Reading Time: ~ 1 min.

Simplified Two-factor Authentication for Webroot

Webroot has evolved its secure login offering from a secondary security code to a full two-factor authentication (2FA) solution for both business and home users. Webroot’s 2FA has expanded in two areas. We have: Implemented a time-based, one-time password (TOTP)...

Shoring Up Your Network and Security Policies: Least Privilege Models

Why do so many businesses allow unfettered access to their networks? You’d be shocked by how often it happens. The truth is: your employees don’t need unrestricted access to all parts of our business. This is why the Principle of Least Privilege (POLP) is one of the...

Online Gaming Risks and Kids: What to Know and How to Protect Them

Online games aren’t new. Consumers have been playing them since as early as 1960. However, the market is evolving—games that used to require the computing power of dedicated desktops can now be powered by smartphones, and online gaming participation has skyrocketed....

Thoughtful Design in the Age of Cybersecurity AI

AI and machine learning offer tremendous promise for humanity in terms of helping us make sense of Big Data. But, while the processing power of these tools is integral for understanding trends and predicting threats, it’s not sufficient on its own. Thoughtful design...

A Cybersecurity Guide for Digital Nomads

Technology has unlocked a new type of worker, unlike any we have seen before—the digital nomad. Digital nomads are people who use technologies like WiFi, smart devices, and cloud-based applications to work from wherever they please. For some digital nomads, this means...

Securing Your Business First: Learn How ADR Can Help

Reading Time: ~ 3 min.

Entrepreneur Jim Rohn once said, “Time is more valuable than money. You can get more money, but you cannot get more time.” I think anyone involved in running a business can relate to this statement, but it carries a particularly deep meaning to those of us who deal with cybersecurity.

When it comes to cyberattacks, even the most minor malware infection can create costly delays and downtime, and the damages from data loss or business disruption can be financially devastating. Dealing with the consequences of denial-of-service attacks, ransomware, and data breaches shouldn’t be an accepted part of your agenda. 

You need to protect your business first. That means having a strong lineup of cyber-defense tools that don’t just mitigate threats, but actually put time back in your day. The key to success is to stop threats before they stop you. One of the most important pieces of that puzzle is the tools you use, particularly to achieve automation.

Learn more about protecting your business first with ADR and other cyber-defense best practices by checking out our Lockdown Lessons podcast series.

What are EDR, MDR, and ADR, and what’s the difference?

I am the first to admit that the cybersecurity world throws around far too many acronyms, and the definitions are not abundantly clear. (I’m definitely guilty of this, myself.) So let’s break down some of the endpoint-related jargon you may have heard lately.

Endpoint Detection and Response (EDR)

Endpoint detection and response (EDR) technology gathers large volumes of data from endpoints and provides security analysts with large amounts of information to help detect and mitigate cyber threats. These solutions significantly improve endpoint visibility, threat remediation, and can even assist with threat hunting. But to take full advantage, a staff of trained security analysts are necessary––and with today’s skills gap, this model does not make sense for the majority of SMBs and MSPs.

Today, EDR is beginning to morph into “enterprise detection and response.” The endpoint telemetry data it produces forms part of a more holistic approach to network security. 

Managed Detection and Response (MDR)

In recent months, cloud-based security service providers have been leveraging EDR data and compensating for the cybersecurity skills gap through managed detection and response (MDR). 

Working around the clock, MDR acts as a security analyst by providing automated threat detection, response, and remediation. It protects the entire network––not just endpoints––and provides the time, commitment, and cybersecurity skills necessary to fully detect, mitigate and resolve issues. The unfortunate truth here is that, for many smaller businesses, MDR is just too expensive. They may need to explore different partnership models or leverage managed services from their vendors.

Automated Detection and Response (ADR)

For businesses and managed service providers without dedicated cybersecurity resources and an ample budget, automated detection and response (ADR) may be the perfect answer. When other solutions become overwhelmed by the vast quantity of incoming malware, ADR leverages AI and machine learning to not only stop threats, but also to proactively predict and prevent them. As a result, this type of solution can actually put time back in your day.

As the cybersecurity landscape evolves and the skills gap continues to grow, MSPs and SMBs must onboard solutions that automate their defenses and offer the missing cybersecurity intelligence that only ADR provides.

ADR: the Next-Gen Evolution of Cybersecurity

As you are probably aware, modern attacks continue to increase in complexity, become more targeted, and are often automated at scale. They can also move unpredictably and laterally, as we have seen with Island Hopping (i.e. the act of compromising one company by infiltrating its affiliates, partner network, and/or supply chain.)

I know that many of you experience challenges that can make your business or clients vulnerable to attack, including:

  • Broad attack surfaces
  • Limited security expertise
  • Lax or inadequate access controls
  • Data loss, email spam, and phishing vulnerabilities
  • Insufficient understanding of compliance

The best way to combat these types of vulnerabilities is to leverage the power in prediction to stop attacks before they happen, and to quickly and automatically remediate threats that do get through. This is where ADR provides a new way to think about cybersecurity.

