Featured Posts

The Future of Work: Being Successful in the COVID Era and Beyond

Working from home is no longer something some of us can get away with some of the time. It’s become essential for our health and safety. So, what does the future of work look like in a post-COVID world? We asked some of our cybersecurity and tech experts for their...

2020’s Most (and Least) Cyber-Secure States

For the past several years, Webroot and its partners have conducted a series of studies aimed at better understanding the attitudes, perspectives, and behaviors related to cyber hygiene in United States. This helps users determine which behaviors put them most at risk...

Staying Cyber Resilient During a Pandemic

We’re all thinking about it, so let’s call it out by name right away. The novel coronavirus, COVID-19, is a big deal. For many of us, the structure of our lives is changing daily; and those of us who are capable of doing our work remotely are likely doing so more than...

5 Security Tips for Setting Up a New Device

The last thing you want to do when you get a new computer, mobile device, or tablet is spend a lot of time setting it up. But like any major appliance, these devices are something you want to invest a little time setting up properly. Often, they’re not cheap. And you...

The Future of Work: Being Successful in the COVID Era and Beyond

Reading Time: ~ 3 min.

Working from home is no longer something some of us can get away with some of the time. It’s become essential for our health and safety. So, what does the future of work look like in a post-COVID world?

We asked some of our cybersecurity and tech experts for their insights, which we’ll be presenting in a series entitled The Future of Work. In this installment, we’ll cover the qualities that will separate companies able to make smooth transitions to new ways of working from those that can’t. Plus, we’ll examine the effects the pandemic and our response to it have on workplace culture.

What are hallmarks of organizations that will successfully navigate our new workplace realities?

The COVID-19 crisis has forced employers to more fully consider the broader humanity of their employees. With parents becoming teachers and caretakers for ill, often elderly loved ones, greater levels of empathy are required of management. Now, with a lagging world economy and even experts unsure of what shape the current recession will take, financial stress will likely be added to the long list of anxieties facing the modern workforce.

As remote work continues to be a norm in industries like tech, boundaries between home and work life will continue to be murky. This, says Webroot product marketing manager George Anderson, presents opportunities for effective leaders to stand out from their peers.

“Leadership matters now more than ever,” says Anderson, “and being truthful matters even more. Your staff is worried, and platitudes won’t help. They need real communication based on real facts explaining why a company is making certain decisions. Being empathetic, sharing in employee concerns, involving and demonstrating how you value your staff—whether at executive or managerial level—will impact loyalty, dedication, and future business performance.”

Forbes notes that a more empathetic work culture is a silver lining arising from the pandemic that won’t be easily undone. We now know not just our coworkers’ personalities, but also their home office setups, their pets, children, and even their bookshelves. That fuller understanding of the person behind the position will hopefully lead to an enduring human-centric shift in the workplace. 

Long-term, how will office culture change? What policies should change once everyone is physically back at work?

Relatedly, office cultures are likely to change in irreversible ways. Even as we return to physical offices, large events like company all-hands meetings may be attended virtually from personal workspaces, and large team lunches may become rarities. Companies may even choose to alternate days in and out of the office to keep the overall office population lower.

“People will become more comfortable with video calling, screen sharing, and online collaboration,” predicts Anderson, “even between colleagues present in the same office. Boundaries will become blurred and we will find new ways to stay in touch and maintain our human connections by leveraging advanced collaboration solutions in new but secure ways.”

Personal hygiene will also undoubtedly become a bigger aspect of physical office culture. In its guidelines for safely returning to work, the CDC recommends installing a workplace coordinator charged with implementing hygiene best practices office wide. Suggested measures include increasing the number of hand sanitizing stations available to workers, relaxing sick leave policies to discourage ill workers from coming to the office, modernizing ventilation systems, and even daily temperature checks upon entering the building.

“Some of these hygiene measures will be single events, not the future of office work,” notes Anderson. “Others will have more long-term impacts on the way we work together.”

