Hello Webroot Community,
I wanted to create a space for us to come together and discuss Webroot and COVID-19.
Consider this our office hours.
In case you might have missed it, we created a page here where we’ll keep a running list of articles, blog posts, and other pieces of content about our COVID-19 response.
If you have specific questions on what we’re doing as a company during the pandemic and our tips for how you can stay cyber resilient in these uncertain times.
Please add your questions below or join us Tuesday, August 25, 2020, at 1:00 PM - 1:30 PM MT.
Hello Webroot Community!
I hope you’re all having a great week so far and staying cool. We’ll get started in a moment with your questions.
If you didn’t have a chance to submit them earlier this week, feel free to ask below.
With that, we’ll get started:
Do you believe that Enterprise organizations, since they plan to have their employees work more and more from home instead of from the office, also should be responsible or involved in strengthening the security posture of those 'home environments' beyond the endpoints (laptops) that are most likely already owned and controlled by them? - Marco R.
Of course, businesses want employees to work from home, the cost dynamics for them improve significantly. However, there will undoubtedly follow legislation on this as it is a severe imposition on some. And, post-pandemic employers who don’t offer a choice will be penalized by employees forced to work under less than ideal circumstances.
But getting to the question,Yes, the employer whether enterprise or a small business needs to be responsible for that home environment if they are replacing or substituting a place of work. It will be about ensuring security, there will be insurance implications, minimum working conditions and standard equipment provided (desk, seating, monitors) should apply equally in the home as the formal office.
There also needs to be very clear lines about what is and isn’t acceptable from a privacy and intrusion nature by the employer.
Frankly I think there is a lot more that will play out over the next few years as things return to a true ‘normal’ and implications social, psychological and environmental that are not yet fully understood – humans are social creatures and tech doesn’t deliver that, in fact the opposite.
Which video conference would be best? I currently use Zoom and Microsoft Teams which both work well so just wondering if I missed something? - Daniel G.
I think you’re doing just fine there. Tyler my colleague mentioned that Zoom is now secure and Teams is robust too. Plus, because of their popularity there is investment, innovation and improvements’ being made rapidly. As always there are lots of ‘shiny new toys’ but I don’t think you are missing out right now!
What’s the best way of making security an important topic when many users are working from home? - Gordon K.
At a minimum sending users’ information and education about the risks they face working at home. A weekly or fortnightly (every 2 weeks) update. You need to cover the ways scammers, phishers, cyber-criminals and other dangerous actors will try to compromise them, both technically and via social engineering. (Growth in vishing was reported as a major problem this week by the FBI and CISA here:
Of course, I would also add adopting Security Awareness Training and conducting phishing simulations. We are literally releasing new phishing templates and lures every 2-4 weeks right now and doubled courses and content around WFH and COVID. Also you can trial it free for 60-days and we have new MS Azure AD so enrollment is a breeze, and now trials cover all the training content.
Have you found that the lockdown had made you busier as people now think more about remote working and need our software more? - Robin T.
I think the demand on you personally ‘being available’ has increased and I think time is being abused by setting more earlier and later meetings. From the software side more security like VPN’s, DNS, Access and Multi-Factor Authentication are all becoming more prevalent.
I do also think that security has focused too much on the endpoint as the exploit route and more should focus on the network level and providing training, education and personal IT support. IT Support especially n these times needs to be pro-active, sympathetic to those less IT literate and also be more enabling.
We at Webroot have seen our online business grow dramatically during this period, and also our DNS service that adds better access control and security is growing rapidly too. So yes, more need for our software.
What's one tip you'd recommend to users facing a BEC (business email compromise) attack? – Eden
Don’t trust an email if you are being asked to do something you don’t know about, cannot verify or it’s asking you to do it immediately.
Our phishing research around the ‘psychology of the click’ published as Hook, Line and Sinker (and by the way a new version in a couple of weeks) shows that the phrase ‘act at speed, repent at leisure’ has never been truer.
So my tip is ‘think carefully’ before you act and provide anything - are you sure it’s 100% trustworthy, really necessary, needed and if it involves money or data then check personally first, don’t be engineered by urgency.
What’s the one thing you have on your desk at home that you’ll be taking back to the office with you? Favorite cup? Photo? Mascot? Mine has to be a photo of my girlfriend and our children. – Daniel C.
Ha! I love this question. For me I have my own office and there is probably too much clutter in it already, but I do have a Perspex in-tray that I’m finding useful for keeping paper items handy, so maybe that. I already have photos of those I love :)
Thanks again to
@GeorgeA for answering questions and spending a little time with us today.
If anyone has any additional questions, be sure to stop by next Tuesday, September 1, at 1:00 PM MT. or add your questions here and we’ll do our best to answer all of them.
Until next week, stay resilient!