Safe browsing tips
How to protect your sensitive information when browsing the Internet
The web browser is your window to the Internet. Unfortunately, it is also the Internet's window to you! Learn how to put a curtain on that window through these safe browsing tips.A safe browsing strategy
Your web browser keeps a record of the information that you type into it as you interact with various websites. It also keeps track of your browsing history. As it accumulates more and more information about you, your browser is turning into a treasure trove that is a tempting target for thieves.Cyber criminals can steal your information in several ways: (a) by copying it from your computer, smartphone or tablet, (b) by intercepting it as it travels through the Internet, and (c) by copying it from the websites that you interact with. Here is a safe browsing strategy that covers those points of attack:
- Reduce the information kept by your browser
- Keep your computer, smartphone and tablet malware-free
- Use an encrypted connection
- Don't land on a fake website
- Minimize your exposure
Reduce the information kept by your web browser
Clear your browsing data
Delete the passwords that you have allowed your browser to memorize. Here's what happened to someone who didn't.You can also clear other browsing-related data and tell your browser to never save your passwords. Tap here to see how it's done in the Chrome browser. For Safari on iOS, launch Settings on your iPhone or iPad, tap "Safari," then tap "Passwords" and then delete the saved passwords one by one. To clear Safari's history and cookies, scroll further down and tap "Clear History and Website Data."
Unfortunately, I am unable to include here the procedure for every browser and device. Please google the procedure for yours. For example, try googling "how to clear browsing data in FireFox on Android" or "how to delete saved passwords in Internet Explorer."
Use "private browsing" mode
Before typing anything into a browser, set it to private browsing mode. Here's how to do it for Chrome. For other browsers, please google the procedure by typing something like, "how to do private browsing in Safari."Private browsing mode is also called Private Tab, InPrivate Browsing and other names.
When in private browsing mode, the browser does not keep a record of the websites that you visit nor store their "cookies."
Note that private browsing mode will not prevent search engines, websites and corporate networks from recording your browsing activity. So always keep your guard up when using your browser.
In most browsers, you will have to choose private browsing mode every time you open a new browser window. If you prefer a browser that's always in private mode, there's Duckduckgo's browser and Firefox Focus.
Keep your computer, smartphone and tablet malware-free
Information thieves use various methods to slip their malware into your computing devices. The malware helps them to steal and/or delete your data, spy on you or do other unpleasant things. Here's how to stay malware-free.
- Stick to established, well-supported web browsers like Chrome, Safari, Edge, FireFox, Opera and Duckduckgo.
- Do not allow add-ons such as extensions and plugins to be installed in your browser unless absolutely necessary. When new toolbars, icons and menu items appear on your browser, check for newly installed add-ons. Check your browser regularly and delete the add-ons that you do not need anymore. To understand what browser add-ons are and how dangerous they can be, please visit this page.
- Ensure that Google Safe Browsing or SmartScreen is turned on in your browser settings. Avoid websites that it flags as unsafe.
- Learn how to recognize and handle malware-carrying emails.. Opening the attached files or clicking the links in them can cause malware to be downloaded into your device.
- Download apps only from trusted sources such as Google Play and Apple's App Store. Download PC apps only from reputable websites.
- Install only apps verified by Google Play Protect into your Android device.
- Ensure that the antivirus of your Windows and Android devices are updated and scanning your devices daily. Also, do a scan before doing any online banking or shopping.
- Chrome browser users can get help on removing unwanted pop-ups, ads and malware here.
- If you are unable to fix a virus or any other security problem, stop using your device and get expert help.
How to deal with pop-up windows
Be very careful with the windows that pop into view as you browse a website. Watch out for fake pop-ups that masquerade as legitimate messages or prompts. They often try to pressure or scare you into clicking a button or entering sensitive information. For example, the pop-up will inform you that your computer has been infected with malware and tell you to immediately click a button to download an antivirus. Don't type or click anything on the pop up—not even the Close or X icon. On your PC, launch Task Manager and use it to close the whole browser. On your Android smartphone, tap the Recents button and close the browser. On your iPhone or iPad, tap the Home key twice and close the browser.