Currently, your cybersecurity or IT team needs to manage multiple tasks across multiple systems, which requires in-depth knowledge of computer systems and cybersecurity threats. Consequently, response time is often slow. With ADR, tasks are automated, and threats are investigated, validated, and remediated in the background––greatly boosting your operational efficiency and effectiveness.

As the threat environment continues to evolve, you will need to keep pace and ADR changes the security equation by improving the accuracy of detection and speed of response, saving you a lot of time and hassle—not to mention money.

Cyber News Rundown: Cryptomining WAV Files

Reading Time: ~ 2 min.

Cryptominers Found in Audio Files

Researchers have recently found that both cryptominers and backdoors are being deployed within WAV audio files on targeted systems. Using steganography, attackers can include components for both loading and executing malicious scripts, while still allowing some audio files to play normally. Along with the malicious software, Monero cryptominers were launched simultaneously to begin generating cryptocurrency.

Vermont School District Monitoring Students Online Activity

A Vermont school district recently hired the cyber-monitoring software company Social Sentinel track the social media and email accounts of enrolled students. The purported purpose of the software is to stop problems such as bullying and self-harm among students by scanning for specific keywords, while supposedly respecting the privacy of the district’s thousands of students. Unfortunately, most of the posted alerts are currently being triggered by searches for a locally-made beer.

Darknet Child Porn Distribution Site Shutdown

Officials in the U.S. and South Korea collaborated to shut down a darknet site thought to be the largest distribution site of child porn. More than 300 individuals were arrested in connection with the site. By monitoring new Bitcoin addresses created when users made an account, the officials were able to find not only hundreds of users, but also the site’s administrator, who has since been charged in South Korea. Most alarmingly, amongst the 250,000 videos found on the server, nearly half were previously unknown to law enforcement. 

Fake Account Reporting Leads to Facebook Lockout

Many Facebook users have been locked out of their accounts after reporting fake or spam accounts, some for nearly a week. Following the lockout, users were shown a bugged verification screen that left users even further from regaining access. Luckily, Facebook responded to the many requests to reinstate user accounts, resolved the issue, and fixed the authentication process.

Payment Card Marketplace Re-leaks Stolen Cards

One of the largest online marketplaces for stolen payment card info has been breached, leading to nearly 26 million payment cards stolen in prior breaches being reintroduced to hackers. By accessing the binary data stored in the magnetic strips, hackers were able to create fake cards and make fraudulent purchases. At least 8 million unique cards had been uploaded to the marketplace since the start of 2019.

Cookies, Pixels, and Other Ways Advertisers are Tracking You Online

Reading Time: ~ 3 min.

In May of 2018, the General Data Protection Regulation (GDPR) came into effect in the EU. Seemingly overnight, websites everywhere started throwing pop-ups to inform us about their use of cookies and our privacy rights. While the presence of the pop-ups may be reassuring to some (and annoying to others), the real issue is that very few of these pop-ups give any explanation as to how the cookies are used or whether they inform marketing decisions. So, before you click “accept” on that next privacy policy notification, read our primer on all things related to cookies, pixels, and web traffic trackers.

Check out the Webroot Community for more tips on how you can manage these cookies.

What is a Cookie?

Cookies (aka. HTTP cookies, session cookies, browser cookies, web cookies, or tracking cookies) are used by almost all websites to keep track of site users’ sessions. While you might not like the idea that a website is tracking you, cookies actually provide a very convenient function. Without them, websites you regularly visit wouldn’t be able to remember you or what content they should serve you. For example, if you added items to an online shopping cart and then navigated away without purchasing, that cart would be lost. You’d have to go back and add everything all over again when you were finally ready to buy. If it weren’t for cookies, our web experiences would be entirely different (and much more frustrating).

In cases like the previous example, the use of tracking cookies is pretty benign and helps smooth the user’s online experience overall. So, if cookies can provide a beneficial service, why do we need privacy laws like GDPR? The answer is because of a specific type of cookie, i.e. third-party tracking cookies. These are created by domains other than the one you are actively visiting. They run silently in the background, tracking you and your online habits without your notice and compiling long-term records of your browsing behavior. These are typically used by advertisers to serve ads “relevant” to the user even as they navigate unrelated parts of the web.

Who Serves Cookies and Why?

By far the most prolific servers of third-party cookies are Google and Facebook. To help businesses target and track advertisements, both Google and Facebook both suggest embedding a tracking pixel—which is just a short line of code—into business websites. These pixels then serve up cookies, which allow the site owner to track individual user and session information.

The tracking doesn’t stop there. To optimize their marketing tools for all users, Google and Facebook both track and store this data in their own databases for processing through their own algorithms. Even if you’re not currently logged in to Facebook, your session data can still be tracked by your IP address.

