Home + Mobile

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Cybersecurity and Back to (Virtual) School 2020: What You Need to Know

Aug 12, 2020 | Home + Mobile

Even though the 2020 Back to School season may look very different from those in years past, there are a few things that will remain the same. First, since Back to School is often when parents and caregivers stock up on new clothes, tech, and school supplies for students, it’s also when lots of stores (especially online retailers) run huge sales.

Second, there will be the customary spike in cyberattacks. In fact, the attacks on the Education sector are already up. The latest data from Microsoft shows that the Education sector has recently suffered more encounters with malware (over 5,000,000 in the last 30 days) than any other industry!

Since a lot of children and teens will be attending school virtually, either part-time or full-time, they’ll be spending even more time on the internet than they currently do. The more time they spend online, the higher the risk they face.

Here are the top threats to watch out for, as well as tips for how to help keep young learners safe during Back to (Virtual) School.

Phishing

According to Tyler Moffitt, security analyst at Webroot, “phishing isn’t going to go away any time soon. As tactics go, it’s an oldie, but goodie. Times of year when people do more shopping, like Back to School or Christmas, are a big draw for cybercriminals. We always see a spike in phishing during those times. And with more people shopping and streaming online during COVID-19, I’m betting we’ll see even more activity this year than we would normally expect.”

To underscore Tyler’s point, the latest intelligence from the Webroot BrightCloud® Real-Time Anti-Phishing service shows that phishing URLs targeting global streaming services have increased significantly. In March 2020 alone, we saw the following increases in phishing URLs, broken out by service:

Netflix – 525% increase
YouTube – 3,064% increase
Twitch – 337% increase
HBO – 525% increase

Not only should you and your young learner keep an eye out for email scams, but also bear in mind that phishing can happen through a variety of channels. Because many students will end up communicating mostly via online chat, text message (SMS), or social media, it’s important for us all to be extra vigilant about what we click, what we download, and what information we transmit.

Zoom-bombing

The rise in the use of Zoom and other videoconferencing platforms has also paved the way for malicious actors to cause trouble. While it’s named after Zoom, zoom-bombing as a term refers to the act of intruding on a video conference on any platform and creating a disruption, such as spreading hate speech, displaying pornography, and more.

Additionally, Webroot threat researchers have seen videoconference executable files (i.e. the file you run to launch the program) either faked or manipulated so that unwitting victims end up downloading malware.

Fake Websites and Spoofing

Webroot researchers have seen huge jumps in the number of fake websites out there, particularly those with “COVID” and related terms in their domain names. Tyler also warns us to be on our guard for website spoofing, which is when malicious actors create a fake version of a website that looks like the real thing.

“A lot of people will have to access specific websites and online systems for school and related activities,” he says. “Criminals will effectively set traps, so that a mistyped URL or a fake search result could land you on a fake page that looks completely real, only to steal your info or install malware on your system.”

How to Keep Yourself and Your Family Safe

Here are Tyler’s top tips for staying safe online through Back to School and beyond.

Use internet security software.
If you haven’t already, install internet security with antivirus on all your devices, especially those that will be used for schoolwork. Don’t forget about using a VPN to protect kids’ internet activity from prying eyes.
Update videoconferencing software.
Make sure children and teens are always using the most up-to-date versions of Zoom (or any other videoconferencing software) to ensure they have the latest patches to prevent malware distribution and disruptions.
Watch out for phishing in all its forms.
Talk to kids about phishing. Make sure you all know to look before you click. And remember, phishing scams can look just like a text message from a best friend, classmate, or teacher, so always be wary of messages that ask you to click a link or download a file. Use a secondary means of communication, like a phone call, to verify that these are legitimate.
Use your bookmarks.
Bookmark all required distance learning pages. Criminals may try to spoof these for phishing, especially if there is a popular portal that many schools use. Using a bookmark, instead of Googling and clicking a search result, will help ensure that your kids are on the right page.
Just say ‘no’ to macros.
If you or your kids download a document and it asks you to enable macros or enable content, DO NOT DO IT. This is very likely to be a malicious file that will infect your computer.
Use a secure backup.
When we’re all so reliant on our computers and other internet-connected devices to work and study, it’s extra important to make sure they’re backed up. Nobody wants to lose a term paper or other important documents to a malware infection, hardware failure, damage, loss, or theft. Save yourself the hassle and heartache by investing in backup software.

This Back to School season, it’s especially vital that we all do what we can to ensure children and teens have the skills, awareness, and security protocols to stay safe. By following these tips, you can help make sure they stay safe today, tomorrow, and beyond.

Summer fitness: Let’s get digital

Jul 16, 2020 | Home + Mobile

Summer is upon us. For some, summer is all about physical fitness. While exercise is essential to our overall well-being, we shouldn’t forget about our digital fitness, either. Just as our bodies serve our needs and help us go about our daily lives, so too do our computers and digital systems. And they deserve the time and effort it takes to make them as healthy as they can be. With that in mind, we talked with Webroot Security Analyst, Tyler Moffitt about digital fitness – and cyber resilience – for individuals and businesses. Be sure to add the following tips to your summertime fitness goals.

How is cyber resilience analogous to physical fitness?

Cyber resilience is all about having a robust security posture and making sure you take care of your digital presence with your internet-connected devices and accounts. These are all parallels with physical fitness in that it’s a life choice and not something you can just do only once in a while.

What are the things we can do to maintain healthy digital lifestyles?

Take care of devices and accounts, be it work or personal. Use two-factor or multi-factor authentication (2FA/MFA) whenever possible and never re-use passwords across multiple accounts. Using password phrases is one of the best ways to create long and unique passwords. Length is strength. Backing up and encrypting confidential data and using virtual private networks (VPNs) are great best practices as well.

What are the consequences of neglecting to maintain a healthy digital lifestyle for both individuals and businesses?

The risk of being infected with malware or having accounts breached skyrockets. This can then cascade to a whole organization, resulting in its data being held for ransom. Someone may even be held responsible and could perhaps even lose their job. There’s also a risk of criminals committing identity theft against you, which can be very costly.

