In the modern technical world, it seems like danger lurks around every corner. While there are many complicated technical risks people take every day, there are also many common steps you can take to help keep your data, and by extension yourself, safe.
One of the most common sources of risk is a simple web browser. Chrome, Firefox, Safari or even the ancient Internet Explorer all let you “surf” the web – opening the entire world up to you in a few clicks and in doing so expose you to more risk than you may realize. Understanding a few good basic browser habits can reduce your risk.
Here are five simple browser habits that can keep you safer online. Keep in mind that “data” can mean anything, including usernames and passwords or financial information. Your data is important to you, even if you don’t know it!
1. Do not save passwords in your browser. There are numerous safe applications that allow you to safely and securely save login information. Most of these applications offer a free version or a low cost “premium” version. The importance of saving passwords into a properly encrypted system is that any passwords saved into your browser can potentially be taken by malicious web-code without your knowledge. One recommended, encrypted, password management solution with browser and mobile support is LastPass.
2. Use Multi-Factor Authentication (MFA or 2FA). In these modern times a password is no longer enough security to keep your data safe. Due to the fact that most people have subpar passwords, either because they are easily guessable or generally too simple, an additional layer of security has been developed to keep your accounts and data secure. Multi-Factor Authentication (MFA) can take several forms, but at its heart, it is simply a secondary or tertiary way for you to prove you are who you are. The most common form of MFA is being texted a code, which you then enter as an additional login parameter. While better than nothing, a texted code is one of the least secure methods of MFA. The most recommended method would be an authenticator application or device. Common MFA mobile applications are Google Authenticator, Microsoft Authenticator or even the LastPass Authenticator (which can link to your LassPass Password Manager). With this said, MFA is not fool proof and there are potentially ways around it. Following all the tips on this list can reduce the chance of an attacker bypassing MFA substantially.
3. Keep your browser(s) updated. Vulnerabilities are found every day across the technical world. There are people that make a living from finding vulnerabilities and exploiting them. As vulnerabilities are found and reported, most responsible developers release software updates to remove the vulnerabilities to the best of their ability. Most browsers keep themselves up-to-date, but not always. This is a good thing to check from time to time, though the process will change from browser to browser.
4. If it looks wrong, it probably is wrong. A common tactic to get data from users is to create sites that mirror real life sites but may have a different name such as Fcaebook.com instead of Facebook.com. It is important to pay attention to where you are when on the web. You can be on a common trustworthy page one second then redirected to a fake data collection site the next. Your URL bar (the bar at the top of the browser) will tell you where you are and who is asking you for information. If you no longer recognize the site, do not enter any data. It would be best to close all the tabs in your current browser session, then close the browser itself. If you are asked to open a file or allow access to something, and you did not request such a response from the site, then you are likely dealing with malicious web-code. You do not want to interact with potential malicious web code. Just because a button may say “No” does not mean it will react as expected. Most malicious code developers create a trap – meaning any interaction with the pop-up or click of the prompt equates giving permission. If this happens to you it may be best to simply restart your PC. This should end any involved processes and get you back in business, though this is not always the case. This is a common issue we are able to resolve for our clients when it does arise.
5. Always Log Out or Sign Off. The newest threat facing everyday users on the web is a way to bypass Multi-Factor Authentication. This happens when a website is able to run malicious code in your browser, which then steals a unique file that was created when you logged into any specific session. For example, you log into your online banking site and generate this unique file (Token). The token is good for a certain amount of time and tells the site on the other end of your internet connection, “I’m me and you know this because you checked when I logged in.” If this token is stolen, it can allow someone else to use it to get into your online banking site (in this example) without ever needing to know your username, password or MFA code. This can seem very scary but it can be heavily mitigated with a simple action: Logging Off/Out of sites when you are done. When you log off a site, it expires your Token and tells the site on the other end that the Token you were using is now no longer valid. Due to the small window most people stay logged into sites, this minimizes the possible amount of time an attack could take place within. Remember, Log Off/Out – don’t just close your browser. Closing your browser without ending your session leaves the logged in session open until it would naturally expire. This can leave a possible attacker hours of time to be accessing your data (or money in this example). This is not fool proof but when used in conjunction with the other tips on this list will massively increase your online safety.
Please follow these tips to keep yourself and your data safe on the internet. As always, please reach out to us at help@DorsetConnects.com should you have any questions about browser safety!