Home + Mobile

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

2020’s Most (and Least) Cyber-Secure States

For the past several years, Webroot and its partners have conducted a series of studies aimed at better understanding the attitudes, perspectives, and behaviors related to cyber hygiene in United States. This helps users determine which behaviors put them most at risk and which behavioral changes could help increase their cyber resilience.

Is your state cyber secure? Or is it one of the most hackable? Find out in our fourth annual Cyber Hygiene Risk Index report.

“Cyber hygiene” can be defined as the set of behaviors which enhance (or don’t) an individual or family unit’s resilience against cyber threats including, but by no means limited to, identity theft, phishing attacks, malware infections, and other web-borne threats.

Themes in Consumer Cybersecurity for 2020

Aside from organizing U.S. states into a Cyber Hygiene Risk Index, we were also on the lookout for emergent themes in cybersecurity awareness across the country.

  • Overconfidence, as we’ve seen before in previous studies, was a big theme. While the majority reported being familiar with malware (78%) and phishing scams (68%), far lower percentages were confident they could define the terms.
  • Individuals who’ve progressed through life milestones—like completing a degree, buying a home, beginning to keep up with the news, or starting a family—begin to improve their risk index scores. This hard-won experience tends to belong to older demographics, parents, and those with higher levels of education and income compared to more risky peers.
  • A relationship was uncovered between “tech-savviness” and risk index scores. In other words, the more technologically competent respondents in this study reported being, the more likely they were to exhibit risky behavior online.

Other Key Findings from the 2020 study

Overall, it was heartening to find that most Americans are taking at least baseline precautions for repelling and recovering from cyber-attacks. Eighty-three percent use antivirus software, and 80 percent regularly back up their data, both key indicators of an individual or family’s overall cyber resilience.

The news, however, is far from all positive. In fact, the plain truth is most Americans receive a failing grade when their cyber hygiene is examined in-depth. This is especially true when measuring avoidable risks to online data and identity. Using this metric, the average American scored a 58 percent on our Cyber Hygiene Risk Index, while no state scored higher than a D grade (67%).

Other key findings from the study:

  • Almost half (49%) of Americans admit to using the same password across multiple sites.
  • A spread of only 15 points separates the riskiest state in American (New York) from the least risky (Nebraska). No state scored higher than a D on our Cyber Hygiene Risk Index.
  • Very small businesses (VSBs) are apt to take cybersecurity into their own hands, which often entails sharing passwords and using personal devices for work.
  • Among those who do receive work devices from their employer, 55 percent use them for personal use.
  • Almost a fifth (19%) of those who were the victim of a cyber-related attack, made NO changes to their online behavior

It’s not an exaggeration to call the state of cybersecurity understanding in the U.S. abysmal. Risky activities like reusing passwords, not using multiple backups, or not updating software are still rampant in every state. Given that we saw a 640 percent rise in phishing attempts over the past year, we can expect these habits will catch up with more Americans.

The above highlights represent only a small portion of the complete findings of the report. For the completed report, including the complete ranking of all 50 states according to our Cybersecurity Hygiene Risk Index metrics, download the full report.

To invest in internet security on all your devices, click here.

Lost or Stolen Device? Here’s What to do Next

It’s a nightmare, it’s inconvenient, and it’s inevitable. Losing or having your smart device stolen poses a significant, looming privacy risk— we just don’t like to think about it. However, this is an instance where hiding your head in the sand will only make you more susceptible to attack.

The personal data living on your family’s network of devices is valuable and often-times all too vulnerable. Having a worst-case-scenario plan in case of device loss or theft could save you time, money, and heartache.

So, we’ve put together a list of best practices in case the worst does happen, you’ll be prepared to prevent an identity theft disaster.

General Best Practices

Preparing yourself and your devices before they are stolen is the fastest way to avert potential breaches. Consider:

  • Keeping a “Find My” app turned on for all devices. This is the best way to locate and remote wipe devices.
  • Making sure your devices are secured behind individualized pin codes, fingerprints, or Face ID. This will slow down thieves trying to access your device.
  • Use strong, individualized passwords on all accounts, including email and banking apps. Don’t have the time? Use a trusted password manager to automate password creation. This will help limit the scope of any breach.
  • When a device is stolen, act quickly. The faster you respond, the more effective the following steps are likely to be. If the thief turns the device off, or removes the battery, you’ll be unable to remotely wipe the device.

Learn how to get automatic protection over any network, even unsecured WiFi.

Android Devices

Here is what Android users should do in case of device theft.

  • First, locate your device. Go to android.com/find and sign into your Google Account.
  • If you have more than one device, choose the one you’re looking for from the list at the top of the screen. The lost/stolen device will receive a notification, so you should act quickly.
  • On the map on your screen, you’ll be shown information about the phone’s location. Remember this is approximate and might not be neither precise nor accurate. If your phone can’t be found, you’ll see its last known location (if available).
  • Now, if you’re certain your device has been stolen, you can click “Enable lock & erase” to erase your device. But be careful. After you erase your device, Find My Device will no longer work, so make sure you are certain.
  • If you believe your phone is just lost, and not stolen, you have a few options. “Lock” will lock your phone with your PIN, pattern, or password. If you don’t have a lock in place, you can set one. To help someone return your phone to you, you can also add a message or phone number to the lock screen.

An important note: If you happen to find your phone after you have erased it, you’ll likely need your Google Account password to use it again.

iOS Devices

Here is what iOS users should do in case of device theft.

  • Next, you’ll need to locate your device. Select the one you’re searching for to view its location on a map.
  • You’ll be presented with a few options here. “Mark As Lost” will remotely lock your device, allow you to display a custom message with your contact information on the missing device’s lock screen, and track the device’s location. If you have added Apple Pay payment options, the ability to make payments using Apple Pay on that device will be suspended for as long as the device is in Lost Mode.
  • If you’re certain your device has been stolen, select “Erase your device.” When you erase your device remotely, all of your information is deleted, and you will no longer be able to locate it with the Find My app or Find iPhone on iCloud.com. Make sure your phone is not recoverable before taking this step.

