Home + Mobile

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

The Importance of Mobile Security for Safe Browsing

Nov 4, 2020 | Home + Mobile

Mobile devices have become an indispensable part of our lives. By the time we’re teenagers, we’re already tethered to technology that lives in our pockets and connects us to a network far larger than we ever imagined possible. Because of the way we interact with our phones, it knows our likes, curiosities and vulnerabilities, in addition to our passwords, financial data and most closely held secrets. This seemingly infinite amount of data also makes our mobile devices highly attractive targets for malicious actors. That’s why it’s critical to protect phones from threats.

A successful attack on your phone could compromise your personally identifiable information (PII), banking accounts and even your professional life or the success of your business. Just like you lock the doors of your house when you go away, or your storefront after business hours, you should take care to secure the entry points that cybercriminals use to gain access to the data on your phone.

WiFi and Mobile APP threats

The convenience and ubiquity of public WiFi and mobile apps are also their greatest weakness. With unsecured public WiFi, you can never be sure if you’re connecting directly to a secure hotspot or to a hacker, who is stealing your information and relaying it to another malicious actor. Before you connect to an unfamiliar public WiFi network, follow these best practices to reduce the chances of compromising yourself:

Use a virtual private network (VPN) instead – VPN is highly recommended for all business communications. VPN keeps your network and Wi-Fi communications encrypted, which makes it much harder for hackers to access.

Disable sharing on all apps – While you may be comfortable sharing your location with apps when you’re on a secure connection, consider disabling it in system preferences or settings when you’re connecting to public WiFi.

Verify all public WiFi networks – Hackers can easily set up a public WiFi that looks like it’s owned by the proprietor. Before you connect to “Java House Guest WiFi,” ask someone behind the counter the exact name of their WiFi network.

Plug Bluetooth vulnerabilities – Hackers often use Bluetooth connections to infect or steal files. This puts personal data at risk when using Bluetooth. These attacks involve using the device for phone calls or text messages, or using Bluetooth functionality to find deeper vulnerabilities in the phone system or to steal data stored on the phone. Similar exploits exist for Apple users through the AirDrop feature. The best way to plug theses vulnerabilities is to turn off Bluetooth or AirDrop when not in use, keep your software up to date, only pair with trusted devices and use a VPN to encrypt your data and hide your identity.

Disable auto-join for open networks – Public WiFi networks are ideal environments for a range of cybersecurity attacks, including rogue networks, man-in-the-middle attacks, viruses, and snooping or sniffing. To prevent the likelihood of these attacks, remote users should turn off Wi-Fi auto-connect settings for public WiFi networks.

With more than 120 million Android users, Android malware continues to be a real and increasingly common threat. Google has already pulled a large number of malicious apps from the Play store. But the open nature of the Android operating system makes it an easy play for hackers. The year 2020 has been a particularly risky one for mobile app users. A few of the more dangerous mobile threats in circulation include:

Joker – Since 2019, Joker has been stealing credit card information and banking credentials by simulating other legitimate apps.

CryCryptor – Based off the open-source ransomware CryDroid, this mobile variant has been spotted masquerading as a COVID-19 tracing app.

EventBot – This malicious app abuses accessibility features to steal user data, and reads and steals SMS messages to bypass two-factor authentication.

Dingwe – This modified remote access tool is capable of controlling a device remotely. Samples have been found impersonating as COVID-19 tracing apps.

Many of these malicious operators use various tricks to evade detection. Since Android devices can come with hundreds of apps pre-installed, there’s a high potential for security gaps that a malicious app maker could exploit.

#1 Defense Measure: Update the OS

One of the major vulnerabilities with Android devices is outdated software. More than 40% of Android devices are using an OS version older than v9. This makes them more vulnerable to malicious applications.

Webroot® Mobile Security can help improve your mobile defenses without impacting your browser speed. It allows you to browse, shop, search, bank or use social networks, all while blocking malicious websites that try to steal your personal information. Webroot® Mobile Security includes proactive identity protection features, which block malicious sites that try to steal your personal info or harm your device. With Webroot® Mobile Security, you can hide your digital footprint and your browsing history through private browsing mode.

Hone Your Cybersecurity Superpowers with Tips from Wonder Woman

Oct 21, 2020 | Home + Mobile

October 21 is Wonder Woman Day. It commemorates Wonder Woman’s first appearance in All Star Comics #8. With the upcoming release of Wonder Woman 1984, we took the opportunity to talk superheroes, superpowers and protecting data with our very own Briana Butler, Engineering Services Manager at Webroot.

Q: Wonder Woman got her powers from her divine mother, Queen Hippolyta. How did you get your data protection superpowers?

I had a reboot in life. I was previously a retail buyer then I went back to school for computer science and ended up switching to the business school. I was hired at Webroot to be a bridge between engineering and business – you have to have people that can speak both languages – and that’s exactly what I wanted to do and what I was trying to forge with my new career.

I first began as a data analyst, which meant working on privacy compliance, GDPR, CCPA, and data mapping, understanding where data is stored and processed, and who has access to it. My latest role is as an Engineering Services Manager, meaning I help engineering and product with personnel and hiring needs, ISO certification and making sure our development teams receive the training they need to stay up to date with the fast pace of tech.

Q: Wonder Woman had several superpowers, or super powerful gadgets, like indestructible bracelets and a lasso that forced people to tell the truth. Is cyber resilience a superpower?

Every superhero has different talents or powers. When we think of cyber resilience, it’s sort of like our own personal toolbox of powers that we can use against malicious actors who want to take our data and make money off it.

Our toolbox of cyber resilience includes basic best practices like knowing how to create a strong password, not clicking every link that comes into your email inbox and daily behaviors of how to navigate and defend yourself online. The goal is to live your best digital life confidently, without disruption.

Q: What about our data? Does that give us any powers that we wouldn’t have without it?

I think it’s more about understanding the power data has if we give it away. When we give people access to our data, that’s when it becomes powerful. Whether it’s corporations or malicious actors, when we willingly hand out our data, that gives it power because then, they know things about us. I talk a lot about privacy and why everyone should be more critical and cognizant of the data they’re sharing. We share a lot more than we realize. It’s time for all of us to understand what we’re sharing and then decide if we, personally, really want to share it.

