Security for free: Don't let staff download files

Opinion

Security for free: Don't let staff download files

Turn off some browser settings and change the supplier's defaults

The greatest danger of Web browsing at work is the hazard posed by the download and execution of unvalidated programmes.

These range from scripts embedded in Web pages to screen savers and utilities obtained from plausible but unverifiable sources.

Web browsers generally have a sophisticated set of security options in both set-up and configuration. Most people, even in the corporate environment, do not use them though, and the default configuration is generally pretty wide open.

Work out the minimum facilities you need, and limit the browser to just those. For example, most Web users do not need file download for work, only for play; no one needs auto-update of the browser or font download, so turn them off. You should seriously consider whether you really need Javascript and Active-X, as these are widely exploited.

"Our intranet uses them" is not an adequate justification. And if you are using Internet Explorer, be aware that there is a hidden "my computer" security zone which is pretty lax by default. You can only manage it using a special admin tool, but you should definitely get this and use it, as it is potentially hazardous to leave this zone set on defaults.

Learn about your browser, find out about its security options, and define a minimum required set of facilities for your business needs. You do not have to study technical threats in detail. A huge difference can be made just by turning off everything you don't actually require.

Then create and enforce a browser configuration policy to keep all your browsers tuned for greater safety, and make it stick by training your users about the risks.

Mike Barwise is a consultant at www.ComputerSecurityAwareness.com

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in July 2002

 

COMMENTS powered by Disqus  //  Commenting policy