Device Theft Wrap-Up

After you have protected your most sensitive information with the steps above, take just a few more steps to fully wrap the crisis up.

  • Report your lost or stolen device to local law enforcement. Law enforcement might request the serial number of your device. This can often be found on the original packaging.
  • Report your stolen device to your wireless carrier. They will disable your account to prevent calls, texts, and data use by the thief. If you have insurance through your carrier, this is the time to begin filing a claim as well.
  • Reset all of your passwords, including your Google Account and Apple ID. After a device is stolen, you can never be certain of how far the breach has penetrated. The good news is, if you are using a secure password manager, this should be pretty quick!
  • Any accounts that had 2FA access, when you first set up the account would have had you save the private key or one time code. This key will allow you back into your accounts without needing the device and will allow you to remove the account from the device.
  • Alert your banking providers to the potential breach and monitor your bank accounts and credit cards for suspicious activity. If you see any, get ahead of the issue and cancel and replace all of your bank cards. This will prevent the financial breach from affecting multiple accounts.

A stolen device is a headache, but it doesn’t have to be a disaster. If you have a plan in place for a worst-case scenario, you’ll be able to act quickly and confidently. Do you have device theft tips that we missed here? Let us know on the Webroot Community.

5 Security Tips for Setting Up a New Device

The last thing you want to do when you get a new computer, mobile device, or tablet is spend a lot of time setting it up. But like any major appliance, these devices are something you want to invest a little time setting up properly. Often, they’re not cheap. And you want them to last. So, before you jump online and start shopping, gaming, or browsing, take some time to ensure your device is ready for anything the internet can and will throw at it.

There’s a caveat, though, of which Webroot security analysts are quick to remind users. “Even if you’ve taken every precaution when it comes to configuring your new device,” says Webroot Threat Research Analyst Connor Madsen, “it’s important to remember that proper online etiquette is essential to your security.”

“Clicking on links that don’t seem quite right, opening attachments from unknown senders, or otherwise ignoring your best security instincts is a good way to undermine any effective online security protection.”

Connor Madsen, Threat Research Analyst

For best results, in addition to the warning issued above, here are five tips for making sure your device, and the important files stored within it, are safe from common risks.

#1 – Update software

The first thing you’ll want to do is make sure the operating system on all your devices is up to date. One of the most common methods hackers use to launch attacks is exploiting out-of-date software. Failing to install periodic patches and software updates leaves your new device vulnerable to the numerous threats lurking on the web. Depending on how old and out-of-date your device is, it may take a while for applications to update. However long it takes, it’s preferable to the hassle and expense of having to undo an infection after it’s bypassed your security perimeter.

#2 – Enable firewall

Speaking of your security perimeter, the first line of defense along that perimeter is your firewall or router, if you’re using one. A router works as a firewall for the devices connected to it. But, if you’re not using a router, make sure your firewall is enabled to protect you from malicious traffic entering your network. This is different from an antivirus, which protects you from malicious files.

#3 – Install antivirus

Malicious files can be disguised as attachments in an email or links on the web, even the apps you download. So, it’s important to have an antivirus solution to protect your new computer. Malware attacks like ransomware make constant news these days. And everyone’s a target, from individual users to local businesses, hospitals, or municipalities. The cybercriminals launching these attacks are constantly changing, evolving threats to be more sophisticated and harder to detect. That’s why it’s important to keep your antivirus as up-to-date as your operating system and other applications.

#4 – Back up

Once you have your operating system and applications updated, your firewall enabled and an effective anti-virus application, you can begin using your computer safely. But there’s one more thing you need to consider if you’re going to be creating and storing important documents and work material on your new machine. Any new files on your computer will need to be backed up. That’s when you make a copy of the contents on your machine and store it in a safe place just in case you lose the original or it becomes infected by a virus. Since no single security solution can be 100 percent effective, it’s best to have a backup copy of important files. The thing is, you don’t want to have to decide what’s worth backing up and what’s not. That’s far too labor-intensive and it introduces the possibility of human error. Your best bet is to use a solution that’s designed for this purpose. A true backup solution protects files automatically so you don’t have to remember what you copied and what you didn’t. It also greatly simplifies file recovery, since it’s designed for this purpose.

#5 – Wipe your old device

Just because you have a shiny new toy doesn’t mean you can forget about your old machine. Before you relegate it to the scrap heap, make sure there’s nothing important or confidential on it you wouldn’t want someone to have access to. You could have old passwords saved, tax records, or sensitive work documents that you wouldn’t want shared. The best way to do this is to wipe the contents of your old device and reinstall the operating system from its original state.

Seem overwhelming? If so, it’s best to remember that one of your strongest cybersecurity tools is common sense. While things like an antivirus and backup strategy are essential for maintaining good cyber hygiene, remember Madsen’s advice.

“If it seems like an offer that’s too good to be true, or something about a link or file just doesn’t seem right, don’t click or download it. Trust your instincts.”

Cybersecurity Tips for Online Holiday Shopping

The holiday shopping season is prime time for digital purchases and cybercriminals are cashing in on the merriment. With online shopping officially becoming more popular than traditional in-store visits this year, all signs point to an increase in cyberattacks. It’s more important than ever to be mindful of potential dangers so you can avoid getting Scrooged when buying online. Follow these top tips for secure online shopping.

Want to give the gift of cybersecurity? Internet Security Complete includes Identity Shield, designed to protect your browsing, shopping, banking, and social media.

Only use credit cards. If your debit card gets compromised, it has the potential to cascade in catastrophic ways; automatic bill payments may bounce or overdraft protections may drain secondary accounts. Some banks also have strict rules about when you need to notify them of suspected fraud, or else you could be liable for the costs.

On the other hand, the Fair Credit Billing Act provides some protections for consumers from unauthorized charges on credit cards. Additionally, it’s much easier to have your credit card replaced with new, uncompromised numbers and details than it is with bank account info.