Given the visible impact some measures will have around the office, it will be impossible for them to not affect culture. Because routines like temperature checks may be considered intrusive, it’s important the reasoning behind them be communicated clearly and often. Stressing a culture of cleanliness as a means of keeping all workers healthy and safe can enforce a common bond.

Cybersecurity remains imperative

Cyber resilience isn’t the only aspect of overall business resilience being tested by COVID-19, but it’s a significant one. The cyber threats facing today’s remote workforces differ in key ways from those faced in the past, so its important companies reevaluate their cyber defense strategies. To do our part to help, we’re extending free trials on select business products to 60 days for a limited time. Visit our free trials page or contact us for more information.

2020’s Most (and Least) Cyber-Secure States

Reading Time: ~ 2 min.

For the past several years, Webroot and its partners have conducted a series of studies aimed at better understanding the attitudes, perspectives, and behaviors related to cyber hygiene in United States. This helps users determine which behaviors put them most at risk and which behavioral changes could help increase their cyber resilience.

“Cyber hygiene” can be defined as the set of behaviors which enhance (or don’t) an individual or family unit’s resilience against cyber threats including, but by no means limited to, identity theft, phishing attacks, malware infections, and other web-borne threats.

Themes in Consumer Cybersecurity for 2020

Aside from organizing U.S. states into a Cyber Hygiene Risk Index, we were also on the lookout for emergent themes in cybersecurity awareness across the country.

  • Overconfidence, as we’ve seen before in previous studies, was a big theme. While the majority reported being familiar with malware (78%) and phishing scams (68%), far lower percentages were confident they could define the terms.
  • Individuals who’ve progressed through life milestones—like completing a degree, buying a home, beginning to keep up with the news, or starting a family—begin to improve their risk index scores. This hard-won experience tends to belong to older demographics, parents, and those with higher levels of education and income compared to more risky peers.
  • A relationship was uncovered between “tech-savviness” and risk index scores. In other words, the more technologically competent respondents in this study reported being, the more likely they were to exhibit risky behavior online.

Other Key Findings from the 2020 study

Overall, it was heartening to find that most Americans are taking at least baseline precautions for repelling and recovering from cyber-attacks. Eighty-three percent use antivirus software, and 80 percent regularly back up their data, both key indicators of an individual or family’s overall cyber resilience.

The news, however, is far from all positive. In fact, the plain truth is most Americans receive a failing grade when their cyber hygiene is examined in-depth. This is especially true when measuring avoidable risks to online data and identity. Using this metric, the average American scored a 58 percent on our Cyber Hygiene Risk Index, while no state scored higher than a D grade (67%).

Other key findings from the study:

  • Almost half (49%) of Americans admit to using the same password across multiple sites.
  • A spread of only 15 points separates the riskiest state in American (New York) from the least risky (Nebraska). No state scored higher than a D on our Cyber Hygiene Risk Index.
  • Very small businesses (VSBs) are apt to take cybersecurity into their own hands, which often entails sharing passwords and using personal devices for work.
  • Among those who do receive work devices from their employer, 55 percent use them for personal use.
  • Almost a fifth (19%) of those who were the victim of a cyber-related attack, made NO changes to their online behavior

It’s not an exaggeration to call the state of cybersecurity understanding in the U.S. abysmal. Risky activities like reusing passwords, not using multiple backups, or not updating software are still rampant in every state. Given that we saw a 640 percent rise in phishing attempts over the past year, we can expect these habits will catch up with more Americans.

The above highlights represent only a small portion of the complete findings of the report. For the completed report, including the complete ranking of all 50 states according to our Cybersecurity Hygiene Risk Index metrics, download the full report.

To invest in internet security on all your devices, click here.

Staying Cyber Resilient During a Pandemic

Reading Time: ~ 4 min.

