Gretel Egan | March 25, 2015

Risky Business: Unsafe Web Browsing

Last updated: January 16, 2019

Wombat_SaferBrowsing20151

The sad fact of web browsing is that dangers lurk around every virtual corner. From imposter websites to bogus pop-up windows to malware-laden ads and downloads, browsing sessions can be hazardous to your business. Even with advancements in browser security and antivirus (AV) software, web-borne incidents continue to trouble organizations and individuals alike — primarily because attackers have shifted their focus to people rather than technical weakness.

The Q3 2018 Quarterly Threat Report from Proofpoint emphasizes this trend. Threat intelligence gathered by researchers indicates that, "Web-based threats have shifted almost entirely away from exploit kits to social engineering schemes." Of particular concern is the surge in phony AV and plugins, which appeared more than twice as often in Q3 as in Q2, and more than 20 times as often as in Q1 2018. In these situations, unsuspecting end users are presented with "fake antivirus notifications and fake software updates that lead to malware downloads, phishing landing pages, and more."

And these are just some of the dangers that surfers will encounter online.

color_bar.png

View an on-demand demo of our security awareness training tools.

View Demo

color_bar.png

Three Better Browsing Behaviors to Share With Your Employees

Operator error is the source of many cybersecurity risks in the workplace and beyond. We strongly believe that increasing awareness and teaching employees how to recognize and change poor behaviors is essential to reducing risk. Here are three pieces of advice we discuss in our Safer Web Browsing interactive training module:

  • Get to know your browser’s security features – Automatic browser updates are likely to be used by most (if not all) IT departments, and this is a great way to ensure that users’ browsers always reflect the latest security patches and bug fixes. It’s also critical that work and personal browsers be set to use the most advanced security settings, which doesn’t happen by default. Different browsers offer different safeguards, and it’s a good idea for users to understand how their browsers implement security features. (An important side note from a policy perspective: If your IT group defines security settings, employees should be instructed not to make changes or enable/disable non-sanctioned functionality. Convenience features like auto-complete and password storage can make logins quick and easy but can considerably weaken security on individual devices.)
  • Avoid unsolicited pop-up windows – Most browsers effectively block dangerous pop-up windows, but they aren’t foolproof. Random ad, warnings of viruses, and prompts to download special plug-ins or initiate scans must be treated with extreme caution — even if these items appear on trusted sites. The safest rule of thumb is not to interact with these windows; if possible, they should be closed from the task tray, by using the “Esc” button, or via some other option that does not require the user to click any buttons within the pop-up, including the X to close. Should the X be the only option, users should stay alert to any triggers within their browser that follow the click (e.g., being routed to a new website or being asked to install a new application).
  • Never download pirated content – There are a plethora of sites that distribute pirated content. Not only are these downloads illegal, they are extremely dangerous. Hackers know how tempting these files are; unsuspecting users are all too happy to nab free downloads of unreleased movies, music, and premium software titles that would normally cost a fee to access. Unfortunately, these files often have malware along for the ride. The bottom line is that pirated content is never safe to use.

Subscribe to Our Blog

2018 State of the Phish Report  Protect your organization from phishing attacks. Download Now
2018 Beyond the Phish Report  Protect your organization from threats including and beyond phishing. Download Now