Be cautious of deal and discount emails. During the holidays, there’s always a spike in physical and electronic mailers about special deals. At this point, we’re all used to that. We might even wait to buy something we want, knowing that it’ll probably go on sale during holiday clearance. Unfortunately, criminals use this expectation against us by sending cleverly crafted phishing emails to trick us into compromising our data.

Always be cautious about emails from unknown senders or even trusted third-party vendors, especially around the holidays. Always navigate to the deal website separately from the email — don’t just click the link. If the deal link can only be accessed through the email, it’s best to pass up on those supposed savings. It is also prime time for emails offering “free giftcards” avoid those like the plague.

Never make purchases without HTTPS. Check the URL—if it doesn’t start with HTTPS, it doesn’t have SSL encryption. SSL (secure sockets layer) encryption is a security standard for sharing information between web servers and a browser. Without it, your private information, including your credit card number, can be more easily intercepted by cybercriminals.

Keep in mind: HTTPS only ensures that the data you send will be encrypted on the way, not that the destination is legit. Cybercriminals have started to use HTTPS to trick website users into a false sense of security. That means, while you should never send private or financial data through a site that doesn’t have HTTPS, you shouldn’t rely on the presence of HTTPS alone to guarantee the security of the page.

Don’t make purchases on devices you don’t personally own. If you’re using a borrowed or shared device, such as a computer at a library or a friend’s phone, don’t make any purchases. Even if it’s a seemingly safe device that belongs to a person you know and trust, you have no way of knowing how secure it really is. It’s pretty unlikely that you’ll encounter a lightning deal that’s worth the hassle of financial fraud or identity theft. So just wait on that purchase until you can make it on your own device.

Never use unsecured public WiFi for online purchases. Many public WiFi networks, like the ones at your local café, the gym, a hotel, etc., are completely unsecured and unencrypted. That means anyone with the know-how can easily track all of your online activities while you’re using that network, including any login or banking information. Even worse, hackers are capable of dropping viral payloads onto your device through public networks, which can then spread to your other devices at home.

Always use a VPN when you’re on public WiFi, if you have to use it at all. Otherwise, we suggest using a private mobile hotspot from your phone instead. (See our section on VPNs below.)

Use a password manager to create strong passwords. You can often stop a security breach from spreading out past the initial impact point just by using a trusted password manager, such as LastPass, which will help you create strong passwords. A password manager will create and store them for you, conveniently and securely, so you don’t have to remember them or write them down somewhere. Taking this step will help protect you from potential third-party breaches as well, like the one Amazon announced just before Black Friday in 2018.

Encrypt your traffic with a virtual private network (VPN). A VPN allows you browse privately and securely by shielding your data and location in a tunnel of encryption. So even if you are unwittingly using a compromised network, such as the unsecured public WiFi at your favorite morning coffee stop, your VPN will prevent your private data from being scooped up by cybercriminals. But be sure you’re using a trusted VPN—many free options secretly collect and sell your data to turn a profit.

Install antivirus software and keep it up to date. A VPN will protect your data from being tracked and stolen, but it can’t protect you if you click on a malicious link or download a virus. Make sure your antivirus software is from a reliable provider and that it’s not only installed, but up to date. Most antivirus products today will even update themselves automatically (as long as you don’t turn that feature off), so make sure you have such settings enabled. It may make all the difference when it comes to preventing a security breach.

Keep a close eye your bank and credit accounts for suspicious activity. The fact of the matter is that the holiday season causes a peak in malicious online activity. Be proactive and check all of your financial records regularly for suspicious charges. The faster you can alert your bank or credit provider to these transactions, the faster you can get a replacement card and be back on your merry way.

Don’t fall victim to cybercrime this holiday season. Be mindful of all the links you click and online purchases you make, and be sure to protect your devices (and your data and identity) with a VPN and strong antivirus software!

What You Need to Know about Cyberbullying

Have you noticed a decrease in your child’s happiness or an increase in their anxiety? Cyberbullying might be the cause to these behavioral changes.

Bullying is no longer confined to school playgrounds and neighborhood alleys. It has long moved into the online world, thanks to the easy access to technology. Between Twitter, SnapChat, TikTok, Instagram, WhatsApp, or even standard SMS texts, emails and instant messages, cyberbullies have an overwhelming number of technical avenues to exploit.

While cyberbullying can happen to anyone, studies have shown that teens are usually more susceptible to it. The percentage of individuals – middle and high school students from across the U.S. — who have experienced cyberbullying at some point, has more than doubled (19% to 37%) from 2007 to 2019, according to data from the Cyberbullying Research Center.

Before you teach your kids how to respond to cyberbullying, it is important to know what it entails.

Check out our Cybersecurity Education Resources

What is Cyberbullying?

Cyberbullying is bullying that takes place over digital devices like cell phones, tablets, or computers. Even smaller devices like smartwatches and iPods can facilitate cyberbullying. Today, social media platforms act like a breeding ground for cyberbullying.

Cyberbullying usually begins with teasing that turns to harassment. From there it can evolve in many ways, such as impersonation and catfishing, doxxing, or even blackmail through the use of compromising photos.

Catfishing is the process of creating a fake identity online and using it to lure people into a relationship. Teens often engage in impersonation online to humiliate their targets and it is a form of cyberbullying.

Doxxing is used as a method of attack that includes searching, collecting and publishing personal or identifying information about someone on the internet.

Identifying the Warning Signs

When it comes to cyberbullying, just like traditional bullying, there are warning signs for parents to watch for in their child. Although the warning signs may vary, Nemours Children’s Health System has identified the most common ones as:

  • being upset or emotional during or after internet or phone time
  • being overly protective of their digital life and mobile devices
  • withdrawal from family members, friends, and activities
  • missing or avoiding school 
  • a dip in school performance
  • changes in mood, behavior, sleep, or appetite
  • suddenly avoiding the computer or cellphone
  • being nervous or jumpy when getting an instant message, text, or email
  • avoiding conversations about their cell phone activities

Remember, there are free software and apps available to help you restrict content, block domains, or even monitor your child’s online activity.