What is People-Based Targeting?

Google and Facebook’s ad platforms work incredibly well because they pair cookie data with an existing bank of user data that most of us have willingly (or unwillingly) given them. Your Facebook account, Instagram account, Gmail, and Google Chrome accounts are all linked to larger systems that inform sophisticated advertising networks how to appeal to you, specifically, as a consumer. This way, websites can serve you ad content you’re likely to click on, no matter which sites you’re actively visiting. Combining traditional cookie tracking with these types of in-depth user profiles is called “people-based targeting” and it’s proven to be an incredibly powerful marketing tactic.

How to Protect Your Data

The sad truth is that you’ll never fully escape tracking cookies, and, frankly, you probably wouldn’t want to. As mentioned above, they streamline your online experiences in a pretty significant way. What you can do is reduce the breadth of their reach in your digital life. Here are a few key ways to do that.

  1. Stay vigilant. Be sure to read the privacy policies before you accept them. This advice goes beyond the GDPR-compliant pop-ups that have become so prevalent in the last year. Keep in mind that tech giants are often interconnected, so it’s important to be aware of all the privacy policies you’re being asked to accept.
  2. Clean house. You don’t have to do it often, but clear your cookie cache every once in a while. There are plusses and minuses here; clearing your cache will wipe away any long-term tracking cookies, but it will also wipe out your saved login information. But don’t let that deter you! Despite that sounding like a hassle, you may find your browser performance improves. Exact steps for how to clear your cookies will depend on your browser, but you’ll find plenty of guides online. Don’t forget to clear the cache on your mobile phone as well.
  3. Use a VPN. Most of all, we recommend installing a virtual private network (VPN) on all of your devices. VPNs wrap your web traffic in a tunnel of encryption, which will prevent tracking cookies from following you around the web. Make sure you use a reputable VPN from a trusted source, such as Webroot® WiFi Security. A number of the supposedly free VPN options may just sell your data to the highest bidder themselves.

Cookie tracking and digital ad delivery are growing more sophisticated every day. Check back here for the latest on how these technologies are evolving, and how you can prepare yourself and your family to stay ahead.

Cyber News Rundown: E-Scooters Vulnerable

Reading Time: ~ 2 min.

E-Scooter Security Vulnerability

A security researcher recently found an API vulnerability within the software of Voi e-scooters that allowed him to add over $100,000 in ride credits to his account. The vulnerability stems from a lack of authentication after creating an account which allows users to enter an unlimited number of promo codes offering ride discounts through several of the service’s partners. The writeup of steps to replicate flaw was temporarily taken down by the researcher until the company resolves the issue.

MageCart Strikes Volusion Sites

Thousands of sites using Volusion software have been affected by malicious MageCart scripts going back to mid-September. The scripts have been running from a non-descript API bucket and are using filenames that would appear benign to most security software and site admins. While victims will likely begin monitoring for stolen payment card data, it is still unclear how many sites have been compromised in total.

Brazilian Database for Sale

A database containing extremely sensitive information belonging to more than 92 million Brazilian citizens was found up for auction on several marketplaces on the dark web. Included in a sample of the data were driver’s license numbers and taxation info for the 93 million Brazilians currently employed within the country. Unfortunately for those involved, Brazil’s recently introduced data protection law won’t be in effect until halfway through next year.

Twitter 2FA Leak

Twitter announced earlier this week that many email addresses and phone numbers customers were using for two-factor authentication had been provided to third-parties for use in targeted advertisements. The company is still working to determine how many users are involved in this apparently unintentional misuse of their sensitive information. Twitter has fixed the main issue, though they still require a phone number for 2FA regardless of the method used to verify the account.

New Zealand Health Organization Hacked

Following a cyber attack in August of this year, officials discovered evidence of multiple intrusions into their systems going back nearly three years. The health organization has been working with law enforcement to determine the extent of the unauthorized access, as well as attempting to contact all affected individuals.

Online Gaming Risks and Kids: What to Know and How to Protect Them

Reading Time: ~ 4 min.

Online games aren’t new. Consumers have been playing them since as early as 1960. However, the market is evolving—games that used to require the computing power of dedicated desktops can now be powered by smartphones, and online gaming participation has skyrocketed. This unfortunately means that the dangers of online gaming have evolved as well. We’ve examined the top threats that parents need to know about to keep their kids safe while gaming online.

Check out our Antivirus protection for PC gaming without impact on your gameplay.

Online Bullying and Harassment

A recent study shows that 65% of players who participate in online gaming have been harassed; a statistic that does not bode well for underage gamers. Your first instinct may be to try to prevent your child from participating in online gaming altogether, but this may cause them to sneak playing time without your knowledge. A stronger choice would be to talk with your kids and prepare them for the types of negative behavior they may experience online, and to make sure they know they can come to you if they are being harassed. It’s also important to explain the impact that online bullying can have on others, and to set firm consequences if you catch your child participating in harassment or abusive language. Regulating the use of headsets can help prevent both your child’s exposure to and participation in online harassment.

