Devices & Working Anywhere

Safe Web Browsing & Downloads

Foundational

A lot of trouble arrives through the browser — fake websites that steal logins, malicious downloads, and harmful browser extensions that can read everything you do. A little caution about where you go, what you download, and what you install keeps your work device (and our data) safe.

The web is the main way malware and credential theft reach people. Fake login pages capture your password; "free download" sites bundle malware; and browser extensions, once installed, can often see every page you visit — including work systems. None of this requires you to do anything obviously risky; the traps are designed to look normal.

The habits are simple: get to important sites yourself rather than via links, only download from trusted sources, keep extensions to a minimum, and stop if a site or warning looks off.

Browse and download carefully

DoReach important sites (bank, work logins) by typing the address or using a saved bookmark, not by clicking links in emails or messages (see Phishing).
DoCheck you're on the real site — correct address, secure (https) — before entering a password, and let the password manager confirm the site for you (see Passwords).
DoDownload software and files only from trusted, official, approved sources.
DoHeed browser and security warnings — if it says a site is unsafe or a certificate is wrong, don't push past it; report it (see Report It).
NeverEnter your work password on a page you reached by clicking a link in an unexpected message.

Mind extensions and habits

DoKeep browser extensions to a minimum and only install ones that are approved and trusted — extensions can read and change the pages you view, including work systems.
DoKeep your browser updated (it fixes security holes), and lock your screen when you step away (see Your Devices & Updates, Clear Desk & Locked Screen).
AvoidLogging into work accounts on public/shared computers, and using work and high-risk personal browsing in ways that put work at risk.
NeverInstall browser extensions or software from unknown sources onto a work device (see Using Company Systems).

Ask yourself

AskDid I reach this login page myself, or by clicking a link — and is it definitely the real site?
AskIs this download from a source I actually trust?
AskDo I really need this browser extension, and is it approved?
AskIs the browser warning me about something I'm about to ignore?

Why it matters: The browser is where most malware and credential theft begin, and a stolen work login or an infected device puts our customers' data at risk. Reaching important sites yourself, downloading only from trusted sources, and keeping extensions minimal closes the easy routes attackers rely on.