Nicolet Federated Library System
  • Home
  • Libraries
    • Employment Opportunities
  • Online Resources
    • Beanstack Library Reading Challenges
    • Digital Libraries
      • Wisconsin's Digital Library
      • Wisconsin's Online Library: BadgerLink
        • BadgerLink Resource Guide for Public Libraries
    • Library Catalogs
      • InfoSoup Library Catalog
      • Brown County Library Catalog
    • Wisconsin State Documents
      • Wisconsin Digital Archives
      • Wisconsin Legislative Reference Bureau Digital Collections
      • Wisconsin State Government Web Archives
  • Library Services
    • Inclusive Services
    • Youth Services
  • Trustees
  • About
    • NFLS Staff
  • Blog
  • Home
  • Libraries
    • Employment Opportunities
  • Online Resources
    • Beanstack Library Reading Challenges
    • Digital Libraries
      • Wisconsin's Digital Library
      • Wisconsin's Online Library: BadgerLink
        • BadgerLink Resource Guide for Public Libraries
    • Library Catalogs
      • InfoSoup Library Catalog
      • Brown County Library Catalog
    • Wisconsin State Documents
      • Wisconsin Digital Archives
      • Wisconsin Legislative Reference Bureau Digital Collections
      • Wisconsin State Government Web Archives
  • Library Services
    • Inclusive Services
    • Youth Services
  • Trustees
  • About
    • NFLS Staff
  • Blog
Search

How to Browse the Internet Safely at Work (by Jovi Umawing at Malwarebytes LABS)

2/28/2019

0 Comments

 
Picture
This is a great post on internet safety, something that affects us all at home and work.  We must all remain vigilant to protect our staff and patrons, as well as ourselves.

-  John Kronenburg, NFLS IT Coordinator 

This Safer Internet Day, we teamed up with ethical hacking and web application security company Detectify to provide security tips for both workplace Internet users and web developers. This article is aimed at employees of all levels. If you’re a programmer looking to create secure websites, visit Detectify’s blog to read their guide to HTTP security headers for web developers.

More and more businesses are becoming security and privacy conscious as, they should be. When in years past, IT departments’ pleas for a bigger cybersecurity budget fell on deaf ears, this year, things have started looking up. Indeed, there is nothing quite like a lengthening string of security breaches to grab people’s—and executives’—attention.

Purely reacting to events is a bad terrible approach, and organizations who handle and store sensitive client information have learned this the hard way. It not only puts businesses in constant firefighting mode, but is also a sign that their current cybersecurity posture may be inadequate and in need of proper assessment and improvement.

Part of improving an organization’s cybersecurity posture has to do with increasing its employees’ awareness. Being their first line of defense, it’s only logical to educate users about cybersecurity best practices, as well as the latest threats and trends. In addition, by providing users with a set of standards to adhere to, and maintaining those standards, organizations can create an intentional culture of security.
​
Developing these training regimens requires a lot of time, effort, and perhaps a metaphorical arm and a leg. Do not be discouraged. Companies can start improving their security posture now by sharing with employees a helpful and handy guide on how to safely browse the Internet at work, whether on a desktop, laptop, or mobile phone.

Safe Internet browsing at work: a guideline

Take note that some of what’s listed below may already be in your company’s Employee Internet Security Policy, but in case you don’t have such a policy in place (yet), the list below is a good starting point.

Make sure that your browser(s) installed on your work machine are up-to-date. The IT department may be responsible for updating employee operating systems (OSes) on remote and in-house devices, as well as other business-critical software. It may not be their job, however, to update software you’ve installed yourself, such as your preferred browser. The number one rule when browsing the Internet is to make sure that your browser is up-to-date. Threats such as malicious websites, malvertising, and exploit kits can find their way through vulnerabilities that out-of-date browsers leave behind.

While you’re at it, updating other software on your work devices keeps browser-based threats from finding other ways onto your system. If IT doesn’t already cover this, update your file-compressor, anti-malware program, productivity apps, and even media players. It’s a tedious and often time-consuming task, but—shall we say—updating is part of owning software. You can use a software updater program to make the ordeal more manageable. Just don’t forget to update your updater, too.

If you have software programs you no longer use or need, uninstall them. Let’s be practical: There’s really no reason to keep software if you’ve stopped using it or if it’s just part of bloatware that came with your computer. It’s also likely that, since you’re not using that software, it’s incredibly outdated, making it an easy avenue for the bad guys to exploit. So do yourself a favor and get rid. That’s one less program to update.

Know thy browser and make the most of its features. Modern-day browsers like Brave, Vivaldi, and Microsoft Edge have launched quite a bit differently than their predecessors. Other than their appealing customization schemes, they also boast of being secure (or private) by default. By contrast, browsers that have been around for a long time continue to improve on these aspects, as well as their versatility and performance.

Regardless of which browser you use, make it a point to review its settings (if you haven’t already) and configure them with security and privacy in mind. The US-CERT has more detailed information on how to secure browsers, which you can read through here.

Refrain from visiting sites that your colleagues or boss would frown upon if they look over your shoulder. Most employees know that visiting and navigating to sites that are not safe for work (NSFW) is a no-no, but they still do it. Trouble is, not only does this welcome malware and other threats that target visitors of such sites, but it could also result in being—rightfully or not—accused of sexual harassment. Browsing sites of a pornographic nature could make coworkers incredibly uncomfortable, and if this behavior is generally tolerated by the brass, it could result in the company becoming the subject of a hostile environment claim. So if hackers don’t scare you, maybe a lawsuit will.

