In a recent blog post, we reviewed which web browsers are really the most secure for users. As we uncovered in that blog, some web browsers are designed with stronger security and privacy considerations in mind.
Sometimes for businesses, it can be difficult to take a look at a list and make an overarching security decision for the full business based on that list. It is also not always possible to ensure a specific browser is used by your employees or supported by vendor-based applications or websites. There’s always a web browser risk of data theft or accidentally giving someone access to a system through unintended interaction with the website or web browser.
If you have a business and you’re working within the constraints of your vendor or user requirements, what can you do with the browser that is available to you or the one that is most used by your employees? In today’s blog post, we’ll cover the steps you can take to encourage and enforce safer browsing practices.
Most Common Risks Of Web Browser Usage
Common risks of web browser usage are data loss, exfiltration, or granting unintended access to internal systems or data. They are usually exploited through website spoofing, malicious redirects, phishing, ads, social media based scams, and other exploits using scripts, cookies, plugins, APIs, and ActiveX.
Data loss is often seen through stealing data as it is entered into forms or using code injection to dump database values from the location where form data is stored by the company. Additionally, downloading malicious apps or clicking on malicious links can cause ransomware or viruses that result in data loss beyond the data gathered through the website. Granting unintended access to internal systems or data occurs most frequently through clicking on malicious links or downloading malicious applications which allow external actors to gather user credential information. These links can come through email, social media, advertisements, instant messages, or text messages.
What steps can businesses take to enforce and encourage safer browsing practices?
We are going to focus on three key areas for increasing security and privacy practices around web browsing within an organization. They are:
Governance and policy
Configuration settings
Employee training and education
A risk-based approach should be considered in determining what mix of practices best suits your particular network or organization. While there may be some things that are not applicable or possible at your organization, there may be other practices that have minimal cost and impact for a quick win in your security landscape.
Governance and policy
For governance and policy, consider:
Setting up anti-virus and anti-malware
Using a VPN and reviewing it for proper configuration
Having a multi-factor authentication policy
Setting or reviewing your company’s browser add-ons policy
Implementing a secure password management strategy
Identifying and communicating preferred company web browser
Restricting user access to download applications to limit browsers used
Configuration settings
It’s important to keep in mind that not all web browsers provide configurations to manage all of these settings. For configuration settings, consider:
Enabling automatic security updates
Enabling security warnings for users
Enabling tracking prevention measures
Enabling options to require https
Enabling ad blockers
Disabling in browser password management and auto complete options
Disabling pop-up windows and website redirects
Employee training and education
For employee training and education, you’ll want to provide education surrounding:
Recognizing email, text, social media, and advertisement-based scams
Avoiding downloading unknown attachments or clicking on malicious links
Encouraging use of approved applications for business functions
Using https, verifying website addresses are correct, and using bookmarks for frequently visited sites
Avoiding non-work activities such as visiting entertainment, gaming websites, or unfamiliar websites on organization devices
How to report suspected malicious links or activity and what to do if there is ransomware or virus on an organization device
If your business is looking to go beyond the basics, be sure to incorporate web filtering. You can focus web filtering on download triggers, redirects, and malicious scripts. Also, having secure communication with DNS servers can increase security in web browser usage. Lastly, isolating browsers from work stations using virtual machines, containers, remote browser isolation, or secure gateways can allow for easy isolation of browser communication and compromised activity.
If you have further questions about data security and privacy, please reach out to us on our website.