Web Browsers May Pose Significant Security Risks
While web browsers add-ons or extensions are being marketed heavily on social media as providing significant productivity improvements, many add-ons and extensions pose significant security and privacy risks to your department.
Recent studies found that over 50 percent of all extensions installed were high risk and could cause extensive damage to work environments. Many spoofed or harmful extensions harbor malicious code, or have AI capabilities that steal personal data and credentials from enterprise and cloud systems and even hijack entire networks.
Therefore, browser extensions, like any new software deployed in your work environment, must be properly recorded in your IT inventory so that it can be vetted, tested and regularly updated to prevent harm to your department.
Action Steps:
Before installing any new browser ad-on or extension, follow your department’s internal IT use policies and protocols to vet, test and approve use of this extension, and have it added to your user profile and the department’s IT inventory.
See our CTR Cyber page for more cybersecurity internal controls. Contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.