Home + Mobile

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Spending time with the Girl Scouts of Greater Chicago at Northwest Indiana’s CampCEO

Girl Scouts is proven to help girls thrive. A Girl Scout develops a strong sense of self, displays positive values, seeks challenges and learns from setbacks. I had the absolute honor of spending 3 days with the Girl Scouts in Chicago at the annual Camp CEO.

Camp CEO is a chance for the Girl Scouts to meet, talk to, and connect with the mentors who attend. More than that, though, it gave me a chance to learn from these girls. I was changed for the better after attending this camp. The girls shared their aspirations and fears. They were vulnerable with all of us, and grew tremendously even in the short time we spent together.

On day one, the girls were excited but hesitant. I remember that feeling at an event similar to this one, first day of school, even family and friend’s gatherings. It really had me reflecting on my career growth as well as my personal growth. I would not be where I am without key influential women in my life whether that be family, friends, or colleagues. I knew that I owed it to these girls to share about my successes as well as my failures and how I got there. 

In order to make a meaningful connection, I wanted to first start by listening. Hearing firsthand the fears and goals they have was moving. While each girl had mentioned something different, there was a commonality there. Fears included things caused by lack of confidence, inability to problem-solve, and well-being of the community. While goals included things that require self-confidence, the ability to problem-solve, and the health of the community surrounding them.

Why this meant so much to me is each girl started the camp with more of a sense of doubt. This showed itself when they would hesitate to speak up, ask questions, or share an opinion. After we as mentors were able to lead by example and strike up conversations around us, share that we have had the same fears they feel now, and how we still experience them today and it’s okay to, we saw a difference.

What an incredible thing to see a change in a group of young women who will one day be our leaders, all within 3 days. By day 3, these girls were speaking before being asked to, making sure they voiced their opinions, and asked questions to learn how they can better themselves.

Spending time talking about and connecting around our stories really opened the door for these girls to understand it is okay to try when you’re scared, if anything, it is better to push yourself towards what you want. And along the way, you may look back and be shocked at where you landed. Having confidence in your values will assure you are always making the difference you are striving to make. 

It was an honor to meet these girls and be able to give back by sharing my own teachings and experiences. While Camp CEO is meant to connect the Girl Scouts with resources they find in the mentors, I gained a resource and friend in each of these girls and cannot wait to celebrate them for years to come.

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this environment means our present and future generations need to understand the importance of being aware of the benefits and risks of an interconnected world. Establishing a cyber resilient mindset is the first step towards navigating and thriving in this digital-first world. Cyber resilience is the continuous access to personal and business information, even in an era of unprecedented cyber threats.

This mindset is especially relevant for children, given their ongoing interaction with the online world through existing and emerging social media platforms, gaming sites and learning avenues. As the usage and reliance on technology to educate and entertain increases, so too does the risk of being exposed to threats. That’s why it’s so important for families to develop good cyber resilience habits while engaging online.

Cyber Resilience patch program

To help instill cyber awareness, the Girl Scouts of Greater Chicago and Northwest Indiana (GSGCNWI) and OpenText have collaborated to create a Cyber Resilience patch program to empower the Girl Scouts of today for leadership in a digital world tomorrow. This partnership will help raise awareness of the dangers that exist online and the importance of becoming cyber resilient.

The Cyber Resilience patch program provides Girl Scouts with the opportunity to engage in fun and educational hands-on activities that ignite awareness and create better online behaviors. The aim of the program is to educate Girl Scouts through lessons that focus on simulations of existing and emerging threats, how to safely preserve important files and memories and what to look out for when browsing online.

General tips for children and parents

Staying resilient against ongoing threats means adopting important ways of protecting our personal information.

  • Password integrity: Develop a password that is difficult to predict. Use a password generator, enable two-factor authentication (2FA) as much as possible and don’t reuse passwords from multiple logins. 
  • Back up personal data: Your photos and videos are precious. If you don’t secure them, you may lose them. Backing up your files means having a second copy available if something happens to your laptop, tablet or phone.
  • Invest in security awareness training: Engaging in real-world simulations will help increase your cyber know-how.

Building a better future through cyber resilience

Creating leaders of tomorrow who are empowered and cyber aware begins with establishing cyber resilience today. Families and children should be working towards a better, more agile understanding of the risks to our personal information. Protecting the photos, videos and files that matter to us is important. Keeping our personal identities safe is vital.

OpenText remains committed to not only helping organizations find value in their data but also bolstering female leadership and diversity. The partnership between OpenText and GSGCNWI will help instill the importance of developing cyber safe behaviors now and for the future.

Cyber threats in gaming—and 3 tips for staying safe

The popularity of online gaming surged during the COVID-19 pandemic—and so did cyberattacks against gamers. If you’re the parent of a gamer, or if you’re a gamer yourself, it’s important to learn about the risks.

Why are cyber threats to gamers on the rise?

