Hello again, Webroot Community. I hope you’re having a great week so far. It’s been absolutely gorgeous in Colorado over the last couple of days. It’s hard to believe the 4th of July is this weekend. WHAT?!
Anyway, we’ll get started with our weekly office hours in a couple of minutes.
As always, thanks for submitting your questions this week. We really enjoy doing this and spending time connecting with you.
Ok, here we go:
What good has come from the pandemic? - Kevin K.
What is Webroot doing to preserve the health of its staff during COVID-19? - Doug T.
In regards to Malware/cyber threats, have you noticed a massive increase in the COVID-19 related threats, and if so, is there a running theme to look out for? - Matt W.
Has wfh and remote support shown that ease of roll-out, training, monitoring and troubleshooting is vital at the scale and technical skills level of remote workers during the outbreak? - Edwin D.
How are you handling returning back to "normal" work? - Nate H.
How are others dealing with home users on home computers using VPN to office from a security standpoint? May not necessarily be willing or able to use company AV and security product. Mapped drives, malware and infection concerns. - Sean E.
Basically, with more people working from home, theme user now becomes a much easier target than someone behind a corporate firewall. What do you believe is the minimum protection needed for a home worker, and what do you think is really needed? - Owen R.
In regards to Malware/cyber threats, have you noticed a massive increase in the COVID-19 related threats, and if so, is there a running theme to look out for? - Matt W.
Phishing malspam into ransomware is probably the most popular right now. They have adaptive to the COVID19 landscape and basically all of the emails now are around COVID, usually themed with CDC guidelines, COVID testing for free and anything related. The email contains a word doc that wants you to run a macro. Once clicks that enable content button, it will download trickbot or dridex which will analyze the network so criminals can decide what kind of environment they are in and ballpark figure of what they want to charge for ransom. One change that we’ve seen recently is that criminals will now steal the data before they ransom, so in the case that you decide not to pay the ransom because you are able to bounce back without the files they encrypted, they will just auction or release the data so your company faces ramifications of things like GDPR and CCPA. They are trying to create a scenario where paying the ransom is the most attractive option
We've seen 2% of all COVID websites created in past few months were malicious. 2000% increase in malicious files with ZOOM in their name. We’ve also seen over a 40% increase in unsecured RDP machines for remote working. Unsecured RDP is a huge problem because Microsoft allows unlimited login attempts and by anyone from any location - by default when you set it up. So criminals will just brute force their way into environments and have complete control of the machine. Again, unsecured RDP isn’t new and has been around for a while, but the attack area surface is only growing.
What good has come from the pandemic? - Kevin K.
On what good has come from the pandemic from an IT perspective and for MSPs the chance to demonstrate their skills and abilities to manage and keep businesses afloat while their staff are WFH. A realization that the network edge was always the remote user or roaming user. That many have seen the move to remote working as a smooth process – ESG webinar and survey last week saw 67% of IT Decision Makers saying it went smoothly, or very smoothly. And, while some have cut IT spending back others are increasing spending so the impact of COVID has not been as bad as anticipated. I think the adoption of collaboration tools has been a positive move too, as it will definitely reduce air travel and travel generally in the future will be more considered.
What is Webroot doing to preserve the health of its staff during COVID-19? - Doug T.
How are you handling returning back to "normal" work? - Nate H.
Doug’s question and Nate’s actually touch on the same intertwined topics of return to work and Webroot staff health. I think I’ve probably covered this before but Webroot is following the guidance of our parent company OpenText when it comes to preserving the health of our staff.
OpenText have been running a project call Project Shield since well before the epidemic took hold and under that guidance Webroot staff in our Broomfield CO HQ with offices may return.
There has been a lot of changes made to meeting areas, and enclosed huddle rooms being closed. There are distancing (like only 2 persons in the elevators), mandatory mask and hygiene policies and procedures in place.
However, nearly all Webroot staff are still WFH and as only as the local restrictions, personal situations and safety concerns ease will we see an orderly, phased, cautious and slow return to work.
Webroot employees of course have health insurance coverage and no known cases of COVID among Webroot staff.
We are still looking at September 8th as a date when further decisions will be made. I would add that the OpenText approach and model has been extensively reported and followed, and Mark our CEO is very scientifically data driven as he deals with 15,000 workers in different situations all over the world.
Some information here about OpenText’s approach:
https://www.zdnet.com/article/opentext-wont-reopen-half-of-its-physical-offices-post-covid-19-pandemic/
Has wfh and remote support shown that ease of roll-out, training, monitoring and troubleshooting is vital at the scale and technical skills level of remote workers during the outbreak? - Edwin D.
