arthead - stock.adobe.com
Internet security is critical for all organizations, and the main connector between end users and harmful content on the internet is the web browser.
As such, browser security is of paramount importance, and browser privacy is a key component of browser security. Popular browsers -- such as Chrome, Edge and, to a lesser extent, Safari -- are provided by companies that sell user data to advertisers and other third parties.
In addition, browsers store passwords, usernames and other account security information that can be a significant target for hackers, even though the information is encrypted. Much of this information is held in cookies and a user's favorite sites are part of a saved history, which the browser providers can sell.
In organizations that minimize these risks by disabling autocomplete of usernames and passwords or purging cookies, users will have to enter a username and password to every webpage that asks for it. Yet, security and privacy shouldn't have to come at the cost of UX.
There are security features that these browsers employ to ensure privacy and security, but there is no real way to ensure complete privacy and security protections from all attack vectors, adware and other concerns. A secure browser is important to everyone in the organization, whether they have access to financial or classified information or not. So, organizations are best off finding the right mix of acceptable use policies and technologies to implement across the enterprise.
Organizations should begin the browser evaluation process by looking into what threats they have to combat. While this threat list covers many modern threat vectors, new methods for attack may come up. IT teams should stay abreast of any new browser security updates.
From there, IT teams can determine which browser works best and what tools they should use to supplement and support the use of the web browser.
One of the biggest threat vectors that organizations need to address is phishing. These types of attacks are highly effective and are often the entry point for cybercrime attacks, such as advanced persistent threats and ransomware. They involve tricking a user into clicking on a link to a compromised website and entering passwords, personal data or financial information. All a hacker needs is one user to download malware that is included in a game, video or other data, and then they can access the corporate network.
A Cisco report stated that the four most prevalent security threats are cryptomining, phishing, Trojans and ransomware, in that order, which account for 100 million threats a month. All other threats accounted for 10% of that combined total. Cisco's study also reported that 86% of participating organizations had at least one user try to connect to a phishing site, and 70% had users obtain malicious browser ads. Cisco also estimated that 90% of data breaches start from phishing. It is important to address phishing as part of corporate security and in harmony with browser security.
Phishing typically occurs through email but leads to a website. When selecting a browser, it is important to consider the antiphishing features.
Other threats that IT teams must protect against include the following:
Perhaps the most important preventive step that IT teams can take to minimize browser attacks is simply end-user education. Security technologies can't completely protect the enterprise from attacks if the users open the door and let attackers bypass security measures. Many organizations require annual training to teach users how to identify phishing and other attacks via browsers. These trainings cover email and other social engineering vectors as well. This will yield better results than draconian browser use policies or pouring massive amounts of resources into complex security platforms.
That said, there are tools and security software platforms that can add value:
The browser market is dominated by a few major players, with Google Chrome leading the pack. Mozilla Firefox, Microsoft Edge and Apple Safari round out the top four in terms of market share. There are new browsers that are more secure in many ways, including in how they keep your privacy protected and sell your data to sponsors. These other browsers include Brave, Opera and Vivaldi.
A comparison of the top four browsers shows very minor differences in security features. For example, all four of these browsers offer cookie management, password storage for autofilling, browser history and cache management, and custom site blocking.
Still, it's important to know exactly what features each browser has. Further, IT may add extensions to supplement a browser with additional functionality.
It's difficult to name a single best browser -- even from a privacy or security perspective -- because there are not a lot of unique features across the browser market. Thus, it comes down to what users are comfortable working with and what IT teams are comfortable managing. Imagine the effect on users that a switch from Chrome to Firefox would have. It would create a new learning curve, a dip in productivity and a spike in support calls to the help desk.
Users would have to figure out how to handle migrating bookmarks, remembering passwords that were stored in the browser and losing their browsing history. If there is a valid reason to go through with a migration of this nature, then it can be done. However, the reason should justify the price that will be paid in productivity and user frustration.
With all of this in mind, the following recommendations address privacy and security concerns that an organization should consider while forming a browser policy:
Part of: Comparing web browsers for use in a business setting
Many user tasks rely on the browser used, but not all browsers are well suited to these tasks. Learn the strengths and weaknesses of each major browser.
While there are plenty of similarities across web browsers, the processes that they consume RAM with can greatly differ. This may be critical information for some IT teams.
While the four most common browsers -- Chrome, Edge, Firefox and Safari -- have largely the same feature sets, there are subtle differences when it comes to privacy and security.
Citrix performance issues can be difficult to deal with. Fortunately, there are ways to prevent and troubleshoot them using ...
Without the proper troubleshooting process, IT would have to guess what the issue might be. However, a clear and consistent ...
With the influx of remote work, it's no surprise that organizations need a way to access and manage remote user desktops ...
DNS outages cause connectivity issues that prevent basic tasks from executing properly. Understand how to perform a restore for a...
In addition to a long-simmering bug in the Microsoft Support Diagnostic Tool, Microsoft corrects a sizeable number of flaws in ...
Increased difficulties related to printing have many organizations exploring their options. See what these third-party print ...
All Rights Reserved, Copyright 2008 - 2022, TechTarget Privacy Policy Cookie Preferences Do Not Sell My Personal Info