, a hacker sold a list of 167 million LinkedIn account credentials (many including email addresses, usernames, and passwords) on the dark web.  Then, a few weeks later, the same hacker sold a bigger list containing 427 million MySpace usernames and passwords.  Very soon, both of these lists had been re-sold, copied, and shared around with hacker groups around the world.

    Why These Password Thefts Matter   vicepwds

    Now, most of us aren’t particularly worried about hackers getting into our LinkedIn or Myspace accounts as nothing critically important is kept there. However, the real impact of these breaches is due to the fact that millions of people re-use the same usernames and passwords for everything, and therefore this same list of usernames and passwords can be used to login to many corporate e-mail, IT, online banking, and other vital accounts.

    What You Can Do About It

    • Make sure you never re-use old passwords
    • Periodically review and change all important passwords on your network
    • Use strong passwords




  • Microsoft Sues Justice Department Over Spying

    lawsuitbuttonOn April 14th, Microsoft filed a lawsuit against the Justice Department in the Federal District Court in Seattle.  The lawsuit alleges that federal law enforcement agencies have used an unconstitutional interpretation of the Electronic Communications Privacy Act of 1986 in order to access to thousands of Microsoft customers’ data that is stored in the cloud (primarily email such as Office 365 and Hotmail).  Microsoft claims that because this spying is so widespread, and because many of the orders also demand that the spying be kept secret, and have no end date (either for the spying or the secrecy), this violates the Fourth Amendment right to protection from unlawful search and seizures. Microsoft also claims that their First Amendment right to inform customers they are being spied on is also being violated.

    “From September 2014 to March 2016, Microsoft received 5,624 federal demands in the United States for customer information or data. Nearly half — 2,576 — were accompanied by secrecy orders.”

    Often, gag orders prevent companies from reporting government spying on their customers.  However, some companies use what is referred to as a “warrant canary” — which is a statement somewhere on their website/service that they have never been subject to any warrants/spying.  The idea is that when the government begins spying, the company can remove the canary notice from their site, so that users can realize the notice is gone and become aware that spying may have occurred, without the company specifically notifying the users in violation of the gag order. You can read more about warrant canaries at  

    You can also read the coverage in the New York Times at


  • Hackers Impersonating CEOs In Wire Fraud Attempts


    Local businesses are being targeted by a new category of phishing attacks, called BEC (Business Email Compromise) or CEO scams.  According to the FBI, the total losses from BEC scams is over 1.2 billion dollars.  BEC scammers impersonate CEOs by sending emails to business associates (such as attorneys, accountants, partners, assistants, etc) asking them to authorize a wire transfer. There are a few things that are different about these BEC scams compared to e-mail fraud we are used to:

    • The request for a wire transfer is usually very specific and well-written — customized for the particular target
    • Details about the targeted business and its employees from LinkedIn, Facebook, and other public websites are integrated into the email to make it seem more legitimate
    • Sometimes fake domain names are registered that are very very similar to real domain names as part of the scam, so that the attacker can send and receive email pretending to be someone else.  For instance, if your real business domain name was, the hackers might actually register so they could send and receive messages that look extremely similar to your real email address
    • Sometimes the hackers also might try to find publicly-posted emails from you or trick someone at your firm into sending an email so they can see what your standard signature / style of email is, so that the fake email they craft can have your real salutations and signatures.
    • In some cases they may use stolen passwords to actually gain access to an email account if possible


    According to the FBI’s Internet Crime Complaint Center statistics, the average loss from successful BEC scams is around $100,000.  There are a few things you can do to protect your business:


    • Training, training, training.  The #1 most important step for security is to make sure your employees understand the risks and take them seriously.
    • Make sure your accountants and associates know to not authorize any wire transactions based only on e-mail
    • Use strong passwords and never re-use your corporate password for other sites
    • Remember never to click on unfamiliar or suspicious links or attachments in email


  • CFPB Update: Lender Audits Ongoing

    Background: The CFPB is BornCFPB_2tone_Horiz_RGB

    In 2010, President Obama signed the Dodd-Frank act into law, which changed financial and banking regulations and created a federal agency dedicated to consumer financial protection, the Consumer Financial Protection Bureau (CFPB). Much of the Dodd-Frank act has already taken effect, although the new disclosure forms (known as TRID, short for TILA RESPA Integrated Disclosure) weren’t finally adopted until October of 2015. Under the Dodd-Frank act, the CFPB is responsible for regulating the mortgage industry, which includes enforcing and maintaining regulations under the Truth In Lending Act (TILA) and the Real Estate Settlement Procedures Act (RESPA) as well as the Dodd-Frank act. The CFPB has already begun auditing lenders and mortgage service providers; at first, it was much larger lenders that were primarily being audited by the CFPB, but now there has been some news of smaller lenders also being audited by CFPB examiners.

