Like phishing training, password management and physical security, safe web browsing should be a key component of your cyber security awareness program. The Australian Signals Directorate reported blocking 67 million malicious domain requests during FY 2023, a 176% increase from the previous year. With internet access a requirement for knowledge workers to complete tasks and communicate, browsers like Edge, Chrome, Firefox, and Safari have become key to our days and require vigilance when using them. Here are three ways your team can more securely browse the web.
Source: ASD.
Pop-ups and redirects can deploy malware
Malicious pop-ups and redirects trick users into visiting websites or tricking them into downloading malware – this is also one way they deploy ransomware. When using web browsers, your team must be wary of unexpected windows that pop up. Genuine websites and ads usually don’t use aggressive tactics. So, if a pop-up asks for immediate action, like offering a quick download, it’s likely untrustworthy. Paying attention to the URL in a pop-up or redirect can also show signs of danger, such as spelling mistakes or strange web addresses.
Browser extensions can add vulnerabilities
While browser extensions can make people’s work lives easier, they also introduce security vulnerabilities. Cybercriminals can exploit these vulnerabilities, using extensions to monitor user activity, steal sensitive information, or install additional malware. The risk increases with extensions that request broad permissions beyond their functional needs, as they can act as a gateway for broader access to the user’s browser and data.
Users should avoid browser extensions as much as possible. If required, they should pay close attention to the permissions the extension requests; if it seems excessive for its stated functionality, it may be best to avoid that extension.
Threat actors can steal cookie data
Cookies are data stored on web browsers to understand people’s activities and preferences. Over time, your team’s browsers will build up this data and cyber criminals might steal it and use it to access personal information.
Your cyber security awareness programs should educate users on the risks of cookie data and remind them to clear their cookies regularly. Staff can also use the browser’s privacy settings to control the cookies saved and how long their browser retains this information. Choosing to only accept cookies from trustworthy websites is another good prevention measure.
Conclusion
As many of us access work resources via internet browsers and use various websites, web safety has become essential for cyber security awareness programs. Even if you have technology solutions for web safety, only users can prevent certain security threats, such as pop-ups and redirects, browser extension vulnerabilities, and cookie theft. You might have good technology controls in place, but they will not be as effective if people do not observe web safety.
Our Cyber Escape Rooms educate your team on web safety
Our Cyber Escape Rooms use gamified training to educate your staff on safe web browsing practices. We mix engaging cyber security games with practical tips for protecting the business to improve memory retention and make your team the first line of defence. Visit our Cyber Escape Rooms page to book a preview session.
Related blogs
5 ways to revitalise your team’s cyber security habits in the new year
Where your current cyber security training program falls short
8 essential components of a solid cyber security education plan