It might seem strange that cybercriminals are targeting gamers. But there are some good reasons for this trend:

  • The global gaming market is booming—and is expected to reach $219 billion by 2024. Whenever that much money is floating around, bad actors will look for a way to take advantage.
  • The average cost of games is rising, making “cracked” or pirated games more of a temptation. Unfortunately, hackers realize this and use the lure of free games to infect people with malware.
  • A huge economy has developed within the gaming community: People buy and sell in-game objects, character modifications, and even accounts. This provides an incentive for hackers to steal and resell other people’s digital property.
  • Many gamers are unaware of the cybersecurity risks that they face. In addition, many younger people are involved in gaming. This means lots of easy targets for cybercriminals.

Top cyber threats in gaming

There are numerous cyber threats to gamers. But you’ll get the most benefit out of focusing on the following three:

  1. Malware. Malware threats to gamers are spread through malicious websites, exploited system vulnerabilities, or Trojanized copies of pirated games.
  1. Account takeovers. Bad actors are always on the lookout for easy-to-breach gaming accounts. Once stolen, they can resell an account or its contents to interested buyers.
  1. Phishing and social engineering. Gaming is now an online social activity. This gives scammers lots of opportunities to approach unwary gamers and try to trick them into downloading malware, giving up personal details, or handing over login credentials.

Cybersecurity tips for gamers

It’s scary to think that cybercriminals are attacking gamers with greater frequency. But the good news is that taking a few basic precautions can keep you safe:

  1. Protect your accounts. If you have a gaming account with Steam, Epic, or another large gaming platform, take steps to keep it safe just as you would a banking or social media account. Use a strong, unique password for every account that you have. If possible, enable two-factor authentication (2FA) on your gaming accounts as well.
  1. Avoid pirated games. We get it, games are expensive and times are tough. But hackers love to sneak malware into those “free” copies of popular games. As such, downloading a pirated game simply isn’t worth the risk.
  1. Watch for phishing and social engineering. As the saying goes, if you’re online, you’re a target. The best way to stay safe is to be aware of the threat—and learn how to spot phishing and social engineering attacks when you encounter them.

Following these basic cybersecurity tips will help to make your online gaming experience more secure.

For even more protection, explore Webroot’s SecureAnywhere Internet Security Plus antivirus solution. It will keep your system safe from all types of malware threats—and includes access to LastPass®, a reliable and easy-to-use password management tool.

World Password Day and the importance of password integrity

Passwords have become a common way to access and manage our digital lives. Think of all the accounts you have with different providers. Having a password allows you to securely access your information, pay bills or connect with friends and family on various platforms. However, having a password alone is not enough. Your password for each of your accounts needs to be difficult to guess and unpredictable. Your passwords also need to be managed and protected. With World Password Day around the corner, it’s important to take a moment and reflect on the importance of strengthening our digital hygiene beginning with our passwords.

When it comes generating a password, most of us rely on things that we can remember. A birth date, a pet’s name or our favorite sports team. While these options make it easier for us to recall our passwords, it also makes it far simpler for a cybercriminal to uncover them too. With all of the information we are freely sharing online through our social media platforms, a cybercriminal can easily spend a very small amount of time researching our habits, connections and other elements of our lives to guess potential passwords and gain access to our information. That’s why maintaining password integrity helps protect our online lives and reduces the risk of becoming a victim of identity theft or data loss.

What is password integrity?

Think of the foundation of a building. To prevent the building from collapsing in the future causing serious harm, it needs to be built with certain principles in mind. Password integrity involves the same concept. Passwords are the foundation of our digital lives. If they aren’t secure or properly managed, we run the risk of falling victim to cybercriminals who are eager to access our personal data.

Predicable passwords are problematic for several reasons. If your passwords follow the standard guidelines offered by most sites that require a single capital letter, at least 6 charters, numbers and one special character, hackers can easily make a series of attempts to try and gain access.

Without proper password integrity, personal information and business data may be at risk. The impacts for businesses and consumers are enormous. The average cost of a data breach in 2021 rose to over 4 million dollars, increasing 10% from 2020. For some small to medium-sized (SMBs) businesses, this means incurring a financial hit that could mean closing up shop. For consumers, dealing with identity theft can involve a world of headache. From freezing credit cards and assets to contacting all of the companies you regularly interact with, recovering from identity theft can be difficult and time consuming. 

How to develop password integrity

The best way to prevent unauthorized access to your accounts is to protect and manage them. While avoiding duplication of passwords for multiple accounts and enabling two-way authentication can help, using a password manager is another way to help manage all of your account passwords seamlessly.

Included in Webroot’s SecureAnywhere Internet Security Plus antivirus solution is access to LastPass®, a reliable and secure password management tool. LastPass is the most trusted name in secure password management. It encrypts all username, password and credit card information to help keep you safe online. LastPass gives you access to a password vault to store and access all of your passwords from any device.

Securing your digital life means protecting and managing your information. Having a reliable password management tool can help you effortlessly manage all of your passwords. As World Password Day approaches, take a step back and assess your digital hygiene beginning with your passwords. As cybercriminals develop more sophisticated ways to steal our information or identity, maintaining our own password integrity becomes key.