Exercise is only helpful if it’s done on an ongoing basis. What ongoing practices should people be mindful of to protect themselves digitally?

A few things come to mind:

Use reputable layered security
Embrace user education
Lock down remote connections
Disable what you don’t use
Do inventory and patch management
Have multiple backups
Educate yourself and, if applicable, your workforce

We’re supposed to undergo regular doctor checkups to ensure we’re maintaining a healthy lifestyle. Are there “checkups” people can perform to gauge the status of their digital health?

Education! Specifically, security awareness training. We recommend phishing simulations to test yourself and ensure you can tell the difference between a standard, benign email and a phishing scam. Also, educational courses help you understand the current threat landscape and how criminals try to trick you. Cyberthieves are always adapting their approaches as people become more educated, so it’s important stay informed about the latest tactics.

There’s only so much we can do on our own before we have to seek medical intervention from a doctor. What are the scenarios where people may want to reach out to an IT expert to address a digital health issue?

Whenever you’re unsure of something, ask – just like you would with a doctor. If you’re unsure of something going on with your body, you would ask the doctor for more info. The same holds true for your digital life. If you receive an email that you think might be phishing but are unsure, don’t just click and hope for the best. Immediately ask an IT professional who can advise you. And do the same when handling or storing sensitive information. Make sure the methods you use to transmit and store data are encrypted. For handling business data, find out what your organization’s data retention policy is and make sure you’re complying with it.

Carry it forward

Summer motivates us to get fit more than other times of the year. But just like physical fitness is best when it’s practiced year-round, so is digital fitness. Cyberthieves don’t take breaks at any time of year. And neither should you when it comes to practicing good cyber resilience behaviors.

5 ways to reduce risky habits online

Jul 2, 2020 | Home + Mobile

After surveying more than 10,000 people in 50 states about their cybersecurity habits, we wound up with some pretty surprising results. Like the fact that tech experts demonstrate riskier behaviors than average Americans. But the most significant result of all was the fact that most Americans are more confident than they should be when it comes practicing good cyber hygiene. So, we thought this would be a good opportunity to highlight a few of the riskiest behaviors from the report and suggest ways to correct them and minimize your chances of falling for a cyberattack.

Small business owners beware

The problem – It’s not easy being a home-based business owner. Also known as very small businesses (VSBs), they’re often too busy and stretched thin just running their businesses. They often lack the time and resources to do everything they should to protect their important business files from online threats.

Risky habits – Around 80% of VSB owners use the same device for both work and personal use. In addition, 71% use the same password for their personal and business accounts, putting both their personal life and company at risk.

The fix – Owning separate devices for personal and small business use can be cost-prohibitive. But you can enforce better security by partitioning business files on your hard drive and creating a secure password to access those files. Make sure that password is different from any you’re using for personal use. Again, easier said than done in today’s world of password proliferation. If you’re struggling keeping track of all your passwords, consider using a password management app, especially for business files.

Knowing is half the battle

The problem – There is a gap between awareness and real understanding of cyber-related attacks. Most Americans can confidently explain phone scams but are not as equipped to explain malware or phishing. This indicates that Americans may not be as prepared to confront risks as they think.

Risky habits – Americans who never read the news are 70% less likely to recognize malware, phishing, ransomware or crypto-mining, and 51% less likely to be able to confidently explain these risks. Compare this with 89% of Americans who consistently consume technology news and can confidently explain common cybersecurity risks.

The fix – Not everyone can afford security awareness training, but if you’re a business, consider the cost and consequences of a data breach to your business. Regular security awareness training can significantly increase your ability to identify and prevent a malware or phishing attack. If you’re a consumer or VSB owner, you can easily find free sources of cybersecurity news (like this one!). As the report shows, being a regular reader of tech news can significantly raise your awareness and reduce your risk.

Digital defense and immunity

The problem – One in five Americans say they’ve been impacted by malware in the past year. While 61% of Americans say they’ve not been impacted, 18% aren’t sure. And with only 32% of Americans who feel they understand cyber-related attacks, it’s likely that many more have been impacted and just don’t know it.

Risky habit – Many businesses and users haven’t updated their defenses. They haven’t updated their antivirus protection to include cloud-based threat intelligence, AI and machine-learning (ML). Or they’re failing to install necessary patches to plug holes in applications. And they’re still running obsolete operating systems, like Windows 7 or Server 2008, leaving them highly exposed.

The fix – For today’s advanced threats, you need multiple layers of protection, including advanced antivirus as well as backup. Having just one of these layers is not enough. Perimeter protection with AI/ML functionality is critical for identifying polymorphic code that changes with each device it seeks to infect. Backup is essential for mitigating phishing attacks and disaster scenarios. Cybercriminals can also identify outdated operating systems. So, it’s worth the extra cost to update them, even if the hardware they’re running on is still functioning normally.

Identity theft

The problem – Poor cybersecurity often leads to identity theft. Failing to wipe a device before discarding it is one problem. So is sharing personal information on social media and video streaming sites. The more hackers know about you, the easier it is for them to impersonate you online.

Risky habits – A quarter of Americans have had their identity stolen, including 8% who have been a victim of identity theft more than once. Twice as many people who use mobile banking apps have been victims compared with those who don’t. Across industries, those in technology, banking and automotive are most likely to become victims of identity theft.

The fix – Cover your tracks wherever you go. Erase the contents on a device before discarding it. Beware of the personal information you reveal on social media. And be careful when using banking apps and websites. Use two-factor authentication (2FA) when using the app. If you’re using the bank’s website, go directly to it by typing the URL into your browser, or use a bookmark that you trust and have used before. Be careful when searching or googling the bank’s name, which could return a spoof site in the top results.

Something phishy

The problem – We knew phishing was a problem. In fact, it may be even bigger than our results indicate. A lot of users don’t know how to identify phishing scams. You can’t protect yourself from threats you don’t see coming.

Risky habits – According to the report, 36% of respondents claim to have fallen for a phishing scam. But more enlightening is that only 35% claim to know how to identify a phishing attack. Similar to the lack of understanding about cyber-related attacks in general, the report seems to indicate that phishing is far more prevalent than the data indicate.

