By: Julie Mungai, Cyber Risk Advisory manager
Browsers are the gateway to the internet. All the data that we want comes through them and all the data we provide goes to them. But it’s worth noting that as we are browsing the internet—whether that’s checking the local weather or shopping online—our browsers are also browsing us. It’s a give and take relationship; we feed information to the browsers, and they provide what we need. At times, it’s a give and take and take more relationship. To what extent, though? Where do we draw the line on how much we are willing to part with?
Chrome is by far the most popular browsing option with consumers, in part because of its simplistic design, speed, and synchronization abilities with other popular Google products, like Gmail, YouTube, Google Maps, etc. Other browsers, while different in name, operate similarly, watching what we’re doing while using them and recording it. Browsers record data including the locations where we’re browsing from, credit card information that we use to make purchases on websites, our physical home addresses when we purchase an item for delivery, our names and birthdays, our online behavior and how we interact with sites and contacts, the photos we share—I’m not sure we can exhaust the list. These data elements are typically thought of as private, and we wouldn’t want them to be compromised.
Browsers do offer some sort of protection, but relying solely on them to protect your data is like asking a home burglar to install your door locks. We also need to take some responsibility and play our parts to control what we choose to share. The simplest, cheapest, and quickest way is to do some spring cleaning of your settings. Here are a few settings that don’t get as much attention as they should:
Browser Autofill: Uncheck this ASAP
At the heart of every netizen is the wonderful joy of autofill. Who wants to keep keying in the same information—first name, last name, username, password, etc.—across different pages? You may appreciate that your browser can intelligently save key pieces of information that you’re constantly inputting across various sites. But as the name suggests, when this setting is turned on, data elements are saved by the browser and auto-populated when they are requested by the webpage. Imagine a scenario where a malicious code exists on the site; if the browser isn’t up to date, autofill might disclose more information than was requested—say, for instance, all of your saved passwords. Instead use a trusted password management software that employs end to end encryption and therefore can’t see, access, use or change the credentials you save in their systems.
Location Settings: Turn it off or use a minimalist approach.
Personally, I feel one of the most startling ways that browsers collect data on you is by tracking your location. Turn off all location sharing settings. Whether precise or approximate location, it’s irrelevant; location tracking poses a huge risk if it’s revealed to people with whom you did not want to share those details.
For the Chrome browser, there are two location settings that you should turn off: sharing location with your contacts (i.e., people you interact with on other Google products, such as Gmail) and sharing information with other websites. In instances when it is necessary to share your location, like when you’re trying to find the closest bank, exercise moderation and do not grant permanent permissions.
Third-Party Sharing Settings: Tread carefully.
Sharing your data with other third parties opens you up to additional risk, especially when the data you’re sharing is particularly sensitive. The chances of your data being breached are higher when your data has been shared with third parties. This is in line with the adage, “Too many hands in the kitchen spoil the broth.” In this case, too many hands in your data drastically increases your risk. Review all apps and websites that you are sharing your data with and assess whether that is really necessary.
In addition, while cookies can be helpful at times, they pose a security threat. Cookies can store the user’s personal information, including sensitive personal information.
Data is the new oil. Companies are racing to get their hands on as much of it as possible. With the current digital age, it’s impossible to completely cut out the use of digital products. However, it is important to remember that data security and privacy start with us. Play your part this week and see what data you have graciously and generously fed your browser, and evaluate whether you are comfortable with the amount. Then, do something about it.
About the Author
Julie Mungai, Cyber Risk Advisory manager
As a manager in BARR’s Cyber Risk Advisory practice, Julie Mungai brings extensive experience in performing internal controls audits, including business process and technology audits, for domestic and international clients in manufacturing, technology and pharmaceutical industries as well as compliance activities including attestation of services (SOC 1, SOC 2).
Before joining BARR, Julie gained five years of experience in risk assurance at PwC. Julie has a bachelor’s degree from Georgia State University, a master’s degree from New York University, and holds a CISA.