///////////////////////////////////////////////////////////////////////////////////////////
FINAL WORD
“
An attacker can harvest information over time to build a dangerous
picture about a user’s activity (Exabeam, 2018)
Endpoint security should be your first priority, but there are other steps
you can take (Exabeam, 2018)
threat comes from criminals accessing
browser data via malware, ensuring
company devices run antivirus software is
the most important. This should stop most
of the malware aimed at harvesting web
browser data.
EASY-TO-
OPERATE,
READILY AVAILABLE
MALWARE IS ALL THAT’S
NEEDED TO ACCESS THE
RANGE OF DATA STORED IN
WEB BROWSERS.
Even seemingly insignificant details can present a risk
(Exabeam, 2018)
based password managers, employees
will be sending password information
out of the organisation to a third party,
which presents additional security and
confidentiality concerns.
One step beyond
Many people presume passwords are stored
safely in a browser and while browsers do
encrypt passwords, these are decrypted
when they are used and can be accessed
by any process. Browsers often use host
operating system APIs to protect saved
passwords and access to these is not
exclusive to the browser. This is what the
NirSoft tool and various malware exploit.
Using a third-party password manager
can provide an additional layer of security.
A third-party password manager can be
harder for attackers to access than the built-
in browser password managers. But while
they often have more advanced features
that encourage better password practices
by user, password managers are not perfect
and can have vulnerabilities. For cloud-
www.intelligentcio.com
For those still concerned about someone
accessing their machine, there are a
number of steps that offer additional
protection, but these all come at a cost to
web browsing experience. Businesses can
consider changing their employees’ browser
settings to further protect their privacy,
but these all present some inconvenience.
For example, when using Google Chrome’s
Incognito Mode, very little information is
stored locally. This means less information
for hackers to exploit, but it also means
less customised sites and very few relevant
browsing suggestions. Disabling HTTP
Cookies leaves less to exploit, but will cause
issues on many websites, especially if they
require a log in. One effective practice
is encouraging employees to regularly
clear either all, or selected, browsing
history. While this means there will be less
information available for the browser to
use to help with suggestions, or for the
employee to search for past things they
have looked at, it will reduce the amount
and length of data available for attackers.
A final word
Much of the information browsers store aims
to make browsing and buying on the web
easier, but collectively this information can
be mined, aggregated and used to create
profiles on your employees and business
as a whole. The web dossier puzzle pieces
are ready to be pieced together and while
businesses can take several steps to minimise
the security risks, no solution is complete.
Ensuring endpoint protection and not
leaving machines unlocked in public spaces
are essential. The key tactics in the fight
against attackers are awareness and
education; protecting employees is the best
protection for the business as a whole. n
INTELLIGENTCIO
105