Featured Posts

A Chat with Kiran Kumar: Webroot Product Director

The process of bringing a cybersecurity product to market can be long and tedious, but Kiran Kumar, Product Director at Webroot, loves to oversee all the moving parts. It keeps him on his toes and immersed in the ever-changing world of security technology. We sat down...

How To Keep Better Tabs on Your Connected Apps

Not that long ago, before data breaches dominated daily headlines, we felt secure with our social media apps. Conveniently, every website seemed to allow logging in with Facebook or Twitter instead of creating a whole new password, and families of apps quickly became...

Four Tips to Help Tidy Up Your Tech

This spring, many of us will roll up our sleeves and get down to business decluttering our homes. Garage sales will be held, basement storage rooms will be re-organized, and donations will be made.  Shouldn’t the same thing happen in our digital lives? After all, the...

A Chat with Kiran Kumar: Webroot Product Director

Reading Time: ~4 min.

The process of bringing a cybersecurity product to market can be long and tedious, but Kiran Kumar, Product Director at Webroot, loves to oversee all the moving parts. It keeps him on his toes and immersed in the ever-changing world of security technology.

We sat down to chat with Kumar about his #LifeAtWebroot, heard how he got to where he is today, and why he’s loved every minute of his journey.

Tell us about your role as a Product Director.

I’m the product director for our network portfolio of products. This includes Webroot DNS Protection, FlowScape, and our next-gen security solution. I’m also responsible for the overall solutions platform, the next-gen solution we are working on.

What does a typical week look like for you? 

My typical week ranges from working with customers on concept validation or case studies, to presenting at events. I’ll help customers with damage control, provide assurance of the product, or pitch Webroot solutions. I would say that at least 40-50% of my job is working with the engineering team on the next product release. The key is to stay on top of everything and keep my eyes and ears open because it’s the product director’s responsibility to make things happen. You must be able to collect information from different stakeholders, bring it all together, and prioritize. Sometimes no one reports to you, but you still have to bridge the gaps and constantly negotiate, make decisive trade-off decisions, get buy-ins, etc. That’s the key to being a strong product director. I spend time with a lot of people both inside and outside: marketing, sales, sales engineering, customer success, public relations, analyst relations, you name it. It’s a matter of constantly juggling and prioritizing.

What is your favorite part of working as a Product Director?

I enjoy being able to make a difference. Also, the satisfaction of building relationships with all these different groups of people and rallying them to achieve a common goal is really satisfying. You have to take everyone else’s opinion, along with your own, and figure out the best the direction to move in. All of that starts with the product. It’s a key part of every organization. I love seeing all the work that goes into bringing a product to market. The ability to make an impact and visibility into projects is tremendous.

What have you learned in this role? 

I think one of the biggest pieces of advice that I can give, and that I’m continuing to work on myself, is that building relationships is absolutely critical to success. You have to use negotiation skills, persuasion tactics, and figure out how to rally the whole troop. I’d say that’s critical in many areas of business. Also, you need to constantly have a sense of curiosity and willingness to challenge yourself. Good enough is not good enough. Ask questions and take ownership of things. One great thing about Webroot is that everyone is open to questions and collaborating to find answers.

What is the hardest thing about being a Product Director?

The most challenging thing about the job is staying levelheaded. Every day you need to be flexible and willing to adapt because a hundred different things will be thrown your way and you need to be prepared to handle it. You can’t be flustered. Another challenge is figuring out how to work quickly. One of the hardest things is working through problems and getting them solved in the time that I want — quickly.

Is this what you expected to be doing in your career?

After graduating from college, I never expected that I would be a product director, but I was at the right place at the right time. I started at a technology consulting company and was placed at a security company. I started doing business analysis, and that’s still a part of my job, but product management is more inclusive of business analysis, product management, market research – everything this position entails. I didn’t like programming as much. I couldn’t sit behind a computer all day – that’s just not my personality. Now I’ve been in the industry about 16 years, and I have to say I have had the best time working at Webroot.

