Safe browsing habits for your team

Most security incidents don't start with sophisticated hacking. They start with someone clicking a bad link, downloading an infected file, or logging into a sensitive account on an unsecured network. The right habits make these much less likely.

Keep your browser up to date

Your browser is the window to the internet, and browser makers push security updates frequently. Running an outdated browser leaves you exposed to vulnerabilities that are often already being exploited.

Most browsers update automatically. To check:

• Chrome: Menu (three dots) → Help → About Google Chrome
• Safari: Updates through macOS Software Update
• Edge: Menu (three dots) → Help and feedback → About Microsoft Edge
• Firefox: Menu → Help → About Firefox

Enable automatic updates if they aren't already on.

Look for HTTPS

When you visit a website, the address bar shows either http:// or https://. The "S" stands for secure — it means the connection between your browser and the website is encrypted.

Before entering any sensitive information (passwords, credit card numbers, personal data), make sure the URL starts with https://. Most browsers show a padlock icon or no warning for HTTPS sites.

Be aware: HTTPS does not mean the site is safe or legitimate — it just means the connection is encrypted. A phishing site can have HTTPS too. See How to recognize phishing attempts.

Be careful with downloads

Downloaded files are one of the most common ways malware gets onto devices. Before downloading anything:

• Make sure you initiated the download. If a pop-up says "Your device has a virus — click here to download the fix," don't click it.
• Download software only from official websites or trusted app stores.
• Be suspicious of email attachments you weren't expecting — even from known senders, if the email feels unusual.

Avoid sensitive accounts on public Wi-Fi

Public Wi-Fi (in cafes, hotels, airports, coworking spaces) can be insecure. Attackers can set up fake Wi-Fi networks or monitor traffic on genuinely open networks.

If you must use public Wi-Fi for sensitive work:

• Use your phone's mobile hotspot instead whenever possible
• Use a reputable VPN (virtual private network) to encrypt your traffic
• Avoid logging into banking, financial, or high-value accounts

At minimum: never log into anything sensitive on a network called something generic like "Free WiFi" with no password.

Use a separate, standard browser for everyday browsing

This is an optional but useful habit for teams: use one browser for work (where you're logged into company accounts) and keep it clean, and use a separate profile or browser for general browsing.

This limits the damage if a browser extension or website exploits a vulnerability — it won't have access to your work accounts.

Be skeptical of browser extensions

Browser extensions have significant access to everything you do in your browser. Only install extensions from reputable sources, and remove any you don't actively use.

Warning signs of a dangerous extension:

• Requests access to "all websites" when it doesn't need to
• You installed it from a website rather than the official browser store
• It appeared after installing another program

Lock your screen when you step away

This is basic but surprisingly important in shared offices and coworking spaces. Set your computer to lock automatically after a few minutes of inactivity:

• Mac: System Settings → Lock Screen → set a short time before the screen saver or lock activates
• Windows: Settings → Accounts → Sign-in options → Dynamic lock, or just press Windows key + L

Common questions

Related guides

• How to recognize phishing attempts
• Device & Wi-Fi security basics
• Malware & your website explained
• Two-factor authentication, explained
• SSL & HTTPS, explained

Learn more

• CISA: Safe Browsing Tips
• Google: Safe Browsing