Q&A

Your Cyber-Secure States Questions Answered

  • 10 April 2020
  • 1 reply
  • 540 views

Userlevel 7
Badge +48
  • Community and Advocacy Manager
  • 1631 replies

On March 31st the Webroot team hosted a Facebook Live Q&A with @TylerM and @bbutler to go over our latest Most Cyber-Secure States report.

If you haven’t seen the report, be sure to check it out here

For every one that joined, THANK YOU! If you couldn’t make the Q&A, don’t worry. We collected every question and answered them below. 


Backup 

Question: What are the best practices to backup data? 

Answer: Redundancies. Do Cloud backup, Shared file server backup, Air-gap backup.

Q: What are some of the most common obstacles people express are in the way of backing up their files? 

A: Money is likely the most common. Good news is Google Drive gives you 15GB for free. But honestly, everyone should have at least some budget to back up their data. This is usually something that most people don’t think about until they learn the lesson the hard way.  

Q: How many admins know the backup rule of 3? 

A: Not enough. 

Q: Best FREE solution for backup in case of an attack? 

A: Google Drive offers free personal up to 15GB, which is likely not enough for everything you need to back up, but a good start to understanding the cloud-based solution and synced files and folders. It will help you decide which files are the most critical.  

Q: What do you recommend as a cost-effective backup for small business who may only have one person? 

A: The internet has unfortunately taught us to want everything free. Most people I help will refuse to spend about $100 a year to backup important files.  How do you get the message across that many on-line backup services not only offer backup for computer failures, but also for natural disasters where everything in a house can be lost?  I get a lot of, "Oh yea, I'll get around to that." But they never let me set it up, and don't to it themselves.  

Q: If I save all my files to cloud storage, for example, Google Drive am I secure? 

A: You are as secure as your account credentials. If they were to be compromised, then so would all of your files you have backed up. Your cloud storage credentials absolutely should not be shared or reused across other accounts. 

Q: What is the most secure method of backup? 

A: Redundancies. You want around 3 versions of files you want to be backed up. EXAMPLE File sharing server (usually local), cloud drive, Air-Gap Backup.

Q: Which is better, as in more secure and high availability, an on-premises or cloud backup destination? 

A: You want both, I wouldn’t want to pick between the two. Both are worth your investment. However, if I had to pick it would be cloud backup, but it really does depend on the type of environment you are backing up. 

Q: Will Webroot help users to keep track of their data and warn about backups? 

A: We currently do not do this, but a Carbonite integration down the road might.  

 

Security

Q: What's the biggest threat you see coming in 2021? 

A: Second wave of COVID 19. 

Q: What phishing software do you recommend 

A: We have an excellent solution for training that meets all compliance requirements. We also have one of the slickest and easy to use interfaces for the phishing simulation with campaigns already to go. 

Q: How do you keep secure? What is a secure password? What are cyber essentials? 

A: This is where the basics of cyber hygiene will help. Use AV, patch your systems, back up data, and use a strong password (varying them across accounts, don’t repeat!). A secure password is a long password, the length is king when it comes to password creation.

Q: What are the three easiest steps to improving an individuals’ cybersecurity? 

A: First and foremost, education. Everyone should know what to look for when a cybercriminal is attempting to gain access to something, whether its via phishing or malware. Second, get help via an AV software. And lastly, backup your data, it will allow you to recover more swiftly from a breach. 

Q: Can you give us an understanding of why you need more that one product to protect you? ie Firewall, AV, DNS 

A: We always talk about a layered security approach and it’s the best way to protect yourself. Imagine layers of Swiss cheese, one slice and you can see through the holes, but if you layer the slices together, you can’t see through. No layer is perfect, but together you are creating a much stronger barrier against cybercriminals. 

Q: Which is better as security cloud AV protection or machine learning? 

A: I would argue these are not mutually exclusive, our AV protection is hosted in the cloud and utilizes machine learning. Having both working together creates a powerful tool for protection. 

Q: Define encryption and why it is used?  

A: Encryption in the most basic terms refers to changing plaintext into cyphertext. The idea being, you don’t want to share your data with just anyone, so you want to hide what it actually is, and only the person with the correct cypher will be able to decipher the text. We do this for security and privacy. 

 

Small Business 

Q: What is the easiest and least complicated way to back up a workstation?  

A: Probably Google Drive (or any cloud-based solution), since you just pick the folders you want synced. But you also want a shared file server to back up to in addition to an air-gap back up which also isn’t too hard to do. 

Q: What is the best way to approach small business owners to get the message across that they need to take action against becoming a cyberattack victim? 

