You may not think twice about the web browser you and your employees use, but it can affect your organisation’s security. Sensible browsing habits are always the cornerstone of Internet security, but some browsers are better designed to protect you than others.
Microsoft Internet Explorer/Edge
Most organisations use a Windows operating system, which means your default browser is Microsoft Internet Explorer (IE). But be warned: Tip Top Security advises users to “[not] even bother with IE anymore unless it’s absolutely necessary”.
One of IE’s biggest flaws is its questionable sandboxing. A sandbox is a virtual container that attempts to keep the Internet away from the rest of your system, and Tip Top Security considers it essential for most users.
Another problem is that IE supports ActiveX and Browser Help Objects, which are common attack vectors for hackers.
These features were addressed with Microsoft Edge, a browser exclusive to Windows 10. It’s effectively a revised version of IE that addresses the security concerns of its predecessor, but because it can’t be run on older versions of Windows, it’s not a viable option for the majority of organisations using Windows legacy systems.
Once considered a top browser for security, Mozilla Firefox has fallen from grace in recent years. It was hacked in record time at the 2015 Pwn2Own hacking competition, and it wasn’t invited back the following year because “[the competition] wanted to focus on the browsers that have made serious security improvements in the last year”.
Firefox can be made more secure by installing the plugins recommended by Privacy Tools, and it remains a good option if you value privacy. What little data Mozilla collects doesn’t get traded to third parties, and unlike other browsers, it’s completely open source. That means anyone can see the source code to make sure there is nothing malicious in it.
A few years ago, Opera was starting to develop a reputation for poor security, but in 2013 its developers adopted Chromium – the same proprietary engine used by Google Chrome – and drastically improved its security.
Since April 2016, Opera has come with a free built-in virtual private network, which means users can browse privately and securely. It also includes an integrated ad-blocker.
Another benefit of Opera is that it has a very small market share (1.23%), which makes it a less lucrative target for hackers. Granted, this doesn’t technically make the browser any more secure, but it does mean it is less likely to be attacked.
“Google Chrome seems to be the best choice for security these days,” says Tip Top Security. “It’s based on a very good engine and has a history of getting new security patches applied the most quickly.”
This conclusion supports Chrome’s performance at the last Pwn2Own hacking competition, in which it came out ahead of every other browser and only one exploit was successfully executed.
However, Chrome is notorious for its poor privacy. Google tracks and analyses an inordinate amount of users’ data, including browsing history, location, purchases, music preferences and subscriptions. It has even removed ad-block software from Google Play so that users can’t block the site’s adverts.
Tor Browser takes security and privacy to extremes. Tech Radar calls it “a package of tools [that] make it the most secure browsing experience you’re likely to find. Nothing is tracked, nothing is stored, and you can forget about bookmarks and cookies”.
Staying cyber secure
It’s worth repeating that your browser can only do so much to keep you secure. Poor browsing habits – such as visiting insecure sites, failing to install updates and clicking ads – can leave you in danger of a cyber attack no matter what browser you use.
Cyber security should already be one of your organisation’s top priorities, but with the EU General Data Protection Regulation (GDPR) taking effect next May, you should be taking extra steps to make sure you and your staff are aware of your security obligations.
You can find out more about the GDPR and our services to help you achieve compliance on our website. One product you might be interested in is EU GDPR – A Pocket Guide.
Written by IT Governance’s founder and executive chairman, Alan Calder, the guide explains the terms and definitions used in the Regulation, its key requirements and how you can achieve compliance.