PM & AI Chronicles

From Product Thinking to Prompt Engineering – One Tool at a Time

Device Hardening 🔧: Smarter and Safer Web Browsing 💡🛡️🌐

Browsing with Confidence 🌐: Safe Internet Practices That Matter 🛡️

In the previous article, we focused on strengthening software security by securing operating systems and applications against vulnerabilities and malware. 👉Strengthening Software Security

When surfing the web was relatively new, most of the people who used it were fairly computer-savvy early adopters. Over time, as the internet and email became more mainstream, less technical users joined in—opening up many more opportunities for attackers to exploit them.

At this point, it’s safe to say that the internet is not a passing fad. It has become a core part of our daily lives and is now embedded in almost every electronic device we use. It’s also fair to say that users today are generally more aware of online risks—either because they’ve experienced cybercrime themselves or know someone who has.

However, even with increased awareness, plenty of targets still exist. That’s why it remains important to educate others and stay vigilant ourselves while browsing the web for information, work, or entertainment.

There is a previous article that focuses specifically on web browser safety. 👉 Browser Security Basics

Below is a quick reminder of the key practices that matter most.

Key Web Browsing Safety Practices 🔍🛡️

Keep Your Browser Up to Date 🔄

Older browsers are more prone to security vulnerabilities and exploits. Always ensure you are using the latest version of your browser so you benefit from security patches and bug fixes.

Manage Add-Ons and Extensions 🧩

Browser add-ons and extensions can add proper functionality—but not all of them are safe.

  • The more extensions you install, the more potential security holes you introduce
  • Poorly designed extensions can also slow down your browser
  • Only install extensions you truly need, and remove unused ones regularly

Configure Security Settings Properly ⚙️

Understand how your browser handles:

  • Cookies
  • Cached data
  • Pop-ups

Regularly clearing cache, reviewing cookie permissions, and blocking unwanted pop-ups can reduce privacy and security risks.

Use Only Secure Websites 🔐

Secure websites use HTTPS instead of HTTP.

  • HTTPS encrypts data sent between your browser and the website
  • As of late 2023, roughly 90–95% of websites use HTTPS—but not all do
  • Never enter sensitive information (passwords, credit cards, personal data) on a site that does not use HTTPS

Understanding SSL Certificates & Certificate Authorities 🧾🔒

To use HTTPS, a website must obtain an SSL certificate (Secure Sockets Layer) from a Certificate Authority (CA).

  • SSL enables encrypted communication over the Internet
  • A CA acts like a notary for websites, verifying that they are legitimate

If a site has a valid SSL certificate:

  • Your browser opens it normally, without warning

If the certificate is missing or invalid:

  • Your browser displays a warning and asks whether you want to proceed

SSL certificates are typically valid for 13 months. An invalid certificate could mean:

  • The site owner forgot to renew it
  • The site is not legitimate

⚠️ Websites using plain HTTP do not use SSL certificates and should not be trusted with sensitive data.

Autofill: Convenience vs Security ⚠️📝

Autofill automatically populates web forms with saved information such as:

  • Name
  • Address
  • Login details
  • Credit card information

While convenient, Autofill can pose a security risk:

  • ✔️ Safe for a personal home computer used only by you or trusted family members
  • ⚠️ Risky on laptops, which are easier to lose or steal
  • ❌ Never use Autofill on public or shared computers

If a public workstation asks whether it should save your information for Autofill, always decline.

Managing Autofill Settings

Google Chrome: Follow this path:

Chrome menu (⋮)

  • Settings
  • Autofill and passwords
  • Choose:
    • Password Manager
    • Payment methods
    • Addresses and more

Disable Autofill where appropriate.

Microsoft Edge: Follow this path:

Edge menu (⋮)

  • Settings
  • Profiles
  • Personal info / Passwords / Payment info

Adjust Autofill settings based on how and where the device is used.

Viewing Full Website URLs 🔎

  • Microsoft Edge shows the complete website URL by default
  • Google Chrome hides parts of the URL by default

To always show the full URL in Chrome:

  • Right-click the address bar
  • Select “Always show full URLs.”

This makes it easier to tell whether a site uses HTTP or HTTPS.

Tips for Safe Browsing 🧭🛡️

Web browsers work by downloading and displaying web pages, which are essentially programming scripts. These scripts are rendered into a formatted web page by your browser on your local computer.

The challenge is that during the moment a web page is downloaded, there are numerous opportunities for attackers to exploit the connection in various ways.

For example:

  • Your request for a web page can be intercepted while traveling to the server, compromising your privacy by revealing which pages you are visiting
  • Login credentials sent to financial or business websites could be exposed if the connection is not properly secured
  • Web scripts can contain malicious code that infects your system and performs unwanted actions, such as:
    • Sending your private information to a third party
    • Displaying excessive or intrusive advertisements

Additionally, some web pages may include embedded Flash or Java applications, which—if poorly designed or malicious—can cause harm to your system.

Two Fundamental Safe Browsing Rules 🔐

Before diving into advanced protections, it’s important to understand two basic but critical safe browsing principles.

Avoid Questionable Websites 🚫🌐

Identifying a questionable website isn’t always easy—just as you can’t always judge a person’s intentions based on appearance alone.