Q: Wonder Woman encountered her fair share of comic strip villains, like the Duke of Deception, Doctor Psycho and Cheetah. Who are the villains in the digital world?

They’re the malicious actors and cybercriminals who would take your data and sell it on the open market. It could even be the person trying to get access to your Hulu account. There are also nation-state actors and the companies you buy things from. There’s a huge spectrum of villains, and they all want your data. There’s big money in data. So, it’s important that you’re aware of what’s being shared.

I’ve started reading privacy policies – those long, convoluted legal documents – to see if I can understand where I’m going to be sharing my information and make a more conscious decision.

For one large social platform, when I went through it, I started asking myself, am I really okay sharing this information? Do I really need this service or platform? Is it necessary in exchange for what I’m about to share with them? In the end, I didn’t sign up for it.

I’ve also gone through the frustrating and somewhat time-consuming act of cleaning up all my passwords and using a password manager. Most people say they have anywhere from 15 to 20 password-protected accounts. But when I went through all the places I’ve shared my password, it was upwards of 100!

One of my favorite topics is password strength. We recently did an analysis of password configurations with Maurice Schmidtler, our head data scientist, who created a Monte Carlo simulation. We took what you usually see when you’re told to create a password – like using uppercase and lowercase letters or special symbols – and applied those within the simulation. What we found was that the more constraints you put on a password, the fewer viable options you have for a strong password, meaning it decreases the number of good password options. Whereas if you focus on creating a strong password, where length is more important than the various character-type constraints, you’ll end up with a much stronger password. Length is strength because it takes more computing power to break.

Q: Wonder Woman was a founding member of the Justice League. So, even she needed the help of a squad to defeat the villains. Do we need help from a squad to be more cyber resilient?

We all need assistance because as humans, we are fallible. Inevitably, someone might click on a malicious link, or some unforeseen event might happen where you need a backup that’s going to allow you to recover data instead of losing it permanently.

When it comes to ransomware, or really any other attack, you need awareness. That’s why we encourage proactive education and regular security awareness training, so people truly understand the threat landscape and how to identify the most prevalent types of attacks.

Q: At one point in the story, Wonder Woman surrendered her superpowers and used fighting skills instead. In what ways do we surrender our powers when it comes to cyber resilience?

Oversharing content or data about yourself, your name or address are surefire ways to surrender power in the digital age. All these things identify you and allow criminals to gain insight that can be used against you through social engineering.

You’re also surrendering power when you practice poor cyber hygiene, like repeating passwords across multiple logins. Once a cybercriminal gains access to one login, they can discover more details about you and use it elsewhere. For example, you may not be worried about a criminal getting access to your Netflix account, but if you use the same password there as you do with your bank, then the situation just became much more serious.

You also surrender power by not protecting your home network and not using VPN when you’re on public Wi-Fi. People often think “it won’t happen to me,” until it’s too late. And recovery can be costly and time-consuming. That’s why implementing layers of protection up front strengthens cyber resilience and helps keep your digital life easy, secure and free of complications.

Q: Are you going to watch the new Wonder Woman movie?

Oh sure! I will because I’ve seen all the other ones. I’m a big fan of Guardians of the Galaxy. And, of course, I love Iron Man. And I was a big fan of Black Panther, too. Doctor Strange is also one of my faves.

Q: If cybercriminals were villains from Wonder Woman, who would they be?

The Duke of Deception! Hackers, cybercriminals and nation-state actors are constant antagonists, and that’s exactly who we defend our users against.

What you Should Know About Chatbots and Cybersecurity

Sep 22, 2020 | Home + Mobile

People’s fears and fantasies about artificial intelligence predate even computers. Before the term was coined in 1956, computing pioneer Alan Turing was already speculating about whether machines could think.

By 1997 IBM’s Deep Blue had beaten chess champion Gary Kasparov at his own game, prompting hysterical headlines and the game Go to replace chess as the symbolic bar for human vs. machine intelligence. At least until 2017 when Google’s AI platform AlphaGo ended human supremacy in that game too.

This brief run through major milestones in AI helps illustrate how the technology has progressed from miraculous to mundane. AI now has applications for nearly every imaginable industry including marketing, finance, gaming, infrastructure, education, space exploration, medicine and more. It’s gone from unseating Jeopardy! champions to helping us do our taxes.

In fact, imagine the most unexciting interactions that fill your day. Those to-dos you put off until it’s impossible to any longer. I’m talking about contacting customer support. AI now helps companies do this increasingly in the form of chatbots. The research firm Gartner tells us consumers appreciate AI for its ability to save them time and for providing them with easier access to information.

Companies, on the other hand, appreciate chatbots for their potential to reduce operating costs. Why staff a call center of 100 people when ten, supplemented by chatbots, can handle a similar workload? According to Forrester, companies including Nike, Apple, Uber and Target “have moved away from actively supporting email as a customer service contact channel” in favor of chatbots.

So, what could go wrong, from a cybersecurity perspective, with widespread AI in the form of customer service chatbots? Webroot principal software engineer Chahm An has a couple of concerns.

Privacy

Consider our current situation: the COVID-19 crisis has forced the healthcare industry to drastically amplify its capabilities without a corresponding rise in resources. Chatbots can help, but first they need to be trained.

“The most successful chatbots have typically seen the data that most closely matches their application,” says An. Chatbots aren’t designed like “if-then” programs. Their creators don’t direct them. They feed them data that mirrors the tasks they will expected to perform.

“In healthcare, that could mean medical charts and other information protected under HIPAA.” A bot can learn the basics of English by scanning almost anything on the English-language web. But to handle medical diagnostics, it will need to how real-world doctor-patient interactions unfold.

“Normally, medical staff are trained on data privacy laws, rules against sharing personally identifiable information and how to confirm someone’s identity. But you can’t train chatbots that way. Chatbots have no ethics. They don’t learn right from wrong.”

This concern is wider than just healthcare, too. All the data you’ve ever entered on the web could be used to train a chatbot: social media posts, home addresses, chats with human customer service reps…in unscrupulous or data-hungry hands, it’s all fair game.

