Still looking for the right New Year’s Resolution? We’ve got one for you: develop secure web browsing habits. Given the range of threats facing Internet users today, it is critical that users learn to protect themselves while browsing the web. Our second post in our “Cybersecurity 101” series offers our recommendations for browsing the Internet safely.

Best Practices for Secure Browsing

There are several habits that you should develop to improve the security of your online activities. While the following list may seem like a lot to manage, most of these recommendations are simple and following them will significantly bolster your browsing security.

  • Keep your browser software up-to-date: This is crucial, as new patches are often released to fix existing vulnerabilities in browser software. This recommendation doesn’t apply solely to browser software – it is critical to keep operating system software and any other software you have up-to-date for the same reason.
  • Run anti-virus software: Anti-virus software provides protection by scanning for and removing malicious files on your computer. There are many excellent options for virus protection software (both paid and free), so it is up to you to do a little research and select a program that best fits your needs.
  • Scan files before downloading: It is important to avoid downloading anything until you’re confident that it is secure. If you have any suspicion that a file may not be legitimate or may be infected, scan it with antivirus software before downloading.
  • Watch out for phishing: Phishing attacks use online communications (usually email) to trick users into giving out their sensitive information. Often times these messages appear to be from banks, social media sites, shopping sites, or payment processers. Phishing messages frequently contain links that lead to counterfeit versions of popular sites. You can avoid falling victim to phishing schemes by ignoring unsolicited messages and not clicking on hyperlinks or attachments in emails (type or copy/paste the URL as it appears instead).
  • Don’t reuse passwords: Using the same password for multiple sites only makes it easier for attackers to compromise your sensitive information. Instead, keep track of your different passwords with a handwritten list that you keep in a safe place or come up with your own algorithm for creating unique passwords that only you would know. It is also recommended that you change your passwords every 90 days.
  • Use HTTPS: The “s” in “https” stands for secure, meaning that the website is employing SSL encryption. Check for an “https:” or a padlock icon in your browser’s URL bar to verify that a site is secure before entering any personal information.
  • Read privacy policies: Websites’ privacy policies and user agreements should provide details as to how your information is being collected and protected as well as how that site tracks your online activity. Websites that don’t provide this information in their policies should generally be avoided.
  • Regularly monitor your bank statements: Keeping an eye on your online statements will allow you to react quickly in the event that your account has been compromised.
  • Avoid public or free Wi-Fi: Attackers often use wireless sniffers to steal users’ information as it is sent over unprotected networks. The best way to protect yourself from this is to avoid using these networks altogether.
  • Disable stored passwords: Nearly all browsers and many websites in general offer to remember your passwords for future use. Enabling this feature stores your passwords in one location on your computer, making them easier for an attacker to discover if your system gets compromised. If you have this feature enabled, disable it and clear your stored passwords.
  • Turn on your browser’s popup blocker: Popup blocking is now a standard browser feature and should be enabled any time you are surfing the web. If it must be disabled for a specific program, turn it back on as soon as that activity is complete.

Following these 11 tips will go a long way in protecting you from attackers, malware, and many of the other threats that we all face online - now that’s a resolution worth keeping! Keep an eye out for our next “Cybersecurity 101” post on configuring security settings for today’s most popular browsers, including Chrome, Firefox, Internet Explorer, and Safari. Happy New Year all!

Cybersecurity 101 Series

About Nate Lord

Nate joined Veracode as a marketing specialist in early 2012. He is one of Veracode’s first co-ops from Northeastern University, where he is majoring in entrepreneurship and new venture management while minoring in music. He has various responsibilities at Veracode, including blogging, SEO, and infographic design.

Comments (6)

Dave | January 22, 2013 11:06 am

Nate, I'm a little confused. How do I create a unique, secure password for about the 40-50 sites I use that need them, change those passwords every 90 days, don't re-use any of my secure passwords and not store them anywhere but a piece of paper? For the longest time, we've told people to not store passwords on a Post-It under the keyboard. I know that's not what you said, but it's what this will become. If I have to refer to my sheet of 50 passwords all the time, it's not like I'm going to put it back in a locked cabinet every time I use it.

We need to find a balance between "secure" and "usable".

Thank you.

Neil | January 22, 2013 11:53 am

Dave - You're absolutely right we need to find a balance between secure and usable and it seems more and more likely that balance won't come from passwords (at least not alone.)

In the case of 40-50 passwords we would recommend a program like <a href="" target="blank" rel="nofollow">Password Gorilla</a>.

While not quite as "secure" as keeping a handwritten list, we love it as a "secure enough" alternative.

Jarmo | January 23, 2013 12:01 pm is a better safe for passwords than a piece of paper. You need then only one password of your safe! Consider using another browser for money operations. Consider using another browser than MS IE, perhaps google chrome or Firefox. Consider uninstalling Oracle's Java or deactivate it at least. Consider not using Flash plugin. Create a separate user account for children or for less critical things or buy a separate PC or iPad for playing. Consider using another OS instead of MS Windows, e.g. Apple OS X10.8 or Linux Ubuntu. maybe a safer search engine than the plain Google search.

Bruce Baker, CISSP | March 14, 2013 1:42 pm

Great advice. Not always easy to implement but users must learn to protect themselves.


GS&F | September 9, 2013 12:43 pm

I agree with most everything listed except for the avoid free or public wifi. Although some attackers use this portal I don't think you can really avoid it nowadays. I think if you do everything else on the list then you can still take advantage of the wifi and everything. Otherwise good writeup.

Santhosh | December 8, 2013 1:32 am


Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu