Hello everyone. I hope your week is going well and that you’re hanging in, wherever you are in the world!
We’ll get started in a moment.
Question number 1:
What are the most overlooked security steps? - Angela H.
Our next question comes from Stephan who wants to know a bit more about where we’re taking our Endpoint Business product. He writes in:
Are there any plans to include features into your Endpoint for Business like what you in your Consumer products namely Password Management and backup. Cause as we know, now with us remotely working we are increasing the companies risk especially when using weak passwords or reusing passwords. And the ability for Network admins to force backing up of certain file types or folder can also be a huge advantage. - Stephan M.
Easier? Harder? What’s it like to be an IT Professional these days?
Has life been easier or harder as an IT Professional in a work from home world? - Arnold
Mark wants to know how fast Webroot detects suspicious emails:
How quickly does Webroot pickup on COVID phishing emails - Mark G.
Good question!
Is there a correlation between pandemic hot zones and targeted cyber attacks? - Josh T.
How quickly does Webroot pickup on COVID phishing emails - Mark G.
Last first on Phishing Emails - as that’s a really great question and one I’m glad to answer – almost INSTANTLY. There’s really two reason why we are so effective and efficient at stopping phishing emails.
Our Web Threat Shield part of the endpoint looks at the link and whether it’s going and automatically scores the destination URL. If that score falls below a certain reputation score, then we investigate the URL using our RTAP (Real-time anti-phishing technology that intercedes before the user gets to the URL and uses our cloud-based Machine Learning and other advanced investigation techniques to determine if it is a safe site or a phishing site with 99%+ accuracy. If it’s phishing the user gets a block page. This is a unique feature of Webroot’s and not only covers COVID but all phishing attempt even if the user clicks the link!
Is there a correlation between pandemic hot zones and targeted cyber attacks? - Josh T.
On the correlation of pandemic to targeted attacks.
I have to admit I don’t think we have looked at that in any detail.
We do have our Riskiest States Report that points out general risk, but we’ve not dived into targeted attacks.
Given New York is so badly hit I suspect some cyber criminals will be trying to take advantage, hoping the defenses are less well manned.
By the way I’ll ask our Threat Team to look into any correlation between pandemic hot zones and targeted attacks or attack levels generally.
Has life been easier or harder as an IT Professional in a work from home world? - Arnold
Harder or Easier? I think I would answer that by saying it’s been both harder and easier.
- Harder as we meet more in MS Teams and take more time communicating than in the office.
- Harder as face to face an personal communication is more effective and nuanced – white-boarding, focus etc.
- Harder as despite preconceptions of technology staff we like interacting person to person and sharing both business and social exchanges.
- Easier as the times I’m not meeting are very productive – no interruptions
- Easier as I don’t have a commute each day
But I’m lucky a I do have a WFH dedicated space, and don’t have to work from my car as a friend of mine does right now as his wife has just had a 2nd. baby and they live in a small condo!
That’s a hard situation, and I know lots of colleagues where both partners are working from home and it’s not easy.
We’ve got a few minutes left but we’ll try and get to those last questions as fast as we can.
Question number 1:
What are the most overlooked security steps? - Angela H.
Strong password policies. Length is strength.
While “password” and “1234” may be easy to remember, they are two of the most common, and most commonly hacked, passwords out there. These are simple passwords that can not only be easily guessed by humans, but also be easily identified by automated programs designed to hack your system.
Using your name or a family name, birth year, anniversary or any other identifiable date is risky. These identifiable pieces of information are easily guessed, and if they can be easily guessed, you can be easily hacked.
Too short a password leaves you vulnerable to hacking. The longer the password the harder a hacker, or their code-breaking software, will have to work. This one is crucial. Brute force tools like hashcat can crack 15 characters in 15 hours with roughly a $4,000 hardware investment. Gone are the days where 8 characters is enough to be secure from brute force.
Don’t be obvious in your password codes and substitutions. For example, the password “Ca$h” is not only too short, but the substitution of the dollar sign for the letter “s” is quite common and easy to guess.
Try to incorporate a phrase into your password
An easy and clever way to devise a memorable, yet secure, password is phrases. The length of this phrase is important as each character you add makes it that much harder to crack with brute force tools. Be sure to include spaces into your password if the site allows.
Take the phrase “snow white and the seven dwarves”. If spaces aren’t allowed, it could be altered to “SnowWhite&the7Dwarves.” It’s still easy to remember, yet much more difficult to guess or crack.
Thanks to everyone for joining us today and to @GeorgeA and @TylerM for stopping by and answering questions. I believe we’ve got one more question to followup on (we ran out of time!) I’ll work with Tyler on that.
If anyone has any additional questions, be sure to catch us next Tuesday at 1:00 PM MT.
Until next week, stay resilient!