While having a child who is being cyberbullied is every parent’s nightmare, it’s equally important to understand if your child is cyberbullying others.

Do you believe your child is a cyberbully? That difficult and delicate situation needs its own blog post—but don’t worry, we have you covered.

You’ll also find many cyberbullying prevention and resolution resources on both federal and local levels, as well as support from parents going through similar issues on our community forum.

Preparing your kids for a world where cyberbullying is a reality isn’t easy, but it is necessary. By creating a safe space for your child to talk to you about cyberbullying, you’re setting the foundation to squash this problem quickly if it arises.

5 Tips for Feeling Your Best in Your Home Office

With major advancements in communication technology, many of us are fortunate to be able to work from home. Working from home can be a huge productivity boost—saving you gas and time by not commuting, plus you get to work more on your own terms. If you’re able to work from home here are five tips to make sure you stay productive and feeling good in your home office.

Evaluating cybersecurity for your home or business? See how 1,600+ IT pros rank all the top competitors against key performance metrics.

Get Comfortable

Not so comfortable that you fall asleep, but we all know how miserable an uncomfortable office chair can be. By working at home, you have the opportunity to completely build your own environment. That means finding the right furniture for you. 

If you’re looking for a high-quality office chair, an underrated place to look is gaming chairs, which were built for long hours of sitting. However, a high-quality chair from your local furniture store would likely also do the trick.

Or, maybe instead of sitting all day, you prefer to stand. Luckily, there is an abundance of standing desks available for your choosing, many of which are easily adjustable so you can alternate between sitting and standing.

In addition to ergonomics, you also want to think about how to decorate your home office. For example, having plants in your office can actually help reduce stress and improve productivity. If you can, try to choose a room that has lots of natural lighting, which can help you stay healthy, concentrated, and even sleep better at night.

However you want to set up your home office, it’s important that you do what’s most comfortable for you. 

Limit Distractions…But Not Too Much

If you’re going to be working from home, you may have to deal with more distractions than you would in the office, especially if you have pets or family moving around the house. Because of this, it’s important you try to limit distractions, not letting your eyes wander to the television or Facebook. After all, you may be the only one keeping yourself accountable.

If you have people in the home who could be distracting, make sure you choose an office space that has a door, possibly in a more remote part of the home, rather than working in common spaces. It’s a good idea to also ask your friends and family members to respect your work hours.

At the same time, you will need breaks from time to time, so don’t be afraid to keep distractions at hand, but out of sight. If you know that you struggle with concentration without someone looking over your shoulder, there are a number of apps you could try that help promote focus and productivity

Secure Your Devices

Now that you are in charge of your own office, you may also be in charge of making sure that it is secure. Namely, you want to make sure you have proper cybersecurity measures in place. This will help you keep peace of mind while you’re working, but also ensure you’re not derailed by cybercriminals or unexpected computer failures.

First and foremost, you want to make sure your devices and data are protected with a consumer antivirus (AV) or endpoint protection. If your company consists only of you or you are working remotely from your personal computer, a consumer AV may be right for you. However, if your company has a few employees and you need to manage multiple endpoints, a business endpoint solution is a better option.

Regardless of which solution is right for you, it’s important to remember that all security products are not created equal. The top antivirus and endpoint protection products are cloud-based, have a small digital footprint—meaning they won’t slow down your computer—are actively protecting against known and never-before-seen threats, and are able to reverse any damage that occurs if your device is compromised.

Another measure you should consider is backing up your data. While this can be done using a physical external hard drive, they can also be compromised when plugged in. The best option is using a cloud-based backup and recovery service.

Ransomware attacks alone increased over 350 percent in 2017 and have since become more sophisticated, targeting larger victims including government organizations. Given that, protecting your devices and your data is no longer a luxury. It’s a necessity.

Declutter Often

We all know how cluttered a desk can get. Depending on your job, you may have papers strewn about, multiple desktops, or a pile of sticky notes in shorthand you can no longer quite decipher. But a cluttered environment can lead to a cluttered mind. 

In fact, Lynne Gilberg, a professional organizer in Los Angeles, CA told WebMD, “Clutter is bad for your physical and mental health…A lot of people express that they are overwhelmed. They become nonfunctional and nonproductive.” It’s important to keep your area organized and tidy to be more productive and creative in the long run.

Plus, remember that this is still your home, and you may not want your family or guests to consider your office an eyesore. If you’re ever overwhelmed by chaos in your home office, here are some tips for helping clean up your work area.

Separate Personal and Professional

When working from home, it’s easy to blur the lines between your personal and professional lives. However, it is important that you resist this tendency to blend the two. Thinking too much about work at the dinner table can disconnect you from family and friends. And managing day-to-day family tasks while on the clock can hurt productivity.

You may want to establish strict working hours to help keep your two home lives separate. Let’s say from 8-5 you concentrate on work and then, after five p.m., you concentrate on your family, friends, and anything else that may need to get done around the home. 

Looking to build a more complete, detailed schedule? The New York Times highlighted some tips for building a work-from-home schedule that will help you stay on task and stay productive.

Some Final Tips for Your Home Office

  • Consider getting exercise equipment for short breaks. Things like resistance bands, small weights, or even a treadmill can help keep your blood flowing on a long work day.
  • Stock up on supplies. You’ll still need pens, paper, and other work supplies in your home office. Make sure you are always stocked.
  • Dress for work. Just because you have the option to work in your underwear, doesn’t mean you should.

To learn more about how criminals are targeting the healthcare industry, as well as what needs to be done about it, check out the second installment of this blog: Healthcare Cyber Threats That Should Keep You up at Night.

