Hello Webroot Community,
I wanted to create a space for us to come together and discuss Webroot and COVID-19.
Consider this our office hours.
In case you might have missed it, we created a page here where we’ll keep a running list of articles, blog posts, and other pieces of content about our COVID-19 response.
If you have specific questions on what we’re doing as a company during the pandemic and our tips for how you can stay cyber resilient in these uncertain times.
Please add your questions below or join us Tuesday, May 19, 2020, at 1:00 PM - 1:30 PM MT.
Hello everyone. I hope your week is going well and that you’re hanging in, wherever you are in the world!
We’ll get started in a moment.
Question number 1:
Our next question comes from Stephan who wants to know a bit more about where we’re taking our Endpoint Business product. He writes in:
Easier? Harder? What’s it like to be an IT Professional these days?
Mark wants to know how fast Webroot detects suspicious emails:
Last first on Phishing Emails - as that’s a really great question and one I’m glad to answer – almost INSTANTLY. There’s really two reason why we are so effective and efficient at stopping phishing emails.
Our Web Threat Shield part of the endpoint looks at the link and whether it’s going and automatically scores the destination URL. If that score falls below a certain reputation score, then we investigate the URL using our RTAP (Real-time anti-phishing technology that intercedes before the user gets to the URL and uses our cloud-based Machine Learning and other advanced investigation techniques to determine if it is a safe site or a phishing site with 99%+ accuracy. If it’s phishing the user gets a block page. This is a unique feature of Webroot’s and not only covers COVID but all phishing attempt even if the user clicks the link!
On the correlation of pandemic to targeted attacks.
I have to admit I don’t think we have looked at that in any detail.
We do have our Riskiest States Report that points out general risk, but we’ve not dived into targeted attacks.
Given New York is so badly hit I suspect some cyber criminals will be trying to take advantage, hoping the defenses are less well manned.
By the way I’ll ask our Threat Team to look into any correlation between pandemic hot zones and targeted attacks or attack levels generally.
Harder or Easier? I think I would answer that by saying it’s been both harder and easier.
But I’m lucky a I do have a WFH dedicated space, and don’t have to work from my car as a friend of mine does right now as his wife has just had a 2nd. baby and they live in a small condo!
That’s a hard situation, and I know lots of colleagues where both partners are working from home and it’s not easy.
We’ve got a few minutes left but we’ll try and get to those last questions as fast as we can.
Question number 1:
Strong password policies. Length is strength.
While “password” and “1234” may be easy to remember, they are two of the most common, and most commonly hacked, passwords out there. These are simple passwords that can not only be easily guessed by humans, but also be easily identified by automated programs designed to hack your system.
Using your name or a family name, birth year, anniversary or any other identifiable date is risky. These identifiable pieces of information are easily guessed, and if they can be easily guessed, you can be easily hacked.
Too short a password leaves you vulnerable to hacking. The longer the password the harder a hacker, or their code-breaking software, will have to work. This one is crucial. Brute force tools like hashcat can crack 15 characters in 15 hours with roughly a $4,000 hardware investment. Gone are the days where 8 characters is enough to be secure from brute force.
Don’t be obvious in your password codes and substitutions. For example, the password “Ca$h” is not only too short, but the substitution of the dollar sign for the letter “s” is quite common and easy to guess.
Try to incorporate a phrase into your password
An easy and clever way to devise a memorable, yet secure, password is phrases. The length of this phrase is important as each character you add makes it that much harder to crack with brute force tools. Be sure to include spaces into your password if the site allows.
Take the phrase “snow white and the seven dwarves”. If spaces aren’t allowed, it could be altered to “SnowWhite&the7Dwarves.” It’s still easy to remember, yet much more difficult to guess or crack.
Thanks to everyone for joining us today and to
@GeorgeA and @TylerM for stopping by and answering questions. I believe we’ve got one more question to followup on (we ran out of time!) I’ll work with Tyler on that.
If anyone has any additional questions, be sure to catch us next Tuesday at 1:00 PM MT.
Until next week, stay resilient!