New Times,
New Thinking.

Advertorial: in association with Chrome Enterprise

The security weak points in your working day

In the shift to remote working, secure web browsers play a key role in keeping data safe.

With hybrid working models now commonplace, there’s huge variability in how employees go about their working day. The typical white-collar worker may spend some time working from home and some time in the office. They might plan their working hours around childcare and other obligations, and they might even adapt their schedule from week to week.

That said, while flexibility is a priority, there is one point of constancy: they’re sure to be spending a good chunk of their time online. That in turn brings challenges from an enterprise security perspective. It’s one thing fending off cyberattacks across a secure office network, and another when employees are using a patchwork of different wi-fi networks and poorly secured personal devices.

According to Cybersecurity Ventures, cybercrime is predicted to cost the global economy $8trn this year, up from $3trn in 2015. This rise is commonly attributed in part to the shift towards remote working and borne out by a spike in malware attack at the start of the pandemic.

IT teams need to ensure staff can stay safe, ensuring they have strong passwords and checking the URL before entering any sensitive data. Individual best practice is also part of the equation. “We really think it should be the responsibility of the browser vendor, the web developer, and the IT admin to make sure that the user doesn’t have to think about security as much as possible,” says Emily Stark, a software engineer at Google, on a special episode of the New Statesman Podcast.

White Paper

Forrester Study finds that managing Chrome brings enterprises cost savings and major productivity gains.

By Chrome Enterprise
Enter your details to receive the free white paper:

An often-overlooked element when it comes to enterprise security is the role of the browser itself. When we talk about tasks taking place “online”, what we generally mean is “inside a web browser” – and we enter a colossal amount of data on these browsers every day.

“We’re not just talking about usernames, emails, passwords, but also banking and sensitive information,” says Matt Hasker, global web director of Get Safe Online. “If you’re a company and you’re using a customer relationship management software, you’re inputting customer data. Now imagine your browser has been compromised – you may inadvertently be sending that data to a malicious third party.”

[See also: Is your browser keeping your data safe?]

Give a gift subscription to the New Statesman this Christmas from just £49

Let’s say you’re an employee who’s working remotely. You switch on your laptop and connect to your home wi-fi, accessing your business apps and data via the cloud. Later, you move on to a coffee shop, alternating between the patchy public wi-fi and your phone hotspot. You go to pick up your child from school and do a few pressing tasks from your smartphone while waiting at the gates. At every touchpoint, your browser has been defending you against cyberattacks that might compromise your data.

“Considering that many security risks today originate from the internet, an employee’s point of contact with the internet is like the front door of their house,” says Stark. “It can be the first link in the attack chain. So protecting that connection point via a secure browser is like securing the door.”

So how does this work in practice? First of all, Google Chrome builds in techniques like sandboxing and site isolation that make it harder for attackers to infiltrate, as well as automatically checking for updates at regular intervals. It also includes protections against more human-level threats such as phishing campaigns. Stark says that enterprises are at particular risk of “drive-by-download” attacks, in which the employee visits a website, or opens an email link, that surreptitiously installs malicious code.

Google’s Safe Browsing maintains a list of unsafe websites – including genuine sites with poor encryption standards – and sends a warning every time such a page is opened. “Most of those warnings, the user can choose to bypass, but we always recommend that unless you have a very strong technical understanding of what’s going on, it’s best to heed,” says Stark.

With Chrome, the organisation can apply a suite of additional controls tailored to suit high-risk users or sensitive data. These policies can be managed centrally with Chrome Browser Cloud Management, which allows IT teams to secure the browser across many devices and operating systems (including mobile phones).

For instance, administrators might enable Enhanced Safe Browsing, in which the browser inspects each page in real time. They can also create block lists of dangerous apps and extensions, tighten password settings, enforce two-factor authentication, control the level of encryption that is used on websites and prevent users from bypassing security warnings.

Stark adds that fending off cyber-risks is a team effort, requiring participation from web developers, browsers and enterprises themselves. The upshot is that employees themselves won’t need to worry too much about cybersecurity concerns. A recent study found that Chrome Browser Cloud Management can improve user productivity – as evinced by 30 per cent fewer service desk tickets over three years.

“Given the range of risks, the potential for human error, the sheer volume of time employees spend on websites and web-based software, it’s important that protections provided by the browser are built in. That’s why people can visit tens or even hundreds of sites over the course of a workday and remain safe,” says Stark.

Learn more about how your enterprise browser can protect your company data and improve cybersecurity on the Chrome Enterprise website.

[See also: How your IT can help the planet]