Cookies, Pixels, and Other Ways Advertisers are Tracking You Online

In May of 2018, the General Data Protection Regulation (GDPR) came into effect in the EU. Seemingly overnight, websites everywhere started throwing pop-ups to inform us about their use of cookies and our privacy rights. While the presence of the pop-ups may be reassuring to some (and annoying to others), the real issue is that very few of these pop-ups give any explanation as to how the cookies are used or whether they inform marketing decisions. So, before you click “accept” on that next privacy policy notification, read our primer on all things related to cookies, pixels, and web traffic trackers.

Check out the Webroot Community for more tips on how you can manage these cookies.

What is a Cookie?

Cookies (aka. HTTP cookies, session cookies, browser cookies, web cookies, or tracking cookies) are used by almost all websites to keep track of site users’ sessions. While you might not like the idea that a website is tracking you, cookies actually provide a very convenient function. Without them, websites you regularly visit wouldn’t be able to remember you or what content they should serve you. For example, if you added items to an online shopping cart and then navigated away without purchasing, that cart would be lost. You’d have to go back and add everything all over again when you were finally ready to buy. If it weren’t for cookies, our web experiences would be entirely different (and much more frustrating).

In cases like the previous example, the use of tracking cookies is pretty benign and helps smooth the user’s online experience overall. So, if cookies can provide a beneficial service, why do we need privacy laws like GDPR? The answer is because of a specific type of cookie, i.e. third-party tracking cookies. These are created by domains other than the one you are actively visiting. They run silently in the background, tracking you and your online habits without your notice and compiling long-term records of your browsing behavior. These are typically used by advertisers to serve ads “relevant” to the user even as they navigate unrelated parts of the web.

Who Serves Cookies and Why?

By far the most prolific servers of third-party cookies are Google and Facebook. To help businesses target and track advertisements, both Google and Facebook both suggest embedding a tracking pixel—which is just a short line of code—into business websites. These pixels then serve up cookies, which allow the site owner to track individual user and session information.

The tracking doesn’t stop there. To optimize their marketing tools for all users, Google and Facebook both track and store this data in their own databases for processing through their own algorithms. Even if you’re not currently logged in to Facebook, your session data can still be tracked by your IP address.

What is People-Based Targeting?

Google and Facebook’s ad platforms work incredibly well because they pair cookie data with an existing bank of user data that most of us have willingly (or unwillingly) given them. Your Facebook account, Instagram account, Gmail, and Google Chrome accounts are all linked to larger systems that inform sophisticated advertising networks how to appeal to you, specifically, as a consumer. This way, websites can serve you ad content you’re likely to click on, no matter which sites you’re actively visiting. Combining traditional cookie tracking with these types of in-depth user profiles is called “people-based targeting” and it’s proven to be an incredibly powerful marketing tactic.

How to Protect Your Data

The sad truth is that you’ll never fully escape tracking cookies, and, frankly, you probably wouldn’t want to. As mentioned above, they streamline your online experiences in a pretty significant way. What you can do is reduce the breadth of their reach in your digital life. Here are a few key ways to do that.

  1. Stay vigilant. Be sure to read the privacy policies before you accept them. This advice goes beyond the GDPR-compliant pop-ups that have become so prevalent in the last year. Keep in mind that tech giants are often interconnected, so it’s important to be aware of all the privacy policies you’re being asked to accept.
  2. Clean house. You don’t have to do it often, but clear your cookie cache every once in a while. There are plusses and minuses here; clearing your cache will wipe away any long-term tracking cookies, but it will also wipe out your saved login information. But don’t let that deter you! Despite that sounding like a hassle, you may find your browser performance improves. Exact steps for how to clear your cookies will depend on your browser, but you’ll find plenty of guides online. Don’t forget to clear the cache on your mobile phone as well.
  3. Use a VPN. Most of all, we recommend installing a virtual private network (VPN) on all of your devices. VPNs wrap your web traffic in a tunnel of encryption, which will prevent tracking cookies from following you around the web. Make sure you use a reputable VPN from a trusted source, such as Webroot® WiFi Security. A number of the supposedly free VPN options may just sell your data to the highest bidder themselves.

Cookie tracking and digital ad delivery are growing more sophisticated every day. Check back here for the latest on how these technologies are evolving, and how you can prepare yourself and your family to stay ahead.

Online Gaming Risks and Kids: What to Know and How to Protect Them

Online games aren’t new. Consumers have been playing them since as early as 1960. However, the market is evolving—games that used to require the computing power of dedicated desktops can now be powered by smartphones, and online gaming participation has skyrocketed. This unfortunately means that the dangers of online gaming have evolved as well. We’ve examined the top threats that parents need to know about to keep their kids safe while gaming online.

Check out our Antivirus protection for PC gaming without impact on your gameplay.

Online Bullying and Harassment

A recent study shows that 65% of players who participate in online gaming have been harassed; a statistic that does not bode well for underage gamers. Your first instinct may be to try to prevent your child from participating in online gaming altogether, but this may cause them to sneak playing time without your knowledge. A stronger choice would be to talk with your kids and prepare them for the types of negative behavior they may experience online, and to make sure they know they can come to you if they are being harassed. It’s also important to explain the impact that online bullying can have on others, and to set firm consequences if you catch your child participating in harassment or abusive language. Regulating the use of headsets can help prevent both your child’s exposure to and participation in online harassment.

Two types of harassment specific to online experiences go a step beyond what you would expect from online bullying: doxxing and swatting. Doxxing is when one or more online participants seek personal, identifying information on a particular user for blackmail or intimidation purposes. Doxxing can often lead to the release of real names, phone numbers, home addresses, employer information, and more. Swatting is a form of harassment that uses doxxing techniques to create an actual, tangible threat. A harasser will call in a threat to a doxxed user’s local law enforcement, often claiming there is a kidnapping or hostage situation at the victim’s address. This may bring a large SWAT response unit to descend upon the address.

Keeping an open line of communication about your kid’s gaming experiences is critical. Swatting can happen over seemingly innocuous events. One of the most notorious examples followed a dispute over a $1.50 bet in “Call of Duty: WWII.”