Two types of harassment specific to online experiences go a step beyond what you would expect from online bullying: doxxing and swatting. Doxxing is when one or more online participants seek personal, identifying information on a particular user for blackmail or intimidation purposes. Doxxing can often lead to the release of real names, phone numbers, home addresses, employer information, and more. Swatting is a form of harassment that uses doxxing techniques to create an actual, tangible threat. A harasser will call in a threat to a doxxed user’s local law enforcement, often claiming there is a kidnapping or hostage situation at the victim’s address. This may bring a large SWAT response unit to descend upon the address.

Keeping an open line of communication about your kid’s gaming experiences is critical. Swatting can happen over seemingly innocuous events. One of the most notorious examples followed a dispute over a $1.50 bet in “Call of Duty: WWII.”

Pro tip: one is only vulnerable to doxxing and swatting if a harasser can link identifying information back to the targeted gamer. Educating your kids on digital privacy best practices is one of the strongest security measures you can take against these forms of online harassment.

Viruses and Malware

As with almost every digital experience, you’ll find specific cybersecurity threats associated with the online gaming landscape. We asked Tyler Moffitt, Webroot security analyst, for his thoughts on the malware threats associated with online gaming. 

“The thing kids should really watch out for with games is the temptation to cheat,” explains Moffit. “In popular games like Fortnite and PUBG, ‘aimbots’ are very common, as they allow the player to get headshots they normally wouldn’t be able to make. However, many of the aimbots that kids download from forums are packed with malware—usually  ransomware or info-stealing Trojans. What’s worse: a lot of young gamers also don’t run antivirus because they think it will make the game slower.”

The bottom line: cheating at online games isn’t just ethically icky, it makes you a proven target for hackers. Make sure your kids know the real cost of “free” cheats.

Phishing Scams and Account Takeovers

Where there’s money, there are scammers. With more than 1 billion gamers actively spending money not just on games, but in games, it’s no surprise that phishing scams have become commonplace in gaming communities. One of the most prevalent phishing tactics in gaming: account takeovers are often prompted by a risky link click on a gaming forum, or a compromised account sending out phishing links to other users. Once the hacker has control of the account, they can run up fraudulent charges to any attached credit cards or, in some cases, sell the compromised account (particularly if it contains valuable items or character skins). Young gamers are especially at risk for these hacks. In these cases, chances are that any credit cards attached to gaming accounts belong to you, not your kids, so young gamers aren’t going to notice who’s spending your hard-earned funds.

Keeping Your Kids Safe

You’ll find plenty of tools to help your kids stay secure while gaming. Reliable antivirus software installed and up-to-date on all of your household smart devices can protect your family from malicious software. Additionally, wrapping your household web traffic in the secure encryption of a trusted VPN could reduce doxxing potential. But your kids will only find true security through digital literacy. Start conversations with them not just about online bullying, but about recognizing cybersecurity threats and phishing scams. If you’re having a hard time connecting with them over the threat, remind them that it’s not just your wallet on the line. Account takeovers are now all too common, and no kid wants to see their Fortnite skins sold for a stranger’s profit. Also, always be sure to exercise caution in giving out information on the internet. Even small, seemingly irrelevant pieces of information could be used to pull up Facebook or other user account pages to grab even more personal data.

To keep your kids educated about online gaming risks, it’s important to educate yourself as well. Have a question we didn’t cover here? Ask the Webroot community.



5 Key Benchmarks for Choosing Efficient Endpoint Security

Reading Time: ~ 3 min.

First and foremost, endpoint protection must be effective. Short of that, MSPs won’t succeed in protecting their clients and, more than likely, won’t remain in business for very long. But beyond the general ability to stop threats and protect users, which characteristics of an endpoint solution best set its administrators for success?

Get the 2019 PassMark Report: See how 9 endpoint protection products perform against 15 efficiency benchmarks.

Consider the world of the MSP: margins can be thin, competition tight, and time quite literally money. Any additional time spent managing endpoint security, beyond installing and overseeing it, is time not spent on other key business areas. Performance issues stemming from excess CPU or memory usage can invite added support tickets, which require more time and attention from MSPs. 

So, even when an endpoint solution is effective the majority of the time (a tall order in its own right), other factors can still raise the total cost of ownership for MSPs. Here are some metrics to consider when evaluating endpoint solutions, and how they can contribute to the overall health of a business. 

1. Installation Time

We’ve written recently about the trauma “rip and replace” can cause MSPs. It often means significant after-hours work uninstalling and reinstalling one endpoint solution in favor of another. While MSPs can’t do much about the uninstall time of the product they’ve chosen to abandon, shopping around for a replacement with a speedy install time will drastically reduce the time it takes to make the switch. 