Finally in terms of privacy, chatbots can also be gamed into giving away information. A cybercriminal probing for SSNs can tell a chatbot, ‘I forgot my social security. Can you tell it to me?’ and sometimes be successful because the chatbot succeeds by coming up with an answer.

“You can game people into giving up sensitive information, but chatbots may be even more susceptible to doing so,” warns An.

Legitimacy

Until recently chatbot responses were obviously potted, and the conversations directed. But they’re getting better. And this raises concerns about knowing who you’re really talking to online.

“Chatbots have increased in popularity because they’ve become so good you could mistake them for a person,” says An. “Someone who is cautious should still have no problem identifying one, by taking the conversation wildly off course, for instance. But if you’re not paying attention, they can be deceptive.”

An likens this to improvements in phishing attempts over the past decade. As phishing filters have improved—by blocking known malicious IP addresses or subject lines commonly used by scammers, for example—the attacks have gotten more subtle. Chatbots are experiencing a similar arms-race type of development as they improve at passing themselves off as real people. This may benefit the user experience, but it also makes them more difficult to detect. In the wrong hands, that seeming authenticity can be dangerously applied.

Because chatbots are also expensive and difficult to create, organizations may take shortcuts to catch up. Rather than starting from scratch, they’ll look for chatbots from third-party vendors. While more reputable institutions will have thought through chatbot privacy concerns, not all of them do.

“It’s not directly obvious that chatbots could leak sensitive or personally identifiable information that they are indirectly learning,” An says.

Chatbot security and you – what can be done?

1. Exercise caution in conversations

Don’t be afraid to start by asking if a customer service rep is a real person or a bot. Ask what an organization’s privacy policy says about chat logs. Even ask to speak with a manager or to conduct sensitive exchanges via an encrypted app. But regardless, exercise caution when exchanging information online.

“It used be any time you saw a web form or dialogue box, that heightened our caution. But nowadays people are publishing so much online that our collective guard is kind of down. People should be cautious even if they know they’re not speaking directly to a chatbot,” An advises.

In general, don’t put anything on the internet you wouldn’t want all over the internet.

2. Understand chatbot capabilities

“I think most people who aren’t following this issue closely would be surprised at the progress chatbots have made in just the last year or so,” says An. “The conversational ability of chatbots is pretty impressive today.”

GPT-3 by OpenAI is “the largest language model ever created and can generate amazing human-like text on demand,” according to MIT’s Technology Review and you can see what it can do here. Just knowing what it’s capable of can help internet users decide whether they’re dealing with a bot, says An.

“Both sides will get better at this. Cybersecurity is always trying to get better and cybercriminals are trying to keep pace. This technology is no different. Chatbots will continue to develop.”

Cybersecurity Tips for a Happy National Video Games Day

Sep 11, 2020 | Home + Mobile

This year more than others, for many of us, it’s gaming that’s gotten us through. Lockdowns, uncertainty, and some pretty darn good releases have kept our computers and consoles switched on in 2020. GamesIndustry.biz, a website tracking the gaming sector, reported a record number of concurrent users on the gaming platform Steam for several weeks as the lockdown went into effect.

According to NationalToday.com, the authority for such days, video games are an $18 billion industry that trace their origins to the halls of prestigious educational institutions like Oxford University and MIT. Not surprisingly given, the nature of our work, they’ve captured the hearts and imaginations of a good number of here at Webroot. But again, due to the nature our work, we’re well attuned to video game-related hacks and scams.

This March, 66 malicious gaming apps were discovered to have evaded reviewers and found their way into the Google Play store. In April, just as coronavirus was beginning to keep most of us indoors, Nintendo was breached and the accounts of more than 300,000 gamers were compromised. Phishing attacks posing as gaming platforms have risen significantly during this time period.

But too often we hear from gamers that they don’t use an antivirus. With all the time gamers spend online, especially PC gamers, this is a big risk. Many of the reasons we hear for not using an antivirus, in fact, are based on misconceptions.

So, to clear up some of those misconceptions, and to provide some tips for spending National Video Games Safely, we sat down with cybersecurity expert and resident gamer Tyler Moffitt to get his advice.

What kinds of security threats do gamers face?

Not running any security is the main one. It’s a big problem within the gaming community. There are also tailored phishing attempts for online games where accounts can be worth over $100. The happen on platforms including Blizzard, Steam, Epic, Riot and others.

Why do cybercriminals target gamers?

They can be a niche target when big things happen like major game releases. Halo, World of Warcraft, Grand Theft Auto, and Call of Duty have all been targets for scams. But PC gamers not running any antivirus solution other than built-in or free protection are asking for trouble.

Either by game or gaming type, what tends to be the biggest target for hackers?

The way most players are infected with actual malware and not just giving up account info is by downloading game hacks. These are usually aim bots or other ways to cheat at the game. In addition to making games less fun for other players, they endanger the cybersecurity of the individuals doing the cheating. Also, trying to download games for free on torrent sites is just asking for trouble…or a trojan

Any misconceptions about gaming security?

I’d the biggest one is that all antiviruses today will cause problems with gameplay. Many players imagine they’ll have issues with latency, or their frame rate will drop off significantly, and that’s just not true. While years ago this may have been the case with heavy installation suites and large daily definition updates, many anti-viruses has changed throughout the years to do all the heavy lifting in the cloud while still being lightning fast and accurate with threats. The amount of CPU, RAM and bandwidth usage of AVs while idle and during a scan are significantly lighter than they used to be.

What can gamers do to improve online security?

As I mentioned, running an antivirus is essential. There are lightweight options available that won’t impact gameplay. Also, I recommend enabling two-factor authentication on all accounts for online games whenever possible to reduce the risk of falling victim to a malicious hacker.

As a gamer yourself, anything else to consider or personal best practice to share?

Trying to cheat or download premium games for free, especially when prompted to by clickbait-type ads, will almost always lead to a scam or malware. There’s no such thing as a free lunch.

See how Webroot compares to competitors in terms of installation size, scan time, and resource use in in third-party performance testing here.

