11 steps to reduce the risk of web attacks

Here’s the follow-up to the last blog on how to reduce the risk of web attacks.

  1. Keep systems fully up to date and patched—including the operating system, web browsers, browser plugins, media players, PDF readers and other applications
  2. The more varied your platforms and software are, the more opportunities you present to the hackers to exploit, and the more likely they are to find a vulnerability in an unpatched application. Standardize on a core set of minimal applications for interacting with the web. Enforce a policy that all users must access the internet with a common set of tools that meets the minimum requirements: includes browser, PDF reader, media player, plug-ins, add-ons and toolbars
  3. Configure your browsers to ensure they are not installing plugins, add-ons, ActiveX controls and toolbars without at least a prompt
  4. Check that your browser is blocking third-party cookies
  5. Autocomplete or autofill is a feature in many browsers that stores information you recently typed, such as search terms, recently visited websites and your personal information (e.g., name, email, address, phone) in the interest of saving keystrokes. Consider carefully the risks of using this feature as the time you save may increase your vulnerability to attacks
  6. ActiveX controls, plugins, browser helper objects (BHOs) and toolbars are all examples of browser add-ons. It’s imperative to restrict add-ons to an absolute minimum in order to reduce your threat surface area for exploits
  7. Users operating remotely, at home or at a Wi-Fi hotspot should ensure their browser content filters are enabled. Most popular browsers offer at least a basic phishing and/or malware site database that can help provide protection from the most ubiquitous threats. Make sure you enable these filters on your browser
  8. Popups are not only annoying resource hogs, but they also can pose a security risk by either hosting embedded malware directly, or trying to lure users into clicking on something using a well-known social engineering trick. For example, some popups can be ingeniously crafted to look like Windows dialog boxes, and the mere act of clicking the “X” to close the box can instigate a malware attack. Ensure your selected browser has popup blocking enabled
  9. Use long passwords. The more characters they contain, the more secure they are. Include numbers, symbols, and upper-and lowercase characters
  10. Change passwords frequently
  11. A proper web security solution is a vital component of an overall strategy for safeguarding your organization from modern web threats. It will reduce your threat exposure by limiting users’ surfing activity to website categories relevant to their work, or at least help them avoid the dirty dozen categories (adult, gambling, etc.) that are a breeding ground for malware. Make sure you have the right solution selected for your organization.