The fix – Learn the tricks of the phishing trade, like bogus URLs and emails that ask you to confirm personal and banking information. Remember, bank logos can be easily faked. And banks won’t typically reach out to you for information they already have on file. If someone claiming to be from a bank contacts you by phone, call them back on an authentic customer service number from one of your banking statements.

Where to learn more

Want to read the complete 2020 state-by-state results? You can download a copy here. If you have any questions about improving your cyber security habits, feel free to reach out to us.

Why You Need More than Built-In Antivirus Protection

Jun 23, 2020 | Home + Mobile

Most major tech blogs have run some variation of the following headline in recent months: Is it worth paying for an antivirus solution anymore?

The insinuation, of course, is that built in antivirus solutions for Mac and Windows machines have progressed to such a point that it’s no longer worth reinforcing them with a paid solution.

While it’s sure to generate clicks, many of the answers from tech writers are either convoluted or hedged to the point of not really providing an answer. Let’s explore the question more here.

The state of built-in security

Even our own experts will join third-party voices in admitting that built-in solutions like Windows Defender Security Center (previously Windows Defender) have improved significantly in terms of effective malware protection.

“Windows Defender has come a long way since the days of Windows XP and Windows 7,” says Webroot security analyst Tyler Moffitt. “It’s better than we’ve ever seen. But it’s still not enough.”

PC Magazine lead analyst Neil Rubenking recently said much the same, writing “Windows Defender’s own developers seem to consider it a Plan B, rather than a main solution. If you install a third-party antivirus, Windows Defender goes dormant, so as not to interfere.”

While many built-in antivirus solutions do reasonably well at turning away well-known strains of malware, it’s the new, sophisticated variations that tend to have success outsmarting them.

“Top-tier campaigns like Bitpaymer and Ryuk ransomware, or Trickbot and dridex Trojans—these are all going to get past a lot of built-in antivirus software.”

Evasive scripts are another source of trouble for much built-in security software. This newly common type of attack relies on a user clicking on a link in a “malspam” email, which then downloads a malicious payload. Interfaces like Command Line and PowerShell are often used to launch these attacks. If those terms are unfamiliar, it’s simply important to remember that they are script-based and regularly evade built-in security.

“There is a growing trend that many people feel that they don’t need any security software on their computers and that out-of-the-box security is enough,” says Moffitt. “The reality is that it’s not enough and built-in software has proven time and time again that it will be beaten by malware.”

What you really need from your online security

First off, multi-layered security. Traditional malware isn’t the only type of threat to watch out for nowadays. In addition to the script-based attacks mentioned above, mal-vertising campaigns are frequently launched from legitimate sites using exploits in runtimes like Java, Silverlight and flash. Drive-by downloads and pop-up ads can secretly install crypto miners and malicious programs on a machine without a user knowing it, some miners don’t even need to download, but your browser will be hijacked and max out CPU to mine cryptocurrency. And phishing campaigns are becoming increasingly favored by cybercriminals based on their cost-effectiveness.

“While free solutions offer better security than most built-in solutions, you can’t beat premium solutions that utilize multiple layers of security and are backed by cutting-edge technologies like massive-scale machine learning and contextual analysis engines,” says Moffitt.

What else should you look for in an antivirus solution for the home? Here are a couple features:

Something lightweight—By that, we mean something that doesn’t take up a lot of memory or resources on your machine. Gamers should especially insist on this quality from an antivirus, but it should appeal to a broader market as well. “This is especially useful if you’re using your own devices to work from home during the pandemic and are worried that security solutions would slow your machines down,” says Moffitt.
Customer service—Something you’re unlikely to get from a built-in provider. It’s hard to underestimate the value of a dedicated team standing by to help you troubleshoot if something goes wrong. Especially if tech isn’t your sweet spot, you don’t want to commit to long periods of waiting for a response from a global tech giant, or worse, no support team at all.
A VPN for privacy—This is especially important if working from home is your new normal. “Not only are VPNs a great way to add a layer of protection by filtering out malicious webpages like phishing, but they are also a must if you are handling customer information for work,” says Moffitt. Making sure that critical data is protected at rest and in transit could help shield your company from major data security compliance fines.

It’s no surprise that we advocate not relying on built-in antivirus protection to safeguard your data and devices. But our concerns aren’t unfounded. We’ve simply seen too many fails to protect at the level they promise. Expect more from your online security solutions and strengthen your digital fitness, today.

Poor Password Practices: The Curse of the Cybersecurity Risk Index Score

May 5, 2020 | Home + Mobile

Your password passing habit may not be as be as harmless as you think. And yes, that includes Netflix login info too.

That’s one finding to come out of our newly released study of 2020’s Most (and Least) Cyber-Secure States. In this year’s analysis of the cyber readiness of all 50 U.S. states, and in partnership with Wakefield Research, we created a “Cyber Risk Hygiene Index” based on 10 metrics meant to measure individual and state-level cyber resilience against adverse online events.

Is your state cyber secure? Or is it one of the most hackable? Find out in our fourth annual Cyber Hygiene Risk Index report.

Unfortunately for many Americans, two of those cyber hygiene metrics involved questions about their password habits:

Do you avoid sharing passwords with others?
Do you avoid reusing passwords?

Now, these questions weren’t the only reason no American received a passing grade on our Cyber Risk Hygiene Index, or that no state scored higher than a D, but they didn’t help. In all, the report found that more than one-third (34%) of Americans admit to sharing passwords and login credentials with others. Nearly half (49%) report having more accounts than passwords, meaning passwords are being reused across accounts.

Perhaps even more troubling is the finding that sharing passwords for streaming services—that famously widespread and supposedly benign new-age habit—has a worrying correlation: Americans who share passwords for streaming services (38%) are twice as likely to say they have had their identity stolen than those who do not (18%).

This is alarming because sharing and reusing passwords is especially dangerous during this golden age of phishing attacks. It means that, as soon as a cybercriminal achieves success in one phishing attack, those pinched credentials are likely to work for several other popular sites. A single successful phishing expedition could yield catches on banking sites, credit card applications, online marketplaces, and in a host of other potentially lucrative instances.

Even by sharing passwords with those a smidge less than trustworthy—or just careless—you’re increasing your attack surface area. Now that network of individuals who now have access to your accounts are susceptible to giving your information away if they take the bait in a phishing attack.

“Instead of giving away the keys to the guest room when you share passwords, it’s more like giving away keys to the castle if they are reused across multiple accounts,” says Webroot threat analyst Tyler Moffitt, “you could begiving away the keys to the whole kingdom if that’s the only password you use.”

More password facts from the report

Tech Experts, one of the riskiest categories of users studied in our report, are more likely to share passwords (66%) than the average American (44%). Clearly, we at Webroot are in no position to point fingers.
On brand, 66 percent of so-called “Mile Markers” refrained from sharing passwords, compared to 63 percent for the average American. This group scored the highest on our index and is defined by having progressed through life markers such as earning a degree, owning a home, or having children.
Home-based Very Small Businesses (VSBs) are less likely to work with a dedicated IT team. As a result, they are more likely to use their personal devices for work and share passwords. Of these, 71 percent use the same passwords for home and business accounts, potentially cross contaminating their work and personal lives with the same security gaps.
By generation, Gen Z is most likely to share passwords (56%), followed by Millennials (47%), Gen X (33%), and Boomers (19%).

How to address poor password practices

In terms of a personal password policy, it’s important to set yourself up for success. Yes, it’s true the amount of passwords one is responsible for can be dizzying, 191 per business according to one popular study.

That, and the parameters for creating a sound password seemingly grow more complex by the day. It used to be enough just to have a password. But now, they must be x characters long, contain one number and one special characters and so-on… And did we mention we recommend it be a passphrase, not a traditional password?

You get the gist.

That’s why our single strongest piece of advice to users looking to upgrade their cyber resilience is to use a password manager. This allows you to create long, alphanumeric and otherwise meaningless passwords without the need to keep tabs on them all.

After you’ve created a strong bank of passwords, managed through a password management service, supplement your security by adding two-factor authentication (2FA). Measures like 2FA pair your login credentials—something you know—with something you have, like a biometric feature or a mobile phone. This will ensure lifting your password (a unique one for each account, no doubt) isn’t even enough to crack your account.

“Put simply, an account simply isn’t as secure as it could be without 2FA,” says Moffitt. “And that means your credit card info, home address, or bank accounts aren’t as safe as they could be.”

No more reusing passwords. And, hopefully, no more sharing passwords. But that part’s up to you. You just have to ask yourself, is Netflix access worth having your identity stolen?

Mental Health and Mindful Tech

May 1, 2020 | Home + Mobile

Anyone who has spent late nights scrolling through their social media feed or grinding on video games knows one thing is true: Technology can be a good thing, but only in moderation. Like too much of anything, spending a lot of time on the internet or social media can lead to unhealthy consequences. Since May is mental health awareness month, we thought it would be a good time to remind ourselves of the importance finding a healthy balance when it comes to using technology.

Social distancing on social media

The global coronavirus pandemic continues to test our own personal resilience. While most of us are sheltering at home, we’re also relying more and more on technology for work and staying connected to family and friends via virtual conferencing and social media. But too much social media can be a bad thing, too.

The more scientists study social media use, the more they find negative side effects:

Young people who use social media more than two hours a day tend to rate their mental health as fair or poor compared with less frequent users.
Occasional users of social media are almost 3x less likely to be depressed than heavy users.
People who restrict social media use to a half-hour a day have significantly lower depressive and anxiety symptoms.

If you’re someone who finds periods of abstention reinvigorating, you may want to add a digital detox to go along with New Year’s resolutions and Sober October.

Data loss blues

When you spend a lot of time on a computer, it’s only a matter of time before you lose something important. It could be financial documents, or an album of precious family photos, or maybe a big work presentation. Worse yet, you could have your entire system taken over by ransomware. Stressed yet? You’re not alone. We asked IT pros what they would rather lose than their data and here’s what they had to say:

Things IT pros would rather lose than data:

Internet connection
Cell service
Internal organ
Wedding ring
Robot lawnmower
Bacon

That’s right. Bacon! Kidding aside, losing data can be stressful. And many businesses don’t survive after major data loss. That’s why using strong cybersecurity solutions, like cloud-based antivirus, is so important, as is backing up the important files and folders on your computer. Do it for the sake of your data, or do it for the bacon, but just do it! You’ll thank us.

Technology never sleeps

If you think it’s hard for those just using technology, think of the people who have to work in technology. If you’ve ever thought about a career in tech, you better like the night shift. Technology never sleeps. The best time to perform upgrades or installations is late at night when most users are offline and there’s less traffic on the network. Want to launch a new website? Midnight is probably the best time. But all this late-night system testing and debugging can lead to loss of sleep and, in turn, an unhealthy dose of stress.

And it’s not just tech pros doing tech things late at night. If you’re up late scrolling your feed and posting comments, you may not be sleeping as well as you should. The blue light from phone screens and computers reduce your levels of melatonin, which is the hormone that controls your sleep. And lack of sleep can lead to several harmful side-effects, including:

Anxiety, insomnia, depression, forgetfulness
Impaired thinking and slow reaction time
Increased risk for heart disease, high blood pressure, stroke and diabetes
Sleep apnea, low testosterone and decreased sex drive
Skin lines, dark circles under the eyes, weight gain

So, avoid using tech too close to bedtime if you can. Reduced stimulation works wonders for good sleep habits. The news will still be there in the morning.