Discover Webroot’s antivirus solutions and learn more about LastPass.

The Benefits of Using a VPN on Your Home Network

If you’ve considered using a virtual private network (VPN) at all, it’s likely to establish a secure connection while working remotely or to connect to public networks. But privacy enthusiasts appreciate the benefits of a VPN even from the comfort of their own homes. Depending on your level of comfort with your internet service provider (ISP) – and what country you live in – setting one up for your household may be a smart bet.

Before diving into why, here is a brief refresher on what a VPN is and why they’re useful.

The VPN basics

Think of a VPN as a tunnel your internet traffic travels through to keep nosy onlookers from being able to see what you’re doing online. More literally, VPNs are tools used to encrypt network traffic and to hide a user’s IP address by masking it with a proxy one – in this case one belonging to the VPN provider.

A VPN may route your encrypted traffic through a datacenter located anywhere in the world (though it’s best when it’s nearby so the user’s experience doesn’t suffer).

Why would one want to use a VPN?

Typically, they’re used by individuals logging onto public networks as an assurance their activities won’t be monitored. In addition to maintaining privacy, this also prevents cybercriminals from stealing sensitive data from banking transfers, paying bills or conducting other sensitive transactions from places like airports or coffee shops.

Corporations may also mandate the use of VPNs for remote workers so that sensitive company data is more difficult to compromise. To protect against data breaches or other leaks, network administrators typically encourage encrypting traffic using a tool like a VPN.

Check out this post for more on why you should use a VPN on public networks.

Do you need to use a VPN at home?

 It depends on a number of factors.

It depends on where you live and how private you want to keep your web browsing habits. Physical location is a factor because, in the United States, it’s been legal since 2017 for ISPs to sell certain data they’re able to gather unless the customer explicitly opts out. Most major ISPs claim to not sell user data, especially anything that can be used to identify the user, but it’s technically not illegal.

In countries where this practice is prevented by law, users may have fewer privacy concerns regarding their ISP. In the European Union, for example, strict privacy standards laid out in the General Data Protection Regulation (GDPR) prevent even the gathering of user data by ISPs. This makes the case for a VPN at home harder to make, since most websites already encrypt data in transit and home networks are unlikely to be targeted by things like man-in-the-middle attacks.

For U.S. users, though, using a VPN at home makes good privacy sense. Despite some attempts to learn what major ISPs do with our data, they’re not always forthright with their policies. There are also no guarantees an ISP won’t suddenly change those policies regarding the sale of user data.

If you don’t want to leave the issue up to your ISP, shielding personal data with a VPN is a good choice.

Choose your VPN wisely

If you’re not careful, your VPN can end up doing the same thing you got it to avoid.

“If you’re not paying for it, you are the product,” or so the saying goes. This is especially true for many free VPN services. Free solutions often track and sell your browsing data to advertisers to generate revenue. Be sure to choose a “no-log” solution that doesn’t track your online activity for sale to third-parties.

It’s also important you choose a VPN from a vendor that:

  • Is established enough to have access to servers worldwide
  • Has a professional support team on-staff and available to assist with any issues  
  • Is easy to configure and simple to use, so you actually will!

After checking these boxes, it’s a smart choice to use a VPN at home under some circumstances.

For a proven, reliable solution, consider making Webroot® WiFi Security your VPN of choice on the go and at home.

Season’s cheatings: Online scams against the elderly to watch out for

Each year, as online shopping ramps up in the weeks before the holidays, so do online scams targeting the elderly. This season – in many ways unprecedented – is no different in this regard. In fact, COVID-19, Zoom meetings, vaccination recommendations and travel warnings all provide ample and unique precedent for social engineering attacks.

Not surprisingly, cybercriminals often target those least able to protect themselves. This could be those without antivirus protection, young internet users or, unfortunately, your elderly loved ones. The FBI reported nearly $1 billion in scams targeting the elderly in 2020, with the average victim losing nearly $10,000.

This holiday season, it may be worth talking to elderly relatives about the fact that they can be targeted online. Whether they’re seasoned, vigilant technology users or still learning the ropes of things like text messaging, chat forums, email and online shopping, it won’t hurt to build an understanding of some of the most common elder fraud scams on the internet.

The most common types of online elder fraud

According to the FBI, these are some of the most common online scams targeting the elderly. While a handful of common scams against older citizens are conducted in person, the majority are enabled or made more convincing by the use of technology.

  • Romance scams: Criminals pose as interested romantic partners on social media or dating websites to capitalize on their elderly victims’ desire to find companions.
  • Tech support scams: Criminals pose as technology support representatives and offer to fix non-existent computer issues. The scammers gain remote access to victims’ devices and sensitive information.
  • Grandparent scams: Criminals pose as a relative—usually a child or grandchild—claiming to be in immediate financial need.
  • Government impersonation scams: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to provide funds or other payments.
  • Sweepstakes/charity/lottery scams: Criminals claim to work for legitimate charitable organizations to gain victims’ trust. Or they claim their targets have won a foreign lottery or sweepstake, which they can collect for a “fee.”