We’re all thinking about it, so let’s call it out by name right away. The novel coronavirus, COVID-19, is a big deal. For many of us, the structure of our lives is changing daily; and those of us who are capable of doing our work remotely are likely doing so more than we ever have before.

It’s not likely that cybercriminals will cut us a break during this difficult time of quarantine and pandemic outbreak. If anything, we will only see an increase of attacks and ransom amounts since this is when infrastructures of modern civilization are needed most but have the least amount of time to react and debate on paying or negotiating the price. Also, many of the cybercriminals who breach and ransom as a side job are now forced to either work from home or their shifts are completely canceled, leaving them with more time and motivation to make up their income elsewhere. This is a prime circumstance for increased cyberattacks, and individuals and businesses should be hyper aware of their behavior both online and offline.

Not only are phishing and ransomware attacks, which tend to capitalize on current headlines, on the rise, but business email compromise (BEC) is also up. BEC is when a cybercriminal breaks into a legitimate corporate email account and impersonates the real owner to defraud the business or its partners, customers, or employees into sending money or sensitive data to the attacker. With so many more people working remotely and less able to verify emailed requests from coworkers as legitimate, you can imagine how this threat could run rampant.

What follows are cyber resilience tips for staying safe, both for individuals in their personal lives and for businesses with remote workers.

Cyber Resilience Tips for Individuals

What to do:

What NOT to do:

  • Do not open emails regarding COVID-19 from unknown senders. These could be phishing scams.
  • Do not click on links in emails regarding COVID-19. Email links can be used to spread computer viruses and other malware.
  • Do not download or open email attachments from unknown senders. These could contain viruses and other malware.
  • Do not click on links in social media messages, even if they are from someone you know. Your contacts’ accounts may have compromised.
  • Do not click on ads or social media posts regarding COVID-19. They may be fake and contain malicious content.
Watch out for SMS-based phishing attacks that may look like this.

Cyber Resilience Tips for Businesses

The best defense is prevention. To prevent, you have to plan ahead.

Be prepared for remote work conditions.

Life gets in the way. Between severe weather, personal emergencies, illness, and worker wellbeing, employees need to be able to work from home for a variety of reasons.

  • Enable everyone to work from off-site locations.
  • Ensure all employees feel welcome to work from home when needed.
  • Install robust endpoint security on all devices so employees and data stay safe.
  • Give all employees access to a VPN to help protect corporate data, wherever they connect.
  • Implement measures to back up data saved on local devices while workers are remote.
  • Add collaboration tools so teams can continue to work together while physically separated.
  • Warn employees about phishing and BEC. Share the Cyber Resilience Tips for Individuals we included above, and encourage employees to be extra vigilant about unexpected invoices or other financial requests. Even when we’re all remote, it only takes a quick phone call to verify the legitimacy of an unusual request.

Be prepared for threats to your data.

From modern cyberattacks to natural disasters and physical damage, there are a lot of threats to your critical business data.

  • Protect all endpoint devices, including computers and servers, with next-generation cybersecurity solutions.
  • Create a data backup process for data availability at alternate business locations when the main office is closed.
  • Implement high-availability data replication and migration safeguards ensure data is available, no matter what happens.
  • Add protection for Microsoft Office 365 and other collaboration platforms so content stored and shared in the cloud stays safe.
  • Use a solution that includes device monitoring, tracking, and remote erase functionality so lost or stolen devices can be located or wiped.
  • Empower employees to become a strong line of defense by educating them about cybersecurity and data safety risks.
  • Make sure to use RDP solutions that encrypt the data and use 2FA authentication when remoting into other machines as the presence of an open port with RDP was associated with 37% greater likelihood of a ransomware attack.

Our Commitment to Resilience

Rest assured, we’re practicing what we preach. All of our global employees are able to work from home securely. In these crazy times, it’s more important than ever to redouble our focus on helping each other. At Webroot, we feel it’s our social responsibility to do what we can to keep one another safe, both online and offline. We hope you’ll join us in our commitment to resilience. Stay safe and healthy, everyone.