Pro tip: one is only vulnerable to doxxing and swatting if a harasser can link identifying information back to the targeted gamer. Educating your kids on digital privacy best practices is one of the strongest security measures you can take against these forms of online harassment.

Viruses and Malware

As with almost every digital experience, you’ll find specific cybersecurity threats associated with the online gaming landscape. We asked Tyler Moffitt, Webroot security analyst, for his thoughts on the malware threats associated with online gaming. 

“The thing kids should really watch out for with games is the temptation to cheat,” explains Moffit. “In popular games like Fortnite and PUBG, ‘aimbots’ are very common, as they allow the player to get headshots they normally wouldn’t be able to make. However, many of the aimbots that kids download from forums are packed with malware—usually  ransomware or info-stealing Trojans. What’s worse: a lot of young gamers also don’t run antivirus because they think it will make the game slower.”

The bottom line: cheating at online games isn’t just ethically icky, it makes you a proven target for hackers. Make sure your kids know the real cost of “free” cheats.

Phishing Scams and Account Takeovers

Where there’s money, there are scammers. With more than 1 billion gamers actively spending money not just on games, but in games, it’s no surprise that phishing scams have become commonplace in gaming communities. One of the most prevalent phishing tactics in gaming: account takeovers are often prompted by a risky link click on a gaming forum, or a compromised account sending out phishing links to other users. Once the hacker has control of the account, they can run up fraudulent charges to any attached credit cards or, in some cases, sell the compromised account (particularly if it contains valuable items or character skins). Young gamers are especially at risk for these hacks. In these cases, chances are that any credit cards attached to gaming accounts belong to you, not your kids, so young gamers aren’t going to notice who’s spending your hard-earned funds.

Keeping Your Kids Safe

You’ll find plenty of tools to help your kids stay secure while gaming. Reliable antivirus software installed and up-to-date on all of your household smart devices can protect your family from malicious software. Additionally, wrapping your household web traffic in the secure encryption of a trusted VPN could reduce doxxing potential. But your kids will only find true security through digital literacy. Start conversations with them not just about online bullying, but about recognizing cybersecurity threats and phishing scams. If you’re having a hard time connecting with them over the threat, remind them that it’s not just your wallet on the line. Account takeovers are now all too common, and no kid wants to see their Fortnite skins sold for a stranger’s profit. Also, always be sure to exercise caution in giving out information on the internet. Even small, seemingly irrelevant pieces of information could be used to pull up Facebook or other user account pages to grab even more personal data.

To keep your kids educated about online gaming risks, it’s important to educate yourself as well. Have a question we didn’t cover here? Ask the Webroot community.



STEM for Kids: Why Does it Matter?

You have probably seen or heard news reports about STEM education (Science, Technology, Engineering, and Math), and how important STEM jobs are for the economy; or maybe you’ve heard reports on schools that are making strides to improve their STEM programs for kids. It’s important for parents with school-aged children to fully understand what a STEM education is and why access to STEM learning resources is so critical.  

STEM education, which is rooted in a strong foundation in the disciplines of science and math, is traditionally a part of any student’s curriculum. But a truly effective STEM education focuses on the interdisciplinary layering of these disciplines into the larger educational picture. When applied appropriately, effective STEM learning is integrated across subject areas, which taps into a child’s natural curiosity, providing them with an outlet for their creative energy. 

Check out some more tips on what you can do to help create the STEM leaders of tomorrow.

Why is STEM important for kids?

STEM isn’t just a buzzword acronym. The data shows a real impact when a child is exposed to STEM activities or programs. Here are just a few of ways kids are benefiting from STEM learning. 

  • College Readiness: A recent study from ACT shows that teenagers with an expressed interest in STEM display significantly higher levels of college readiness than their uninterested cohort.  
  • Workforce Opportunity: Humanity will always need engineers, and STEM workforce growth will always reflect that need. Since 1990, STEM employment has  grown by nearly 80%, and the sector expects to see an additional 8.9% in growth before 2024. Even better, STEM workers earn around 26% higher salaries than others. Even if they don’t end up working in a traditionally STEM-focused field, people with STEM degrees tend to earn more on average across the board. 
  • American Infrastructure: It’s no secret that we have a shortage of STEM workers in the United States. In fact, of the 970,532 STEM-interested students polled in the ACT survey, only 5,839 indicated a plan to pursue a degree in a STEM field. With less than one percent of STEM-interested students pursuing the field, this leaves the future of our country’s digital infrastructure in potential peril. Consider this: China has a ratio of roughly one STEM grad for every 293 citizens, while the United States has one STEM grad for every 573 citizens. As it stands, we have roughly half the engineering power as our main economic rival, with no sign of bridging the gap. 

Getting kids involved in STEM

STEM may seem intimidating to introduce to a young child, but it’s such a diverse field in which you can find several points of entry. Many existing extracurricular activities have already integrated STEM initiatives. One notable example is the Girl Scouts of America’s pledge to bring 2.5 million young women into the STEM pipeline by infusing their existing programs with STEM education projects. Many local and national programs are also focused on engaging children in STEM. If you’re having trouble finding such programs in your area, don’t forget the valuable resource that is your local library. They can often help you find a few relevant activities around town. 

STEM at Home

You don’t have to wait for a STEM program to begin encouraging your child’s curiosity. Many simple, safe, and fun STEM projects can be worked on at home, like fun games or building toys (like creating magnetic slime or the engineering of simple robots). Finding at-home STEM activities to do with your child is an excellent first step toward giving them a solid foundation in STEM principles and nurturing their interest. 

Creating a new generation of scientists, engineers, and inventors is important for all of us. Here at Webroot, we partnered with the Air Force Association’s CyberPatriot program to engage with Denver-area students around the topics of STEM and cybersecurity awareness, and we’re continuing thisinitiative again this year in honor of National Cyber Security Awareness Month in October. By engagingwith students in our community, we hope to plant the seeds that will encourage students to explore future opportunities in cybersecurity and IT.  

