Respect the Browser – Security Awareness Recommendations

Security awareness training usually incorporates web security topics. The message needs to be brief and relevant to non-techies, so they will pay attention. Consider focusing the audience’s attention on the browser—a tool that, for most people, personifies the web both at home and at work.

The title of this list was inspired by the Respect the Escalator safety poster I saw in the New York City Subway: Respect the Browser.

  • Watch the typos. Use bookmarks for the websites you visit frequently to avoid arriving at copycat or otherwise malicious sites (in other words, paypal.com is very different from pajpal.com).
  • Patch the software. Configure the browser and its add-ons, such as Flash and PDF reader, to automatically download install security updates.
  • Use encryption. Make sure that the website address starts with HTTPS when sending sensitive data to protect it from being intercepted.
  • Log out. To end a session with a sensitive website where you needed to log in, click the log out button. Simply closing the browser window might not be enough.
  • Beware of public computers. Avoid accessing sensitive data when logging in from public systems, such as library PCs or Internet kiosks. They might be infected.
  • Protect the browser. Use anti-virus software with features that include a browser security modules to block web exploits and flag malicious links.

If you could only share 6 brief web safety recommendations with non-technical computer users, how similar would your list be to mine?

Lenny Zeltser

Updated

About the Author

I design practical security solutions and shepherd them to a sustainable state. I used to be hands-on in many areas of cybersecurity and IT. Now I focus on strategy and leadership, treating security as an enabler that helps people and companies achieve their goals. As the CISO of Axonius, I lead the security program to earn customers' trust and fuel the company's growth. Earlier, I built security products and services. I'm also a Faculty Fellow at SANS Institute, where I help professionals develop malware analysis skills.

Learn more