Skip to main content

Hello Webroot Community, 

I wanted to create a space for us to come together and discuss Webroot and COVID-19.

Consider this our office hours. 

In case you might have missed it, we created a page here where we’ll keep a running list of articles, blog posts, and other pieces of content about our COVID-19 response.

If you have specific questions on what we’re doing as a company during the pandemic and our tips for how you can stay cyber resilient in these uncertain times. 

Please add your questions below or join us Tuesday, September 1, 2020, at 1:00 PM - 1:30 PM MT

Hey everyone, happy Tuesday. I hope you’re having a good week so far and staying cool. 

It finally is cooling off here and there’s a hint of fall in the air...that is until it heats up again in a few days and we hit mid 90’s again. 

Anyway, we’ve got the usual suspects here helping us out with our Q&A today. We’ll get started in a second. 


Thanks as always for your questions! Keep them coming! 

How can we properly protect PCs at workers' homes when they wfh? - Costas T

What are the levels of phishing attacks in the last 3 months, compared to the first 3 months of the year? - Christopher H. 

What's the single thing webroot have learned on cybersecurity during the pandemic? - Richard C. 

What change have you seen in cyber threats since the pandemic started, besides COVID related scams? - Teri M. 

Are you looking to implement a more structured working from home scheme following the need to work from home during lockdown? - Warren T. 

What has been the largest change to cyber resilience you have made since COVID? - Jason C.

Is RDP and VPN a secure connection method for wfh? - Anestis P. 

 

 


What change have you seen in cyber threats since the pandemic started, besides covid related scams? - Teri M. 

 

Covid scams and covid themed templates are all the rage right now. There isn’t really anything “new” going on, it’s just been tuned to the landscape that’s been dominated by covid. There has been a new trend going on and that’s increased ransom payments (over $175k average) and the threaten to release/auction data so you face ramifications and fines from GDPR and CCPA if you don’t pay the ransom.


Are you looking to implement a more structured working from home scheme following the need to work from home during lockdown? - Warren T. 

 

Absolutely. Most of our workforce is working at home and only people with an office or approved workspace are allowed to go into the office until next year. We’re opening up in phases and next year we look to the next phase where more of the office can go into work.


is rdp and vpn a secure connection method for wfh? - Anestis P. 

 

As long as your RDP isn’t visible on TCP ports (VPN takes care of this) and you 2fa the VPN, then you should good.

Solutions that are not Microsofts version of RDP are going to be the easiest bet for everyone. LogmeIn, VNC, TeamViewer are all great options and are free up to 5 PCs


how can we properly protect pcs at workers' homes when they work wfh - Costas T

 

If possible, make sure they are issued a corporate machine and make sure they use that. Corporate issued machines have more much security software implemented as well as group policies that will help with preventing malware. Also make sure to use VPN when working or connecting to work services. If your employees have to use their own device, make sure they have security and use VPN as well as 2fa for all accounts. Make sure they aren’t storing any customer data on their machine and it’s encrypted during transit and at rest. Also make sure they update the firmware to their routers.


What are the levels of phishing attacks in the last 3 months, compared to the first 3 months of the year? - Christopher H. 

 

We can’t just pull that data very easy. But here are some stats

Webroot’s Real-Time Anti-Phishing protection system found the following percentage increases in phishing URLs targeting streaming services globally throughout the lockdown in March:

 

Netflix – 525% increase

YouTube – 3,064% increase

Twitch – 337% increase

HBO – 525% increase

 

 

As the lockdown progressed, Webroot also found that Netflix related phishing URLs jumped from 525% to 853% in May.


What's the single thing webroot have learnt on cyber security during the pandemic? - Richard C.

 

Criminals are opportunists and while a couple campaigns took some time off during this pandemic, most of them used this time while everyone was home on their devices to attack them at even greater numbers. More phishing, more malicious files, more malicious spam emails. ALL have increased during this time.

 

The pandemic has only made cybersecurity more important than ever


What has been the largest change to cyber resilience you have made since Covid? - Jason C.

Sorry slacking this week! Interesting question and covers a number of areas. We have been focusing on getting a lot of the work we planned for 2020 completed and in the market. 

So first we have been building a step change in our endpoint security by introducing Script and very soon Foreign Code Shield into our new Webroot Evasion Shield.  We ship these turned off with a migration route to full protection by going to detect & report first, before going full-on detect & remediate.  That we know will reduce infections and catch them a lot earlier than before to improve our earlier detection and infection prevention resilience by a large amount.

We have delivered a lot of new training, phishing templates (COVID and WFH related) with our Security Awareness Training and given exponential increase in phishing attacks and WFH scams helped to increase the human resilience. We are releasing templates, lures and courses faster than ever (almost bi-weekly). We’ve also upgraded the ease of use and automation by adding a Microsoft Azure AD app that works off the shelf with nothing else needed, added auto-enrollment and lots of other things to make training easy and effective.

With DNS we launched native DoH (DNS over HTTPS) support so we can secure home users browser requests and keep them entirely private. The only DNS service offering this degree of privacy and security without needing to sacrifice one for the other.  Plus we will add fine tuned privacy & security policies in mid-October so admin can adjust the privacy security balance precisely.  We’re already leading the DNS market in innovation and we’re going to be delivering a lot more.

We are offering a fantastic Microsoft 365 back up and recovery software solution that covers ALL of M365 including all the application elements so truly you can fully recover any users full M365 data.  We also saw an interest in just plain endpoint back-up and recovery and we’re offering bundled pricing to make those accessible right now , with a view to integrating them into our new console in 2021.

We’ve also extended trial periods and tried to as flexible an responsive as we can during the pandemic and will continue to be so.  So its not one large change but a lot of smaller ones that add up to our largest change.


Thanks again to @TylerM and @GeorgeA for answering questions and spending a little time with us today. 

If anyone has any additional questions, be sure to stop by next Tuesday, September 8, at 1:00 PM MT. or add your questions here and we’ll do our best to answer all of them.

Until next week, stay resilient!