How are you applying STEM education to your child’s life? Find ways to get involved in National CyberSecurity Awareness Month here. 

Keeping Your Vehicle Secure Against Smart Car Hacks

An unfortunate reality of all smart devices is that, the smarter they get, and the more integrated into our lives they become, the more devastating a security breach can be. Smart cars are no exception. On the contrary, they come with their own specific set of vulnerabilities. Following high-profile incidents like the infamous Jeep hack, it’s more important than ever that smart car owners familiarize themselves with their inherent vulnerabilities. It may even save lives.

Want smart device shopping tips? Make sure your security isn’t sacrificed for convenience.

Smart Car Vulnerabilities

At a recent hacking competition, two competitors were able to exploit a flaw in the Tesla Model 3 browser system and compromise the car’s firmware. While the reported “Tesla hack” made waves in the industry, it actually isn’t even one of the most common vulnerabilities smart car owners should look out for. These, easier to exploit, vulnerabilities may be more relevant to the average owner.

Car alarms, particularly aftermarket car alarms, are one of the largest culprits in smart car security breaches. A recent study found that at least three million vehicles are currently at risk due to insecure smart alarms. By exploiting insecure direct object reference (IDORS) issues within the alarm’s software, hackers can track the vehicle’s GPS location, disable the alarm, unlock doors, and in some cases even kill the engine while it is being used.

Key fobs are often used by hackers to gain physical access to a vehicle. By using a relay attack, criminals are able to capture a key fob’s specific signal with an RFID receiver and use it to unlock the car. This high-tech version of a duplicate key comes with a decidedly low-tech solution: Covering your key fob in aluminum foil will prevent the signal from being skimmed.

On-Board diagnostic ports are legally required for all vehicles manufactured after 1996 in the United States. Traditionally used by mechanics, the on-board diagnostics-II (OBD-II) port allows direct communication with your vehicle’s computer. Because the OBD-II port bypasses all security measures to provide direct access to the vehicle’s computer for maintenance, it provides particularly tempting backdoor access for hackers.

Protecting Your Smart Car from a Cybersecurity Breach

Precautions should always be taken after buying a new smart device, and a smart car is no exception. Here are the best ways to protect your family from a smart car hack.

Update your car’s firmware and keep it that way. Do not skip an update because you don’t think it’s important or it will take too much time. Car manufacturers are constantly testing and updating vehicle software systems to keep their customers safe—and their brand name out of the news. Signing up for vehicle manufacturer recalls and software patches will help you stay on top of these updates.

Disable unused smart services. Any and all of your car’s connectivity ports that you do not use should be turned off, if not altogether disabled. This means that if you don’t use your car’s Bluetooth connectivity, deactivate it. Removing these access points will make your car less exposed to hacks.

Don’t be a beta tester. We all want the newest and hottest technologies, but that doesn’t keep us at our most secure. Make sure that you’re purchasing a vehicle with technology that has been field tested for a few years, allowing time for any vulnerabilities to be exposed. Cutting-edge technologies are good. But bleeding edge? Not so much.

Ask questions when buying your vehicle and don’t be afraid to get technical. Ask the dealer or manufacturer which systems can be operated remotely, which features are networked together, and how those gateways are secured. If you’re not comfortable with the answers, take your money elsewhere.

Advocate for your security. As smart cars become so smart that they begin to drive themselves, consumers must demand that manufacturers provide better security for autonomous and semi-autonomous vehicles.

Only use a trusted mechanic and be mindful of who you grant access to your car. OBD-II ports are vulnerable but necessary, so skipping the valet may save you a costly automotive headache down the line.

Keep the Conversation Going

As our cars get smarter, their vulnerabilities will change. Check back here to keep yourself updated on the newest trends in smart car technologies, and stay ahead of any potential threats.


Cybersecurity in Schools: What Families Need to Know

Our kids are more connected than any previous generation. From the moment they wake up, they have an instant connection to the internet through phones, tablets, and laptops. The internet is also now an important part of their learning experience, and many parents often assume that cybersecurity has risen as a priority for school administrators. But with many institutions struggling to modernize legacy systems, that assumption puts our children’s security at risk. Here are the top threats to cybersecurity in schools and how to protect against them, so you can send your kids out the door knowing they’re safe and secure. 

Learn how VPNs help safeguard your data and can enable private and anonymous web browsing.

Unsecured School WiFi

Many school WiFi networks are as vulnerable as any public network at a coffee shop or airport. In an attempt to secure WiFi networks in K-12 environments, many schools use pre-shared key (PSK) authentication. PSK authentication is the practice of sharing a single WiFi password with network users in order to grant access. This password often makes its way onto unauthorized devices, granting potentially malicious users access to the school’s network, and to your child’s digital footprint.

Weak Cybersecurity Practices

A school’s cybersecurity defense plan is only as strong as its weakest link, and that weak link is often the plan’s users and overseers. According to Verizon’s 2019 Data Breach Investigation Report, a startling 35% of all education sector data breaches were caused by human error. Mistakes as simple as using discontinued or out-of-date software can leave entire school systems vulnerable—even at prestigious institutions like Stanford University. Because Stanford was using discontinued software called NolijWeb, a white hat hacker was able to exploit a security flaw that left sensitive student data easily accessed through a simple change to a numeric ID in a URL. While exploring the scope of the vulnerability, 81 students’ private data was exposed, including information like Social Security numbers, citizenship status, criminal status, standardized test scores, ethnicity, and home addresses.

Targeted Cybersecurity Attacks

Due to the highly sensitive data stored within their systems, education IT infrastructure is consistently a top target for cybercriminals. K-12 school systems and higher education saw more than 48 million records exposed through data breaches in 2017 and 2018 alone. The threat has become a large enough issue that the FBI has released a public service announcement warning that the education sector was one of those most frequently targeted by social engineering schemes and phishing attacks. 

