Web Browser Security Tips for IT Admins

When you see a message in your web browser that tells you to install anything, stop. That app that offers to save you time, money, or let you view a video may be malware. Check with your IT advisor to obtain their approval before you install anything from your web browser. Once you’ve received approval, only install items from safe sources: the vendor’s download site or your browser’s add-in store. For example, if you must install Adobe Flash, type www.adobe.com and navigate Adobe’s web site to download Flash directly from Adobe. That way, you know the website hasn’t been spoofed. The same is true for browser extensions and plugins. Install add-ons and extensions only from the official browser sites.

Look for the Lock

Look for a lock icon before you enter information or place an order on a website. Most modern browsers display a green padlock to indicate a secure connection between your browser and the site you’re visiting. If you don’t see the indicator, don’t share any information.

Save and Sync Selectively

After you enter your username and password for a site, most browsers ask “Would you like to store this password?” While that may be convenient, such a practice isn’t secure—especially since not all browsers encrypt the information stored on your system. You’re safer to decline such an offer. Instead, use a password manager program that encrypts your stored logins and passwords. Similarly, most modern platforms and browsers allow you to sync your settings to various devices. Log into a browser (or device), allow it to sync, then you’ll have access to your saved sites and bookmarks, your browsing history, and your settings. Allow this sort of sync only on devices you fully control in a secure location. (It’s fine to sync your personal workstation at the office and your personal tablet at home. It’s not okay to sync with the computer in the lobby of the hotel or at a kiosk at a trade show.) For maximum security, don’t allow this sort of sync.

If You Log In, Log out

If you log in to a website, log out when you leave. Visit Facebook.com? Log in. When you’re done visiting Facebook…log out. The same is true for every site you visit: when you place an online order, update your organization’s database, or join a web meeting. When you’re done, log out.

In some cases—think, Gmail—you might stay logged in during the day, then log out when you leave. In other cases—like Amazon.com—log in to order an item, and then log out. When you log out, you improve security: no one can sit down at your computer and access your account without your login (unless you saved your username and password, which is why we told you not to do that).