If you read this means that you’ve reached lesson 11. In other words, you’re halfway through our cybersecurity course! How awesome is that?
In today’s lesson, we’re going to focus on browsers, and for good reasons.
Browsers are a hugely important of your online security. After all, they are the primary one someone interacts with the internet. And that’s also the main reason malicious target them in order to launch a cyber attack.
A Kaspersky study found that 48% of exploit attacks in Q1 2016 targeted browsers, almost as much as all the other categories combined.
Browser security is an important part in keeping your information safe.
Your browser is the window to the internet and also the first line of defense against malware threats. Some small tweaks to your browser security settings are all that you need to make your time online that much safer.
Here’s what you can learn to do by the end of this lesson:
- How to keep advertisers from tracking you
- How to stop your browser from automatically downloading malware
- Block pop-ups and ads
- How to avoid unsafe websites
Browser features and their security vulnerabilities
Browsers use many tools for various tasks, such as Java, Flash Player, ActiveX, etc. But these often come with security flaws, which cybercriminals exploit to get access to your PC. A quick rundown of these tools will help you figure out if you need them or not.
- Deactivate ActiveX. A browser add-on that comes preinstalled on Internet Explorer or Microsoft Edge and only works with these browsers. ActiveX acts as a middle man between your PC and Java/Flash based interactions in certain sites.
This creates security problems by giving malicious websites a window into your PC. What’s more, ActiveX is rarely used nowadays, so be on your guard if a site asks you to install it and accept the installation only if you are 150% sure that site is trustworthy.
- Try to disable JavaScript. JavaScript is a programming language used by websites to run various programs and features. Sites such as YouTube or Google Docs need it to function, but so do advertising, pop-up software and a whole host of other spammy elements from the internet.
Cybercriminals use JavaScript in malicious ways in order to infect your device with malware and other harmful software.
If you disable JavaScript altogether you will get a much quicker and simplified browser experience, with little to no ads, pop-ups, greatly improved page load times and generally a cleaner Internet experience at the cost of specialized tools such as Google Docs or YouTube.
This doesn’t need to be as drastic as it sounds, since browsers do allow you to whitelist certain sites which can run JavaScript.
- Delete Cookies. These are small data files stored on your browser. Websites use cookies in order to remember your accounts and passwords, browsing history and to track user behavior on their site.
Because of the information they contain, cookies are prime targets for cybercriminals, especially the ones that contain emails, account names and passwords.
When you disable and clear cookies you cut down on the personal data cybercriminals can obtain.
One thing you will want to keep in mind is that there are two types of cookies:
- First party and third party cookies. First party cookies are placed by the site you visit, for instance you get a first party cookie by cnn.com while visiting cnn.com.
- Third party cookies are placed by other sites, for example you get a cookie from amazon.com while visiting cnn.com.
First party cookies are frequently used to remember your login information so you don’t have to enter it every time you visit a site. But we can’t stress this enough, don’t allow your browser to save passwords!
Third party cookies are almost always placed on your computer by advertisers or marketers interested in tracking your movement online, so nothing bad will happen if you block them.
- Browser extensions and add-ons add extra functionality to your browser such as ad blocking or search bars. However, these add-ons pose a security risk, since they can open up windows into your PC which can be exploited to inject malware.
Safe Browser Settings for Chrome, Firefox, Internet Explorer and Microsoft Edge
While no single setting can make your browser 100% safe, the ones we are proposing will go a long way into keeping you safe from a majority of cyber attacks.
Securing Internet Explorer
First, access the Tools icon in the top right corner and then press “Internet Options”.
Go to the Security tab.
Here you can see 4 internet zones, the “Internet” security zone contains all the websites that are not in the “Trusted/Restricted sites” zone, meaning 99,999999% of the internet. For this zone, it’s best if you change the security level from Medium to High.
A side effect of selecting “High” is that features such as flash pages or ActiveX scripts might be disabled on certain pages.
If you want a more hands-on approach, press the “Custom Level” button and select what features you want to enable/disable.
In the “Trusted sites” zone you can include websites that you know for sure are risk-free so you can select a lower security setting that enables all the features of a site.
In the “Restricted sites” zone, you can write down websites you know are dangerous so Internet Explorer can apply the maximum security settings while on the page.
Right next to the “Security” tab you will find the “Privacy” settings.