Quick installs often also make a good impression on clients, too, who are likely having their first experience with the new software. Finally, it helps if the endpoint solution doesn’t conflict with other AVs.  

2. Installation Size

Few things are more annoying to users and admins than bulky, cumbersome endpoint protection, even when it’s effective. But cybersecurity is an arms race, and new threats often require new features and capabilities. 

So if an endpoint solution is still storing known-bad signatures on the device itself, this can quickly lead to bloated agent with an adverse effect on overall device performance. Cloud-based solutions, on the other hand, tend to be lighter on the device and less noticeable to users.

3. CPU Usage During a Scan

Many of us will remember the early days of antivirus scans when considering this stat. Pioneering AVs tended to render their host devices nearly useless when scanning for viruses and, unfortunately, some are still close to doing so today. 

Some endpoint solutions are able to scan for viruses silently in the background, while others commandeer almost 100 percent of a device’s CPU to hunt for viruses. This can lead to excruciatingly slow performance and even to devices overheating. With such high CPU demand, scans must often be scheduled for off-hours to limit the productivity hit they induce. 

4. Memory Usage During a Scheduled Scan 

Similar to CPU use during a scan, RAM use during a scheduled scan can have a significant effect on device performance, which in turn has a bearing on client satisfaction. Again older, so-called legacy antiviruses will hog significantly more RAM during a scheduled scan than their next-gen predecessors. 

While under 100 MB is generally a low amount of RAM for a scheduled scan, some solutions on the market today can require over 700 MB to perform the function. To keep memory use from quickly becoming an issue on the endpoints you manage, ensure your chosen AV falls on the low end of the RAM use spectrum. 

5. Browse Time

So many of today’s threats target your clients by way of their internet browsers. So it’s essential that endpoint security solutions are able to spot viruses and other malware before it’s downloaded from the web. This can lead to slower browsing and frustrate users into logging support tickets. It’s typically measured as an average of the time a web browser loads a given site, with variables like network connection speed controlled for. 

Effectiveness is essential, but it’s far from the only relevant metric when evaluating new endpoint security. Consider all the above factors to ensure you and your clients get the highest possible level of satisfaction from your chosen solution.

Cyber News Rundown: Data Dash

Reading Time: ~ 2 min.

DoorDash Data Breach

Nearly five months after a breach, DoorDash has just now discovered that unauthorized access to sensitive customer information has taken place. Among the stolen data were customer names, payment history, and contact info, as well as the last four digits of both customer payment cards and employee bank accounts. The compromised data spans nearly 5 million unique customers and employees of the delivery service. DoorDash has since recommended all users change their passwords immediately.

American Express Employee Fraud

At least one American Express employee was fired after it was revealed they had illicitly gained access to customer payment card data and may have been using it to commit fraud at other financial institutions. Following this incident, American Express began contacting affected customers offering credit monitoring services to prevent misuse of their data.

Hackers Target Airbus Suppliers

Several suppliers for Airbus have recently been under cyber-attack by state-sponsored hackers that seem to have a focus on the company’s VPN connections to Airbus. Both Rolls-Royce and Expleo, European manufacturers of engines and technology respectively, have been targeted for their technical documentation by Chinese aircraft competitors. This type of attack has pushed many officials to urge for higher security standards across all supply chains, as both large and small companies are now being attacked.

Ransomware Law Passes Senate

A recently passed law mandates the Department of Homeland Security support organizations affected by ransomware. While focused on protecting students in New York state, the legislation follows 50 school districts across the U.S. falling victim to ransomware attacks in 2019 alone, compromising up to 500 schools overall. A similar bill recently passed in the House of Representatives, which is expected to be combined with this legislation.

Ransomware Targets Hospitals Around the Globe

Multiple hospitals in the U.S. and Australia have fallen victim to ransomware attacks within the last month. Some sites were so affected that they were forced to permanently close their facilities after they weren’t able to rebuild patient records from encrypted backups. Several offices in Australia have been unable to accept new patients with only minimal systems for continuing operations.

Why MSPs Should Expect No-Conflict Endpoint Security

Reading Time: ~ 3 min.

“Antivirus programs use techniques to stop viruses that are very “virus-like” in and of themselves, and in most cases if you try to run two antivirus programs, or full security suites, each believes the other is malicious and they then engage in a battle to the death (of system usability, anyway).”

“…running 2 AV’s will most likely cause conflicts and slowness as they will scan each other’s malware signature database. So it’s not recommended.”

The above quotes come from top answers on a popular computer help site and community forum in response to a question about “Running Two AVs” simultaneously.

Seattle Times tech columnist Patrick Marshall has similarly warned his readers about the dangers of antivirus products conflicting on his own computers.

Click here to see 9 top endpoint protection competitors go head to head to see who’s most efficient.

