{"id":14499,"date":"2019-02-05T09:10:04","date_gmt":"2019-02-05T17:10:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/02\/05\/news-8251\/"},"modified":"2019-02-05T09:10:04","modified_gmt":"2019-02-05T17:10:04","slug":"news-8251","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/02\/05\/news-8251\/","title":{"rendered":"How to browse the Internet safely at work"},"content":{"rendered":"

Credit to Author: Jovi Umawing| Date: Tue, 05 Feb 2019 16:00:44 +0000<\/strong><\/p>\n

This Safer Internet Day, we teamed up with ethical hacking and web application security company\u00a0Detectify<\/a> to provide security tips for both workplace Internet users and web developers. This article is aimed at employees of all levels. If you\u2019re a programmer looking to create secure websites, visit Detectify’s blog to read their guide to HTTP security headers for web developers<\/a>.<\/em><\/p>\n

More and more businesses are becoming security- and privacy-conscious\u2014as they should be. When in years past, IT departments’ pleas for a bigger cybersecurity budget fell on deaf ears, this year, things have started looking up. Indeed, there is nothing quite like a lengthening string of security breaches<\/a> to grab people\u2019s\u2014and executives\u2019\u2014attention.<\/p>\n

Purely reacting to events is a bad<\/span> terrible<\/em> approach, and organizations who handle and store sensitive client information have learned this the hard way. It not only puts businesses in constant firefighting mode, but is also a sign that their current cybersecurity posture may be inadequate and in need of proper assessment and improvement.<\/p>\n

Part of improving an organization\u2019s cybersecurity posture has to do with increasing its employees’ awareness. Being their first line of defense, it\u2019s only logical to educate users about cybersecurity best practices<\/a>, as well as the latest threats and trends. In addition, by\u00a0providing users with a set of standards<\/a> to adhere to, and maintaining those standards, organizations can\u00a0create an intentional culture of security<\/a>.<\/p>\n

Developing these training regimens requires a lot of time, effort, and perhaps a metaphorical arm and a leg. Do not be discouraged. Companies can start improving their security posture now<\/em> by sharing with employees a helpful and handy guide on how to safely browse the Internet at work, whether on a desktop, laptop, or mobile phone.<\/p>\n

Safe Internet browsing at work: a guideline<\/h3>\n

Take note that some of what\u2019s listed below may already be in your company\u2019s Employee Internet Security Policy, but in case you don\u2019t have such a policy in place (yet), the list below is a good starting point.<\/p>\n

Make sure that your browser(s) installed on your work machine are up-to-date.<\/em><\/strong> The IT department may be responsible for updating employee operating systems (OSes) on remote and in-house devices, as well as other business-critical software. It may not be their job, however, to update software you’ve installed yourself, such as your preferred browser. The number one rule when browsing the Internet is to make sure that the browser is up-to-date. Threats such as malicious websites, malvertising<\/a>, and exploit kits can find their way through vulnerabilities that out-of-date browsers leave behind.<\/p>\n

While you’re at it, updating other software on your work devices keeps browser-based threats from finding other ways onto your system. If IT doesn’t already cover this, update your file-compressor, anti-malware program<\/a>, productivity apps, and even media players. It’s a tedious and often time-consuming task, but\u2014shall we say\u2014updating is part of owning software. You can use a software updater program<\/a> to make the ordeal more manageable. Just don’t forget to update your updater, too.<\/p>\n

If you have software programs you no longer use or need, uninstall them.<\/em><\/strong> Let’s be practical: There\u2019s really no reason to keep software if you’ve stopped using it or if it’s just part of bloatware<\/a> that came with your computer. It\u2019s also likely that, since you\u2019re not using that software, it’s incredibly outdated, making it an easy avenue for the bad guys to exploit. So do yourself a favor and get rid. That’s one less program to update.<\/p>\n

Know thy browser and make the most of its features.<\/em><\/strong>\u00a0Modern-day browsers like Brave, Vivaldi, and Microsoft Edge have\u00a0launched quite a bit differently than their predecessors. Other than their appealing customization schemes, they also boast of being secure (or private) by default. By contrast, browsers that have been around for a long time continue to improve on these aspects, as well as their versatility and performance.<\/p>\n

