Skip to main content

Hello Webroot Community, 

I wanted to create a space for us to come together and discuss Webroot and COVID-19.

Consider this our office hours. 

In case you might have missed it, we created a page here where we’ll keep a running list of articles, blog posts, and other pieces of content about our COVID-19 response.

If you have specific questions on what we’re doing as a company during the pandemic and our tips for how you can stay cyber resilient in these uncertain times. 

Please add your questions below or join us Tuesday, July 21, 2020, at 1:00 PM - 1:30 PM MT.

How to keep remote workers safe and secured while they are using their own hoe devices.
how the business market will be affected after this corona ends.
what are new plans for Webroot to face changes happened ….will they add for example remote desktop option to end point protection for example


Does Webroot have a way to make it easy for remote client deployment by a work-from-home user?

Example:  I use Webroot GSM to create and send e-mail a one-time link that the client can click on, that assists them in downloading the Webroot client to their computer and then runs and installs for them, so that if they’re using a home computer, we can protect them until they return to the office?


Hey everyone, 

Hope you’re doing well and enjoying your summer as best you can. We’ll get started in a little bit with the usual suspects. 

 


This week, we’ve seen a few questions come in on this thread (above) AND submitted throughout the week that I wanted to post below. 

 

Do you believe in the work from anywhere model? Panagiotis K.

Is it cost effective to have employees WFH? Vasilis T.

I hope you’re all keeping well, safe and adapting to what could be the new norm. In light of COVID how do you think the threat landscape has changed, I.e changes in the way the attacks are functioning; more targeted attacks? More successful attacks? More potentially profitable attacks? Daniel C. 

What are some things that can add value to clients during these times without adding costs? David H. 

From my side, the biggest question is how to stay motivated. Second question, how do you keep sane. For the rest, I know Webroot got this covered. Martin V. 

What are your thoughts on the Twitter hack? Eden

With the way Webroot allows us to do things remotely for clients, is there really much of a difference to our way of dealing with infections for clients? Gordon K. 


This week, we’ve seen a few questions come in on this thread (above) AND submitted throughout the week that I wanted to post below. 

 

I hope you’re all keeping well, safe and adapting to what could be the new norm. In light of COVID how do you think the threat landscape has changed, I.e changes in the way the attacks are functioning; more targeted attacks? More successful attacks? More potentially profitable attacks? Daniel C. 

 

 

Phishing malspam into ransomware is probably the most popular right now. They have adaptive to the COVID19 landscape and basically all of the emails now are around COVID, usually themed with CDC guidelines, COVID testing for free and anything related. The email contains a word doc that wants you to run a macro. Once clicks that enable content button, it will download trickbot or dridex which will analyze the network so criminals can decide what kind of environment they are in and ballpark figure of what they want to charge for ransom. One change that we’ve seen recently is that criminals will now steal the data before they ransom, so in the case that you decide not to pay the ransom because you are able to bounce back without the files they encrypted, they will just auction or release the data so your company faces ramifications of things like GDPR and CCPA. They are trying to create a scenario where paying the ransom is the most attractive option

 

We've seen 2% of all COVID websites created in past few months were malicious. 2000% increase in malicious files with ZOOM in their name. We’ve also seen over  a 40% increase in unsecured RDP machines for remote working. Unsecured RDP is a huge problem because Microsoft allows unlimited login attempts and by anyone from any location - by default when you set it up. So criminals will just brute force their way into environments and have complete control of the machine. Again, unsecured RDP isn’t new and has been around for a while, but the attack area surface is only growing. 

 


Do you believe in the work from anywhere model? Panagiotis K.

 

On the first question about the work from anywhere model? 

The acceptance will vary considerably on the business sector, the work role and how your employees want to work together. It will suit some roles and tasks a lot more than others.

I think the business leaders need to decide what work terms they offer, but the ability to be more flexible and offer the work from anywhere model will become in the end a joint company/employee decision.

As for do I believe in it, no, not entirely. I think the office, social interaction is still most people’s preferred way of working. Being in IT there are lots of individual contributors so working solo is normal, but it’s NOT normal in other sectors. Closing down offices and making people work from their kitchen tables is not going to attract employees, while being flexible about work from anywhere is a positive move.   


This week, we’ve seen a few questions come in on this thread (above) AND submitted throughout the week that I wanted to post below. 

 

What are some things that can add value to clients during these times without adding costs? David H. 

 

 

Employee training has proven to be worth all the investment you put into it, even if it’s just time. If you already have a training platform make sure to run many phishing simulations to your employees, as that is the most impactful. You can run as many of these as you want and the price you pay stays the same for the training so it’s up those in charge to make sure you run enough campaigns. If you don’t already have a training platform then there are free options out there, you are just hindered by quality and scope of coverage but that doesn’t mean you can’t reduce the risk of your employees


Is it cost effective to have employees WFH? Vasilis T.