You can tell your browser whether to block or allow pop-ups from specific websites. Here's how for Chrome. For other browsers, please google the procedure by typing something like, "how to manage pop-ups in Safari."
Use an encrypted connection
The rule is to not type any sensitive information into the browser if any part of the connection is not encrypted.
If you have no choice but to use a public WiFi, here are some safety guidelines:
Do not input sensitive information into non-https web pages
Before typing any sensitive information into your browser, make sure that its connection to the website is encrypted. Inspect the address bar of your browser (it is where you type in the name or address of the website that you want to visit). The connection is encrypted if you see a padlock icon and the address or URL starts with https instead of http.Avoid public WiFi...
Avoid using the public WiFi offered in coffee shops, malls, train stations and such. Many of them do not even require a password, so set your computer, smartphone and tablet to not connect automatically to these "open" networks.If you have no choice but to use a public WiFi, here are some safety guidelines:
- Before connecting to a public WiFi, turn off file sharing or make your computer invisible on the network. Here are the procedures for certain versions of Windows and Mac.
- Don't enter your username, password or other sensitive information into your browser unless you are sure that its connection to the website is encrypted (i.e., you see https and a padlock on the address bar).
- Unless you are sure that a smartphone app uses end-to-end encryption, don't use it while you are connected to a public WiFi. The use (or non-use) of encryption by some popular smartphone apps can be found here.
...or use a VPN
VPN stands for "Virtual Private Network." It makes all the apps on your smartphone safe to use on a public WiFi.For more on VPNs and how to get one, click here. For a comparison between https and VPN, click here.
Don't land on a fake website
If your browser lands on a fake website, all the information that you type into it will go straight to the information thieves. Here's how ensure you're on a genuine website:
- Type the correct address of the website you want to visit into your browser's address bar. For example, PayPal's correct web address is https://www.paypal.com. To visit PayPal's website, always type this exact address into your browser. Before hitting "Go" or "Enter," inspect every character and symbol in the address.
- Before typing or clicking anything on the website that you landed on, make sure it's the genuine site. Is the correct web address displayed on the browser's address bar? Is there anything that seems out of place, like grammatical mistakes or outdated images? If you have any doubt, play it safe: disconnect from the Internet, close the browser and scan your device for malware.
- Do not click any link in an email, document or webpage from an untrusted source.
Minimize your exposure
Make your information obsolete, if possible
Unfortunately, you cannot take back the information that you have already sent to a website. This information puts you at risk until it becomes obsolete.You can hasten the obsolescence of some of your sensitive information. For example, you can ask your credit card issuer to replace the credit card that you have used in too many online shopping sites.
Disclose as little information as possible
Validate all requests for information and find ways to avoid disclosing non-expiring or very sensitive information, such as your social security number, passport number, bank account number, and credit card information. Here are some tips:
When you are prompted by a website to provide information about yourself, ask yourself why they want it. For example, why do they need to know your social security number? Do they really need it to help you accomplish your objective? Is the organization that runs the website worthy of your trust? Is the risk worth the reward? If not, then back away.
Avoid or minimize risk
If you are faced with a valid request for information, your next task is to minimize your risk by:
Validate the request
When you are prompted by a website to provide information about yourself, ask yourself why they want it. For example, why do they need to know your social security number? Do they really need it to help you accomplish your objective? Is the organization that runs the website worthy of your trust? Is the risk worth the reward? If not, then back away.
Avoid or minimize risk
If you are faced with a valid request for information, your next task is to minimize your risk by:
- Providing information that carries the least risk, or information that you can easily replace.
- Giving as little information as possible.
- Avoid using your credit card online. Instead, use safer alternatives such as PayPal or a virtual credit card.
- If you can only pay with a credit card and you have two of more of them, use the one with the lowest credit limit.
- For online payments, use your credit card instead of your debit card or bank account.
- When filling up an online form, do not fill up the fields that are not mandatory.
- Do not use your real personal information when enrolling in mailing lists, gaming sites, discussion forums and the like. Create an alter-ego of yourself for such sites. Give your alter-ego its own email account.
Additional Reading
For more safety tips, visit the following sites:US-CERT
Comments
Post a Comment