I would certainly hope so! I’m sure there are many companies that realized their inefficiencies with current processes while also learning to use some of their tools more efficiently. Let us know your experience!
Basically, with more people working from home, theme user now becomes a much easier target than someone behind a corporate firewall. What do you believe is the minimum protection needed for a home worker, and what do you think is really needed? - Owen R.
Want to grab the question from Owen as I have my views on the minimum and I’m sure Tyler and I might have different lists. So he can chime in after
If we are talking about a business with its servers and other IP assets secured in the cloud and on-premise, I’d look at user devices this way for a small SMB client:
Minimum:
- A company provided device – limit use of BYOD whether desktop, mobile or
- Windows 10 OS
- Admin control and continuous monitoring of the endpoint device – control downloads etc.
- A written do’s and don’ts WFH home policy that is enforced and enforceable
- Admin control of multi-threat vector endpoint protection of both device and user
- VPN access with at least 2-factor, if not multi-factor authentication
- Strong access permissions in place depending on user ‘needing’ access (IAM if possible)
- Use of virtualization strategies to minimize risk, and software network NACs etc.
- Endpoint back-up and recovery
- Secure remote access support
It is of course a bit of how long is a piece of string as needs definitely vary depending on compliance, business sector, data assets etc. But this would be my absolute minimum and because Webroot offer DNS Protection and Security Awareness Training I’d naturally add these two solutions too - as I think they can really help reduce infections and mistakes as we have COVID, WFH and other content, plus w’re offering 60 day no obligation free trials!!
How are others dealing with home users on home computers using VPN to office from a security standpoint? May not necessarily be willing or able to use company AV and security product. Mapped drives, malware and infection concerns. - Sean E.
So yeah, this is a huge concern no matter the size of the business. Many organizations are making employees use their corporate laptops because have custom protection way beyond the average personal device, like layers of security software and group policies, etc.
Using VPN on personal devices will help make to an extent, but I would limit access to shared drives unless its cloud services. Depending on the job tasks at hand if the employee isn’t handling sensitive data, then using VPN along with using webapps will drastically reduce the surface area of attack that could be leveraged to the company. If the employee is handling sensitive information and has to connect to mapped drives then I would suggest making it mandatory for corporate machine and VPN at all times.
Basically, with more people working from home, theme user now becomes a much easier target than someone behind a corporate firewall. What do you believe is the minimum protection needed for a home worker, and what do you think is really needed? - Owen R.
Want to grab the question from Owen as I have my views on the minimum and I’m sure Tyler and I might have different lists. So he can chime in after
If we are talking about a business with its servers and other IP assets secured in the cloud and on-premise, I’d look at user devices this way for a small SMB client:
Minimum:
- A company provided device – limit use of BYOD whether desktop, mobile or
- Windows 10 OS
- Admin control and continuous monitoring of the endpoint device – control downloads etc.
- A written do’s and don’ts WFH home policy that is enforced and enforceable
- Admin control of multi-threat vector endpoint protection of both device and user
- VPN access with at least 2-factor, if not multi-factor authentication
- Strong access permissions in place depending on user ‘needing’ access (IAM if possible)
- Use of virtualization strategies to minimize risk, and software network NACs etc.
- Endpoint back-up and recovery
- Secure remote access support
It is of course a bit of how long is a piece of string as needs definitely vary depending on compliance, business sector, data assets etc. But this would be my absolute minimum and because Webroot offer DNS Protection and Security Awareness Training I’d naturally add these two solutions too - as I think they can really help reduce infections and mistakes as we have COVID, WFH and other content, plus w’re offering 60 day no obligation free trials!!
These are great suggestions but if you are forced to use BYOD and need a budget list:
- Most up to date OS that auto-updates
- Reputable AV that auto-updates
- Employee education and regular phishing simulation
- VPN, 2FA everything you can (RDP especially)
- Don’t use the OS native apps (outlook, Drive, teams, etc) and instead use the webapp versions. Malware can steal outlook.pst files which could contain PII, or hijack email chains and distribute spam malware links, ect
Thanks to everyone for joining us today and to @GeorgeA and @TylerM for helping us answer questions.
If anyone has any additional questions, be sure to stop by next Tuesday at 1:00 PM MT. or add your questions here and we’ll do our best to answer all of them.
Until next week, stay resilient!