CITS

Safer Web Browsing

August 13, 2015   |  By Chris Phillips

Browsing Risks

While the vast majority of website content is benign, it's possible for it to contain harmful program elements like viruses, worms, or data-harvesting spyware. Clicking on a seemingly innocuous link on a web page can easily cause a malware infection; indeed it's estimated that 80 to 90 percent of security compromises occur through such basic methods. But sometimes all one needs to do is to visit a page with infected content for the transfer to occur.  Read on to learn some defensive strategies for safe web-surfing.

Browsing Defenses

The key is to use the technical defenses that browser and other software can provide. But you also need to practice defensive behaviors. Technical measures alone cannot protect you.

Secure Your Computing Device(s)

Using a strong access password, encryption if possible, installing anti-malware, and automatic software updates are all useful strategies.  These and other defensive tools are covered in depth in the previously-published CITS article Protecting Your Portable Devices.  (UMB’s Password Management and Workstation Security Policies are posted on the University’s website for your review.) 

Watch Where You Go

Be sure you are going where you think you are, particularly on a visit to a website on which you'll be entering sensitive information, such as a bank or credit card site. It's generally best to type the URL into the browser address bar yourself, or use a bookmark you created after typing in the URL previously. (And type carefully. Criminals sometimes set up sites with URLs of common misspellings.)

Be particularly cautious about clicking on links in pop-up windows and advertisements.  Do not rely on a URL link in an email message unless you are absolutely confident of the source. When you place your cursor over a link, your browser should display the link's actual URL in a "status bar," usually somewhere near the bottom of the browser window. Get in the habit of looking at this address before you click to be sure it matches where you really want to go.

Watch What You Do

Use even more caution whenever you download. Downloaded software may be infected. Having up-to-date anti-virus and anti-spyware software on your system is essential protection, but it doesn't guarantee that downloading is safe.  You can read about UMB’s IT anti-virus policy here.

Be sure you're using a trusted source. Freeware and shareware sites are risky. Peer-to-peer (P2P) downloads are infamous for spreading malicious software; that's why most employers' policies prohibit downloading from such sites/services onto workplace systems.

Make sure the connection you are using is "secure" (encrypted) whenever you are exchanging sensitive data. You can identify a secure connection by the "https" at the leftmost part of the site's address (URL) in the browser's address bar, and by a "lock" icon somewhere in the browser's status bar.  Browser windows also can be faked; and it's a now-classic phishing trick to put a fake browser window in front of a genuine one. If the window doesn't have an address bar so you can see where you are, do not enter any information.

Use Appropriate Security Settings

Whichever browser you use, it is critical that you use appropriate security settings. This is much more important than the particular browser you choose. Security is increased by disabling features that can present security risks, such as the "active" components that run programs on your computer.  Understand that if you set a “high” security level you may have to periodically reduce it in order to download or execute a file from a site you have decided to trust.  Use your browser’s “HELP” feature to understand default security settings and your options for deviating from those settings.

Keep in Mind What You Leave Behind

For your convenience, most browsers keep a "history" of all the sites you have visited as well as a cache of temporary copies of recently-visited pages, to allow you to view them faster if you return. Browsers can also keep copies of information you've entered into online forms (such as names, addresses and telephone numbers), online passwords, downloads and so on. Any or all of this may not be something you wish to share with other users of a shared computer.  It's also a reason to have an access password on your un-shared device, so that no one else can gain access to this information.

Keep in Mind What Web Sites Leave Behind

Web sites regularly use "cookies" to keep track of where you have been and what you have done. This can enhance your experience, for example by helping you to remember and quickly return to particular pages you have visited in a session.  A different type of cookies, typically constructed by marketing organizations, is designed to track your browsing behavior across many sites.  You will want to get rid of these using anti-spyware or anti-adware tools.

Your Privacy at Work and at Home

As with email, in the United States you have almost no privacy rights at work with respect to computing activities like web browsing. UMB's policies on employee monitoring and the appropriate use of computers are available to you here.  Remember also that search engine companies, Internet Service Providers and Government agencies are also engaged in monitoring Internet activity. While you can't assume that your computer activities are ever private even at home, it's certainly the safer place for any sensitive personal browsing.

Conclusion

Safer browsing requires both technical and behavioral measures.  Using protective software and making sure your browser is appropriately configured are important steps. But even the newest software with the most nuanced settings cannot assure 100% security. If you don't browse safely, paying attention to the guidelines presented above, you're likely to encounter problems sooner or later. Safer web browsing is less about adjusting your software than about adjusting your behavior in accordance with the risk.