All of the above are examples of “confidence scams,” or ruses in which a cybercriminal assumes a fake identity to win the trust of their would-be victims. Since they form the basis of phishing attacks, confidence scams are very familiar to those working in the cybersecurity industry.

While romance scams are a mainstay among fraud attempts against the elderly, more timely methods are popular today. AARP lists Zoom phishing emails and COVID-19 vaccination card scams as ones to watch out for now. Phony online shopping websites surge this time of year, and are becoming increasingly believable, according to the group.

Tips for preventing online elder scams

Given that the bulk of elder scams occur online, it’s no surprise that several of the FBI’s top tips for preventing them involve some measure of cyber awareness.

Here are the FBI’s top tips:

  • Recognize scam attempts and end all communication with the perpetrator.
  • Search online for the contact information (name, email, phone number, addresses) and the proposed offer. Other people have likely posted information online about individuals and businesses trying to run scams.
  • Resist the pressure to act quickly. Scammers create a sense of urgency to produce fear and lure victims into immediate action. Call the police immediately if you feel there is a danger to yourself or a loved one.
  • Never give or send any personally identifiable information, money, jewelry, gift cards, checks, or wire information to unverified people or businesses.
  • Make sure all computer anti-virus and security software and malware protections are up to date. Use reputable anti-virus software and firewalls.
  • Disconnect from the internet and shut down your device if you see a pop-up message or locked screen. Pop-ups are regularly used by perpetrators to spread malicious software. Enable pop-up blockers to avoid accidentally clicking on a pop-up.
  • Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
  • Take precautions to protect your identity if a criminal gains access to your device or account. Immediately contact your financial institutions to place protections on your accounts. Monitor your accounts and personal information for suspicious activity.

Pressure to act quickly is a hallmark of social engineering scams. It should set off alarm bells and it’s important to let older friends or family members know that. Using the internet as a tool to protect yourself, as recommended by the second bullet, is also a smart play. But more than anything, don’t overlook the importance of helping senior loved ones install an antivirus solution on their home computers. These can limit the damage of any successful scam in important ways.

Don’t wait until it’s too late. Protect the seniors in your life from online scams this holiday season. You might just save them significant money and hassle.

We have just the tool to do it, too. Discover our low-maintenance, no-hassle antivirus solutions here.

‘Tis the season for protecting your devices with Webroot antivirus

As the holiday season draws near, shoppers are eagerly searching for gifts online. Unfortunately, this time of year brings as much cybercrime as it does holiday cheer. Especially during the holidays, cybercriminals are eager to exploit and compromise your personal data. Even businesses large and small are not immune to the dark forces at work. Whether you purchase a new device or receive one as a gift, now is the time to consider the importance of protecting it with an antivirus program.

What is antivirus?

Antivirus is a software program that is specifically designed to search, prevent, detect and remove software viruses before they have a chance to wreak havoc on your devices. Antivirus programs accomplish this by conducting behavior-based detection, scans, virus quarantine and removal. Antivirus programs can also protect against other malicious software like trojans, worms, adware and more.

Do I really need antivirus?

In a word, yes. According to our 2021 Webroot BrightCloud Threat Report, on average, 18.8% of consumer PCs in Africa, Asia, the Middle East and South America were infected during 2020.

Antivirus software offers threat protection by securing all of your music files, photo galleries and important documents from being destroyed by malicious programs. Antivirus enables users to be forewarned about dangerous sites in advance. Antivirus programs also scan the Dark Web to determine if your information has been compromised. Comprehensive antivirus protection will also provide password protection for your online accounts through secure encryption.

Benefits of antivirus

By investing in antivirus protection, you’ll be able to maintain control of your online experience and best of all, your peace of mind.

Webroot offers three levels of antivirus protection. Our Basic Protection protects one device. You can rest easy knowing that your device, whether it’s a PC or Mac, will be protected. With lightning-fast scans, this line of defense offers always-on protection to safeguard your identity. Our real-time anti-phishing also blocks bad sites.

Looking to protect more than one device? We’ve got you covered. Our Internet Security Plus with AntiVirus offers all of the same great features as our basic protection but with the added bonus of safeguarding three devices. You’ll also have the ability to secure your smartphones, online passwords and enable custom-built protection if you own a Chromebook. 

For the ultimate all-in-one defense, we offer Internet Security Complete with AntiVirus, which protects five devices. Enjoy all the same features as our Basic and Internet Security Plus with AntiVirus but take advantage of 25G of secure online storage and the ability to eliminate traces of online activity.

Keep the holidays merry and bright

Safeguard all of your new and old devices with Webroot. Bad actors will always be hard at work trying to steal your personal information. Protect yourself and your loved ones by investing in antivirus protection.

Webroot offers complete protection from viruses and identity theft without slowing you down while you browse or shop online.

Experience our award-winning security for yourself.