Historically, these comments were spot-on, 100% correct in describing how competing AV solutions interacted on endpoints. Here’s why.

The (Traditional) Issues with Running Side-by-Side AV Programs

In pursuit of battling it out on your machine for security supremacy, AV solutions have traditionally had a tendency to cause serious performance issues.

This is because:

  • Each is convinced the other is an imposter. Antivirus programs tend to look a lot like viruses to other antivirus programs. The behaviors they engage in, like scanning files or scripts and exporting information about those data objects, can look a little shady to a program that’s sole purpose is to be on the lookout for suspicious activity.
  • Each wants to be the anti-malware star. Ideally both AV programs installed on a machine would be up to the task of spotting a virus on a computer. And both would want to let the user know when they’d found something. So while one AV number one may isolate a threat, you can bet AV number two will still want to alert the user to its presence. This can lead to an endlessly annoying cycle of warnings, all-clears, and further warnings.
  • Both are hungry for your computer’s limited resources. Traditional antivirus products store static lists of known threats on each user’s machine so they can be checked against new data. This, plus the memory used for storing the endpoint agent, CPU for scheduled scans, on-demand scans, and even resource use during idling can add up to big demand. Multiply it by two and devices quickly become sluggish.

Putting the Problem Into Context

Those of you reading this may be thinking, But is all of this really a problem? Who wants to run duplicate endpoint security products anyway?

Consider a scenario, one in which you’re unhappy with your current AV solution. Maybe the management overhead is unreasonable and it’s keeping you from core business responsibilities. Then what?

“Rip and replace”—a phrase guaranteed to make many an MSP shudder—comes to mind. It suggests long evenings of after-hours work removing endpoint protection from device after device, exposing each of the machines under your care to a precarious period of no protection. For MSPs managing hundreds or thousands of endpoints, even significant performance issues can seem not worth the trouble.

Hence we’ve arrived at the problem with conflicting AV software. They lock MSPs into a no-win quagmire of poor performance on the one hand, and a potentially dangerous rip-and-replace operation on the other.

But by designing a no-conflict agent, these growing pains can be eased almost completely. MSPs unhappy with the performance of their current AV can install its replacement during working hours without breaking a sweat. A cloud-based malware prevention architecture and “next-gen” approach to mitigating attacks allows everyone to benefit from the ability to change and upgrade their endpoint security with minimal effort.

Simply wait for your new endpoint agent to be installed, uninstall its predecessor, and still be home in time for dinner.

Stop Wishing and Expect No-Conflict Endpoint Protection

Any modern endpoint protection worth its salt or designed with the user in mind has two key qualities that address this problem:

  1. It won’t conflict with other AV programs and
  2. It installs fast and painlessly.

After all, this is 2019 (and over 30 years since antivirus was invented) so you should expect as much. Considering the plethora of (often so-called) next-gen endpoint solutions out there, there’s just no reason to get locked into a bad relationship you can’t easily replace if something better comes along.

So when evaluating a new cybersecurity tool, ask whether it’s no conflict and how quickly it installs. You’ll be glad you did.

Cyber News Rundown: Instagram Phishing Campaign

Reading Time: ~ 2 min.

Copyright Phishing Campaign Hits Instagram

Many Instagram accounts were recently compromised after receiving a notice that their accounts would be suspended for copyright infringement if they didn’t complete an objection form within 24 hours. By setting a timeframe, the attackers are hoping that flustered victims would quickly begin entering account credentials into a phony landing page before being redirected to the authentic Instagram login page to appear legitimate.

WordPress Plugin Exploited

Rich Reviews, a vulnerable WordPress plugin that was removed from the main WordPress repository more than six months ago, has been found still active on thousands of websites. This vulnerability allows attackers to download malicious payloads, then redirect victims to phony websites that could further infect their systems. Fortunately, several security companies are working with the plugin’s creators to fix the current vulnerabilities, though these updates won’t reach users until it’s put back on the repository.

Banking Malware Campaign

Hundreds of malware samples have been discovered that target ATMs and can be deployed to obtain sensitive banking information from infected systems. Dtrack, the name of the malware tools, can also be used to steal local machine information, such as keystrokes and browser history, by using known vulnerabilities in network security. This type of attack comes from the Lazarus Group, who have been known to target nations and major financial institutions around the world.

Click2Gov Site Hacked

An online bill paying site used in dozens of cities across the U.S. was recently hacked in at least eight cities, already compromising more than 20,000 individuals from all 50 states. This will be the third breach affecting Click2Gov, all of which used an exploit allowing attackers to gain both remote access to the system and upload any files they choose. Many of the cities that were targeted recently were part of the prior attacks on the Click2Gov portal.

Wyoming Healthcare Hit with Ransomware

Campbell County Health’s computer systems were brought to a halt after suffering a ransomware attack this week. Nearly 1,500 computers were affected and all currently scheduled surgeries and other medical care must be delayed or diverted to another facility. Fortunately, CCH is working quickly to restore all of their systems to normal and determine the exact infection point for the attack.