WFH for the Long Haul? These Tips Will Help You Create a Cyber Resilient Home Network

Aug 18, 2020 | Home + Mobile

Cyber resilience is being put to the test during the coronavirus pandemic. As more and more users work from home, it’s becoming increasingly difficult for IT teams to ensure uniform cyber security on home devices and networks that they don’t own or control. At the same time, cybercriminals are using the pandemic to launch more deceptive attacks. In this post, we’ll break down a few steps you can take to add resilience to your home network, so you don’t have to sacrifice security for convenience during the global pandemic. We cover all of these tips and more in our Work From Home Playbook.

The secure tunnel

We lose a measure of security the minute we step outside the protective shell of our corporate network. The average home network is significantly less secure than corporate networks. This leaves remote workers more vulnerable to attacks anytime they’re not connected to the corporate network.

Luckily, you can easily improve your at-home security by using a virtual private network (VPN). With a VPN, you can establish a secure tunnel between your home network and your corporate environment, making your home connection more immune to outsider attacks. A VPN extends your home network – or connection from the local coffee shop – across a public network, allowing you to interact with your corporate system as if you were connected directly to it. This allows applications to operate securely and encryption to be enabled within the connection, ultimately privatizing any data being shared or input.

Handshake hygiene

A clean handshake is healthier in the physical world. And it’s the same with the digital handshake between your home devices and your corporate network. Anytime someone from outside the network attempts to log on, there’s a risk the person isn’t who they say they are. Login credentials are stolen all the time. In many scenarios, all it takes is a username and password to gain access to the company network. Once inside, cyberthieves can unload malicious payloads or find additional user credentials to launch even more pernicious attacks. But by adding just one extra layer of security in the form of an additional checkpoint, it’s possible to thwart most attacks that rely on only a username and password.

That’s why multi-factor authentication (MFA) has become the go-to method for adding extra verification steps to confirm that the person logging on is truly who they say they are. With MFA, the user verifies their identity using knowledge only they have, like a password or answers to challenge questions. As an additional verification step, the user supplies an item, like a YubiKey or a one-time password sent to a mobile device. Lastly is an inherited characteristic unique to who the person, such as a fingerprint, retina scan, or voice recognition. In today’s highly regulated business environment, most businesses make MFA mandatory for employees logging in from outside the network.

First, second and third lines of defense

Cybercriminals have a full quiver of options when it comes to launching attacks. But the good news is that there are also multiple solutions for defending home systems against them. The best way to secure the home network is to use a multi-layered cyber resilience strategy, also known as defense in depth.

This approach uses multiple layers of security to protect home devices and the networks they’re connected to. Here’s what that looks like:

Backup – Backup with point-in-time restore gives you multiple recovery points to choose from. It ensures you can roll back to a prior state before the ransomware virus began corrupting the system.

Advanced threat intelligence – Premium antivirus protection is still the first line of defense. And antivirus that is backed by advanced threat intelligence, identification and mitigation is essential for preventing known threats from penetrating your system.

Patch and update applications – Cybercriminals are experts at identifying and exploiting security vulnerabilities. Failing to install necessary security patches and update to the latest version of applications and operating systems can leave your devices exposed to an attack.

Learn more

Cyber resilience while working from home is every bit as critical as working on-site. For more tips on how to add resilience to your home environment, and how to prepare your space for working from home long-term, download the Work from Home Playbook.

Cybersecurity and Back to (Virtual) School 2020: What You Need to Know

Aug 12, 2020 | Home + Mobile

Even though the 2020 Back to School season may look very different from those in years past, there are a few things that will remain the same. First, since Back to School is often when parents and caregivers stock up on new clothes, tech, and school supplies for students, it’s also when lots of stores (especially online retailers) run huge sales.

Second, there will be the customary spike in cyberattacks. In fact, the attacks on the Education sector are already up. The latest data from Microsoft shows that the Education sector has recently suffered more encounters with malware (over 5,000,000 in the last 30 days) than any other industry!

Since a lot of children and teens will be attending school virtually, either part-time or full-time, they’ll be spending even more time on the internet than they currently do. The more time they spend online, the higher the risk they face.

Here are the top threats to watch out for, as well as tips for how to help keep young learners safe during Back to (Virtual) School.

Phishing

According to Tyler Moffitt, security analyst at Webroot, “phishing isn’t going to go away any time soon. As tactics go, it’s an oldie, but goodie. Times of year when people do more shopping, like Back to School or Christmas, are a big draw for cybercriminals. We always see a spike in phishing during those times. And with more people shopping and streaming online during COVID-19, I’m betting we’ll see even more activity this year than we would normally expect.”

To underscore Tyler’s point, the latest intelligence from the Webroot BrightCloud® Real-Time Anti-Phishing service shows that phishing URLs targeting global streaming services have increased significantly. In March 2020 alone, we saw the following increases in phishing URLs, broken out by service:

Netflix – 525% increase
YouTube – 3,064% increase
Twitch – 337% increase
HBO – 525% increase

Not only should you and your young learner keep an eye out for email scams, but also bear in mind that phishing can happen through a variety of channels. Because many students will end up communicating mostly via online chat, text message (SMS), or social media, it’s important for us all to be extra vigilant about what we click, what we download, and what information we transmit.

Zoom-bombing

The rise in the use of Zoom and other videoconferencing platforms has also paved the way for malicious actors to cause trouble. While it’s named after Zoom, zoom-bombing as a term refers to the act of intruding on a video conference on any platform and creating a disruption, such as spreading hate speech, displaying pornography, and more.

Additionally, Webroot threat researchers have seen videoconference executable files (i.e. the file you run to launch the program) either faked or manipulated so that unwitting victims end up downloading malware.

Fake Websites and Spoofing

Webroot researchers have seen huge jumps in the number of fake websites out there, particularly those with “COVID” and related terms in their domain names. Tyler also warns us to be on our guard for website spoofing, which is when malicious actors create a fake version of a website that looks like the real thing.

“A lot of people will have to access specific websites and online systems for school and related activities,” he says. “Criminals will effectively set traps, so that a mistyped URL or a fake search result could land you on a fake page that looks completely real, only to steal your info or install malware on your system.”

How to Keep Yourself and Your Family Safe

Here are Tyler’s top tips for staying safe online through Back to School and beyond.