There’s an app for that

It’s not all doom and gloom when it comes to technology and mental health. In fact, advancements in health technology are emerging at a rapid rate. One area of progress is apps that help people with mental health issues. The National Institute of Mental Health has identified several promising trends, including:

Apps that provide tools for managing stress, anxiety and sleep problems
Cognitive remediation apps that help people develop thinking and coping skills
Illness management apps that put trained health care providers in touch with patients
Mindfulness, meditation and relaxation apps

Resilience online and offline

It’s a measure of our personal resilience when we’re able to persevere through something as disruptive as coronavirus. Having social media and the internet can help. But we have to be mindful to avoid overdoing it. We also have to be careful to protect the digital devices we’ve come to rely on with appropriate cybersecurity. That’s cyber-resilience. And it can do wonders for your peace of mind and your overall mental health.

2020’s Most (and Least) Cyber-Secure States

Apr 3, 2020 | Home + Mobile

For the past several years, Webroot and its partners have conducted a series of studies aimed at better understanding the attitudes, perspectives, and behaviors related to cyber hygiene in United States. This helps users determine which behaviors put them most at risk and which behavioral changes could help increase their cyber resilience.

Is your state cyber secure? Or is it one of the most hackable? Find out in our fourth annual Cyber Hygiene Risk Index report.

“Cyber hygiene” can be defined as the set of behaviors which enhance (or don’t) an individual or family unit’s resilience against cyber threats including, but by no means limited to, identity theft, phishing attacks, malware infections, and other web-borne threats.

Themes in Consumer Cybersecurity for 2020

Aside from organizing U.S. states into a Cyber Hygiene Risk Index, we were also on the lookout for emergent themes in cybersecurity awareness across the country.

Overconfidence, as we’ve seen before in previous studies, was a big theme. While the majority reported being familiar with malware (78%) and phishing scams (68%), far lower percentages were confident they could define the terms.
Individuals who’ve progressed through life milestones—like completing a degree, buying a home, beginning to keep up with the news, or starting a family—begin to improve their risk index scores. This hard-won experience tends to belong to older demographics, parents, and those with higher levels of education and income compared to more risky peers.
A relationship was uncovered between “tech-savviness” and risk index scores. In other words, the more technologically competent respondents in this study reported being, the more likely they were to exhibit risky behavior online.

Other Key Findings from the 2020 study

Overall, it was heartening to find that most Americans are taking at least baseline precautions for repelling and recovering from cyber-attacks. Eighty-three percent use antivirus software, and 80 percent regularly back up their data, both key indicators of an individual or family’s overall cyber resilience.

The news, however, is far from all positive. In fact, the plain truth is most Americans receive a failing grade when their cyber hygiene is examined in-depth. This is especially true when measuring avoidable risks to online data and identity. Using this metric, the average American scored a 58 percent on our Cyber Hygiene Risk Index, while no state scored higher than a D grade (67%).

Other key findings from the study:

Almost half (49%) of Americans admit to using the same password across multiple sites.
A spread of only 15 points separates the riskiest state in American (New York) from the least risky (Nebraska). No state scored higher than a D on our Cyber Hygiene Risk Index.
Very small businesses (VSBs) are apt to take cybersecurity into their own hands, which often entails sharing passwords and using personal devices for work.
Among those who do receive work devices from their employer, 55 percent use them for personal use.
Almost a fifth (19%) of those who were the victim of a cyber-related attack, made NO changes to their online behavior

It’s not an exaggeration to call the state of cybersecurity understanding in the U.S. abysmal. Risky activities like reusing passwords, not using multiple backups, or not updating software are still rampant in every state. Given that we saw a 640 percent rise in phishing attempts over the past year, we can expect these habits will catch up with more Americans.

The above highlights represent only a small portion of the complete findings of the report. For the completed report, including the complete ranking of all 50 states according to our Cybersecurity Hygiene Risk Index metrics, download the full report.

To invest in internet security on all your devices, click here.

Lost or Stolen Device? Here’s What to do Next

Apr 1, 2020 | Home + Mobile

It’s a nightmare, it’s inconvenient, and it’s inevitable. Losing or having your smart device stolen poses a significant, looming privacy risk— we just don’t like to think about it. However, this is an instance where hiding your head in the sand will only make you more susceptible to attack.

The personal data living on your family’s network of devices is valuable and often-times all too vulnerable. Having a worst-case-scenario plan in case of device loss or theft could save you time, money, and heartache.

So, we’ve put together a list of best practices in case the worst does happen, you’ll be prepared to prevent an identity theft disaster.

General Best Practices

Preparing yourself and your devices before they are stolen is the fastest way to avert potential breaches. Consider:

Keeping a “Find My” app turned on for all devices. This is the best way to locate and remote wipe devices.

Making sure your devices are secured behind individualized pin codes, fingerprints, or Face ID. This will slow down thieves trying to access your device.

Use strong, individualized passwords on all accounts, including email and banking apps. Don’t have the time? Use a trusted password manager to automate password creation. This will help limit the scope of any breach.

When a device is stolen, act quickly. The faster you respond, the more effective the following steps are likely to be. If the thief turns the device off, or removes the battery, you’ll be unable to remotely wipe the device.

Learn how to get automatic protection over any network, even unsecured WiFi.

Android Devices

Here is what Android users should do in case of device theft.

First, locate your device. Go to android.com/find and sign into your Google Account.

If you have more than one device, choose the one you’re looking for from the list at the top of the screen. The lost/stolen device will receive a notification, so you should act quickly.

On the map on your screen, you’ll be shown information about the phone’s location. Remember this is approximate and might not be neither precise nor accurate. If your phone can’t be found, you’ll see its last known location (if available).

Now, if you’re certain your device has been stolen, you can click “Enable lock & erase” to erase your device. But be careful. After you erase your device, Find My Device will no longer work, so make sure you are certain.

If you believe your phone is just lost, and not stolen, you have a few options. “Lock” will lock your phone with your PIN, pattern, or password. If you don’t have a lock in place, you can set one. To help someone return your phone to you, you can also add a message or phone number to the lock screen.

An important note: If you happen to find your phone after you have erased it, you’ll likely need your Google Account password to use it again.

iOS Devices

Here is what iOS users should do in case of device theft.

Sign into icloud.com/find or use the Find My app on another Apple device.

Next, you’ll need to locate your device. Select the one you’re searching for to view its location on a map.

