Comply with ZDNET: Add us as a most popular supply on Google.
ZDNET’s key takeaways
- Browser exercise is concerned in practically half of all cybersecurity incidents.
- Assault vectors embrace malicious hyperlinks, credential-harvesting scripts, and content material injection.
- Following these key finest practices will assist you to keep protected on-line.
Internet browsers are among the many prime targets for in the present day’s cybercriminals, taking part in a job in practically half of all safety incidents, new analysis reveals.
In response to Palo Alto Networks’ 2026 International Incident Response report, an evaluation of 750 main cyber incidents recorded final 12 months throughout 50 nations discovered that, in complete, 48% of cybercrime occasions concerned browser exercise.
People making an attempt to hook up with the net, together with enterprise workers, are uncovered to cyberthreats each day, and it solely takes one profitable intrusion or malicious obtain to result in critical penalties, equivalent to surveillance, knowledge theft, ransomware an infection, or monetary harm.
Additionally: Are AI browsers definitely worth the safety danger? Why specialists are apprehensive
Palo Alto Networks safety researchers listed a number of the most typical threats we face by way of our browsers in the present day — phishing and malicious hyperlinks, credential-harvesting pages, spoofed web sites, and even Clickfix, a covert preliminary entry technique that lures you into by chance performing malicious actions by way of pretend on-line directions or alerts.
As our browsers — these ubiquitous functions for accessing the web — have change into safety minefields, it is a good time to overview some finest practices for staying protected on-line — in addition to different measures you’ll be able to take to scale back the chance of changing into a cyber sufferer.
Listed below are 10 issues you are able to do to guard your self.
1. Preserve your browser up to date
It might seem to be primary recommendation, however what number of occasions have all of us thought, “Oh, I’ll accept the update later,” after which by no means do? Nonetheless, accepting software program updates is your first and most necessary line of protection towards intrusion or your browser being compromised by malware. Settle for updates as quickly as they’re obtainable, as they may nearly at all times embrace fixes for vulnerabilities and bugs.
2. Test URLs and search for padlocks
If an internet site is HTTP-only somewhat than HTTPS, communication between your browser and the web site is not safe or encrypted, enabling anybody to learn and analyze site visitors and probably insert themselves through a man-in-the-middle assault.
For those who browse these domains, you might danger malware, scams, and malvertising, and you might lose your knowledge in case you are performing duties equivalent to submitting private data or trying to make a purchase order. Whereas HTTP-only web sites are protected sufficient simply to browse and look at — and a few browsers will now attempt to routinely improve HTTP to HTTPs when potential — you must by no means give them any private data or monetary knowledge.
Additionally: Your property Wi-Fi is not practically as non-public appropriately – 6 free methods to lock it down
In case you are visiting a brand new web site, search for a padlock in your handle bar and the HTTPS within the web site handle. On some browsers, you may not see a padlock, and URLs is likely to be shortened, however you’ll nonetheless be warned if you find yourself visiting an insecure web site.
In case your browser helps DNS-over-HTTPS, you must also take into account enabling it when obtainable, because it masks your exercise from ISPs. This may increasingly seem in your browser settings as Safe DNS, equivalent to in Google Chrome.
3. Join a password supervisor
When potential, keep away from in-browser password managers and go for a standalone password and credential administration service as an alternative.
Why? As a result of in case your browser is compromised, so is likely to be your whole vault. Not solely this, however credential administration is usually only a bolt-on, whereas a standalone password supervisor is simply that — and its status depends upon being safe, encrypted, and defended towards the newest threats.
Additionally: The very best password managers of 2026: Professional examined
4. Use an advert blocker
To scale back monitoring and probably pop-ups that might serve you malware or Clickfix scripts, discover advert blockers to bolster your browser safety. They will considerably enhance your shopping expertise, velocity up web page loading occasions, and cut back web site fingerprinting. We have now a information on the very best advert blockers obtainable; certainly one of my present favorites is Ghostery.
