top of page
  • Writer's pictureCraft Compliance

The Greatest Privacy And Security Risks For Web Browser Use In Your Business


The Greatest Privacy And Security Risks For Web Browser Use In Your Business

In a recent blog post, we reviewed which web browsers are really the most secure for users. As we uncovered in that blog, some web browsers are designed with stronger security and privacy considerations in mind.


Sometimes for businesses, it can be difficult to take a look at a list and make an overarching security decision for the full business based on that list. It is also not always possible to ensure a specific browser is used by your employees or supported by vendor-based applications or websites. There’s always a web browser risk of data theft or accidentally giving someone access to a system through unintended interaction with the website or web browser.


If you have a business and you’re working within the constraints of your vendor or user requirements, what can you do with the browser that is available to you or the one that is most used by your employees? In today’s blog post, we’ll cover the steps you can take to encourage and enforce safer browsing practices.


Most Common Risks Of Web Browser Usage


Common risks of web browser usage are data loss, exfiltration, or granting unintended access to internal systems or data. They are usually exploited through website spoofing, malicious redirects, phishing, ads, social media based scams, and other exploits using scripts, cookies, plugins, APIs, and ActiveX.


Data loss is often seen through stealing data as it is entered into forms or using code injection to dump database values from the location where form data is stored by the company. Additionally, downloading malicious apps or clicking on malicious links can cause ransomware or viruses that result in data loss beyond the data gathered through the website. Granting unintended access to internal systems or data occurs most frequently through clicking on malicious links or downloading malicious applications which allow external actors to gather user credential information. These links can come through email, social media, advertisements, instant messages, or text messages.


What steps can businesses take to enforce and encourage safer browsing practices?


We are going to focus on three key areas for increasing security and privacy practices around web browsing within an organization. They are:


  • Governance and policy

  • Configuration settings

  • Employee training and education


A risk-based approach should be considered in determining what mix of practices best suits your particular network or organization. While there may be some things that are not applicable or possible at your organization, there may be other practices that have minimal cost and impact for a quick win in your security landscape.


Governance and policy


For governance and policy, consider:

  • Setting up anti-virus and anti-malware

  • Using a VPN and reviewing it for proper configuration

  • Having a multi-factor authentication policy

  • Setting or reviewing your company’s browser add-ons policy

  • Implementing a secure password management strategy

  • Identifying and communicating preferred company web browser

  • Restricting user access to download applications to limit browsers used

Configuration settings

It’s important to keep in mind that not all web browsers provide configurations to manage all of these settings. For configuration settings, consider:

  • Enabling automatic security updates

  • Enabling security warnings for users

  • Enabling tracking prevention measures

  • Enabling options to require https

  • Enabling ad blockers

  • Disabling in browser password management and auto complete options

  • Disabling pop-up windows and website redirects


Employee training and education

For employee training and education, you’ll want to provide education surrounding:

  • Recognizing email, text, social media, and advertisement-based scams

  • Avoiding downloading unknown attachments or clicking on malicious links

  • Encouraging use of approved applications for business functions

  • Using https, verifying website addresses are correct, and using bookmarks for frequently visited sites

  • Avoiding non-work activities such as visiting entertainment, gaming websites, or unfamiliar websites on organization devices

  • How to report suspected malicious links or activity and what to do if there is ransomware or virus on an organization device

If your business is looking to go beyond the basics, be sure to incorporate web filtering. You can focus web filtering on download triggers, redirects, and malicious scripts. Also, having secure communication with DNS servers can increase security in web browser usage. Lastly, isolating browsers from work stations using virtual machines, containers, remote browser isolation, or secure gateways can allow for easy isolation of browser communication and compromised activity.

If you have further questions about data security and privacy, please reach out to us on our website.

18 views0 comments

Comments


bottom of page