You’ll be presented with a few options here. “Mark As Lost” will remotely lock your device, allow you to display a custom message with your contact information on the missing device’s lock screen, and track the device’s location. If you have added Apple Pay payment options, the ability to make payments using Apple Pay on that device will be suspended for as long as the device is in Lost Mode.

If you’re certain your device has been stolen, select “Erase your device.” When you erase your device remotely, all of your information is deleted, and you will no longer be able to locate it with the Find My app or Find iPhone on iCloud.com. Make sure your phone is not recoverable before taking this step.

Device Theft Wrap-Up

After you have protected your most sensitive information with the steps above, take just a few more steps to fully wrap the crisis up.

Report your lost or stolen device to local law enforcement. Law enforcement might request the serial number of your device. This can often be found on the original packaging.

Report your stolen device to your wireless carrier. They will disable your account to prevent calls, texts, and data use by the thief. If you have insurance through your carrier, this is the time to begin filing a claim as well.

Reset all of your passwords, including your Google Account and Apple ID. After a device is stolen, you can never be certain of how far the breach has penetrated. The good news is, if you are using a secure password manager, this should be pretty quick!

Any accounts that had 2FA access, when you first set up the account would have had you save the private key or one time code. This key will allow you back into your accounts without needing the device and will allow you to remove the account from the device.

Alert your banking providers to the potential breach and monitor your bank accounts and credit cards for suspicious activity. If you see any, get ahead of the issue and cancel and replace all of your bank cards. This will prevent the financial breach from affecting multiple accounts.

A stolen device is a headache, but it doesn’t have to be a disaster. If you have a plan in place for a worst-case scenario, you’ll be able to act quickly and confidently. Do you have device theft tips that we missed here? Let us know on the Webroot Community.

5 Security Tips for Setting Up a New Device

Mar 11, 2020 | Home + Mobile

The last thing you want to do when you get a new computer, mobile device, or tablet is spend a lot of time setting it up. But like any major appliance, these devices are something you want to invest a little time setting up properly. Often, they’re not cheap. And you want them to last. So, before you jump online and start shopping, gaming, or browsing, take some time to ensure your device is ready for anything the internet can and will throw at it.

There’s a caveat, though, of which Webroot security analysts are quick to remind users. “Even if you’ve taken every precaution when it comes to configuring your new device,” says Webroot Threat Research Analyst Connor Madsen, “it’s important to remember that proper online etiquette is essential to your security.”

“Clicking on links that don’t seem quite right, opening attachments from unknown senders, or otherwise ignoring your best security instincts is a good way to undermine any effective online security protection.”
Connor Madsen, Threat Research Analyst

For best results, in addition to the warning issued above, here are five tips for making sure your device, and the important files stored within it, are safe from common risks.

#1 – Update software

The first thing you’ll want to do is make sure the operating system on all your devices is up to date. One of the most common methods hackers use to launch attacks is exploiting out-of-date software. Failing to install periodic patches and software updates leaves your new device vulnerable to the numerous threats lurking on the web. Depending on how old and out-of-date your device is, it may take a while for applications to update. However long it takes, it’s preferable to the hassle and expense of having to undo an infection after it’s bypassed your security perimeter.

#2 – Enable firewall

Speaking of your security perimeter, the first line of defense along that perimeter is your firewall or router, if you’re using one. A router works as a firewall for the devices connected to it. But, if you’re not using a router, make sure your firewall is enabled to protect you from malicious traffic entering your network. This is different from an antivirus, which protects you from malicious files.

#3 – Install antivirus

Malicious files can be disguised as attachments in an email or links on the web, even the apps you download. So, it’s important to have an antivirus solution to protect your new computer. Malware attacks like ransomware make constant news these days. And everyone’s a target, from individual users to local businesses, hospitals, or municipalities. The cybercriminals launching these attacks are constantly changing, evolving threats to be more sophisticated and harder to detect. That’s why it’s important to keep your antivirus as up-to-date as your operating system and other applications.

#4 – Back up

Once you have your operating system and applications updated, your firewall enabled and an effective anti-virus application, you can begin using your computer safely. But there’s one more thing you need to consider if you’re going to be creating and storing important documents and work material on your new machine. Any new files on your computer will need to be backed up. That’s when you make a copy of the contents on your machine and store it in a safe place just in case you lose the original or it becomes infected by a virus. Since no single security solution can be 100 percent effective, it’s best to have a backup copy of important files. The thing is, you don’t want to have to decide what’s worth backing up and what’s not. That’s far too labor-intensive and it introduces the possibility of human error. Your best bet is to use a solution that’s designed for this purpose. A true backup solution protects files automatically so you don’t have to remember what you copied and what you didn’t. It also greatly simplifies file recovery, since it’s designed for this purpose.

#5 – Wipe your old device

Just because you have a shiny new toy doesn’t mean you can forget about your old machine. Before you relegate it to the scrap heap, make sure there’s nothing important or confidential on it you wouldn’t want someone to have access to. You could have old passwords saved, tax records, or sensitive work documents that you wouldn’t want shared. The best way to do this is to wipe the contents of your old device and reinstall the operating system from its original state.

Seem overwhelming? If so, it’s best to remember that one of your strongest cybersecurity tools is common sense. While things like an antivirus and backup strategy are essential for maintaining good cyber hygiene, remember Madsen’s advice.

“If it seems like an offer that’s too good to be true, or something about a link or file just doesn’t seem right, don’t click or download it. Trust your instincts.”

Cybersecurity Tips for Online Holiday Shopping

Dec 13, 2019 | Home + Mobile

The holiday shopping season is prime time for digital purchases and cybercriminals are cashing in on the merriment. With online shopping officially becoming more popular than traditional in-store visits this year, all signs point to an increase in cyberattacks. It’s more important than ever to be mindful of potential dangers so you can avoid getting Scrooged when buying online. Follow these top tips for secure online shopping.

Want to give the gift of cybersecurity? Internet Security Complete includes Identity Shield, designed to protect your browsing, shopping, banking, and social media.