 

I think many companies will be thinking it is and taking advantage of that to reduce their costs. Obviously, it’s the employees coffee, stationary, heat, light and space that’s being used and that saves a lot of expenditure for the company. So, if productivity holds up then it probably is highly cost-effective.

But I also think if it’s the norm going forward (being in IT Security) that employers will invest in far greater monitoring of staff and be too invasive. MSPs will be drawn into delivering that and then I think we get into some very grey and litigious privacy areas.

Monitoring that is OK in the office, is NOT acceptable in the home. So there is a lot to work through.  Businesses are not known for being particularly benevolent and if everything is virtual and remote they may just look at it being a cost exercise rather than an employee benefit.

And, if employees become just skill for hire,  and there is no work ‘social’ culture then WFH could become very expensive rather than cost-effective.


This week, we’ve seen a few questions come in on this thread (above) AND submitted throughout the week that I wanted to post below. 

 

From my side, the biggest question is how to stay motivated. Second question, how do you keep sane. For the rest, I know Webroot got this covered. Martin V. 

 

Staying sane and motivated are absolute struggles from my side. While the wellbeing of my kids 5 and 7 is a surefire motivator, but them staying at home during school and no summer camp has challenged my sanity. All the days blend together and the weekends don't even feel like weekends anymore. Definitely can’t wait for the kids to get back into school and the year to be over :)


From my side, the biggest question is how to stay motivated. Second question, how do you keep sane. For the rest, I know Webroot got this covered. Martin V. 

 

We have it covered, and are trying to ensure we keep it that way with lots of new security features being added and delivered this year.

Not sure I can help with your sanity too much, except to say make sure you do talk or connect to others as that’s what keeps my sanity, particularly family and close friends. Getting out of yourself is a good sanity maintenance approach, as is doing things that you like doing. And of course this Webroot Community helps a little too, I hope?

That leads neatly  on to motivation. Staying motivated and focused is realizing that you are and do deliver value that would be missed if it wasn’t provided. So especially now delivering that value in helping your Clients or employees get through this pandemic should be the thing that motivates you. The John F Kennedy ‘Ask not what your country can do for you’ etc. mentality to motivation springs to mind.


What are some things that can add value to clients during these times without adding costs? David H. 

 

The adding value to Client’ question without adding costs is a tricky one. I think I it were me I’d be looking at ways of providing more information in the way of reporting and regular updates. I’d be sharing what your Clients generally are experiencing, what’s working and not working?

Maybe look at letting your Clients talk to each other by having a mentored virtual meeting and acting as a place to let your clients share ideas

I’d of course be surveying/calling and asking them. You could of course save costs to them by looking at ways you could maintain services at a lower cost?

As you can probably tell I think communications are key in the ‘remote’ period and joining the dots. But, there will always be some costs in time spent delivering added value.


Thanks again for everyone’s questions this week. We’ve got a few minutes to go before we wrap up. 

 


What are your thoughts on the Twitter hack? Eden

 

On the surface we see a standard Bitcoin scam of you send me X bitcoin and I’ll send you back double. This has been widely used for years as a simple yet effective confidence scam. Due to the nature of cryptocurrency, the transfer of wealth cannot be stopped or refunded. This hack also shows that the bad actor had access to a twitter admin control panel that had full access to all accounts and basically do anything they wanted, seemingly activating a “god mode”. This is troublesome that this amount of power is possible to be accessed by one person and obviously, that it can be hacked. We can speculate till the end of time about behind the surface of the attack and that so many high profile accounts were taken over and who could be behind it (China/Russia/NK), but the fact is we don’t know. If this was just some hacker for money, they certainly lacked the creativity of other more lucrative options. 


I saw the earlier question about keeping remote workers safe and secured while they are using their own home devices and a remote desktop option to endpoint protection?

We thought the 60-day trial was a good way to extend endpoint protection to securing home users devices, and as I’ve mentioned before you are free to move licenses around, so if a home desktop user is now using their own desktop at home you can take it from the work desktop and reallocate it.

We’re also looking at new bundles for home use that will offer highly affordable value and of course we are being ‘flexible’ around usage and renewals right now to help out  as much as possible.

 


Thanks to everyone who joined us today. We’ll followup with any questions we didn’t get to today but be sure to stop by next Tuesday, July 28 at 1:00 PM MT. or add your questions here and we’ll do our best to answer all of them.

Until next week, stay resilient!