Use internet security software.
If you haven’t already, install internet security with antivirus on all your devices, especially those that will be used for schoolwork. Don’t forget about using a VPN to protect kids’ internet activity from prying eyes.
Update videoconferencing software.
Make sure children and teens are always using the most up-to-date versions of Zoom (or any other videoconferencing software) to ensure they have the latest patches to prevent malware distribution and disruptions.
Watch out for phishing in all its forms.
Talk to kids about phishing. Make sure you all know to look before you click. And remember, phishing scams can look just like a text message from a best friend, classmate, or teacher, so always be wary of messages that ask you to click a link or download a file. Use a secondary means of communication, like a phone call, to verify that these are legitimate.
Use your bookmarks.
Bookmark all required distance learning pages. Criminals may try to spoof these for phishing, especially if there is a popular portal that many schools use. Using a bookmark, instead of Googling and clicking a search result, will help ensure that your kids are on the right page.
Just say ‘no’ to macros.
If you or your kids download a document and it asks you to enable macros or enable content, DO NOT DO IT. This is very likely to be a malicious file that will infect your computer.
Use a secure backup.
When we’re all so reliant on our computers and other internet-connected devices to work and study, it’s extra important to make sure they’re backed up. Nobody wants to lose a term paper or other important documents to a malware infection, hardware failure, damage, loss, or theft. Save yourself the hassle and heartache by investing in backup software.

This Back to School season, it’s especially vital that we all do what we can to ensure children and teens have the skills, awareness, and security protocols to stay safe. By following these tips, you can help make sure they stay safe today, tomorrow, and beyond.

Summer fitness: Let’s get digital

Jul 16, 2020 | Home + Mobile

Summer is upon us. For some, summer is all about physical fitness. While exercise is essential to our overall well-being, we shouldn’t forget about our digital fitness, either. Just as our bodies serve our needs and help us go about our daily lives, so too do our computers and digital systems. And they deserve the time and effort it takes to make them as healthy as they can be. With that in mind, we talked with Webroot Security Analyst, Tyler Moffitt about digital fitness – and cyber resilience – for individuals and businesses. Be sure to add the following tips to your summertime fitness goals.

How is cyber resilience analogous to physical fitness?

Cyber resilience is all about having a robust security posture and making sure you take care of your digital presence with your internet-connected devices and accounts. These are all parallels with physical fitness in that it’s a life choice and not something you can just do only once in a while.

What are the things we can do to maintain healthy digital lifestyles?

Take care of devices and accounts, be it work or personal. Use two-factor or multi-factor authentication (2FA/MFA) whenever possible and never re-use passwords across multiple accounts. Using password phrases is one of the best ways to create long and unique passwords. Length is strength. Backing up and encrypting confidential data and using virtual private networks (VPNs) are great best practices as well.

What are the consequences of neglecting to maintain a healthy digital lifestyle for both individuals and businesses?

The risk of being infected with malware or having accounts breached skyrockets. This can then cascade to a whole organization, resulting in its data being held for ransom. Someone may even be held responsible and could perhaps even lose their job. There’s also a risk of criminals committing identity theft against you, which can be very costly.

Exercise is only helpful if it’s done on an ongoing basis. What ongoing practices should people be mindful of to protect themselves digitally?

A few things come to mind:

Use reputable layered security
Embrace user education
Lock down remote connections
Disable what you don’t use
Do inventory and patch management
Have multiple backups
Educate yourself and, if applicable, your workforce

We’re supposed to undergo regular doctor checkups to ensure we’re maintaining a healthy lifestyle. Are there “checkups” people can perform to gauge the status of their digital health?

Education! Specifically, security awareness training. We recommend phishing simulations to test yourself and ensure you can tell the difference between a standard, benign email and a phishing scam. Also, educational courses help you understand the current threat landscape and how criminals try to trick you. Cyberthieves are always adapting their approaches as people become more educated, so it’s important stay informed about the latest tactics.

There’s only so much we can do on our own before we have to seek medical intervention from a doctor. What are the scenarios where people may want to reach out to an IT expert to address a digital health issue?

Whenever you’re unsure of something, ask – just like you would with a doctor. If you’re unsure of something going on with your body, you would ask the doctor for more info. The same holds true for your digital life. If you receive an email that you think might be phishing but are unsure, don’t just click and hope for the best. Immediately ask an IT professional who can advise you. And do the same when handling or storing sensitive information. Make sure the methods you use to transmit and store data are encrypted. For handling business data, find out what your organization’s data retention policy is and make sure you’re complying with it.

Carry it forward

Summer motivates us to get fit more than other times of the year. But just like physical fitness is best when it’s practiced year-round, so is digital fitness. Cyberthieves don’t take breaks at any time of year. And neither should you when it comes to practicing good cyber resilience behaviors.

5 ways to reduce risky habits online

Jul 2, 2020 | Home + Mobile

After surveying more than 10,000 people in 50 states about their cybersecurity habits, we wound up with some pretty surprising results. Like the fact that tech experts demonstrate riskier behaviors than average Americans. But the most significant result of all was the fact that most Americans are more confident than they should be when it comes practicing good cyber hygiene. So, we thought this would be a good opportunity to highlight a few of the riskiest behaviors from the report and suggest ways to correct them and minimize your chances of falling for a cyberattack.

Small business owners beware

The problem – It’s not easy being a home-based business owner. Also known as very small businesses (VSBs), they’re often too busy and stretched thin just running their businesses. They often lack the time and resources to do everything they should to protect their important business files from online threats.

Risky habits – Around 80% of VSB owners use the same device for both work and personal use. In addition, 71% use the same password for their personal and business accounts, putting both their personal life and company at risk.

The fix – Owning separate devices for personal and small business use can be cost-prohibitive. But you can enforce better security by partitioning business files on your hard drive and creating a secure password to access those files. Make sure that password is different from any you’re using for personal use. Again, easier said than done in today’s world of password proliferation. If you’re struggling keeping track of all your passwords, consider using a password management app, especially for business files.

Knowing is half the battle

The problem – There is a gap between awareness and real understanding of cyber-related attacks. Most Americans can confidently explain phone scams but are not as equipped to explain malware or phishing. This indicates that Americans may not be as prepared to confront risks as they think.

