Your web browser is your window to the outside world, but it goes two ways — it’s also the window through which viruses, malware and other nasties can get access to your computer. With that in mind, it’s vital that you take some time to lock down your browser of choice as much as possible from a security perspective, and we’ll show you how to do it.
The good news is that modern day web browsers are built with security in mind, and you’re automatically protected against a whole host of problems as long as your browser is bang up to date — Google, Microsoft, Mozilla, Apple and other browser developers can usually be relied upon to push out patches as soon as new security vulnerabilities are discovered, so browser updates aren’t something to neglect.
On Chrome, you can check if you’re running the latest version by clicking the three dots (top right), then Help and About Google Chrome. On Edge, click the three dots (top right), then Help and Feedback and About Microsoft Edge. On Firefox, click the three lines (top right), then Help and About Firefox on Windows, or open the Firefox menu and choose About Firefox on a Mac. When it comes to Safari, the browser is of course kept up to date alongside macOS — from the Apple menu, choose About This Mac and Software Update.
Security on Google Chrome
Chrome comes with a couple of features that will check the privacy and security settings on your browser: You’ll see them if you click the three dots (top right), then Settings and Privacy and security. The first is the Privacy Guide, which you can run by clicking Get Started (or Privacy Guide lower down), and there’s also the Safety Check, which you can run from the top of the list.
Both the Privacy Guide and the Safety Check take you through the most important security settings in Chrome, but you can access them separately as well. From the Privacy and security page of Chrome Settings, pick Security and then Enhanced protection for the most comprehensive and proactive security settings: It’s better at spotting threats in advance than standard protection, though it does mean you’re sharing more data with Google in terms of URLs and page content snippets so they can be analysed.
Further down the Security screen, make sure the Always use secure connections and Use secure DNS options are both enabled, which will deploy the tightest and safest of web connection protocols wherever they’re available. If you think you’re particularly at risk of targeted attacks, then you can sign up for the Google Advanced Protection Program from the same screen — it adds several extra layers of security to both the Google Chrome browser and your Google account.
There are a couple of other settings we’d advise you to change as well, through Chrome Settings. Pick Privacy and security then Cookies and other site data, and you’re able to Block third-party cookies — the type that might be able to track you across multiple sites as you travel the web. It’s also worth checking out Privacy and security and then Site settings: You can see from this page which websites currently have permission to access key data (such as your location) and key computer components (such as your webcam).
Security on Microsoft Edge
You can get to the key security settings inside Microsoft Edge by clicking the three dots (top right), then choosing Settings and Privacy, Search and Services. Right at the top of the next screen, you can pick how aggressively Edge squashes cookies and trackers — you can pick from Basic, Balanced or Strict, and the differences between them are explained on screen for you.
Under Clear browsing data, you can not only clear all the data that Edge has been holding on you, but you can also make sure that this data is wiped every time you close the browser — making it much harder for anyone else to see what you’ve been up to. Further down the screen, we’d recommend turning on the Microsoft Defender SmartScreen and Block potentially unwanted apps features, so the software takes a proactive stance when it comes to blocking anything suspicious.
Toggle on the switch next to Enhance your security on the web, and Edge will take even more steps to keep you safe in terms of disabling site activity — to the extent that it might break the functionality on some of the pages that you visit. You’ve got two levels to pick from, Balanced and Strict, and if you are seeing serious functionality problems with particular websites, then you can exclude them from these extra security measures by clicking Exceptions.
A couple of other options on the Edge Settings page to be aware of: Under Cookies and Site Permissions you can choose to Block third-party cookies, which stops the most egregious site trackers. Further down the Cookies and Site Permissions page, there’s a list of all the permissions that individual sites have — camera, location, microphone, JavaScript and plenty more — so you can check for any permissions that shouldn’t have been granted and revoke them if needed.
Security on Mozilla Firefox
The main settings screen for Firefox can be accessed by clicking the three lines (top right), then Settings. The page we’re particularly interested in here is Privacy & Security, and as soon as you open it up, you’ll notice that there are options for protection against invasive trackers right at the top. The Strict setting is the safest, but you might break some functionality on some sites.
Further down the page, you’ll notice a long list of permissions that may have been granted to certain sites (access to your computer’s webcam, for example). Click Settings next to any of these permissions to make sure that only the sites you know about and approve of have access to the required privileges. It’s also a good idea to have the Block pop-up windows and Warn you when websites try to install add-ons boxes checked.
Scroll down to Security, and we’d recommend enabling all of the features here, so that Firefox takes the most proactive approach to security possible: Select Block dangerous and deceptive content (which includes phishing sites and sites hosting malware), as well as Block dangerous downloads and Warn you about unwanted and uncommon software. It should then be very difficult for any dangerous code to get through the defences Firefox has set up.
For even more protection, select Enable HTTPS-Only Mode in all windows to use the most secure connection available when you connect to a site, and (further up the screen) select Delete cookies and site data when Firefox is closed — this means you don’t have to remember to regularly erase the cookies and other cached data that sites want to store, because your browser will do it for you.
Security on Apple Safari
Apple prides itself on its strong privacy and security stance, and you’ll find a lot of related features in Safari. To see the steps the browser is taking to keep your web browsing safe and private only to you, open the Safari menu and pick Privacy Report — you’ll get a detailed readout of both the trackers that were blocked and the sites that hosted them.
Open the Safari menu and choose Preferences to add even more in the way of security and privacy protections. There are just two settings under the Security heading: You can get Safari to warn you when you’re on a website that may well be fraudulent (we’d recommend turning this on), and you can enable or disable JavaScript — this can be used to mount attacks on your computer, but it’s also used by many sites so that they can function properly.
Under Privacy, you’ve got more settings to play around with. For maximum protection, you should turn on Prevent cross-site tracking (third-party cookies) and Hide IP address from trackers. If you choose Manage Website Data, you can control which cookies are stored on a site-by-site basis — it takes more time to manage cookies in this way, but it does give you more flexibility.
Open up the Websites page of the dialog, and you can quickly check which websites have access to your camera, your microphone, your current location, and so on — remove any websites that you don’t recognise or that seem suspicious. You can also set the default behaviour when sites request these permissions, but you should never allow these permissions to be set without your explicit approval.