Additionally: The very best advert blockers: Clear up your shopping expertise
5. Strive non-public or incognito mode
Most browsers will provide a personal or incognito mode. These non-obligatory browser home windows purpose to scale back your susceptibility to monitoring by not saving your web site go to logs or searches made in your browser, which may cut back focused promoting charges and may enhance your privateness, particularly in case you are on a shared pc.
They’re a minor enchancment, not a safety miracle. These home windows solely forestall knowledge from being saved domestically, they usually will not cease different events — equivalent to your ISP — from seeing what you’ve got been doing on-line. Nonetheless, you must know they exist.
6. Swap to an nameless search engine
A well-liked search engine different to Google or Bing is DuckDuckGo, which payments itself as a privacy-first service. DuckDuckGo doesn’t gather consumer knowledge or observe customers throughout the net, nor will it save your search historical past or promote your actions to entrepreneurs, all of which may result in focused promoting. Cookie pop-ups and trackers are blocked by default, too.
It is in style sufficient to have expanded right into a full-fledged browser, and you must think about using it to maintain your queries out of third events’ arms.
Additionally: For those who’re into on-line privateness, do this in style Google different
A simple tweak to your current browser expertise is to go to this service and set it as your default search engine. I’ve carried out so and suggest you do the identical.
7. Set up a VPN
A digital non-public community (VPN) is software program that encrypts your on-line communications, disguising your IP handle and hiding your on-line exercise.
VPNs can be utilized for a wide range of functions, together with unblocking geo-locked content material and avoiding ISP-based throttling, however their principal profit is as a privateness instrument when shopping the net. By means of encryption, VPNs assist forestall third-party profiling and eavesdropping and are essential if you need to use an untrusted public Wi-Fi hotspot.
Additionally: Greatest VPN companies 2026: Professional examined and advisable
A few of the finest VPNs obtainable embrace NordVPN, ExpressVPN, and Surfshark.
8. Use a safer browser
To keep away from monitoring, surveillance, knowledge assortment, and safety vulnerabilities, transition to a browser identified for its robust safety.
Safe browsers place a excessive emphasis on consumer safety and privateness. They’re constructed by builders who actively attempt to cease makes an attempt to trace you through the use of strategies together with default nameless search engine integration, blocking third-party trackers, strict cookie insurance policies, upgrading unsecured HTTPS connections, utilizing IP-masking server relays, and stopping browser fingerprinting.
Our prime picks proper now embrace Courageous, Tor, and DuckDuckGo.
Additionally: Keep nameless on-line with these anti-tracking browsers
9. Use Tor to remain hidden
The Tor browser makes use of the onion community to disguise site visitors, rerouting your requests by way of nodes that masks your IP handle and make monitoring very tough.
Since your site visitors is routed by way of intermediary nodes, it will not be as quick as in a typical internet browser. Moreover, its excessive stage of safety and anti-tracking applied sciences signifies that some web sites might not show appropriately, particularly if they’re laden with scripts.
Additionally: Why essentially the most non-public option to browse the net is not incognito mode (however this as an alternative)
These points apart, Tor is a superb option to browse the net with out exposing your self or your knowledge. You will want to make use of a VPN, obtain the software program, and join. If you wish to go to a selected web site, you might have to know its .onion handle.
10. Be cautious of AI browsers
Lastly, keep cautious of any browser targeted on AI. AI browsers equivalent to Atlas and Comet are highly effective and have a variety of potential, however they’ve additionally created a brand new assault floor for cybercriminals to use.
One of many principal points proper now that impacts AI browsers — and with out a clear answer past massive language mannequin (LLM) hardening — is immediate injection assaults. These assaults, whether or not direct or oblique, pressure an LLM to behave in a malicious means. For instance, a hidden instruction buried in an online web page or URL may make its means into an AI browser chat assistant, resulting in the publicity or theft of your knowledge.
Additionally: I have been testing the highest AI browsers – this is which of them truly impressed me
In case you are utilizing one, preserve private knowledge sharing to a minimal. AI chatbots are helpful, nevertheless it does not imply they’re safe.