Use a password manager. It may sound like this advice is out of place, but we include it for a reason. Password managers don’t just store a multitude of passwords and keep them safe. They can also stop your browser from pre-filling fields on seemingly legitimate, but ultimately malicious sites, making it an unlikely protector against phishing attempts. So the next time you receive an email from your “bank” telling you there’s a breach and you have to update your password, and your password manager refuses to pre-fill that information, scrutinize the URL in the address bar carefully. You might be on a site you don’t want to be on.

Consider installing apps that act as another layer of protection. There is a trove of fantastic browser apps out there that a privacy- and security-conscious employee can greatly benefit from. Ad blockers, for instance, can strip out ads on sites that have been used by malicious actors before in malvertising campaigns. Tracker blockers allow one to block trackers on sites that monitor their behavior and gather information about them without their consent. Script blockers disable or prevent the execution of browser scripts, which criminals can misuse. Other apps, such as HTTPS Everywhere, force one’s browser to direct users to available HTTPS versions of websites.
​

Consider sandboxing. A sandbox is software that emulates an environment where one can browse the Internet and run programs independently from the actual endpoint. It’s typically used for testing and analyzing files to check if they’re safe to deploy and run.

We’re not saying that employees should know how to analyze files (although kudos if you can). Only that employees who normally open attachments from their personal emails, stumble into sites that may be deemed sketchy at best, or want to check out programs from third-party vendors do so in a safe setup that is isolated from their office network. Here is a list of free sandbox software you can read more about if you’re interested in trying one out.

Assume you are a target. Not many employees would like to admit this. In fact, it may not have crossed their minds until now. A lot of small businesses, for example, would like to think that they cannot be targets of cyberattacks because criminals wouldn’t go after “the little guy.” But various surveys, intelligence, and research tell a different story.

Employees need to change their thinking. Each time we go online at work, whether for valid reasons or not, we are putting our companies at risk. So we must take the initiative to browse safely, adopt cybersecurity best practices, and embrace training sessions with open minds. Realize that a lot is at stake in the office environment, and a single mouse click on a bad link could bring down an entire business. Do you want to be the person responsible?

We’re all in this together
​
When it comes to preventing online threats from infiltrating your organization’s network and keeping sensitive company and client data secure, it is true that they are no longer just IT concerns. Cybersecurity and privacy are and should be every employee’s concern—from the rank-and-file up to the managerial and executive level.

Indeed, no one should be exempted from continuous cybersecurity training, nor should high-ranking officials go on thinking that company policies don’t apply to them. If every employee can adhere to the simple guideline above, we believe that organizations of all sizes are already in a better security posture than before. This is just the first step, however. There is still the need for organizations to assess their cybersecurity and privacy needs, so they can effectively invest in tools and services that help better secure their unique work environment. Whatever changes they choose to implement that require employee participation, IT and high-ranking work officials must ensure that everyone is in it together.

Stay safe!

Original post here
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    NFLS Blog


    Categories

    All
    Adult Services
    ALA
    ARSL
    Continuing Education
    CSLP
    Employment Opportunities
    Grants / Scholarships
    Inclusive Services
    InfoSoup
    LAWDS
    Marketing
    NEWI
    News Releases
    NFLS News
    Nic News Weekly
    PLA
    Summer Library Programs
    Technology
    WI DPI
    WiLS
    WiscNet
    WISL
    WLA
    WPLC
    Youth Services

    Programming & Resources

    Archives

    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    November 2018
    December 2017
    October 2017
    July 2017
    May 2017

    Pre-2019 Archives:
    Tech Bits Archive

    RSS Feed

Home
Libraries
Employment Opportunities

​Online Resources
Beanstack library reading challenges
Wisconsin's Public Library Consortium digital library

Wisconsin's online resources: BadgerLink
Brown County Library online catalog
InfoSoup libraries online catalog
Vertical Divider
Library Services
Continuing education​​
​Cricut maker
Digitization kits
Ellison dies
​Grants
​Helpful sites & abbreviations
​​Homework hotspot labs​​
​Inclusive Services resources
​​Interlibrary Loan & Delivery

Vertical Divider
Intertype library services
​​Librarians' advisory committee meetings
​​Marketing resources
NFLS newsletters
OWLSnet
​
​Programming & resources (blog)
​​Tech support
​​Travel & expenses

Workforce Development resources
Youth Services resources
Vertical Divider
​Trustees
Board members
Board meetings
Trustee resources
Meetings archive

About
About NFLS
​NFLS staff

Blog
return to homepage
Nicolet Federated Library System
1595 Allouez Avenue, Suite 4, Green Bay, WI 54311
Email: nic@nflsoffice.org
​
Phone:
 920-448-4410
​Fax: 920-448-4420
Staff Hours: Weekdays, 8:00 a.m. - 4:30 p.m.
Visitor Hours: By Appointment Only
Accessibility Statement
​​Office 365 Email Login
© Nicolet Federated Library System
  • Home
  • Libraries
    • Employment Opportunities
  • Online Resources
    • Beanstack Library Reading Challenges
    • Digital Libraries
      • Wisconsin's Digital Library
      • Wisconsin's Online Library: BadgerLink
        • BadgerLink Resource Guide for Public Libraries
    • Library Catalogs
      • InfoSoup Library Catalog
      • Brown County Library Catalog
    • Wisconsin State Documents
      • Wisconsin Digital Archives
      • Wisconsin Legislative Reference Bureau Digital Collections
      • Wisconsin State Government Web Archives
  • Library Services
    • Inclusive Services
    • Youth Services
  • Trustees
  • About
    • NFLS Staff
  • Blog