What makes working at Webroot so amazing? 

One benefit to being located in our smaller San Diego office, besides the weather, beach, and beer, is I’ve been able to see it grow. We have about 90 people in this office and I know everyone. The people at Webroot are really friendly and helpful, so it’s easy to feel welcomed. The Webroot culture is very open and not hierarchical. Since I’ve been here I’ve been able to talk to anyone, including any executive. I am super passionate about the products I support and the audiences we help – SMB/MSP.

Best career advice you’ve received? How have you seen that advice playing out in your own career? 

For someone who’s starting fresh and getting into product management, I would say to be open, be flexible, and constantly seek to challenge yourself. Soak in as much as you can. For people more senior, I would say to continue with relationship building and be mindful of how you can make the biggest impact. This position isn’t about having an MBA and writing up numbers. It is very technology focused and it’s all about being able to adapt and able to provide solutions, not just numbers.

What’s your favorite patio? (Place to go when it’s nice outside, place to get a drink.)

There’s a really nice brewery close to the office called Ballast Point. The team goes there a lot. But my favorite food is Mexican and I love hole-in-the-wall places. There’s one restaurant in the Torrey Pines area called Berto’s that’s awesome. It’s not fancy, but their veggie burrito keeps me coming back.

To learn more about life at Webroot, visit https://www.webroot.com/blog/category/life-at-webroot/.


How To Keep Better Tabs on Your Connected Apps

Reading Time: ~5 min.

Not that long ago, before data breaches dominated daily headlines, we felt secure with our social media apps. Conveniently, every website seemed to allow logging in with Facebook or Twitter instead of creating a whole new password, and families of apps quickly became their own industry. Third-party apps and games on social media platforms (remember Farmville on Facebook?) were allowed profile access en masse. Trivia games, horoscope predictions, personality quizzes — all seemingly secure and engaging diversions — let social media users enable some type of third-party app.  

Unfortunately, we now know that this left many of us, and our data, exposed to a potential breach

So we turned to Randy Abrams, Webroot’s Sr. Security Analyst, for insights on how to keep third-party app breaches in check. The trick to keeping yourself and your loved ones safe? Information silos, both on and off of social media. 

“As a rule, I leave my apps in silos, meaning I severely limit their connectivity level — especially when it comes to accessing my mobile device, “Abrams says. “Apps for email, texting, and calling people do have a reasonable need for access to your contacts on the phone. Most other apps, such as social media apps do not need to be able to look up your unsuspecting friends.”  

Limiting the access your apps have to their direct functions will help keep you and your loved ones safe. Here’s how to get it done. 

Mobile App Permissions 

Limiting your app’s permissions may seem like a chore, but it is the best way to keep breaches from expanding in scope. We’ve put together a mobile app permissions crash course to help you silo your sensitive data quickly and easily. 

For Android Users 

To monitor and edit an existing application’s accessibility permissions on your device, go to your Android’s settings and tap Apps & Notifications. From there, you will be able to locate all the applications that are active on your device. When you’ve located the application whose permissions you would like to edit, simply tap the app and then tap “Permissions” to view and edit its current permission settings. 

To review an application’s accessibility permissions before you install it on your device from the Google Play Store, tap on the app you’d like to install and click Read more to bring up its detail page. Scroll to the bottom and tap App permissions to review the app’s requested permissions. After you install and open the application for the first time, you will be prompted to allow or deny application permissions (like access to your contacts or location). You can always edit the application’s existing permissions later using the steps outlined above. 

For iOS Users 

To monitor and edit an existing application’s accessibility permissions on your device, go to the settings app Privacy to see all the permissions available on your phone (like location services and camera access). Select the permission set you would like to review to see all of the applications with access, and revoke any permissions you’re not comfortable with. 

To review an application’s accessibility permissions at install, simply open the app and begin using it. The app will request permissions, which you can either allow or deny. You can always revoke permissions after they have been granted by following the steps outlined above. 

