As with email, there are good practices to follow so that infection risk is minimized. Browsers are complex programs which can literally run software themselves – good and bad. Criminals know this and will do anything they can to entice people to visit sites that automatically install malware, or to get visitors to click on links with the same results.
Tips to keep in mind include:
- Use https sites, rather than http, whenever possible. Browsers may hide this, but you can sometimes hover over the address to make sure. This does not prevent malware by itself – criminals can easily register their own https sites. But it does help prevent eavesdroppers monitoring traffic between a user and a legitimate remote site.
- The browser address bar may also display a lock symbol. If it is showing as unlocked, be careful as it can signify an unsafe site. But the mere presence of a locked symbol does not guarantee safety.
- Only download software from reputable sources. The app stores offered by Android, Apple and Microsoft are usually safe, but even they have been compromised on occasion.
- Avoid sites which are not well-known and reputable, particularly on a machine containing work and client information. Remember that clicking a link on any page potentially allows a broad range of permissions over a system, and it is easy for criminals to take advantage of this power. Sites which offer pornography, file sharing, or other free items are particularly popular vectors and must be avoided, or at least approached with extreme caution. Some offices will configure firewalls to filter, or blacklist, certain sites that may be risky.
- If a pop-up window appears when visiting a site or clicking on a link, pay attention. Sometimes this might be a legitimate program or system warning, but malware often tries to scare the user into doing or clicking on something. In extreme cases, one can shut down the computer, or close the browser although it might still reappear when restarted.
- If doing very sensitive work, consider using a computer which is highly locked down and employs tightly-restricted user rights to avoid infection.
- Be extremely careful with financial sites like banks. While convenient, online banking is susceptible to hacks and the risks may be too high. If one must access banking information on the Internet, consider locking the site’s permissions to read-only access which minimizes a hack that can remove funds.