Risky habits – Americans who never read the news are 70% less likely to recognize malware, phishing, ransomware or crypto-mining, and 51% less likely to be able to confidently explain these risks. Compare this with 89% of Americans who consistently consume technology news and can confidently explain common cybersecurity risks.

The fix – Not everyone can afford security awareness training, but if you’re a business, consider the cost and consequences of a data breach to your business. Regular security awareness training can significantly increase your ability to identify and prevent a malware or phishing attack. If you’re a consumer or VSB owner, you can easily find free sources of cybersecurity news (like this one!). As the report shows, being a regular reader of tech news can significantly raise your awareness and reduce your risk.

Digital defense and immunity

The problem – One in five Americans say they’ve been impacted by malware in the past year. While 61% of Americans say they’ve not been impacted, 18% aren’t sure. And with only 32% of Americans who feel they understand cyber-related attacks, it’s likely that many more have been impacted and just don’t know it.

Risky habit – Many businesses and users haven’t updated their defenses. They haven’t updated their antivirus protection to include cloud-based threat intelligence, AI and machine-learning (ML). Or they’re failing to install necessary patches to plug holes in applications. And they’re still running obsolete operating systems, like Windows 7 or Server 2008, leaving them highly exposed.

The fix – For today’s advanced threats, you need multiple layers of protection, including advanced antivirus as well as backup. Having just one of these layers is not enough. Perimeter protection with AI/ML functionality is critical for identifying polymorphic code that changes with each device it seeks to infect. Backup is essential for mitigating phishing attacks and disaster scenarios. Cybercriminals can also identify outdated operating systems. So, it’s worth the extra cost to update them, even if the hardware they’re running on is still functioning normally.

Identity theft

The problem – Poor cybersecurity often leads to identity theft. Failing to wipe a device before discarding it is one problem. So is sharing personal information on social media and video streaming sites. The more hackers know about you, the easier it is for them to impersonate you online.

Risky habits – A quarter of Americans have had their identity stolen, including 8% who have been a victim of identity theft more than once. Twice as many people who use mobile banking apps have been victims compared with those who don’t. Across industries, those in technology, banking and automotive are most likely to become victims of identity theft.

The fix – Cover your tracks wherever you go. Erase the contents on a device before discarding it. Beware of the personal information you reveal on social media. And be careful when using banking apps and websites. Use two-factor authentication (2FA) when using the app. If you’re using the bank’s website, go directly to it by typing the URL into your browser, or use a bookmark that you trust and have used before. Be careful when searching or googling the bank’s name, which could return a spoof site in the top results.

Something phishy

The problem – We knew phishing was a problem. In fact, it may be even bigger than our results indicate. A lot of users don’t know how to identify phishing scams. You can’t protect yourself from threats you don’t see coming.

Risky habits – According to the report, 36% of respondents claim to have fallen for a phishing scam. But more enlightening is that only 35% claim to know how to identify a phishing attack. Similar to the lack of understanding about cyber-related attacks in general, the report seems to indicate that phishing is far more prevalent than the data indicate.

The fix – Learn the tricks of the phishing trade, like bogus URLs and emails that ask you to confirm personal and banking information. Remember, bank logos can be easily faked. And banks won’t typically reach out to you for information they already have on file. If someone claiming to be from a bank contacts you by phone, call them back on an authentic customer service number from one of your banking statements.

Where to learn more

Want to read the complete 2020 state-by-state results? You can download a copy here. If you have any questions about improving your cyber security habits, feel free to reach out to us.

Why You Need More than Built-In Antivirus Protection

Jun 23, 2020 | Home + Mobile

Most major tech blogs have run some variation of the following headline in recent months: Is it worth paying for an antivirus solution anymore?

The insinuation, of course, is that built in antivirus solutions for Mac and Windows machines have progressed to such a point that it’s no longer worth reinforcing them with a paid solution.

While it’s sure to generate clicks, many of the answers from tech writers are either convoluted or hedged to the point of not really providing an answer. Let’s explore the question more here.

The state of built-in security

Even our own experts will join third-party voices in admitting that built-in solutions like Windows Defender Security Center (previously Windows Defender) have improved significantly in terms of effective malware protection.

“Windows Defender has come a long way since the days of Windows XP and Windows 7,” says Webroot security analyst Tyler Moffitt. “It’s better than we’ve ever seen. But it’s still not enough.”

PC Magazine lead analyst Neil Rubenking recently said much the same, writing “Windows Defender’s own developers seem to consider it a Plan B, rather than a main solution. If you install a third-party antivirus, Windows Defender goes dormant, so as not to interfere.”

While many built-in antivirus solutions do reasonably well at turning away well-known strains of malware, it’s the new, sophisticated variations that tend to have success outsmarting them.

“Top-tier campaigns like Bitpaymer and Ryuk ransomware, or Trickbot and dridex Trojans—these are all going to get past a lot of built-in antivirus software.”

Evasive scripts are another source of trouble for much built-in security software. This newly common type of attack relies on a user clicking on a link in a “malspam” email, which then downloads a malicious payload. Interfaces like Command Line and PowerShell are often used to launch these attacks. If those terms are unfamiliar, it’s simply important to remember that they are script-based and regularly evade built-in security.

“There is a growing trend that many people feel that they don’t need any security software on their computers and that out-of-the-box security is enough,” says Moffitt. “The reality is that it’s not enough and built-in software has proven time and time again that it will be beaten by malware.”

What you really need from your online security

First off, multi-layered security. Traditional malware isn’t the only type of threat to watch out for nowadays. In addition to the script-based attacks mentioned above, mal-vertising campaigns are frequently launched from legitimate sites using exploits in runtimes like Java, Silverlight and flash. Drive-by downloads and pop-up ads can secretly install crypto miners and malicious programs on a machine without a user knowing it, some miners don’t even need to download, but your browser will be hijacked and max out CPU to mine cryptocurrency. And phishing campaigns are becoming increasingly favored by cybercriminals based on their cost-effectiveness.

“While free solutions offer better security than most built-in solutions, you can’t beat premium solutions that utilize multiple layers of security and are backed by cutting-edge technologies like massive-scale machine learning and contextual analysis engines,” says Moffitt.