STEM for Kids: Why Does it Matter?

Reading Time: ~ 3 min.

You have probably seen or heard news reports about STEM education (Science, Technology, Engineering, and Math), and how important STEM jobs are for the economy; or maybe you’ve heard reports on schools that are making strides to improve their STEM programs for kids. It’s important for parents with school-aged children to fully understand what a STEM education is and why access to STEM learning resources is so critical.  

STEM education, which is rooted in a strong foundation in the disciplines of science and math, is traditionally a part of any student’s curriculum. But a truly effective STEM education focuses on the interdisciplinary layering of these disciplines into the larger educational picture. When applied appropriately, effective STEM learning is integrated across subject areas, which taps into a child’s natural curiosity, providing them with an outlet for their creative energy. 

Check out some more tips on what you can do to help create the STEM leaders of tomorrow.

Why is STEM important for kids?

STEM isn’t just a buzzword acronym. The data shows a real impact when a child is exposed to STEM activities or programs. Here are just a few of ways kids are benefiting from STEM learning. 

  • College Readiness: A recent study from ACT shows that teenagers with an expressed interest in STEM display significantly higher levels of college readiness than their uninterested cohort.  
  • Workforce Opportunity: Humanity will always need engineers, and STEM workforce growth will always reflect that need. Since 1990, STEM employment has  grown by nearly 80%, and the sector expects to see an additional 8.9% in growth before 2024. Even better, STEM workers earn around 26% higher salaries than others. Even if they don’t end up working in a traditionally STEM-focused field, people with STEM degrees tend to earn more on average across the board. 
  • American Infrastructure: It’s no secret that we have a shortage of STEM workers in the United States. In fact, of the 970,532 STEM-interested students polled in the ACT survey, only 5,839 indicated a plan to pursue a degree in a STEM field. With less than one percent of STEM-interested students pursuing the field, this leaves the future of our country’s digital infrastructure in potential peril. Consider this: China has a ratio of roughly one STEM grad for every 293 citizens, while the United States has one STEM grad for every 573 citizens. As it stands, we have roughly half the engineering power as our main economic rival, with no sign of bridging the gap. 

Getting kids involved in STEM

STEM may seem intimidating to introduce to a young child, but it’s such a diverse field in which you can find several points of entry. Many existing extracurricular activities have already integrated STEM initiatives. One notable example is the Girl Scouts of America’s pledge to bring 2.5 million young women into the STEM pipeline by infusing their existing programs with STEM education projects. Many local and national programs are also focused on engaging children in STEM. If you’re having trouble finding such programs in your area, don’t forget the valuable resource that is your local library. They can often help you find a few relevant activities around town. 

STEM at Home

You don’t have to wait for a STEM program to begin encouraging your child’s curiosity. Many simple, safe, and fun STEM projects can be worked on at home, like fun games or building toys (like creating magnetic slime or the engineering of simple robots). Finding at-home STEM activities to do with your child is an excellent first step toward giving them a solid foundation in STEM principles and nurturing their interest. 

Creating a new generation of scientists, engineers, and inventors is important for all of us. Here at Webroot, we partnered with the Air Force Association’s CyberPatriot program to engage with Denver-area students around the topics of STEM and cybersecurity awareness, and we’re continuing thisinitiative again this year in honor of National Cyber Security Awareness Month in October. By engagingwith students in our community, we hope to plant the seeds that will encourage students to explore future opportunities in cybersecurity and IT.  

How are you applying STEM education to your child’s life? Find ways to get involved in National CyberSecurity Awareness Month here. 

5 Must-Haves When Working Outside the Office

Reading Time: ~ 3 min.

When you’re running a business, it’s important to stay connected, whether you’re in the office or not. Modern technology has made this easier than ever, ensuring you can answer emails and stay on top of tasks in hotels, coffee shops, wherever. Social media influencer and serial entrepreneur Gary Vaynerchuk has even said, “The airplane is disproportionately the place where I get the most tangible amount of work done.” 

But if you’re going to get anything done outside the office or on the road, there are a few essentials to have on hand. Here are five must-haves to make sure you are prepared and productive.

#1 Protect Your Devices and Your Data

No, this is not at the top just because you’re reading this on a security blog. Anytime you’re accessing the internet in a hotel, coffee shop, or other public space, your data and devices are at risk. While security may not be at the top of your list of concerns, a whopping 58% of data breaches happen to SMBs, and 60% of those who are attacked fold within 6 months.

This is why security, at the very least endpoint security, should be your number one consideration when working on the go. But not all endpoint security solutions are created equal.

Explore fast and effective endpoint security designed for business.