    CFPB Now Auditing Smaller Companies

    There are a number of accounts of the CFPB auditing smaller lenders, and sometimes taking further actions. It’s difficult to find statistics about CFPB audits, although there is a lot of information about audit processes and specific enforcement actions. Michigan’s Lighthouse Title was recently fined because of RESPA-violating marketing services agreements. In May of 2013, the CFPB took a similar enforcement action against Paul Taylor Homes and Benchmark Bank of Dallas, TX.

    How Has Dodd-Frank Changed the Real Estate Closing Process?

    • The HUD-1, TIL, and GFE forms replaced by TRID/KBYO Integrated Disclosure
    • New standards and time limits for mortgage statements, disclosures, and notices
    • Lenders now take all liability for mistakes made by mortgage servicers
    • The CFPB has taken over some of the enforcement authority from the FDIC
    • Part of the CFPB’s audit checklist is to confirm that the lender or mortgage service provider is following the data privacy rules of the Gramm-Leech-Bliley act (which requires a written security plan)

    What Does This Mean For Real Estate Closers?

    • We’re seeing more compliance and data security pressure from lenders. Because of the liability shift to lenders and because of the CFPB’s ongoing auditing and enforcement processes, lenders are under a lot of regulatory pressure which is being passed on to settlement services and other third-party service providers. The CFPB’s 2012-03 Bulletin explains that it will expect lenders to “review[] the service providers’ policies, procedures, internal controls, and training materials”, and also that lenders must “establish internal controls and on-going monitoring to determine whether the service provider is complying with Federal consumer financial law…”
    • Be ready to take data security rules more seriously. Data security regulations (especially Gramm-Leech-Bliley) have applied for years to anyone even remotely involved in the mortgage process; however, now there is a regulatory agency actively enforcing these for settlement services.
    • You can now be audited by the CFPB in person. Although the CFPB is currently focusing more on auditing larger lenders, their mandate requires them to audit mortgage servicers and lenders of all sizes. From the CFPB’s 2012-03 Bulletin, they stated very clearly that “Title X [] grants the CFPB supervisory and enforcement authority over supervised service providers, which includes the authority to examine the operations of service providers on site.”

    Where Can You Get Help With Compliance Management?

    • Direct iT’s compliance team is very experienced at helping with the IT and technology side of the compliance process. We can perform technical risk assessments and help you establish a written information security plan (as required by the CFPB as well as state data security regulations).
    • ALTA’s Best Practices 2.0 is a set of policies and procedures developed by ALTA (American Land Title Association); while not officially endorsed by the CFPB, ALTA has been very involved with the CFPB rule-making process and has developed their Best Practices with compliance in mind.
    • An ongoing network maintenance and monitoring program like Direct iT’s RemoteNet program is essential for ensuring that the minimum standard of data security required by Gramm-Leach-Bliley is met.

    Where Can You Read More About The CFPB And Dodd-Frank?

    16 CFR 314.4 (data privacy rules authorized by Gramm-Leech-Bliley act)

    CFPB Examination Procedures for Mortgage Servicers

    ALTA Best Practices

    CFPB Bulletin 2012-03

    CFPB Auditing Small Texas Builder


  • Top 20 Fastest Growing Cloud Companies

    awardWe at Direct iT are proud to announce that we were selected as one of the top 20 fastest growing cloud companies by Silicon Review.  Back in 2007 we had already launched two cloud-based products including our cloud-based email filtering service and My Efact: Paperless Office, our cloud document management and secure email product. Direct iT now also offers cloud-based backups, disaster recovery, antivirus, network monitoring, private clouds, and complete cloud hosted network solutions.
    We would like to thank all of our customers, employees, and strategic partners who helped make our success in the cloud possible.  Thanks!

    If you’d like to read more about our unique perspective on the cloud, you can read our profile in silicon review here.

Direct IT

Sign up for a Free Network Audit

For no charge, Direct iT will have one of our engineers audit your servers and network infrastructure.

Name (required)

Email (required)



We have had an extremely productive partnership with Direct IT for the past 5 years. From desk top support to the most complex network-related project we count on their reliability and expertise every day. — Chris Cool Director of IT RhumbLine Advisers

About Direct iT

Direct iT, Inc. is a New England based IT services firm offering products and services for small businesses in Greater Boston, New Hampshire, Rhode Island, and the rest of New England. Cloud, compliance, and document management services are also available worldwide. Many of our customers are along the Route 128 technology corridor.

Direct iT, Inc. Main Offices

39 Emerson Rd. Suite 215
Waltham, MA 02451
Sales: 781-890-4400
Support 781-890-1907