Protected Voices: Browser and App Safety
The FBI’s Protected Voices initiative provides cybersecurity recommendations to political campaigns on multiple topics, including browser and app safety, to help mitigate the risk of cyber influence operations targeting U.S. elections.
Your campaign personnel at every level are almost certain to be using web browsers and mobile applications as they perform work duties with official and non-official devices. These tools are essential for research and communications, but they could also be openings through which bad actors may intrude into your systems.
Hi, I’m Pyroe, an intelligence analyst with the FBI, here to offer you some tips to use browsers and apps more securely.
First let’s talk about web browsers. Web browsers are how your devices access the Internet. They are, by nature, open to the world through contact with other machines connected to the Internet. Because of this, they’re a natural place for hackers to try to break into your networks.
The default settings for browsers can leave you vulnerable. Furthermore, each browser has differing levels of privacy and security built into their systems. Spend some time researching browsers to figure out which browser offers the privacy and security your campaign is looking for.
Once you’ve chosen a browser, you can maximize your privacy and security by adjusting the default setting as follows:
Disable autofill, remembering passwords, and browsing histories.
Do not accept cookies from third parties.
Clear all forms of browser history when closing the browser.
Block ad tracking.
Enable ‘do not track’ requests to be sent to websites.
Disable browser data collection.
When certificates are requested, ensure the browser requests your permission to provide them.
Disable cache (or storing) of web pages or other content, or set the cache size to zero.
Enable browser capabilities to block malicious, deceptive or dangerous content.
Some browsers support add-ons or plug-ins which can handle some of these functions even better than the browser itself. There are many add-ons available that warn about malicious sites and content, block collection of certain information, and clear your browser of cookies. Before installing add-ons, do some research to check for any negative reports about the add-ons’ performance.
Mobile application security is every bit as important as browser security. Ideally, you should only allow campaign-issued devices to connect to your campaign’s network. Your campaign should come up with a list of popular, approved apps from reputable publishers that can be installed on devices connected to your campaign’s network. If the app is for performing a service, like banking or shopping, only allow the specific app designated by the service provider (like the specific bank or store). If the app isn’t on your approval list, then it shouldn’t be installed on a device linked to your network. Don’t let mobile apps access any information on your device unless it’s absolutely critical to the functionality of the app.
If your campaign does allow personal devices to connect to the campaign’s network, make sure those devices are virtual private networks, or VPNs. See our video about VPNs for details. You should routinely check any personal or campaign device connected to campaign networks for strange behavior, such as odd call or data usage.
It’s critical that you keep apps and browsers as up to date as possible. Routinely look for and install the latest patches available. And make sure the apps and browsers themselves are owned by reputable companies, preferably in the U.S. Other countries may have different laws about what app and browser companies must provide to foreign governments, which means your information on a foreign-owned app or browser may have less legal protection than it would in the U.S.
These tips won’t protect your campaign against every kind of cyber attack, but they will make your campaign a less attractive target for attackers.
Remember, your voice matters, so protect it.
- 04.07.2020 — Seeking Information in New Mexico Missing Child Case
- 03.25.2020 — FBI Special Agents: What Will Your Impact Be?
- 03.19.2020 — Director Wray Updates Workforce on COVID-19
- 02.14.2020 — Asha Degree Age-Progression by National Center for Missing & Exploited Children
- 02.14.2020 — Reward Sign for Asha Degree Near Shelby, N.C.
- 02.14.2020 — Seeking Clues in Asha Degree's Disappearance 20 Years Ago
- 02.07.2020 — FBI Atlanta Family Dollar Robber Surveillance (1 of 4)
- 02.07.2020 — FBI Little Rock Jerry Stuart Death Investigation Surveillance Video (2 of 3)
- 02.07.2020 — FBI Little Rock Jerry Stuart Death Investigation Surveillance Video (3 of 3)
- 02.07.2020 — FBI Little Rock Jerry Stuart Death Investigation Surveillance Video (1 of 3)
- 02.06.2020 — FBI Partnerships and the Office of Private Sector (60 Seconds)
- 01.31.2020 — FBI Partnerships and the Office of Private Sector
- 12.23.2019 — FBI Visits Children's Hospital in Knoxville
- 12.02.2019 — Wanted by the FBI: Jehad Serwan Mostafa
- 12.02.2019 — Sylvia es una víctima de la MS-13
- 11.19.2019 — 100 Years of African-American Special Agents: Aaron LaSure
- 11.19.2019 — 100 Years of African-American Special Agents: Julian Stackhaus
- 11.19.2019 — 100 Years of African-American Special Agents: Jermicha Fomby
- 11.19.2019 — 100 Years of African-American Special Agents: Eric Jackson
- 11.19.2019 — 100 Years of African-American Special Agents: Nicole Dunn