To learn more about how Webroot can protect you, please visit https://www.webroot.com/us/en

3 reasons even Chromebook™ devices benefit from added security

Google Chromebook™ devices could rightly be called a game-changer for education. These low-cost laptops are within financial reach for far more families than their more expensive competitors, a fact that proved crucial with the outbreak of the COVID-19 pandemic at the beginning of last year.

During that period, Google donated more than 4,000 Chromebook devices to California schools and the sale of the devices surged, outselling Macs for the first time. They made remote learning possible for thousands of students who otherwise could have been quarantined without connections to the classroom. According to Google, 40 million students and educators were using Chromebook computers for learning as of last year.

Momentum is unlikely to slow anytime soon, especially since the Chrome operating system will now be the first many students are exposed to. The respected technology blog TechRadar has even referred to 2021 as “the year of the Chromebook.”

As a cybersecurity company, we naturally wonder what widespread use of Chromebook devices means for the online security of the general public. The good news is Chromebook security is pretty good compared to other devices and operating systems. Some interesting features like frequent sandboxing, automatic updates and “verified boot” go a long way to improve Chromebook security.

But the fact is, even Chromebook computers benefit from supplemental security. Here are a few of the reasons why.

  1. Users, especially new ones, make mistakes

There are several common user errors that put users, their personal information and their devices at risk. Many third-party security solutions are designed to account for exactly this type of behavior. Even strong security can’t prevent an account from being hacked if account credentials are stolen in a phishing attack, one of the most common causes of identity theft.

In 2020, phishing scams spiked by 510 percent between January and February alone. Scammers used the beginning of the pandemic to spoof sites like eBay, where in-demand goods were being bought and sold. In March, as lockdown went into full effect, attackers began targeting users of YouTube, HBO and Netflix at unprecedented rates.  

In short, phishing scammers use current events to target vulnerable users, like those who are inexperienced, compulsive or still developing critical thinking skills – traits that apply to many school-aged children.

To combat phishing scams, it helps to have filters that can proactively alert users if there’s a high chance that a form field or website is likely to steal credentials. Security companies can do this by determining the likelihood a site isn’t what it seems based on its connection to other dishonest sites. This information, known as threat intelligence, can help proactively warn when a user may be headed for danger.

2. Fake apps are still cause for concern

There are plenty of examples of bad apps and sketchy Chrome extensions being downloaded from the Google Play Store. They vary in their seriousness from annoying, like constantly pushing ads to young users, to serious, like serving banking Trojans that target users’ personal financial information.

The Chromebook sandboxing feature will defend against many of these so-called “malicious apps” from invading devices through things like popular mobile games, but some will likely find ways to avoid the feature.

In the same way that threat intelligence can help proactively determine if a site is likely to be a vehicle for phishing attacks, it can also help determine if an app is likely to be malware disguised as an app based on how closely its related to other malware on the web.

3. Web-borne malware remains widespread

The internet is littered with unsafe websites that host viruses, malware, ransomware and other online threats. Some can slip spyware – malware that tracks a user’s online movements – onto devices without a user, especially an inexperienced internet user, noticing.

The Chromebook verified boot feature can help to disable these threats – if a user knows they’ve got one on their device. But many types of malware aren’t immediately obvious. They can operate in the background, perhaps collecting data on user’s habits or logging their keystrokes to try to steal passwords or other sensitive information.

Here again, warning users of threats in advance can make the difference between addressing an infection and avoiding one altogether. By providing advanced warning of a risky website or a suspect browser extension, a good antivirus solution can stop an infection before it happens. Think of it like maintaining a healthy immune system through diet and exercise to keep from coming down from the common cold.

Protecting vulnerable users from internet threats

It’s hard to be too cautious on the web, especially with users who are just starting to use it to study, learn and explore. There are security gaps in any operating system, so it helps to layer defenses against multiple types of threat.

When facing dangers like identity theft and spyware disguised as an addicting mobile game, it helps to have a little insider information on the “bad neighborhoods” of the internet.

Interested in powerful protection designed to keep you safe while you work, study or browse on Chromebook devices? Check out Webroot® Security for Chromebook™ here.

Even with great device security, that’s the helpful information Chromebook users miss out on without installing a strong third-party antivirus solution.  

Webroot top performer among security products in PassMark® Software testing

Webroot put forward another strong performance in its latest round of independent third-party testing, besting all competitors and taking home the highest overall score. In taking the highest score in the category for 2021, Webroot beat out competitors including BitDefender™, McAfee® and ESET® endpoint security solutions.

In the report, the company conducted objective testing of nine endpoint security products, including Webroot® Business Endpoint Security. Tests measured performance in 15 categories including:

  • Installation size
  • Boot time
  • CPU usage during idle and scan
  • Memory usage during idle and initial scan
  • Memory usage during scheduled scan

Webroot stood out in several categories in addition achieving the best overall score. Some categories were won by a wide margin.

Consider installation time for instance. Webroot completed installation in just over four seconds, while the next fastest installation time was more than 17 seconds and the average for the category was over 162 seconds.

