Browser Security

Today’s web browsers offer a number of convenient features that make finding, saving, and sharing information faster and more hassle-free than ever. As with most things though, this convenience can come with a cost. Here are some things you can do to make sure your privacy isn’t compromised.

Browser Security Checklist

  • Review your browser security settings to make sure you are protected.
  • Do not allow your browser to save passwords for you.
  • Be wary of browser syncing features, especially if you use shared or public computers.
  • Do not enable autocomplete features for web forms.
  • Use a secure browser and keep it up to date.
  • Exercise extreme caution when installing browser extensions and plugins.
  • Do not accept downloads from sources you do not recognize.
  • Only provide information on web forms when you are certain of the reason you are providing it.

Make Sure Your Browser Security Settings Are Configured to Protect You

Modern browsers offer many conveniences to make online life easier. However, some of these features carry security risks. Make sure you understand the risk you are exposing yourself to before you use them.

Do NOT Allow Your Browser to Save Passwords

It is difficult to remember multiple passwords for the many sites and services you might use every day, so it is tempting to use this feature to make access more convenient. However, criminals who manage to get into your computer over a network, or who manage to gain physical access to one of your devices can easily steal any information you have saved in your browser, including passwords. We recommend using a service like LastPass to make password storage easier. You should also use two-factor authentication (2FA) whenever it is an available option. For example, Google, Microsoft, and many banking and financial institutions offer 2FA with their services. See our 2FA page for more information.

Be Wary of Browser Syncing

Browser syncing can be convenient for people who use multiple computers or devices throughout the day, but it is important to be aware of the associated risks. Any data allowed to sync will be stored on the vendor server, not just in the local cache on your device, making it vulnerable to theft if the vendor servers are ever compromised. This can include passwords, private information stored for autocomplete, your search and browsing histories, and other information that makes it possible to track your online activity and personal transactions. It is especially hazardous to use syncing if you ever use public computers, since anyone who uses that computer after you might be able to access information left from your session. Ensure that you do not enable syncing on a public computer and if you do, sign out completely.

Do Not Enable Automatic Autocomplete Features

No one enjoys manually completing all of those forms! Autocomplete seems like a handy way to save a few precious minutes. Unfortunately, it is not always easy to maintain control over the information your browser is saving for autocompletion. You might accidentally end up storing very sensitive information such as social security numbers or credit card numbers without even realizing you did so. This could be especially disastrous if you have also forgotten to disable features such as syncing or password storage.
Don’t put yourself at risk just to save a couple of minutes’ aggravation! To learn more, search the help database for your browser.

Use a Secure Browser and Keep It Up to Date

It is best to use browsers from well-known, reputable companies. Because of their large user audiences, these browsers tend to get feedback about security weaknesses relatively quickly and issue frequent software updates to fix any problems. These browsers include:

  • Microsoft Internet Explorer 11 or Edge
  • Firefox
  • Chrome
  • Opera
  • Safari

This does not mean that these browsers guarantee your security 100%, or that alternative browsers are inherently not secure. However, if you decide that some other browser is a better option for you, be sure to do some research about potential security risks. Whichever browser you choose, be sure to always enable automatic updates so that any security patches the vendor provides are applied in a timely fashion. Also be sure to enable your operating system’s automatic updates, as they do include security fixes for your browser.

Use Caution When Installing Plugins and Extensions

Plugins and extensions are small software packages that are installed in your web browser to provide features and services that extend the capabilities of your web browser. Some common example are ad blockers, spelling and grammar checkers, RSS feed readers, or web conferencing tools. These can be useful tools when it comes to reducing annoying advertising clutter on websites or keeping you more organized and productive, but you should always be cautious about downloading new plugins and extensions.

Always confirm the source of the plugin or extension. Many of these plugins are created by the vendors who provide the browsers; Google, Mozilla, Apple, and Microsoft all offer extras for their browsers. Other vendors (called “third-party vendors”) also offer plugins and extensions so that you can use their services within your browser. However, disreputable companies, scammers, and data thieves can also use plugins and extensions to steal information, spy on your online activity, or just create endless annoyance and inconvenience with unwanted advertising.

Before you agree to download any browser plugin or extension, make sure it is offering a service you know you really need. Scary popup ads from out of the blue declaring that your system is insecure or running inefficiently are just bait from scammers and can be safely ignored. Always call your technical staff first if you believe you have a security problem or a system performance issue.

Review your installed extensions and plugins periodically to clear out ones that you no longer use.
Many browsing extensions require full access to your browser activity to function, including personal data that you submit in forms.

Protect Yourself from Phishing Sites and Unwanted Software

Scammers will sometimes attempt to mislead you into entering private information or downloading malware by creating sites that appear to offer legitimate information or services. Follow these tips to protect yourself:

Do not accept software downloads from sources you do not recognize. While it is important to apply updates to your operating system software and other applications such as Microsoft Office, Adobe, or your web browser, be wary of offers from unfamiliar sources. Pop-ups that appear out of nowhere and claim to have discovered performance issues or security holes in your system are always suspect. Do not click any links or buttons on these ads.

Do not submit information on web forms if you are not certain of the reason for submitting it.
If you are unsure of any request for information you find on a website, verify the source of and justification for the request before you submit anything. This is especially important when you are asked to provide financial or private identity information such as social security numbers. Be especially cautious at certain time of the year such as tax season or the holiday shopping season, as these are prime times for financial and identity scams.