In here you will find settings related to Cookies. As we’ve said above, these remember personal information such as account names, emails and passwords and more. Click the “Advanced” button.
In this area, you can find two columns, first party cookies and third party cookies.
Session cookies are used on the same site to track the information from one page to another. On internet commerce websites for instance, session cookies are used to track your order from one page to the next until the moment you check out.
Our recommended setting is to block both first party and third party cookies, while disabling session cookies, unless you frequently use sites that need them to function properly.
Now press the “Sites” button and go to this menu.
Here you can write down what websites you allow to store or block cookies.
The last setting you should change in Internet Explorer can be found on the “Advanced” tab.
Scroll down on the list until you find “Enable third party browser extensions*” and uncheck it.
Doing this will disable any browser extensions you may have, which is a good idea from a security perspective since many of them have been known to secretly track a user’s behavior while also opening up potential security vulnerabilities.
Firefox hacks and tips for better security
If you use Mozilla Firefox and want to improve your browser security settings, press the hamburger menu in the top right corner and go to “Options”.
In the “General” tab, at the Downloads section, press “Always ask me where to save files”. This way, you won’t have a web location try to automatically save dangerous content to your computer.
At the same time, this gives you the option to place suspicious content in a safe location where you can analyze it afterwards.
Next, go to the Privacy tab.
At the “Tracking” section press the blue text with “manage your Do Not Track settings” and check “Always apply do not track”. After you do this advertising, commerce and various other sites shouldn’t be able to track you across the web.
While in the Privacy tab, at the “History” section, choose “Firefox will never remember history”. This is especially important if you know your device may be used by other people.
For a more detailed control of your history section, select “Use custom settings for history”.
Check “Always use private browsing mode” so every time you close your Firefox browser it will clear browsing history, search results, cookies and download history.
The last changes you should make in Firefox can be found in the “Security” category.
First, make sure all of the four check boxes in the General section are checked in. This ensures that your browser will inform you whenever websites try to install malicious add-ons and other content.
In the “Logins” section you can set up a Master Password. Doing this is especially useful when multiple people have access to the computer, since it asks you introduce a master password before you can access logins.
This way, other people won’t be able to access your important accounts such as email. Once more, we cannot recommend this enough, but don’t let your browser remember your passwords.
Google Chrome tips and hacks for better security:
To improve your Chrome security settings, go to the Settings area, which can be accessed in the top right corner of the browser.
If you are logged into Chrome, under the “Sign in” section you will see an option named “Set up sync…” which will take you to a list of options.
In the Encryption section, you can find “Encrypt all synced data with your own passphrase.” This is a nifty setting, since it functions as a double password. If a malicious hacker learns your account info and password, they won’t be able to sync your search history, bookmarks and login information until they enter the passphrase.
This way, a hacker won’t be able to autofill your mail login or other accounts if they sign in with your Chrome account.
After you’re done setting up a passphrase, go to the bottom of the Settings page, where you can find a blue text that says “Show advanced settings…” click this to reveal more options.
In the Privacy section, check the option to “Send a “Do Not Track” request with your browsing traffic”. Normally, this should prevent sites from tracking your activity on the web, however numerous loopholes exist in the browser that allow a majority of websites to bypass this. Nevertheless, every bit of anonymity counts.
In the password section, we recommend you uncheck both “Enable autofill” and “Offer to save your web passwords.” While it can be a hassle to write down this information every time, you won’t run the risk of cybercriminals getting their hands on the files containing such sensitive information.
In the Privacy section, you can find the “Content settings…” button. This will take you to a whole host of options that concern your privacy and anonymity on the web.
In the Cookies section, select “Keep local data only until you quit your browser”. If you are willing to cope with a loss in web browsing usability, you can select the “Block sites from setting any data” option. Lastly, we strongly recommend you check the “Block third party cookies and site data” to prevent advertisers and potential cybercriminals from tracking you on the web.
Another suggestion is to check the “Do not allow any site to run JavaScript”, but be sure to read the JavaScript section so you know what functionality you might lose, but also what benefits you will gain.
In the Plugin section, you can select the “Let me choose when to run plugin content”. This will give you more control over plugins and stop an infected plugin to pass the malware onto your PC.
In the “Downloads” section, check the option to “Ask where to save each file before downloading”.