Beyond traditional cyber threats, schools often face a unique adversary—the students themselves. The Joint Information Systems Committee (JISC) recently conducted a survey that examined more than 850 cyberattacks against schools and concluded that a majority of those incidents had been perpetrated by students or school staff. Although an attacker who targets a school so that they won’t have to take a test may not be as costly as one that targets student data, it still can grind a school system to a halt.

How to Protect Your Student’s Cybersecurity

How can you protect your child’s cybersecurity while they are at school? Get involved. Ask the school’s administrators about their cybersecurity policy. Ask about their strength of their firewalls, their email security measures, and the amount of encryption applied to the data storage systems. If you’re not satisfied with their measures, be your child’s cybersecurity advocate.

Although you may have limited control over any school-provided devices, you can secure your child’s personal devices behind a trusted VPN (though they must know how to use it first). This will wrap your child’s data in a tunnel of encryption, protecting them from prying eyes wherever they go. In some cases, VPNs can prevent access to testing and curriculum sites on school networks, so students should know how to connect and disconnect to their VPN at will.

Most importantly, teach your child to be aware of the risks of cybercrime and how to combat them. Help them understand how a VPN and other measures can keep them safe, how to recognize phishing attacks, and why they should always be vigilant. Your child knows to wear a seatbelt when riding in someone else’s car, they should also know how to stay safe online, whether at home, school, or a friend’s house.

The key to truly protecting your children from potential cybersecurity threats is education, both for yourself and for your family. Follow us on Facebook and Twitter to stay up to date on the latest risk reports and security tips.

Out from the Shadows: The Dark Web

You’ve likely heard of the dark web. This ominous sounding shadow internet rose in prominence alongside cryptocurrencies in the early 2010s, eventually becoming such an ingrained part of our cultural zeitgeist that it even received its own feature on an episode of Law & Order: SVU. But as prominent as the dark web may be, few average internet users can properly explain what it is and the cyber threats it provides a haven for. Let’s step back from the pop culture mythos and dive into what makes the dark web so dark.

Don’t let cybercriminals steal your money or identity. Protect your devices with cloud-based security.

Open Web, Deep Web, and Dark Web: Know the Difference

The open web, or surface web, is the internet we use every day. This includes all the web content that can be found through search engines and is accessed by traditional web browsers. Though you might find it surprising that the open web accounts for just 5% of the internet. The rest is made up of the deep web. 

The deep web is the section of the internet that is not indexed by search engines and cannot be found through traditional search methods. This means that the only way to access deep web content is through a direct URL. While rumors about the deep web make it seem as if it is exclusively used for nefarious purposes, content on the deep web is often banal. It is largely comprised of school and university intranet systems, email and banking portals, internal sites for businesses and trade organizations, and even things like your Netflix or Hulu queues. Nothing to be afraid of there.

While the dark web is technically a part of the deep web, it takes anonymity a step further by using overlay networks to restrict access, often attracting users engaged in illicit activity. These networks use special anonymized software to grant users access; the largest and most famous of which is Tor. Tor stands for “The Onion Router,” which references its “onion routing” technique of using encapsulated layers of encryption to ensure privacy. Tor websites are most easily recognized by their “.onion” domains, and by the fact that they cannot be accessed through traditional web browsers. You may have heard stories about the NSA trying to shut Tor down, but don’t expect the services to go away soon. It has funding from high places, with a recent FOI request revealing that one of Tor’s largest financial contributors has long been the U.S. State Department—likely to offer encrypted communication options for State Department agents working in the field.

Is the Dark Web Illegal?

The dark web isn’t inherently illegal—the illegality comes from how it can be used. Darknet markets, such as the infamous and now defunct original Silk Road, showcase how thin the line is between legal and illegal dark market activities. As long as what you are purchasing is legal, using a darknet market is as lawful as making a purchase from any other online retailer. But buying illicit drugs or human organs? Yeah, that’s definitely illegal. 

Although not as remarkable as some of the more grotesque items available, one of the most commonly found items for sale on the dark web is data. With a reported 281 data breaches in just the first quarter of 2019, we have already seen 4.53 billion records exposed this year alone. That’s potentially more than 4 billion chances for hackers to profit off the victimization of strangers, and a majority of them will use the dark web to do so. We have seen several high-profile data breaches resurface on the dark web—Equifax, Canva, Under Armor, and Evite all recently had their user data available for sale on darknet markets.

The Dark Web and Malware-as-a-Service

Beyond selling your data, the dark web can be used to harvest it as well. Webroot Security Analyst, Tyler Moffitt, explains this growing threat:

“Anyone can create malware in today’s landscape where the dark web is very accessible,” says Moffit. “There are ransomware services on .onion links that will allow you to input just a few bits of information, like a bitcoin address, desired ransom, late fees, etc., and unique binaries are generated to distribute however they like. The only ‘catch’ is that the portal creator usually takes a cut (around 30%) for any ransom payments made.”

These malware-as-a-service attacks mean that an attacker doesn’t even need to know how to execute one; they just need to know how to navigate to the portal. Therein lies the largest dark web danger for many consumers—anonymized cyberattacks available at the click of a mouse.

Keeping Your Data Off the Dark Web

Like a hydra with its multiple heads, black markets will likely never be wiped out. When you shut one down, two more will pop up. Darknet markets are just their newest evolution. While you can’t expect to see this threat disappear anytime soon, you can take steps to keep your data secure and off the dark web.

Using an up-to-date antivirus solution will help stop malware from scraping your data on the dark web. You can also lock your credit (called freezing) to help prevent new credit lines being open without additional information. Another recommendation is avoiding public WiFi without a VPN, as it leaves you susceptible to a man-in-the-middle attack (MITM). Even with these precautions, a breach may still occur. Keeping your sensitive accounts secured with a trusted password manager can also help prevent cyber attacks from spreading beyond their breach point. 

Follow us on Facebook and Twitter to stay up to date on the latest threats to your online security and privacy.