That said, some sites are clear red flags, including:

  • Websites offering free downloads of software that you know is normally paid
  • Sites promoting hate-themed or extremist content
  • Adult websites, which are often notorious for distributing malware, adware, or tracking scripts

When in doubt, it’s safer to close the site immediately than risk exposing your system.

Limit the Use of Personally Identifiable Information (PII) 🪪⚠️

PII (Personally Identifiable Information) refers to any data that can identify an individual—either on its own or when combined with other information.

Examples of PII include:

  • Your full name
  • Home address
  • Phone number
  • Email address
  • Names of family members
  • Other personal or private details

You should be especially cautious when:

  • Filling out online forms
  • Creating accounts on unfamiliar websites
  • Sharing personal details on forums or comment sections

Also, be selective when providing your email address, as this can help reduce spam, phishing attempts, and unwanted marketing messages.

Recognizing Suspicious Sites, Links, and Ads 🚨🌐

It would be nice if websites that intend to download malware onto your computer were honest about it—perhaps with a big flashing warning saying they plan to steal your identity and cause you hours of frustration. Unfortunately, that’s not how things work.

Creators of malicious websites do everything they can to make their sites look as legitimate as possible. This often includes copying real website layouts, branding, and company logos to convince users to trust the site and click its links.

Creating a website that masquerades as a legitimate and secure site but actually steals your information is known as phishing.

What Is Phishing? 🎣⚠️

Phishing uses deceptive techniques—many of which evolve constantly—to trick users into revealing sensitive information.

A common phishing scenario looks like this:

  • You receive an email claiming to be from your bank, ISP, or another trusted organization
  • The message asks you to click a link to update your account details
  • The email appears authentic
  • The linked website closely resembles the real organization’s site

However:

  • The page may not be secure
  • Some links may not work properly
  • Attackers capture any information you enter

How Do You Recognize a Suspicious Site, Link, or Ad? 🔍

Unfortunately, there is no single visual clue—much like identifying a criminal, there’s no one-size-fits-all answer. That said, there are several strong warning signs to watch for.

Lack of HTTPS 🔐

Only visit websites that use HTTPS.

  • HTTPS encrypts your data
  • Some browsers (like Firefox) block non-HTTPS sites by default
  • Other browsers can be configured to enforce HTTPS-only mode

If a site doesn’t use HTTPS, never enter sensitive information.

Suspicious or Misspelled URLs 🌐

Attackers often register domain names that look very similar to legitimate ones, hoping users won’t notice small differences.

Examples (made-up):

  • www.micro.soft.com
  • www.micros0ft.com

These are not legitimate Microsoft websites, but they may be designed to fool users at a quick glance.

Poor Spelling or Grammar ✍️

Large organizations do not send mass emails filled with spelling mistakes or bad grammar.

  • Emails from major companies are typically professionally written and reviewed
  • Poor language quality is a major red flag

Threatening Language ⚠️

Be suspicious of messages that say things like:

  • “Your account will be closed immediately.”
  • “Your card will stop working unless you act now.”

Legitimate organizations rarely threaten users or demand urgent action through email links.

Deals That Are Too Good to Be True 💰

If an offer sounds unrealistically generous, it probably is.

  • Flashy banners
  • Aggressive pop-ups
  • Eye-catching promises

The more attention-grabbing an ad is, the more cautious you should be.

Built-In Browser Protection: SmartScreen 🛡️

Modern web browsers include phishing protection features.

In Chromium-based browsers, this protection is called SmartScreen:

  • It checks websites against known malicious sources
  • It warns you if a site appears unsafe

In Windows 11, SmartScreen is integrated into Microsoft Defender.

Why You Should Leave SmartScreen Enabled

  • It provides warnings without blocking normal activity
  • Its assessments are generally accurate

Possible Drawback

  • Automatic checking means the browser evaluates every page you visit
  • This can result in slightly slower browser performance

If you rarely browse unfamiliar sites and prefer manual checks, you can disable automatic checking—but for most users, leaving it enabled is recommended.

Exercise: Configuring SmartScreen in Microsoft Edge 🧪⚙️

Try this short exercise to explore SmartScreen settings in Edge.

  • Open Microsoft Edge
  • Click the three-dot menu (⋮) in the top-right corner
  • Select Settings
  • Go to Privacy, search, and services
  • Scroll to the Security section
  • Locate Microsoft Defender SmartScreen
  • Review or toggle the setting to understand how it works

Leave SmartScreen enabled unless you have a specific reason to change it.

Wrapping Up 🧭

Safe web browsing is not about avoiding the internet—it’s about recognizing risks and making informed decisions. Malicious sites, deceptive links, and misleading ads are designed to look legitimate, but a careful eye and healthy skepticism go a long way.

By paying attention to URLs, watching for poor spelling or urgent threats, avoiding “too-good-to-be-true” offers, and relying on built-in protections like SmartScreen, you significantly reduce your exposure to phishing and malware attacks.

In the end, the user is the last and most important line of defense. Staying alert, slowing down before clicking, and trusting your instincts are just as critical as any technical security control.

This article is part of the Security Best Practices series, which focuses on practical steps you can take to protect devices, data, and users. 👉 Security Best Practices