Doing this will prevent a lot of malicious software from downloading itself automatically to your computer and gives you a greater sense of control of what gets on your PC.
Microsoft Edge security tips and tricks
For Microsoft Edge, press the three dot menu icon in the top right corner and select “Settings”. At the bottom of the menu, you will find the “View advanced settings” button.
Flash Player is a favorite hacking target for cybercriminals because of its numerous vulnerabilities, so it’s a good idea if you disable it altogether. Some website features and pages might stop working, but on the upside, so will spammy and annoying page elements.
At the “Downloads” section, make sure the “Ask me what to do with each download” option is selected. This will prevent the browser from automatically downloading malware or other potentially dangerous software onto your PC.
In the “Privacy and security” section, deselect the “Offer to save passwords” and “Save form entries”. Security wise, it is of critical importance to close any possibilities cybercriminals might have of getting their hands on your valuable accounts, passwords and personal information.
Don’t forget to turn on the option to “Send Do Not Track requests”. Once you turn this on, your browser will notify third-party websites not to track you across the internet.
Best Chrome, Firefox, Internet Explorer and Edge extensions for security
While we are generally cautious of browser extensions since they can act as vehicles for malware, we’ve chosen 4 of them that can add an overall net benefit to your online security.
How to block ads, popups with Adblock Plus.
AdBlock Plus is a well-known browser extension that blocks ads and popups from interfering with your browser experience. Consider this as an alternative to the rather hardcore option of disabling JavaScript altogether.
Protect your online privacy and anonymity with Disconnect.me
Disconnect, available for Mozilla Firefox, Google Chrome and Internet Explorer is a very useful extension which manages to block third party tracking cookies and you have the ability to control the scripts on the site using a simple toolbar menu. It also blocks your social media account from tracking your browsing history and private data.
Browse only safe sites with HTTPS Everywhere.
HTTPS Everywhere, available for Mozilla Firefox and Google Chrome, is a popular security tool for online browsing. HTTPS is the secure version of HTTP, with the S meaning “Secure”.
In practice, this means that sites that use HTTPS encrypt the data between your browser and the website, making it much harder for cybercriminals to intercept your data.
What HTTPS Everywhere does is to always use HTTPS instead of HTTP. Since not all sites are optimized for HTTPS, there’s a small chance it will break the experience on some sites, but it can be easily fixed with a mention in the program’s toolbar.
Tips, advice and best practices for a secure browser
So far, we’ve gone through online browsing concepts, security settings for various browsers and some of the most useful browser extensions that can keep you safe when you browse the web. Next, we’d like to add some basic rules and guidelines that will keep malware and cybercriminals away.
- Always update your browser. This is a point we cannot stress enough, and for good reason. New browser vulnerabilities are discovered every day, so it’s more important than ever to keep your browser up to date in order to avoid a zero day attack.
- Stay away from phishing attacks. In a phishing attack, cybercriminals try to trick you into clicking malware infected links by posing as legitimate persons or businesses, such as your bank or internet service provider. The moment you click on a phishing link, malware infects your PC.
- Don’t use the same password for all your online accounts. This way, a cybercriminal won’t be able to reuse the same password on all of your accounts.
- Check if a website is https:// instead of http://. Sites that use https:// add an extra layer of security because they encrypt your data.
- Keep your registration email separate from the work email. When you keep the account information email separate from the work email, you minimize the chance of cybercriminals locking you out of your project in case the security measures for your email get compromised.
- Be careful when connecting to public and free wireless networks. One of the favorite methods used by online criminals to retrieve your credentials is by using wireless sniffers to access data sent over unprotected networks. One way to increase your security is by using a “private browsing” session, this way you make sure your credentials won’t be stored locally.
Conclusion
Companies prefer to sacrifice your security in order to make the user experience simpler. Browsers are no exceptions. But many browser developers have a vested interest in knowing as much about you as possible, since ad revenues largely depend on correctly identifying your personal preferences.
With just a few clicks, you significantly cut down on the amount of information you give expose both to an online browser, and a malicious hacker.
When you started this lesson, you were 50% done with our cybersecurity course. But now, you’re at 55%! Now that’s progress right there.
Our next lesson will be all about public Wi-Fi, and why it’s so important to secure yourself when connected to such a hotspot.
This course is presented in partnership with Heimdal Security – a worldwide leader in enterprise and consumer cyber security solutions.
