Hidden Risks You Might Be Ignoring
In this month’s IT Bulletin, we’re shedding light on the cybersecurity threats that often go unnoticed — but can have serious consequences for businesses of any size.
Online Security and Addressing the Dangers of Browser Extensions
Browser extensions have become as common as mobile apps. People tend to download many and use few. These extensions offer users extra functionalities and customisation options. While browser extensions enhance the browsing experience, they also pose a danger which can mean significant risks to online security and privacy.
Key Risks Posed by Browser Extensions:
- Privacy Intrusions - Many browser extensions request broad permissions. If abused, they can compromise user privacy. Some of these include accessing browsing history and monitoring keystrokes.
- Malicious Intent - There are many extensions developed with genuine intentions. But some extensions harbor malicious code. This code can exploit users for financial gain or other malicious purposes.
- Outdated or Abandoned Extensions - Extension’s that are no longer maintained or updated pose a significant security risk. Outdated extensions may have unresolved vulnerabilities.
- Phishing and Social Engineering - Some malicious extensions engage in phishing attacks. These attacks can trick users into divulging sensitive information.
Mitigating the Risks:
- Stick to Official Marketplaces - download extensions from viable marketplace sources, such as those provided by browser development parties such as Microsoft, Google etc.
- Limit the Number of Extensions you Install - Only install extensions that are absolutely required.
- Review Permissions Carefully - before installing any extension, review the permissions the extension requests and be cautious if the extension seeks access to unusual data which may seem unrelated to its core functionality. Where possible, limit the permissions to only what is required for the extensions purpose.
- Conduct Regular Audits of Extensions Installed on your Browsers - Regularly update your browser extensions to ensure that the latest extension and/or security patches are applied. Like applications and hardware, developers will release updates to enhance security and address vulnerabilities found. If an extension is not necessary, poses potential security risks or outdated and no longer receiving updates, then consider removing the extension and seeking an alternative.
- You can search CVE sites such as: https://cve.mitre.org/ to hunt out any extensions and their versions with known vulnerabilities.
- Use Security Software - Ensure you use a reputable anti-virus and anti-malware solution such as Webroot or Microsoft Defender, which will add an extra layer of protection against malicious extensions.
- Educate yourself and your Staff - As we have said before, users often become the Achilles heal with regards to your digital fortress. Ensure you and your users are aware of all of the above points, as well as ensuring you have policies in place when it comes to installing extensions.
- Report Suspicious Extensions - Report suspicious extensions to both the official browser extension marketplace and your IT Team.
How to Simplify Configuration for your Engineering Software
In this blog, we’ll look at some common challenges teams face when configuring engineering software and share practical tips on how to simplify the process. We’ll also explain how Symetri’s solutions can help you optimise your software setup, reduce errors, and keep your projects running smoothly.
4 ways to optimise your construction projects in the cloud
Managing a growing number of Autodesk BIM 360 or Autodesk Construction Cloud (ACC) projects can quickly become overwhelming - especially when it comes to project setup, user management, and data backups. With the right tools, you can eliminate manual inefficiencies, boost productivity, and focus on more strategic initiatives. If your team works with BIM 360 or ACC, this blog focuses on four powerful ways Naviate Cloud Manager can streamline your operations.