According to PassMark, this metric is important because “the speed and ease of the installation process will strongly influence the user’s first impression of the security software.”

Installation size was a similar case. It is an important metric because as PassMark puts it, “In offering new features and functionality to users, security software products tend to increase in size with each new release.”

Webroot also took home top honors when it comes to memory usage. In both memory used while idle and during scan, Webroot was the least impactful to system resources.

The reason Webroot performed so well in this test is not by accident. By design, much of the “heavy lifting” of endpoint security is done in the cloud. This ensures the highest level of efficacy while also reducing the performance impact at the endpoint. Businesses should not need to sacrifice performance for efficacy.

Additionally, Webroot took the top spot in the categories of memory usage during memory usage during initial scan, memory usage during scheduled scan, scheduled scan time and file compression and decompression.

PassMark® Software Party, Ltd. specializes in “the development of high-quality performance benchmarking solutions as well as providing expert independent IT consultancy services to clients ranging from government organizations to major IT heavyweights.”

Your password is too predictable

Password predictability is one of the most significant challenges to overall online security. Well aware of this trend, hackers often seek to exploit what they assume are the weak passwords of the average computer user. With a little bit of background information, “brute forcing” a simple password is a straightforward undertaking.

How are passwords cracked?

Cybercriminals use computing power to crack passwords with a method known as a brute force attack. With this method, an attacker guesses at the password repeatedly with the help of computer software/scripts. This makes the process automated and essentially effortless for the attacker.

The weaker the password (meaning the easier it is to guess), the quicker an attacker can crack with computing power.

So, how do we combat this?

The problem is password predictability

Passwords can be very easy to guess. Ironically, one factor that contributes to this is one that’s supposed to make passwords safer; the uniform standard most websites impose on users when creating a new password. Typically, sites require a single capital letter, at least 6 charters, numbers and one special character.

Attackers can use this information to guess when and where each character may be using only the predictable tendencies of human users. And because many users create a single password that meets these requirements and use them on multiple sites like Netflix, Facebook and Instagram, getting lucky once can lead to a bonanza for cybercriminals.

Here is an example of a password that would meets the requirements of most websites:

Example1234!

This would be considered “secure” in most cases because it meets the most common internet standard for password creation. Now swap “Example” out for the name of a child or pet, and the easily remembered combination is very likely to be someone’s actual, real-life password. It’s easy for the user to remember, and therefore convenient to use across multiple sites.

Let’s assume a user has a pet named Toby and plug it into the above example format.

Toby1234!

This is not a strong password. Pet’s names, children’s names and birthdays are often easily discoverable, especially by mining social media accounts. An attacker may just need to do a little recon on Facebook to scrounge up a handful of likely options.

Passwords vs. Passphrases

A password is a short character set of mixed digits. A passphrase is a longer string of text making up a phrase or sentence. The important thing to know about passphrases is that, when allowed, they’re far more secure than passwords. The idea that a password should be one word is outdated and retiring it would benefit user security greatly.

A method for devising a passphrase is to simply pick a line from your favorite movie, book or song and mix it with capitals and numbers. If we take Arnold’s famous line “I’ll be back,” we can easily make it into a secure passphrase.

Original: “I’ll be back”

Remove quate marks and spaces, since they can’t be used as password inputs.

Illbeback

Add some capitals: iLLbeBack

Add Numbers: iLL3beBack

And finally, a special character: iLL3beBack$

As a fun test, you can use this password-checking tool to see how long it would take a computer to crack your new creation. How long would it take to crack yours?

For comparison, let’s take one of our simple password examples from above and see how long it would take to crack. We can use Toby1234! (and yes, some people do use such simple passwords).

As you can see, it wouldn’t take long at all.

What about our new passphrase iLL3beBack$

I think we’ll be secure for now.

More tips and tricks for password safety

Using a password manger is the most practical way for making passwords more secure. Users tend to gravitate toward the most convenient solution to a given problem, and password managers keep them from having to memorize a series of complex passwords for different sites. The user can automatically save passwords with an internet browser plugin and let autofill features handle the rest.

Here are some other good rules of thumb for password safety:

  • Use a password generator
  • Use two-factor authentication (2FA) as much as possible
  • Don’t reuse passwords
  • Be unpredictable in password formatting

Don’t let a predictable password come back to bite you. When made up of easily guessable public information, a weak password can be cracked in minutes. Instead, choose a passphrase or rely on one of the many secure password management tools available on the web today.

Another NFT explainer, with a bonus look at the data security implications

“What Bitcoin was to 2011, NFTs are to 2021.”

That’s a claim from the highly respected “techno-geek” bible Ars Technica in it’s wonderful explainer on NFTs, or non-fungible tokens. Since cryptocurrencies were, are and will continue to be impactful technologies, surely NFTs are a topic worth exploring.

They exploded into public consciousness this year as pieces of art, albums, photographs and dozens of other assets were sold in NFT form. Some net their sellers huge profits, many more are ignored or overlooked completely.