A: Personal opinion, be reasonable and explain the tradeoffs. Yes, it may appear to be a financial burden to allocate some dollars to security, but the losses are potentially far greater. Don’t use scare tactics. 

 

In the Real World

Q: What’s the one thing you have changed to secure yourself and your identity online? 

A: I personally read the privacy legalese and create a unique password for every single place I visit online. Most folks would be shocked to know the data collected about them, so why share it unless necessary? 

Q: What do you think are the main reasons that tech-savvy people do not take the necessary online security precautions? 

A: Overconfidence, and just too many accounts and constant logging into those accounts on multiple devices. Too many “rolls of the dice”.

Q: Other than working with businesses doing things such as Security Awareness training, how can we get the message across to people of the importance of security? 

A: Phishing simulation is probably the most impactful, even over training courses.  

Q: Why do you think tech-savvy people are worse about online security? 

A: Too many online accounts they regularly use and are constantly logging into them from different devices, While each instance of logging into accounts may have a very low chance of getting owned, there are just so many rolls of the dice and the chance that they come up snake eyes.  

Q: How can we get the word out there and how can we actually help? Stats are always great, but what does the every day common person do to protect themselves? 

A: Everyone needs to back up their data, use av, and create better passwords. I can’t stress enough the importance of creating stronger passwords, a minimum of 16 characters is ideal. And don’t share that password or repeat it across accounts. 

Q: How can identity theft be prevented?  

A: Education is the biggest thing, but a good security software that will block phishing pages will really help as well. 

Q: What steps can be taken to make people more aware of the services out there that can protect people's data? As the stats suggest the majority don't use these services so surely it's a question of people either knowingly not doing anything or believing it only happens to others. What can be done to change that behavior? 

A: We say this a lot, but it all goes back to knowledge and education. But also, exposure to the consequences, which can be both financial and reputational, if you’re a business. Maybe we could all do better at explaining the tradeoffs, and that a little more protection goes a long way. The investment in data backup and av has the potential to stave off a lot of pain if something goes awry.

Q: Why are people so trusting of the Internet? 

A: We have entire generations that were raised on the internet now and so many accounts and platforms that people use every day. 

Q: What is the best way to convince people to improve their online security? 

A: They will have to see value in it themselves. Usually being a victim to ransomware or phishing attack is the best way. But falling for phishing simulation is a good way too without actually infecting someone. 

 

Technical

Q: What is DNS?  

A: DNS or Domain Name System. Think of it as a phone book. When you type a website into your browser, that is then translated into a unique IP address which your ISP routes you to. The DNS system is what provides the IP address.

Q: One of my clients recently had their Office365 site compromised by either brute force or a phishing scam. What's the best way to approach them about the importance of cybersecurity? 

A: It was probably phishing they fell for. The best way to show them how easy it is to fall for phishing is to do phishing simulation and send them a campaign they don’t know about and see if they fall for it.  

 

Regional 

Q: Which is the best state and why? 

A: Nebraska, and likely least risky due to low population and low device count. 

Q: Are there specific regions that get hit harder than others? 

A: Large populations and places with lots of tech hubs.

Q: Where does Louisiana rank, and how long has it held that rating? 

A: 14th riskiest.

 

COVID-19

Q: Have you seen a change in tactic from cybercriminals since the COVID-19 outbreak, and if so, what should people be on the lookout for? 

A: Attacks have increased, were are seeing tons of new malicious phishing using covid19 names:

  • REPORT-COVID.SCR
  • DISASTER_APPLICATION_CONFIRMATION_DOCUMENTS_COV_RELIEF_DOC.EXE 

Things like that also over 40% increase in RDP since working from home is the new normal.

Q: How is coronavirus affecting cybersecurity? 

A: Working from home is now the new normal, lots of people are using BYOD for work That means no standard security measures like a corporate laptop that has security, backup, policies, etc all standardized. Now many SMBs that are not prepared are having to trust in the security decisions of employees on their personal devices.  

Q: Can I catch Coronavirus through the internet? 

A: :grinning:Lol. No.

 

Questions from the FB Live Event on 3/31

Q: If I have Webroot, is it backing up my computer for me or do I need to do something on my own? 

A: We do not backup your files for you, and it is definitely something everyone should look into whether you own a business or not. Usually, people learn the lesson of not having a backup the hard way. I recommend  

Q: Where is the proof that you can crack a 15 character password in 5 hours? 

A: It’s actually 15 hours, but here is the proof  - https://twitter.com/hashcat/status/1129441728761610242?s=20 

 

 


1 reply

Does Web Root provide the best privacy?

Reply