Security for free: Don't let staff download files

Turn off some browser settings and change the supplier's defaults

Turn off some browser settings and change the supplier's defaults

The greatest danger of Web browsing at work is the hazard posed by the download and execution of unvalidated programmes.

These range from scripts embedded in Web pages to screen savers and utilities obtained from plausible but unverifiable sources.

Web browsers generally have a sophisticated set of security options in both set-up and configuration. Most people, even in the corporate environment, do not use them though, and the default configuration is generally pretty wide open.

Work out the minimum facilities you need, and limit the browser to just those. For example, most Web users do not need file download for work, only for play; no one needs auto-update of the browser or font download, so turn them off. You should seriously consider whether you really need Javascript and Active-X, as these are widely exploited.

"Our intranet uses them" is not an adequate justification. And if you are using Internet Explorer, be aware that there is a hidden "my computer" security zone which is pretty lax by default. You can only manage it using a special admin tool, but you should definitely get this and use it, as it is potentially hazardous to leave this zone set on defaults.

Learn about your browser, find out about its security options, and define a minimum required set of facilities for your business needs. You do not have to study technical threats in detail. A huge difference can be made just by turning off everything you don't actually require.

Then create and enforce a browser configuration policy to keep all your browsers tuned for greater safety, and make it stick by training your users about the risks.

Mike Barwise is a consultant at

Read more on Antivirus, firewall and IDS products