What else should you look for in an antivirus solution for the home? Here are a couple features:

Something lightweight—By that, we mean something that doesn’t take up a lot of memory or resources on your machine. Gamers should especially insist on this quality from an antivirus, but it should appeal to a broader market as well. “This is especially useful if you’re using your own devices to work from home during the pandemic and are worried that security solutions would slow your machines down,” says Moffitt.
Customer service—Something you’re unlikely to get from a built-in provider. It’s hard to underestimate the value of a dedicated team standing by to help you troubleshoot if something goes wrong. Especially if tech isn’t your sweet spot, you don’t want to commit to long periods of waiting for a response from a global tech giant, or worse, no support team at all.
A VPN for privacy—This is especially important if working from home is your new normal. “Not only are VPNs a great way to add a layer of protection by filtering out malicious webpages like phishing, but they are also a must if you are handling customer information for work,” says Moffitt. Making sure that critical data is protected at rest and in transit could help shield your company from major data security compliance fines.

It’s no surprise that we advocate not relying on built-in antivirus protection to safeguard your data and devices. But our concerns aren’t unfounded. We’ve simply seen too many fails to protect at the level they promise. Expect more from your online security solutions and strengthen your digital fitness, today.

Poor Password Practices: The Curse of the Cybersecurity Risk Index Score

May 5, 2020 | Home + Mobile

Your password passing habit may not be as be as harmless as you think. And yes, that includes Netflix login info too.

That’s one finding to come out of our newly released study of 2020’s Most (and Least) Cyber-Secure States. In this year’s analysis of the cyber readiness of all 50 U.S. states, and in partnership with Wakefield Research, we created a “Cyber Risk Hygiene Index” based on 10 metrics meant to measure individual and state-level cyber resilience against adverse online events.

Is your state cyber secure? Or is it one of the most hackable? Find out in our fourth annual Cyber Hygiene Risk Index report.

Unfortunately for many Americans, two of those cyber hygiene metrics involved questions about their password habits:

Do you avoid sharing passwords with others?
Do you avoid reusing passwords?

Now, these questions weren’t the only reason no American received a passing grade on our Cyber Risk Hygiene Index, or that no state scored higher than a D, but they didn’t help. In all, the report found that more than one-third (34%) of Americans admit to sharing passwords and login credentials with others. Nearly half (49%) report having more accounts than passwords, meaning passwords are being reused across accounts.

Perhaps even more troubling is the finding that sharing passwords for streaming services—that famously widespread and supposedly benign new-age habit—has a worrying correlation: Americans who share passwords for streaming services (38%) are twice as likely to say they have had their identity stolen than those who do not (18%).

This is alarming because sharing and reusing passwords is especially dangerous during this golden age of phishing attacks. It means that, as soon as a cybercriminal achieves success in one phishing attack, those pinched credentials are likely to work for several other popular sites. A single successful phishing expedition could yield catches on banking sites, credit card applications, online marketplaces, and in a host of other potentially lucrative instances.

Even by sharing passwords with those a smidge less than trustworthy—or just careless—you’re increasing your attack surface area. Now that network of individuals who now have access to your accounts are susceptible to giving your information away if they take the bait in a phishing attack.

“Instead of giving away the keys to the guest room when you share passwords, it’s more like giving away keys to the castle if they are reused across multiple accounts,” says Webroot threat analyst Tyler Moffitt, “you could begiving away the keys to the whole kingdom if that’s the only password you use.”

More password facts from the report

Tech Experts, one of the riskiest categories of users studied in our report, are more likely to share passwords (66%) than the average American (44%). Clearly, we at Webroot are in no position to point fingers.
On brand, 66 percent of so-called “Mile Markers” refrained from sharing passwords, compared to 63 percent for the average American. This group scored the highest on our index and is defined by having progressed through life markers such as earning a degree, owning a home, or having children.
Home-based Very Small Businesses (VSBs) are less likely to work with a dedicated IT team. As a result, they are more likely to use their personal devices for work and share passwords. Of these, 71 percent use the same passwords for home and business accounts, potentially cross contaminating their work and personal lives with the same security gaps.
By generation, Gen Z is most likely to share passwords (56%), followed by Millennials (47%), Gen X (33%), and Boomers (19%).

How to address poor password practices

In terms of a personal password policy, it’s important to set yourself up for success. Yes, it’s true the amount of passwords one is responsible for can be dizzying, 191 per business according to one popular study.

That, and the parameters for creating a sound password seemingly grow more complex by the day. It used to be enough just to have a password. But now, they must be x characters long, contain one number and one special characters and so-on… And did we mention we recommend it be a passphrase, not a traditional password?

You get the gist.

That’s why our single strongest piece of advice to users looking to upgrade their cyber resilience is to use a password manager. This allows you to create long, alphanumeric and otherwise meaningless passwords without the need to keep tabs on them all.

After you’ve created a strong bank of passwords, managed through a password management service, supplement your security by adding two-factor authentication (2FA). Measures like 2FA pair your login credentials—something you know—with something you have, like a biometric feature or a mobile phone. This will ensure lifting your password (a unique one for each account, no doubt) isn’t even enough to crack your account.

“Put simply, an account simply isn’t as secure as it could be without 2FA,” says Moffitt. “And that means your credit card info, home address, or bank accounts aren’t as safe as they could be.”

No more reusing passwords. And, hopefully, no more sharing passwords. But that part’s up to you. You just have to ask yourself, is Netflix access worth having your identity stolen?

Mental Health and Mindful Tech

May 1, 2020 | Home + Mobile

Anyone who has spent late nights scrolling through their social media feed or grinding on video games knows one thing is true: Technology can be a good thing, but only in moderation. Like too much of anything, spending a lot of time on the internet or social media can lead to unhealthy consequences. Since May is mental health awareness month, we thought it would be a good time to remind ourselves of the importance finding a healthy balance when it comes to using technology.

Social distancing on social media

The global coronavirus pandemic continues to test our own personal resilience. While most of us are sheltering at home, we’re also relying more and more on technology for work and staying connected to family and friends via virtual conferencing and social media. But too much social media can be a bad thing, too.