Naysayers call NFTs worthless figments of our own imagination, apologists hail them as handy tools for eliminating middlemen and empowering creators. One writer has referred to NFTs as, simply, “bragging rights.”

But naturally, at Carbonite + Webroot, we just wonder how they’ll be used and abused by cybercriminals or if they can be irrevocably lost like the password to a crypto wallet.

Before we dive into that, a brief primer of our own on NFTs.

Non-what token?

An NFT can be thought of as a sort of digital deed. It is unalterable proof of ownership of a unique digital asset. That’s what the “non-fungible” in non-fungible token means: there’s only one, and it’s completely unique.

NFTs use the same blockchain ledger technology to verify uniqueness that cryptocurrencies rely on to prove ownership. A distributed group of devices does the work to vouch for the authenticity of the token the same way it does for a bitcoin.

Except, whereas each unit of a cryptocurrency is mutually interchangeable (1 Dogecoin always equals 1 Dogecoin, for instance), NFTs are designed to be completely unique. They can be programmed with their own rules and directions for use and behavior—even down to how they produce “offspring” in the case of CryptoKitties.

An often used and helpful analogy is to certificates of authenticity (COA) like those used in the art world. For ages artists have put their own unique stamps on their artwork or issued accompanying certificates to testify to the “realness” of the work. This could be in the form of a simple signature or, in Banksy’s case, written sign-off from the Pest Control Office. Think of an NFT as a digital COA or, arguably, an improvement on the concept since it can’t be reproduced or believably forged.

As with any art, the value of an NFT is in the eyes of the beholder. What’s the point of spending millions to own an original digital asset that’s been effortlessly reproduced a million times? Could one ask the same of the Mona Lisa?

The rise (and fall?) of the NFT

Regardless of your answer to these questions, a community of folks already undeniable place a huge value on NFTs. An April 2021 post on GitHub estimated the value of the “CryptoArt NFT” market to be at least $150 million worldwide.

That’s almost certainly an underestimate, since the most expensive NFT ever sold comes from the art world. It’s a work known as The First 5000 Days by the artist known as Beeple and it’s essentially a $69 million JPEG file

And NFTs aren’t limited to fine art. The pro sports, music and meme industrial complexes have all entered the business. Even social media posts are being turned into NFTs; the digital certificate for Jack Dorsey’s first-ever Tweet sold for $2.9 million. So, while anyone interested can easily find it online, only a Malaysia-based CEO of a blockchain company can claim “ownership” of the Tweet that started…all this.  

Can NFTs hold our attention for long? With absurd amounts of money changing hands over a string of digital characters, a lot of people are already wondering if NFTs are a bubble about to burst. Plenty of pundits were speculating about a bubble in mid to late-April, when sales of NFTs lagged. But as shown by nonfungible.com, a company that tracks the buying and selling of NFTs, they were back to brisk business in early May.

Perhaps NFTs are a bubble positioned to pop. Or maybe their values will vary with the cryptocurrencies in which they are mostly bought and sold. It’s certainly been speculated that they’re driving up the price of Etherium. Regardless, it’s safe to say they’re worth getting to know, because they’ll make headlines for some time to come.

NFT theft and a new brand of cybercrime

Not surprisingly, cybercriminals are already redirecting their efforts to the nascent NFT market. In an extraordinary and revealing Twitter thread, one NFT owner documented the experience of having his tokens stolen from a marketplace for digital art. He’s apparently not alone in this experience.

Even less surprising than the theft are the methods used to do it. It seems phishing for users’ passwords to the sites used to buy and sell NFTs is the main method of compromise. Two-factor authentication for accounts managing NFTs is strongly recommended by marketplaces.

Darkreading.com also notes the importance of closely guarding access keys, which are often the only means of managing an NFT. Once a key is stolen—either by phishing, a keylogger or some other means—there’s very little in terms of a realistic prospect of getting it back.

In terms of valuable digital art, NFT theft amounts to the regrettable loss of investment pieces or perhaps just the “bragging rights” akin to owning an original piece of physical art. But if the role of NFTs as proof of ownership expands into the physical realm, as is already being discussed in the real estate sector, NFT security will become critical. It may even have the power to spawn new industrials and criminal enterprises.

NFTs’ massive price tags and novel technological backing make them attractive target for cybercriminals. If the market for their sale isn’t a bubble, it’s possible that the high-profile art heists of the future may be carried out by hackers rather than the suave con men of Hollywood films, and their tools will be phishing attacks and spyware rather than fancy handheld gadgets.

6 Tips for a More Cyber-Secure Holiday Season

In any other year, many of us would be gearing up for airline travel, big family dinners, cocktail hours or potlucks with friends, and much more. But with all the challenges this year has brought in terms of how we work and connect during a global pandemic, I’m guessing all our plans look a little different than we thought they would.

Since most of us are now online more than ever before for work, school, personal connection, shopping, etc., it’s critical that take extra steps to keep our digital selves safe. With that in mind, we’ve put together a list of 6 (ish) tips to help you and your family stay safe online this holiday season, no matter how or where you celebrate it.