5 Security Tips for Setting Up a New Device

Reading Time: ~ 3 min.

The last thing you want to do when you get a new computer, mobile device, or tablet is spend a lot of time setting it up. But like any major appliance, these devices are something you want to invest a little time setting up properly. Often, they’re not cheap. And you want them to last. So, before you jump online and start shopping, gaming, or browsing, take some time to ensure your device is ready for anything the internet can and will throw at it.

There’s a caveat, though, of which Webroot security analysts are quick to remind users. “Even if you’ve taken every precaution when it comes to configuring your new device,” says Webroot Threat Research Analyst Connor Madsen, “it’s important to remember that proper online etiquette is essential to your security.”

“Clicking on links that don’t seem quite right, opening attachments from unknown senders, or otherwise ignoring your best security instincts is a good way to undermine any effective online security protection.”

Connor Madsen, Threat Research Analyst

For best results, in addition to the warning issued above, here are five tips for making sure your device, and the important files stored within it, are safe from common risks.

#1 – Update software

The first thing you’ll want to do is make sure the operating system on all your devices is up to date. One of the most common methods hackers use to launch attacks is exploiting out-of-date software. Failing to install periodic patches and software updates leaves your new device vulnerable to the numerous threats lurking on the web. Depending on how old and out-of-date your device is, it may take a while for applications to update. However long it takes, it’s preferable to the hassle and expense of having to undo an infection after it’s bypassed your security perimeter.

#2 – Enable firewall

Speaking of your security perimeter, the first line of defense along that perimeter is your firewall or router, if you’re using one. A router works as a firewall for the devices connected to it. But, if you’re not using a router, make sure your firewall is enabled to protect you from malicious traffic entering your network. This is different from an antivirus, which protects you from malicious files.

#3 – Install antivirus

Malicious files can be disguised as attachments in an email or links on the web, even the apps you download. So, it’s important to have an antivirus solution to protect your new computer. Malware attacks like ransomware make constant news these days. And everyone’s a target, from individual users to local businesses, hospitals, or municipalities. The cybercriminals launching these attacks are constantly changing, evolving threats to be more sophisticated and harder to detect. That’s why it’s important to keep your antivirus as up-to-date as your operating system and other applications.

#4 – Back up

Once you have your operating system and applications updated, your firewall enabled and an effective anti-virus application, you can begin using your computer safely. But there’s one more thing you need to consider if you’re going to be creating and storing important documents and work material on your new machine. Any new files on your computer will need to be backed up. That’s when you make a copy of the contents on your machine and store it in a safe place just in case you lose the original or it becomes infected by a virus. Since no single security solution can be 100 percent effective, it’s best to have a backup copy of important files. The thing is, you don’t want to have to decide what’s worth backing up and what’s not. That’s far too labor-intensive and it introduces the possibility of human error. Your best bet is to use a solution that’s designed for this purpose. A true backup solution protects files automatically so you don’t have to remember what you copied and what you didn’t. It also greatly simplifies file recovery, since it’s designed for this purpose.

#5 – Wipe your old device

Just because you have a shiny new toy doesn’t mean you can forget about your old machine. Before you relegate it to the scrap heap, make sure there’s nothing important or confidential on it you wouldn’t want someone to have access to. You could have old passwords saved, tax records, or sensitive work documents that you wouldn’t want shared. The best way to do this is to wipe the contents of your old device and reinstall the operating system from its original state.

Seem overwhelming? If so, it’s best to remember that one of your strongest cybersecurity tools is common sense. While things like an antivirus and backup strategy are essential for maintaining good cyber hygiene, remember Madsen’s advice.

“If it seems like an offer that’s too good to be true, or something about a link or file just doesn’t seem right, don’t click or download it. Trust your instincts.”