Securing your Browser

One of the easiest “technologies” to keep your information and computer safe is properly configuring the security settings on your web browser.  Most people leave the settings at default because it’s convenient, but not taking those extra couple of minutes now can mean many costly hours (or weeks) later if your information gets compromised.

Below are some setting suggestions and how to complete them on the most common browsers.  Settings may vary based on browser version, and we recommend always updating your browser to the most current version to ensure the most recent patches and security features are applied.

1. Limit Cookie Storage

Cookies are data files a webpage puts on your computer that tracks information about you.  Cookies can be helpful like remembering what item you put in your shopping cart while you continue shopping.  Cookies can also send data to third-parties that you are not aware of or keep your login data on a webpage on a public computer after you are done using it.  To help protect your data, we suggest changing your settings to initially block most or all cookies and only enable cookies for certain sites as you come across them. 

NOTE: First-party cookies (cookies for the domain you are on) help with the general web browsing feel we are all used to, for example, staying logged into your bank account site as you navigate from your checking to your savings account.  Therefore, blocking cookies entirely may not be ideal for your browsing needs.  Third-party cookies (cookies not specifically attached to the domain you visited) often are the cookies that contain issues and compromise data and can be blocked without interfering with you day-to-day web activities.

2. Don’t Store Passwords or Allow Sites to Remember Your Form Entries

Some webpages ask if you want to store information such as credit cards, usernames or passwords.  They may also give you the option to stay logged in or to “remember me.”  Having websites remember your information is like writing down a password on a piece of paper and sticking it on your front door.  Anyone who looks at the right door will see it.  To help yourself, be conscious of what you tell sites to remember.

NOTE:  If you would like to save your passwords because you created very strong passwords that may be hard to remember, we suggest an external password vault service that encrypts your password information locally and stores the encrypted information for you in the cloud.  Some popular ones are LastPass (, RoboForm (, and 1Password (

3. Disable Pop-ups

Pop-ups are generally advertisements or other little windows that force you to pay attention to them before you can get back to the webpage you are on.  This is a great advertising gimmick, but it’s also dangerous because a malicious pop-up may have a virus download on all links within the pop-up, including the Ok and Cancel buttons.  Crafty popups even make it so the X at the top of the window to close it contains a virus download.  Pop-ups may also take you to sites that can phish your information or otherwise trick you into putting yourself at risk.

Smart web developers have learned to not put content in pop-ups, so blocking all pop-ups should not negatively affect your browsing experience.  You can always allow certain pop-ups as you go if you need them. 

4. Limit Plug-ins and Add-ons

Downloaded toolbars, plug-ins and add-ons can be helpful for enhancing your browsing experience, but the more items you attach to your browser, the more possible vulnerabilities there are for an attacker to exploit.  Additionally, attackers may use Active X, JavaScript, VBScript, and Java to run malicious code on a website without your knowledge.   Unfortunately, many legitimate pages use JavaScript as part of their functionality.  Limiting these types of scripts, though, can help protect you from a surprise malware download.  We suggest blocking most or all and enabling individual sites as you go.

5. Enable Automatic Site Checking

Automatic Site Checking or other filters such as this will check webpages you visit against known fraudulent or malicious websites (a blacklist) and warns or blocks you before loading the page.  These features may also scan webpages for suspicious characteristics and flag you of potentially hazardous sites (which can be added to the blacklist if need be).

6. Prompt for Downloads

The Automatic Site checking mentioned above can help review downloads for malware, but there are other settings you can configure that can help alert when something is about to download in case you accidently click a link and realize you shouldn’t be downloading that item.  Even just prompting you to tell the browser where to save the file can make you pause and think about what you are downloading.  You should always be careful what you download and from where, and scan all email attachments and downloads with your anti-virus software.

7. Clear Browsing Data/Temporary Internet Files

This removes all stored web data on your computer (cookies, cache, history, stored passwords/autofill data, etc.).  Since we just went through blocking new data from being saved, it’s smart to clear out any data that is currently there.   It’s also a good idea to repeat this step regularly to ensure any data that does still get saved, gets cleared.

Private Browsing Windows

Many browsers also have a feature that allows you to navigate the web without saving search history, form information, cached information, and some cookies.  While private browsing windows and tabs can be a start to keeping your information safe, it should not be relied on as a means to be “off the grid” or as a total replacement for the security settings mentioned above.

Security Note:

Using these recommended security settings do not negate the effects of malware that could already be installed on your computer.  For example, keyloggers can capture your data even if your browser doesn’t save it.  Be sure to keep your anti-virus up-to-date and scan your computer regularly for threats.  These security settings also do not exempt you from phishing attacks.  Be careful what information you share online and never provide your password to anyone.  More details can be found in various sections of our Best Practices pages.