Hello and welcome to this special episode of the New Statesman podcast hosted by the New Statesman Spotlight team.

We report on policy for those who shape it and the business leaders it affects.

Today is your web browser keeping your data safe. This episode is brought to you in association with Google Chrome OS. I'm Becky Slack.

Whether you work in an office or remotely the chances are that if you're a so-called white collar worker you do many of your daily tasks inside a web browser and you likely think nothing of it.

But the rise of browser based working has created new points of weakness for corporate cybersecurity.

In August the UK's National Cyber Security Centre which is part of GCHQ along with 12 international counterparts issued a joint advisory warning organisations about the importance of updating their systems after malicious cyber actors routinely targeted older software in 2022.

They specifically mentioned these actors targeting flaws in internet facing systems. This was despite security updates being available.

I'm joined by a pair of esteemed guests who are going to discuss why secure browsing is vital for organisations and employers in today's economy.

What kind of risk unsafe browsers carry and how policy and regulation can help. Emily Stark is a software engineer at Google and Matt Hasker is global web director of Internet Safety website get safe online.

Emily Matt welcome to the podcast Matt let's start with you. Can you please paint a picture for our listeners of the risk posed by unsafe browsers.

Yes certainly so I think the first thing to think about is the the amount of data that we are entering to our web browsers on a day to day basis so we're not just talking about usernames emails passwords but let's take a couple of additional examples we're looking at banking and sensitive information so if when you're banking also more and more of us are banking online these days if we're not using our banking mobile app we'll be using a web browser.

So we will look into a banking website with a username and password maybe a pin but then obviously you're doing all of your financial transactions through that.

And if we look at maybe sensitive information so if you're a company and you're using a customer relationship management software you're obviously inputting customer data on a day to day basis you're retrieving that data you may be downloading that data so we're transferring more and more data through browsers every day.

So now imagine if you're using web browser and it's been compromised if you're using a browser that has been updated for a little while or it's already been compromised you've got an extension that's been compromised you may inadvertently be sending that data to a malicious third party.

There's a lot of attack factors that can happen I haven't really got a lot of time to spend and listing them all but this is why it's really important that we've got to keep browsers upstate because all this data that we are sharing on the internet on a day to day basis we're not just talking about social media posts we're talking about personal sensitive financial information.

Unsafe browsers they also pose a risk user in terms of Trojans viruses ransomware ransomware is a really nasty one and unsafe browsing if using a browser that's at a date you could be redirected to a website that looks like the website that you want to go to but it's not you are either inadvertently handing your information to that website or you could be downloading similar software to your machine thinking it's legitimate or it's downloading in the background.

All these things pose a risk to use a user and this is why it's really vital I'd also want to add that there's hundreds of browsers out there we may not know it but there's loads of browsers out there developed by all sorts of parties also we know as an individual and as a company we have a good idea of which ones we can use which ones we trust because.

They're distributed by vendors who we've come to know over the years and trust but there are other browsers out there that are developed by other people and some of them are malicious I came across one the other day where I thought this looks really good you can add some things to that that looks like it increased productivity that's the sales pitch.

Then I installed it and it got around certain security measures on my operating system just to install which obviously sent alarm bells ringing so I check everything make sure that everything in my testing environment was safe which it was so it really does also boil down to the right browser we're using as well as just trying to keep that one that we keep your browsers up to date.

That sounds very complicated like how is an ordinary person do I know whether my browser is safe what should I be looking for well as a user we tend to use browsers that come with the device so if you've got a mobile device when you buy the mobile device it will be the operating system will come from particular vendor that vendor will already have browser pre installed and so as a user we tend to use what already installed because this distributed by the operating system.

The system vendor and they will have their own browser installed in there and you would use that you know that it's supported it's trusted because it's come from that vendor so as a standard user who doesn't want to go into the world of using different browser you'll have one that's pre installed that would be automatically updated and you'll be safe to use that if you're a little bit more tech savvy or you've used a browser over the years and you say yeah like I like browser a over browser B then absolutely fine you can go and download install that.

Mobile devices will have their own app store so you go to the app store you would download the browser from that when developers upload software to the app stores they will be checked for certain things it's safe is it doing anything that it shouldn't be doing that's okay that it's verified and then it's published but as a user you would be using more than likely using the browser that's come as part of your operating system it will already be set to automatic updates our advice is to leave it on automatic updates

...