Security awareness training usually incorporates web security topics. The message needs to be brief and relevant to non-techies, so they will pay attention. Consider focusing the audience’s attention on the browser—a tool that, for most people, personifies the web both at home and at work.
The title of this list was inspired by the Respect the Escalator safety poster I saw in the New York City Subway: Respect the Browser.
- Watch the typos. Use bookmarks for the websites you visit frequently to avoid arriving at copycat or otherwise malicious sites (in other words, paypal.com is very different from pajpal.com).
- Patch the software. Configure the browser and its add-ons, such as Flash and PDF reader, to automatically download install security updates.
- Use encryption. Make sure that the website address starts with HTTPS when sending sensitive data to protect it from being intercepted.
- Log out. To end a session with a sensitive website where you needed to log in, click the log out button. Simply closing the browser window might not be enough.
- Beware of public computers. Avoid accessing sensitive data when logging in from public systems, such as library PCs or Internet kiosks. They might be infected.
- Protect the browser. Use anti-virus software with features that include a browser security modules to block web exploits and flag malicious links.
If you could only share 6 brief web safety recommendations with non-technical computer users, how similar would your list be to mine?