Preventing social media applications from gaining unnecessary access to your mobile data could help stop data breaches from spreading. But it won’t stop the breaches themselves from happening. Leaving apps enabled entails large-scale security issues — not only for ourselves, but also for friends and family connected with us through social media. When we connect apps to our social media profiles, we expose not just our information, but the shared information of a broader network of connections — one that expands well beyond our immediate circles. In a startling example, only 53 Facebook users in Australia downloaded Cambridge Analytica’s infamous thisisyourdigitallife app, but a total of 311,127 network connections had their data exposed through those users. That amount of collateral damage is nothing to scoff at. 

Removing Third Party Apps 

“Facebook is the company best known for leaking extensive amounts of data about users, usually by default privacy settings that allow third-party apps to access as much user data as possible,” says Abrams. “Most users had no idea they could control some of what is shared and would have a difficult time navigating the maze to the settings.” 

Facebook 

Facebook made a few reform efforts to help make managing third-party access to your account a little bit easier. Click on Settings from the account dropdown menu, and then select Apps and Websites. This should take you to a dashboard that will show your active, expired, and removed apps. It will also give you the option to turn off the capability for any third-party apps to connect with your profile. 

Twitter 

From your account dropdown, click on Settings and privacy. Click on the Apps and devices tab, which will show all of the apps connected to your account. You can see the specific permissions that each app has under the app name and description. To disconnect an app from your account, click the Revoke access button next to the app icon. 

Instagram 

From a web browser, log in to your account and click the gear icon next the Edit Profile button. Select Authorized Apps to see all of the apps connected to your account. Click the Revoke Access button under an app to remove it from your account. 

Building Secure Social Media Habits 

Monitoring the access levels of your connected apps is a good start to keeping yourself and your loved ones secure, but it’s not always enough. 

“It must be assumed that all third-party apps are collecting all of the information on the platform, regardless of privacy settings,” warns Abrams. 

Establishing secure social media habits will continue to help keep you secure after you’ve reviewed your app permissions. This means conducting regular audits of the third-party app permissions associated with all of your social media accounts and — slightly more arduously — thoroughly reading the privacy policies of any third party apps before you connect them. 

“If a person is going to use apps in conjunction with social media platforms, it’s important to understand their privacy policies,” say Abrams. “Unfortunately, with many apps, the privacy policy may not be shown until the app has been installed, and may not even be visible on the developer’s website. When the policy can be located, you’ll often find the user’s friends’ privacy is collateral damage in the agreement. It is up to the individual choosing to decide if their friends’ privacy is acceptable collateral damage. Unfortunately, few know how to obtain the information required to make an informed decision. 

“Without reading the privacy policies you cannot know to what extent your friends’ private information will be shared, “adds Abrams. “Remember, it isn’t just their names you are sharing, it is part of the data aggregation they are already subjected to. Simply letting an app know you are friends provides more information than just their names. It helps app companies build more robust profiles.” 

Stay Vigilant and Informed 

Don’t allow your data or your network to be used beyond your wishes or against your will. Take charge of your data security, and protect your friends by conducting regular audits of your third-party app permissions. Before you connect any new apps, settle down with a little light reading and thoroughly vet their privacy policy. Given how intertwined our digital lives have become, the cybersecurity of our closest friends and loved ones could well depend on it. 

Four Tips to Help Tidy Up Your Tech

Reading Time: ~4 min.

This spring, many of us will roll up our sleeves and get down to business decluttering our homes. Garage sales will be held, basement storage rooms will be re-organized, and donations will be made. 

Shouldn’t the same thing happen in our digital lives? After all, the average American will spend the bulk of their waking hours parked in front of some sort of screen—flipping , swiping, and clicking away. A little tidying up of data and online habits can go a long way toward enhancing your digital security andpeace of mind. 