The more scientists study social media use, the more they find negative side effects:

Young people who use social media more than two hours a day tend to rate their mental health as fair or poor compared with less frequent users.
Occasional users of social media are almost 3x less likely to be depressed than heavy users.
People who restrict social media use to a half-hour a day have significantly lower depressive and anxiety symptoms.

If you’re someone who finds periods of abstention reinvigorating, you may want to add a digital detox to go along with New Year’s resolutions and Sober October.

Data loss blues

When you spend a lot of time on a computer, it’s only a matter of time before you lose something important. It could be financial documents, or an album of precious family photos, or maybe a big work presentation. Worse yet, you could have your entire system taken over by ransomware. Stressed yet? You’re not alone. We asked IT pros what they would rather lose than their data and here’s what they had to say:

Things IT pros would rather lose than data:

Internet connection
Cell service
Internal organ
Wedding ring
Robot lawnmower
Bacon

That’s right. Bacon! Kidding aside, losing data can be stressful. And many businesses don’t survive after major data loss. That’s why using strong cybersecurity solutions, like cloud-based antivirus, is so important, as is backing up the important files and folders on your computer. Do it for the sake of your data, or do it for the bacon, but just do it! You’ll thank us.

Technology never sleeps

If you think it’s hard for those just using technology, think of the people who have to work in technology. If you’ve ever thought about a career in tech, you better like the night shift. Technology never sleeps. The best time to perform upgrades or installations is late at night when most users are offline and there’s less traffic on the network. Want to launch a new website? Midnight is probably the best time. But all this late-night system testing and debugging can lead to loss of sleep and, in turn, an unhealthy dose of stress.

And it’s not just tech pros doing tech things late at night. If you’re up late scrolling your feed and posting comments, you may not be sleeping as well as you should. The blue light from phone screens and computers reduce your levels of melatonin, which is the hormone that controls your sleep. And lack of sleep can lead to several harmful side-effects, including:

Anxiety, insomnia, depression, forgetfulness
Impaired thinking and slow reaction time
Increased risk for heart disease, high blood pressure, stroke and diabetes
Sleep apnea, low testosterone and decreased sex drive
Skin lines, dark circles under the eyes, weight gain

So, avoid using tech too close to bedtime if you can. Reduced stimulation works wonders for good sleep habits. The news will still be there in the morning.

There’s an app for that

It’s not all doom and gloom when it comes to technology and mental health. In fact, advancements in health technology are emerging at a rapid rate. One area of progress is apps that help people with mental health issues. The National Institute of Mental Health has identified several promising trends, including:

Apps that provide tools for managing stress, anxiety and sleep problems
Cognitive remediation apps that help people develop thinking and coping skills
Illness management apps that put trained health care providers in touch with patients
Mindfulness, meditation and relaxation apps

Resilience online and offline

It’s a measure of our personal resilience when we’re able to persevere through something as disruptive as coronavirus. Having social media and the internet can help. But we have to be mindful to avoid overdoing it. We also have to be careful to protect the digital devices we’ve come to rely on with appropriate cybersecurity. That’s cyber-resilience. And it can do wonders for your peace of mind and your overall mental health.

2020’s Most (and Least) Cyber-Secure States

Apr 3, 2020 | Home + Mobile

For the past several years, Webroot and its partners have conducted a series of studies aimed at better understanding the attitudes, perspectives, and behaviors related to cyber hygiene in United States. This helps users determine which behaviors put them most at risk and which behavioral changes could help increase their cyber resilience.

Is your state cyber secure? Or is it one of the most hackable? Find out in our fourth annual Cyber Hygiene Risk Index report.

“Cyber hygiene” can be defined as the set of behaviors which enhance (or don’t) an individual or family unit’s resilience against cyber threats including, but by no means limited to, identity theft, phishing attacks, malware infections, and other web-borne threats.

Themes in Consumer Cybersecurity for 2020

Aside from organizing U.S. states into a Cyber Hygiene Risk Index, we were also on the lookout for emergent themes in cybersecurity awareness across the country.

Overconfidence, as we’ve seen before in previous studies, was a big theme. While the majority reported being familiar with malware (78%) and phishing scams (68%), far lower percentages were confident they could define the terms.
Individuals who’ve progressed through life milestones—like completing a degree, buying a home, beginning to keep up with the news, or starting a family—begin to improve their risk index scores. This hard-won experience tends to belong to older demographics, parents, and those with higher levels of education and income compared to more risky peers.
A relationship was uncovered between “tech-savviness” and risk index scores. In other words, the more technologically competent respondents in this study reported being, the more likely they were to exhibit risky behavior online.

Other Key Findings from the 2020 study

Overall, it was heartening to find that most Americans are taking at least baseline precautions for repelling and recovering from cyber-attacks. Eighty-three percent use antivirus software, and 80 percent regularly back up their data, both key indicators of an individual or family’s overall cyber resilience.

The news, however, is far from all positive. In fact, the plain truth is most Americans receive a failing grade when their cyber hygiene is examined in-depth. This is especially true when measuring avoidable risks to online data and identity. Using this metric, the average American scored a 58 percent on our Cyber Hygiene Risk Index, while no state scored higher than a D grade (67%).

Other key findings from the study:

Almost half (49%) of Americans admit to using the same password across multiple sites.
A spread of only 15 points separates the riskiest state in American (New York) from the least risky (Nebraska). No state scored higher than a D on our Cyber Hygiene Risk Index.
Very small businesses (VSBs) are apt to take cybersecurity into their own hands, which often entails sharing passwords and using personal devices for work.
Among those who do receive work devices from their employer, 55 percent use them for personal use.
Almost a fifth (19%) of those who were the victim of a cyber-related attack, made NO changes to their online behavior

It’s not an exaggeration to call the state of cybersecurity understanding in the U.S. abysmal. Risky activities like reusing passwords, not using multiple backups, or not updating software are still rampant in every state. Given that we saw a 640 percent rise in phishing attempts over the past year, we can expect these habits will catch up with more Americans.

The above highlights represent only a small portion of the complete findings of the report. For the completed report, including the complete ranking of all 50 states according to our Cybersecurity Hygiene Risk Index metrics, download the full report.

To invest in internet security on all your devices, click here.