Modern endpoint security is cloud-based, lightweight (won’t slow your device down), and is powered by 24/7 threat intelligence to make sure you are protected against all known threats. In fact, some do what is known as “journaling” when they encounter an unknown threat so if it is deemed malicious, every action the malware took can be rolled back, step by step.

It’s also worth considering implementing a VPN to secure your connection to your office software and data as well as secure your communications with colleagues. Public WiFi is a favorite target of malicious attacks, including man-in-the-middle attacks, so the more you can anonymize your activity, the better.

#2 Stay Connected

When you’re on the road, there’s no guarantee that you’ll have reliable WiFi. Coffee shop WiFi can vary depending on how many people are using it, and hotel WiFi often costs money. To make sure you can always stay connected to high-quality WiFi, you’ll want to invest in a mobile WiFi device, which will work much better than using your smartphone as a hotspot. Plus, using a mobile WiFi device will help save your phone battery and will free it up for any phone calls you need to make. 

In addition, by using your own WiFi hotspot, you will avoid some of the security risks that come from using public WiFi

#3 Stay Charged

The last thing you want when working on the go is for your devices to run out of battery. Of course, you must remember to bring your basic laptop and smartphone chargers. However, you might not always have convenient access to an outlet. In which case, you’re going to want to bring a portable charger. Smartphones and laptops have different battery needs so you might want to get a portable charger for each.

Here is a list of the top portable chargers for smartphones and another for the top power banks for your laptop.

#4 Stay in the Zone

If you’re out of the office, chances are it might be more difficult to find some peace and quiet. Because of this, you’ll want to make sure you have a good set of headphones to help you get in the zone. 

If you’re choosing headphones, you’ll need to consider whether you want to go with over-the-ear or in-ear models. Over-the-ear models tend to have higher sound quality and better noise canceling features, but there are a variety of high-quality earbuds these days that may be easier to travel with. Whichever you go with, they’ll be useless without productivity-enhancing music to go along with them.

study published on the psychology of music found that those who listened to music completed their tasks more quickly and experienced better creativity. If you want to make your own playlist, it’s largely accepted that classical and other instrumental types of music work best for productivity. However, there are a variety of curated work playlists already in existence that you could use.

#5 Travel with the Right Bag

Now that you have your laptop, smartphone, chargers, portable batteries, headphones, and WiFi hotspot, you’ll need a way to carry it all around. But not just any bag will do. Since you’re traveling, you’ll want something that is compact, organized, and comfortable to carry, even if it’s heavy.

While the briefcase is a classic, it is not very efficient and can be cumbersome when also trying to carry coffee or talk on the phone. Backpacks are definitely the way to go if you want to carry everything comfortably while keeping your hands free. Just make sure to choose a bag made of durable materials with adequately wide and cushioned straps. The last thing you want in a bag is one you wince at the thought of carrying again after a long day.

Cyber News Rundown: TFlower Ransomware Exploiting RDP

Reading Time: ~ 2 min.

TFlower Ransomware Exploiting RDP 

Ransomware attacks seem to be earning larger payouts by focusing on big businesses and governments, and a new variant dubbed TFlower might be no exception. TFlower has been proliferating by hacking into compromised networks through various remote desktop services. Attackers can reportedly execute the malware and begin encrypting most file types and removing all local backups. It is still unclear how much the demanded ransom is, but researchers have found that TFlower doesn’t append the encrypted files’ extensions.  

Ransomware is evolving. Click here to learn more on the threat.

Lion Airline Data Leak 

More than 30 million customer records belonging to two Lion Air-owned companies Malindo Air and Thai Lion Air were found in a publicly accessible database and later on several underground forums earlier this month. Among the available data are names, birthdates, and passport information, all of which could easily be used to commit identity fraud. While the data was available for nearly a month, it is still unclear how many individuals may have obtained copies of the data. 

White Hat Hackers Expose Webcam Security Flaws 

Over 15,000 unique webcams from several different manufacturers have been found to be using default security settings while connected to the internet. Many of the compromised devices have been identified in the U.S., Europe, and Southeast Asia. This recent discovery should prompt manufacturers to implement additional security settings and require users to set their own passwords.  

Medical Patient Images and Data Unprotected 

In a recent research study of 2,300 healthcare systems, nearly 25 percent were publicly accessible on the internet, containing a total of 24.3 million patient healthcare records from at least 52 countries. Over 400 million medical images were available for access or download through a system that allows medical workers to share patient documents. These systems date back to the 1980s and need to be brought up to current security standards, as the current system has virtually none.  

Ecuadorian Data Analytics Breach 

An Ecuadorian data analysis firm, Novaestrat, is under investigation after it was discovered that the company left personally identifiable information for nearly every Ecuadorian citizen exposed in an unsecured database. Records for 2.5 million car owners and nearly 7.5 million financial and banking transactions were included in the records. Immediately upon the revelation of the breach, Ecuadorian government officials arrested the CEO for possessing the data illicitly.