So here are a few tips for tidying up your tech designed to make you ask not only: “Does this bring me joy?” but also, “does this make me more secure?”  If not, consider purging apps, connections, and permissions that could leave you more susceptible to a breach. If you answer yes, make sure you’re taking the necessary steps to protect it.

Turn off Bluetooth when it’s not in use

Since the Blueborne family of vulnerabilities was discovered in 2017, deactivating Bluetooth when not in use has become standard security advice. With the increasing adoption of home IoT devices, the consequences of ignoring that advice have only risen. 

Bluetooth connections are like a lonely person on a dating site; they’re in constant search of a connection. When Bluetooth-enabled devices seek out the wrong sources—that of a cybercriminal, say—they are vulnerable to exploitation.

“Smart speakers and other IoT devices may introduce convenience to our daily lives,” says Webroot Security Analyst Tyler Moffitt. “But they’re also a calculated risk, and even more so for knock-off devices whose manufacturers don’t pay proper attention to security. Minimizing the time Bluetooth is on helps to manage that risk.”

Or, as Webroot VP of engineering David Dufour put it to Wired magazine soon after the discovery of Blueborne, “For attackers, it’s Candyland.”

Use a VPN to cloak your digital footprint

Shrouding your connection in a virtual private network (VPN) is especially important when accessing public or unsecured WiFi networks. Again, we make a trade-off between convenience and security when logging on to these “free” networks. 

Without additional protection, cybercriminals can spy on these unencrypted connections either by commandeering the router or by creating their own spoof of a legitimate WiFi hotspot, in a variation of a man-in-the-middle attack. From here, they’re free to monitor the data flowing between your device and the network. 

“It’s more than just the privacy violation of being able to see what you’re doing and where you’re going online,” Moffitt explains. “Cybercriminals can lift sensitive data like banking login credentials and drop ransomware or other malicious payloads like cryptojackers.”

A VPN encrypts the traffic between your device and the router, ensuring your digital footprint is shielded from prying eyes. 

Keep apps updated with the latest software

While some apps are inherently sketchy, and users shouldn’t expect the app creators behind them to prioritize security, others introduce vulnerabilities inadvertently. When responsibly run, app developers address these security gaps through software updates.

Take the cultural phenomenon Fortnite, for example. The game that drove its parent company, Epic Games, to an $8 billion valuation was found at the beginning of the year to contain multiple vulnerabilities that would have allowed malicious actors to take over player accounts, make in-game purchases, and join conversations. Epic Games was quick to issue “a responsibly deployed” fix, but in this and similar instances, users are only protected after installing the suggested updates.

“I always recommend users keep both their apps and their mobile operating systems up to date,” says Moffit. “This is made easier by turning on automatic updates wherever possible and only downloading apps from reputable app stores, so you increase the chances that updates are timely.”

For more tips on protecting your smartphone from mobile malware, see our complete list of recommendations here.

Set up automatic cloud backups

Purging unused apps is a good principle for spring cybersecurity cleaning – like a box of old clothes you haven’t worn in decades, unused apps represent digital data containers you no longer need. But what about all that data you’d hate to lose—the pictures, videos, documents, and other files you’d be devastated to see disappear? Protecting that trove of data is another core tenant for tidying up your tech. 

Ransomware is one prime reason for keeping up-to-date backups of valuable data. It can strike anyone from college students to cities, and the list of those who’ve been burned is long and distinguished.

“The combination of an antivirus and a cloud backup and recovery solution is an effective one-two punch against ransomware,” Moffit says. “On the one hand, you make your device more difficult to infect. On the other, you become a less attractive target because you’re unlikely to pay a ransom to recover data that’s already backed up to the cloud and out of reach for ransomware.”

Natural disasters and device theft—two contingencies even the tightest cybersecurity can’t account for—are prime reasons to make sure backups are in place sooner, rather than later. Cloud backup is more secure and affordable than ever, so it makes sense to back up anything you couldn’t stand to lose, before it’s too late. Want more tips for cybersecurity spring cleaning? Download Webroot’s full checklist for tidying up your tech.