1. Watch out for an increase in scam emails and websites

What follows are just a few of the ways scammers may target you this holiday season. We recommend you install easy-to-use tools such as Fakespot, which is an add-on that protects consumers by detecting fraudulent product reviews and third-party sellers in real time, to help you avoid the fakes.

  • Flash sale alerts
    During the holidays, the number of promotional emails you receive is likely to go up as online stores run flash sales. With that in mind, scammers are likely to up their game, mimicking legitimate offer emails and websites in the hopes that your desire for a sweet deal will pay out for them. Use extra caution and don’t click anything in an offer email. Go to the retailer’s official website (type it directly into your browser instead of clicking a link in an email) to help ensure you’re shopping securely.
  • “Free” gift cards
    You may get offers for “free” gift cards to online retailers, such as Amazon, Walmart or Target. Remember: very little in life is free. This is another way that criminals may try to trick you into downloading malware or exposing sensitive information that they can use to steal your money or identity.
  • Fake “missed delivery” notices
    Since 94% of people are shopping online more or about the same as they were pre-pandemic, fake package notifications are another way that cybercriminals may target you. If you receive an email or text message about a missed delivery, be sure to double-check the details, such as the shipper (for example, maybe you’re only expecting a Prime or USPS delivery, so a FedEx notification should throw a red flag), the tracking numbers, etc. And, of course, don’t click or download anything in the text or email message itself
  • Discounts so deep they can’t be real
    If you see an ad or email for a high-ticket item that suddenly costs less than 10% of the regular retail price, it’s practically guaranteed to be 100% fake. Let’s face it: there’s just no way you’re going to get real Ray-Bans for the low, low price of $24.99.

2. Use caution with your charitable donations

It’s the giving season and, thanks to the pandemic, natural disasters, and other current events, there are plenty of people in the world who could use a little extra help. Good on you for contributing to the public good! Unfortunately, not even charities are sacred to scammers, and they will take advantage of your desire to help others.

It’s critical to do your research! We recommend you visit trusted organizations, like Charity Watch, to learn more about the charities you’ve chosen and their efficiency, governance and accountability before committing money. Additionally, be suspicious of aggressive pitches including multiple calls and emails or tactics that require immediate donation. Lastly, never pay by gift card of wire transfer. Use a credit card instead, as it’s easier to track and recover fraudulent transactions.

3. Research your smart devices

When we say “smart devices,” we don’t just mean things like Alexa or Google Home. There are internet-enabled fridges that tell you when you’re low on groceries, let you hear and speak to someone at your front door, function as a baby monitor, and even tell you when your laundry’s done. There are also smart thermostats, garage door openers, light fixtures, and so much more. All of these gadgets form a network of connected devices known as the Internet of Things (IoT). And each one could potentially let a hacker into your home network.

Be selective when it comes to purchasing connected smart home and IoT devices. Choose reputable brands that include security, such as the ability to change passwords and perform firmware updates. Cheaper knockoffs of name brand devices might be easier on your wallet, but they are often designed without security in mind. Additionally, since the business model for knockoffs is typically to turn a profit as quickly as possible, there’s no guarantee the device manufacturer will even be around in a year or two to send out security updates or offer support if your device malfunctions

4. Secure any new tech toys right away

Get a cool new gadget in the family gift swap? (Or buy something awesome just for yourself? Don’t worry, we won’t tell the kids.) Protect that tech investment by installing security right away. It’s not the most exciting thing to do with a new toy, but it’ll help make sure you get to enjoy it without worrying about malicious actors joining in on the fun

5. Use reputable video chatting services to connect with loved ones

When planning your virtual holiday get-togethers, use trusted video conferencing providers like Zoom, who have paid close attention to security issues this year and adapted product defaults to enable safer user experiences. Also, be cautious of any websites that request permissions from your browser to access your camera and microphone. If you get one of these notifications, close out of your browser. Do not engage with the permissions request in any way

6. Remember the basics

We’ve said it before, we’ll say it again. Good online habits are your best defense – and it really doesn’t take much effort to keep yourself and your family safe

  • Use strong, unique passwords for all your accounts and don’t share them. Length is strength, so passphrases are a good help.
  • Install virus protection on all your devices and keep it up to date.
  • Use a secure cloud backup.
  • Connect to the internet using a VPN, even on your home network (and especially if transmitting sensitive info, like credit card numbers or online banking details.)
  • Keep your device operating systems up to date so you have the latest patches against exploits.
  • Don’t enable macros. Ever. If a document or website asks you to enable macros or hidden content or “allow access”, just don’t do it. There are very few legitimate reasons for documents or websites to request these permissions.
  • Keep a close eye on your financial accounts and look out for any fraudulent activity.

Here’s wishing you a safe and cyber-secure holiday season! Keep an eye on the Webroot Blog and the Webroot Community for more tips and news on the latest cyber threats.