Cybersecurity Spotlight – Secure Web Browsing
What it is:
- Extensions are software programs that allow you to customize the browsing experience. These programs, built using website code, typically serve a single purpose, and vary widely. They include things like ad blockers and embedded video conferencing functionality.
- Cookies are files placed on a system to store data for specific websites, often used to uniquely identify the computer visiting the website. Some viruses and malware disguise themselves as cookies or exploit cookie tracking capabilities.
- Browser Cache is a temporary storage area in a computer’s memory or disk that saves information from a web page, allowing you to quickly re-visit a website without having to download the information again.
- Private Browsing is a feature offered by web browsers that does not retain temporary browsing data, such as cookies. Some versions of private browsing offer tracking protection and disguise a user’s location. However, private browsing does not completely protect a user’s privacy, nor does it offer complete data security.
- Password managers, which are incorporated into most modern browsers, save your login information for multiple websites. Password managers built into browsers, as opposed to third party options, are not recommended as a security best practice as they are not all programmed to store password information securely.
- Automatic downloads can improve user experience by simplifying the process of
- downloading something to your device, but can also serve as means for malicious actors
- to quickly infect a system. These features can improve a user’s browsing experience, but they also offer malicious actors an opening to a user’s system if they are not sufficiently guarded, or if there are known vulnerabilities that are not patched.
Why it matters:
- A malicious web page to drop malware or spyware into the browser,
- Exploitation of features such as cookies to track users or otherwise compromise a system,
- Theft of information tnsferred through a browser, such as banking information or sensitive voter information, and
- Theft of private information that has been stored in a browser’s cache.
What you can do:
- Disabling automatic downloads and requiring users to acknowledge a pop-up prompt before allowing a download.
- Limiting or tracking which extensions are running in a browser, and ensuring they only come from trusted parties.
- Exploring the use of a virtual machine (VM) or sandbox as a way to securely browse the web while reducing the risk of a system-wide compromise.
- Some major web browsers have a sandbox – an area separated from the rest of the computer – that users can run while browsing the web to reduce the risk to the broader system.
- Having employees use a Virtual Private Network (VPN) for privacy or encryption.
- Implementing a patch management program to limit the chance of an exploit, as well as the principle of least privilege to reduce what a malicious actor is able to access.
- Reminding users not to trust redirects or links as they can be shown as one thing, but the code itself can redirect to an entirely different website or document.
Spotlights provide election officials with an overview of common cybersecurity topics, and how they relate to election infrastructure security. Please reach out to firstname.lastname@example.org to request a topic.