If you’re like us, you use your web browser every day. While browsing the web has become synonymous with “Googling stuff”, for many people the browser has evolved beyond search – it’s now a centralized tool for getting things done.
Enter browser extensions. Designed to save time, automate tasks and personalize your surfing experience, these little nuggets of code have become so prolific that there are now thousands of extensions available for Chrome / Edge & Firefox.
And that’s where the danger lies . . .
The problem with browser extensions
While most browser extensions make our lives easier, there’s a major flaw in the way they work:
Unless you understand code, you are relying on blind trust.
In other words, unless know what it does under the hood, you don’t know what surprises are lurking inside the package. You’re taking chances on whoever wrote it.
If you’re unfortunate enough to download a malicious extension, it can do all sorts of nasty stuff:
- Change your search engine / start page
- Flood your browser with pop-ups / ads
- Track your browsing history without consent
- Redirect you to a page with a malware payload
That sucks!
What’s more, because browser extensions don’t require admin rights to install, this poses a unique risk to businesses: Anyone can accidentally install a malicious extension, which means IT departments have their hands full when it comes to managing these risks.
Why not just block extensions?
At Leap Cloud Solutions, we use browser extensions ourselves. Many of our clients rely on them to stay productive as well – including those who work in the legal space.
Some extensions are even useful for *blocking* malware – consider uBlock Origin, for example.
As an outsourced IT support provider in Vancouver, we see it as our duty to provide the best mix of “user experience” and cyber security. In our experience, if you create a system that’s too restrictive, frustrated users will just find a way around it (one of the key goals with a good cyber strategy is adoption).
So what’s the solution?
Solution 1 – Educate
This is always our preferred path when it comes to IT partnerships. Rather than rule with an iron fist, we prefer to work with our users on learning and creating a culture where everyone values cyber security rather than dreading it.
Here’s how to tell if a browser extension is safe:
- Check to see who published the extension. Even if you know & trust the source, double-check it anyway because there are imposters out there who make “copycat” extensions.
- Look at the reviews – in most cases, an extension with a high number of positive reviews means it’s trusted by a lot of people. The chances of downloading a malicious extension with a lot of good reviews is almost unheard of (almost).
- When in doubt, ask your IT department. You can never go wrong by asking the experts. Worst case, we’ll give it a once over and if you really need it, we’ll test it in a sandbox for you so it doesn’t risk damaging your PC. And if you don’t need it, we’ll tell you because it means we have a *better* solution for you!
Solution 2 – Protect
The first line of defense is a good antivirus solution. Make sure your antivirus is 1) Up to date 2) Configured the right way and 3) Offers sufficient protection.
The second line of defense is control. With the right solution, it’s possible to create an allow list of trusted extensions which will stop even the least tech savvy users from accidentally installing something they shouldn’t.
If all of this sounds too complicated, don’t worry – as a managed IT service provider operating in Vancouver, Leap Cloud Solutions provides all these services & more.
We serve clients throughout the Lower Mainland, BC and even other provinces & territories. Our proactive help desk ensures your business stays protected while you focus on whatever it is you want to focus on (like taking a vacation).