Only use credit cards. If your debit card gets compromised, it has the potential to cascade in catastrophic ways; automatic bill payments may bounce or overdraft protections may drain secondary accounts. Some banks also have strict rules about when you need to notify them of suspected fraud, or else you could be liable for the costs.

On the other hand, the Fair Credit Billing Act provides some protections for consumers from unauthorized charges on credit cards. Additionally, it’s much easier to have your credit card replaced with new, uncompromised numbers and details than it is with bank account info.

Be cautious of deal and discount emails. During the holidays, there’s always a spike in physical and electronic mailers about special deals. At this point, we’re all used to that. We might even wait to buy something we want, knowing that it’ll probably go on sale during holiday clearance. Unfortunately, criminals use this expectation against us by sending cleverly crafted phishing emails to trick us into compromising our data.

Always be cautious about emails from unknown senders or even trusted third-party vendors, especially around the holidays. Always navigate to the deal website separately from the email — don’t just click the link. If the deal link can only be accessed through the email, it’s best to pass up on those supposed savings. It is also prime time for emails offering “free giftcards” avoid those like the plague.

Never make purchases without HTTPS. Check the URL—if it doesn’t start with HTTPS, it doesn’t have SSL encryption. SSL (secure sockets layer) encryption is a security standard for sharing information between web servers and a browser. Without it, your private information, including your credit card number, can be more easily intercepted by cybercriminals.

Keep in mind: HTTPS only ensures that the data you send will be encrypted on the way, not that the destination is legit. Cybercriminals have started to use HTTPS to trick website users into a false sense of security. That means, while you should never send private or financial data through a site that doesn’t have HTTPS, you shouldn’t rely on the presence of HTTPS alone to guarantee the security of the page.

Don’t make purchases on devices you don’t personally own. If you’re using a borrowed or shared device, such as a computer at a library or a friend’s phone, don’t make any purchases. Even if it’s a seemingly safe device that belongs to a person you know and trust, you have no way of knowing how secure it really is. It’s pretty unlikely that you’ll encounter a lightning deal that’s worth the hassle of financial fraud or identity theft. So just wait on that purchase until you can make it on your own device.

Never use unsecured public WiFi for online purchases. Many public WiFi networks, like the ones at your local café, the gym, a hotel, etc., are completely unsecured and unencrypted. That means anyone with the know-how can easily track all of your online activities while you’re using that network, including any login or banking information. Even worse, hackers are capable of dropping viral payloads onto your device through public networks, which can then spread to your other devices at home.

Always use a VPN when you’re on public WiFi, if you have to use it at all. Otherwise, we suggest using a private mobile hotspot from your phone instead. (See our section on VPNs below.)

Use a password manager to create strong passwords. You can often stop a security breach from spreading out past the initial impact point just by using a trusted password manager, such as LastPass, which will help you create strong passwords. A password manager will create and store them for you, conveniently and securely, so you don’t have to remember them or write them down somewhere. Taking this step will help protect you from potential third-party breaches as well, like the one Amazon announced just before Black Friday in 2018.

Encrypt your traffic with a virtual private network (VPN). A VPN allows you browse privately and securely by shielding your data and location in a tunnel of encryption. So even if you are unwittingly using a compromised network, such as the unsecured public WiFi at your favorite morning coffee stop, your VPN will prevent your private data from being scooped up by cybercriminals. But be sure you’re using a trusted VPN—many free options secretly collect and sell your data to turn a profit.

Install antivirus software and keep it up to date. A VPN will protect your data from being tracked and stolen, but it can’t protect you if you click on a malicious link or download a virus. Make sure your antivirus software is from a reliable provider and that it’s not only installed, but up to date. Most antivirus products today will even update themselves automatically (as long as you don’t turn that feature off), so make sure you have such settings enabled. It may make all the difference when it comes to preventing a security breach.

Keep a close eye your bank and credit accounts for suspicious activity. The fact of the matter is that the holiday season causes a peak in malicious online activity. Be proactive and check all of your financial records regularly for suspicious charges. The faster you can alert your bank or credit provider to these transactions, the faster you can get a replacement card and be back on your merry way.

Don’t fall victim to cybercrime this holiday season. Be mindful of all the links you click and online purchases you make, and be sure to protect your devices (and your data and identity) with a VPN and strong antivirus software!

What You Need to Know about Cyberbullying

Dec 3, 2019 | Home + Mobile

Have you noticed a decrease in your child’s happiness or an increase in their anxiety? Cyberbullying might be the cause to these behavioral changes.

Bullying is no longer confined to school playgrounds and neighborhood alleys. It has long moved into the online world, thanks to the easy access to technology. Between Twitter, SnapChat, TikTok, Instagram, WhatsApp, or even standard SMS texts, emails and instant messages, cyberbullies have an overwhelming number of technical avenues to exploit.

While cyberbullying can happen to anyone, studies have shown that teens are usually more susceptible to it. The percentage of individuals – middle and high school students from across the U.S. — who have experienced cyberbullying at some point, has more than doubled (19% to 37%) from 2007 to 2019, according to data from the Cyberbullying Research Center.

Before you teach your kids how to respond to cyberbullying, it is important to know what it entails.

Check out our Cybersecurity Education Resources

What is Cyberbullying?

Cyberbullying is bullying that takes place over digital devices like cell phones, tablets, or computers. Even smaller devices like smartwatches and iPods can facilitate cyberbullying. Today, social media platforms act like a breeding ground for cyberbullying.

Cyberbullying usually begins with teasing that turns to harassment. From there it can evolve in many ways, such as impersonation and catfishing, doxxing, or even blackmail through the use of compromising photos.

Catfishing is the process of creating a fake identity online and using it to lure people into a relationship. Teens often engage in impersonation online to humiliate their targets and it is a form of cyberbullying.

Doxxing is used as a method of attack that includes searching, collecting and publishing personal or identifying information about someone on the internet.