Regardless of which browser you use, make it a point to review its settings (if you haven’t already) and configure them with security and privacy in mind. The US-CERT has more detailed information on how to secure browsers, which you can read through here<\/a>.<\/p>\n

Refrain from visiting sites that your colleagues or boss would frown upon if they look over your shoulder.<\/em><\/strong>\u00a0Most employees know that visiting and navigating to sites that are not safe for work (NSFW) is a no-no, but they still do it. Trouble is, not only does this welcome malware and other threats that target visitors of such sites, but it could also result in being\u2014rightfully or not\u2014accused of sexual harassment<\/a>. Browsing sites of a pornographic nature could make coworkers incredibly uncomfortable, and if this behavior is generally tolerated by the brass, it could result in the company becoming the subject of a hostile environment claim<\/a>. So if hackers don’t scare you, maybe a lawsuit will.<\/p>\n

Use a password manager.<\/em><\/strong> It may sound like this advice is out of place, but we include it for a reason. Password managers don\u2019t just store a multitude of passwords and keep them\u00a0safe. They can also stop your browser from pre-filling fields on seemingly legitimate, but ultimately malicious sites, making it an unlikely protector against phishing attempts. So the next time you receive an email from your “bank” telling you there’s a breach and you have to update your password, and your password manager refuses to pre-fill that information, scrutinize the URL in the address bar carefully. You might be on a site you don’t want to be on.<\/p>\n

\n

Read: Why you don’t need 27 different passwords<\/a><\/em><\/p>\n

\n

Consider installing apps that act as another layer of protection.<\/em><\/strong> There is a trove of fantastic browser apps out there that a privacy- and security-conscious employee can greatly benefit from. Ad blockers, for instance, can strip out ads on sites that have been used by malicious actors before in\u00a0malvertising campaigns. Tracker blockers allow one to block trackers on sites that monitor their behavior and gather information about them without their consent. Script blockers disable\u00a0or prevent the execution of browser scripts, which criminals can misuse. Other apps, such as HTTPS Everywhere<\/a>, force one\u2019s browser to direct users to available HTTPS versions of websites.<\/p>\n

Consider sandboxing.<\/em><\/strong> A sandbox is software that emulates an environment where one can browse the Internet and run programs independently from the actual endpoint. It\u2019s typically used for testing and analyzing files to check if they\u2019re safe to deploy and run.<\/p>\n

We\u2019re not saying that employees should know how to analyze files (although kudos if you can). Only that employees who normally open attachments from their personal emails, stumble into sites that may be deemed sketchy at best<\/a>, or want to check out programs from third-party vendors do so in a safe setup that is isolated from their office network. Here is a list of free sandbox software<\/a>\u00a0you can read more about if you\u2019re interested in trying one out.<\/p>\n

Assume you are a target.<\/em><\/strong> Not many employees would like to admit this. In fact, it may not have crossed their minds until now. A lot of small businesses, for example, would like to think that they cannot be targets of cyberattacks because criminals wouldn’t go after \u201cthe little guy.\u201d But various surveys, intelligence, and research tell a different story.<\/p>\n

Employees need to change their thinking. Each time we go online at work, whether for valid reasons or not, we are putting our companies at risk. So we must take the initiative to browse safely, adopt cybersecurity best practices, and embrace training sessions with open minds. Realize that a lot is at stake in the office environment, and a single mouse click on a bad link could bring down an entire business. Do you want to be the person responsible?<\/p>\n

We\u2019re all in this together<\/h3>\n

When it comes to preventing online threats from infiltrating your organization\u2019s network and keeping sensitive company and client data secure, it is true that they are no longer just IT concerns. Cybersecurity and privacy are and<\/em> should be every employee\u2019s concern\u2014from the rank-and-file up to the managerial and executive level<\/a>.<\/p>\n

Indeed, no one should be exempted from continuous cybersecurity training, nor high-ranking officials should go on thinking that company policies don\u2019t apply to them. If every employee can adhere to the simple guideline above, we believe that organizations of all sizes are already in a better security posture than before. This is just the first step, however. There is still the need for organizations to assess their cybersecurity and privacy needs, so they can effectively invest in tools and services that help better secure their unique work environment. Whatever changes they choose to implement that require employee participation, IT and high-ranking work officials must ensure that everyone is in it together.<\/p>\n

Stay safe!<\/p>\n

More Safer Internet Day blog posts:<\/p>\n