Your web browser is your primary connection to the Internet, either by reading web pages directly or through applications that use your browser to function. How you set the security makes a great deal of difference for your computer’s safety.

Those security settings will also affect the functionality of some web sites. Web page writers try to improve your experience by enabling different features. Sometimes they’re nice but they leave your computer more vulnerable to attack. In fact, a common hacker trick is to set up an "innocent" website with attractive content but which will not work correctly unless you reduce your security settings, exposing you to the hacker’s malicious content on other links. The safest policy is to disable those optional features until you decide that it’s necessary and that the website is trustworthy. (In most cases, you can enable the feature temporarily.)

Note: Your IT department should control the settings for your work computer. Make sure that they have the security controls locked down so users can not accidentally expose their computer to unacceptable risks. If you use Internet Explorer, you can find the security settings by clicking Tools/Internet Options/Security. (Firefox and other browsers generally use similar paths.) If the security is properly locked down, you should be able to see but not change the settings.

Internet Explorer uses the concept of "zones" and lets you set the security level differently depending on where you are browsing. For most of us, the most important zone is "internet". This is the general zone for all public websites and is the default used when the browser doesn’t have different instructions. This should be set as high as possible but never below "medium".

The "local intranet" zone is usually used for internal content. Since your own company developed the pages, it’s usually safer to use a slightly lower level of security as long as there is a business reason to do so. "Trusted sites" are those that you have decided are well-designed and use good security practices. Our work computers have certain trusted business partners pre-loaded in this zone. I have none in my personal computer at home.

"Restricted sites" are those that you think might not be safe and that deserve the highest level of caution. Frankly, if you’re that suspicious, you’re probably not surfing there anyway. But it can be helpful to mark those sites because it will provide an extra layer of protection if your computer is calling those domains for "hidden" content like ads and pop-ups.

Your browser also has some security settings related to JavaScript, ActiveX controls and Plug-ins. You should only allow them if you are at a trusted site. See the tip on Active Content for suggestions on those controls.

You should disable cookies except for sites that you trust that require them. Add those manually to the browser’s "allowed" list. Definitely block pop-ups but remember that it will break some websites. You can always allow the pop-ups on a case-by-case basis.

In general, always set your security for the highest level possible. Then lower the security only when a page fails to work properly and only as far as you need to or for as long as you need to. Once you’ve set the controls properly, it’s not that much work to maintain. But it is a vital part of the protection of your computer and your confidential information.

Leave a Reply