Identifying the Warning Signs

When it comes to cyberbullying, just like traditional bullying, there are warning signs for parents to watch for in their child. Although the warning signs may vary, Nemours Children’s Health System has identified the most common ones as:

being upset or emotional during or after internet or phone time
being overly protective of their digital life and mobile devices
withdrawal from family members, friends, and activities
missing or avoiding school
a dip in school performance
changes in mood, behavior, sleep, or appetite
suddenly avoiding the computer or cellphone
being nervous or jumpy when getting an instant message, text, or email
avoiding conversations about their cell phone activities

Remember, there are free software and apps available to help you restrict content, block domains, or even monitor your child’s online activity.

While having a child who is being cyberbullied is every parent’s nightmare, it’s equally important to understand if your child is cyberbullying others.

Do you believe your child is a cyberbully? That difficult and delicate situation needs its own blog post—but don’t worry, we have you covered.

You’ll also find many cyberbullying prevention and resolution resources on both federal and local levels, as well as support from parents going through similar issues on our community forum.

Preparing your kids for a world where cyberbullying is a reality isn’t easy, but it is necessary. By creating a safe space for your child to talk to you about cyberbullying, you’re setting the foundation to squash this problem quickly if it arises.

5 Tips for Feeling Your Best in Your Home Office

Nov 20, 2019 | Home + Mobile

With major advancements in communication technology, many of us are fortunate to be able to work from home. Working from home can be a huge productivity boost—saving you gas and time by not commuting, plus you get to work more on your own terms. If you’re able to work from home here are five tips to make sure you stay productive and feeling good in your home office.

Evaluating cybersecurity for your home or business? See how 1,600+ IT pros rank all the top competitors against key performance metrics.

Get Comfortable

Not so comfortable that you fall asleep, but we all know how miserable an uncomfortable office chair can be. By working at home, you have the opportunity to completely build your own environment. That means finding the right furniture for you.

If you’re looking for a high-quality office chair, an underrated place to look is gaming chairs, which were built for long hours of sitting. However, a high-quality chair from your local furniture store would likely also do the trick.

Or, maybe instead of sitting all day, you prefer to stand. Luckily, there is an abundance of standing desks available for your choosing, many of which are easily adjustable so you can alternate between sitting and standing.

In addition to ergonomics, you also want to think about how to decorate your home office. For example, having plants in your office can actually help reduce stress and improve productivity. If you can, try to choose a room that has lots of natural lighting, which can help you stay healthy, concentrated, and even sleep better at night.

However you want to set up your home office, it’s important that you do what’s most comfortable for you.

Limit Distractions…But Not Too Much

If you’re going to be working from home, you may have to deal with more distractions than you would in the office, especially if you have pets or family moving around the house. Because of this, it’s important you try to limit distractions, not letting your eyes wander to the television or Facebook. After all, you may be the only one keeping yourself accountable.

If you have people in the home who could be distracting, make sure you choose an office space that has a door, possibly in a more remote part of the home, rather than working in common spaces. It’s a good idea to also ask your friends and family members to respect your work hours.

At the same time, you will need breaks from time to time, so don’t be afraid to keep distractions at hand, but out of sight. If you know that you struggle with concentration without someone looking over your shoulder, there are a number of apps you could try that help promote focus and productivity.

Secure Your Devices

Now that you are in charge of your own office, you may also be in charge of making sure that it is secure. Namely, you want to make sure you have proper cybersecurity measures in place. This will help you keep peace of mind while you’re working, but also ensure you’re not derailed by cybercriminals or unexpected computer failures.

First and foremost, you want to make sure your devices and data are protected with a consumer antivirus (AV) or endpoint protection. If your company consists only of you or you are working remotely from your personal computer, a consumer AV may be right for you. However, if your company has a few employees and you need to manage multiple endpoints, a business endpoint solution is a better option.

Regardless of which solution is right for you, it’s important to remember that all security products are not created equal. The top antivirus and endpoint protection products are cloud-based, have a small digital footprint—meaning they won’t slow down your computer—are actively protecting against known and never-before-seen threats, and are able to reverse any damage that occurs if your device is compromised.

Another measure you should consider is backing up your data. While this can be done using a physical external hard drive, they can also be compromised when plugged in. The best option is using a cloud-based backup and recovery service.

Ransomware attacks alone increased over 350 percent in 2017 and have since become more sophisticated, targeting larger victims including government organizations. Given that, protecting your devices and your data is no longer a luxury. It’s a necessity.

Declutter Often

We all know how cluttered a desk can get. Depending on your job, you may have papers strewn about, multiple desktops, or a pile of sticky notes in shorthand you can no longer quite decipher. But a cluttered environment can lead to a cluttered mind.

In fact, Lynne Gilberg, a professional organizer in Los Angeles, CA told WebMD, “Clutter is bad for your physical and mental health…A lot of people express that they are overwhelmed. They become nonfunctional and nonproductive.” It’s important to keep your area organized and tidy to be more productive and creative in the long run.

Plus, remember that this is still your home, and you may not want your family or guests to consider your office an eyesore. If you’re ever overwhelmed by chaos in your home office, here are some tips for helping clean up your work area.

Separate Personal and Professional

When working from home, it’s easy to blur the lines between your personal and professional lives. However, it is important that you resist this tendency to blend the two. Thinking too much about work at the dinner table can disconnect you from family and friends. And managing day-to-day family tasks while on the clock can hurt productivity.

You may want to establish strict working hours to help keep your two home lives separate. Let’s say from 8-5 you concentrate on work and then, after five p.m., you concentrate on your family, friends, and anything else that may need to get done around the home.

Looking to build a more complete, detailed schedule? The New York Times highlighted some tips for building a work-from-home schedule that will help you stay on task and stay productive.

Some Final Tips for Your Home Office

Consider getting exercise equipment for short breaks. Things like resistance bands, small weights, or even a treadmill can help keep your blood flowing on a long work day.
Stock up on supplies. You’ll still need pens, paper, and other work supplies in your home office. Make sure you are always stocked.
Dress for work. Just because you have the option to work in your underwear, doesn’t mean you should.

To learn more about how criminals are targeting the healthcare industry, as well as what needs to be done about it, check out the second installment of this blog: Healthcare Cyber Threats That Should Keep You up at Night.