Firefox has long been considered one of, if not the, most reliable and adaptable browser available today, but that standing is easily undermined by insecure browser settings and user preferences. When running a Software-as-a-Service solution like Google Apps, lax browser security can prove fatal to a Google Apps domain, and to your business. Below are 10 steps you take to maximize Firefox’s defenses against online threats and keep your Google Apps domain safe and secure.
Firefox’s reputation as a highly customizable browser is well earned, so your Google Apps security measures should begin with the Firefox’s internal settings.
2. Set Custom Browser History Configuration
Firefox offers a Private Browsing Mode that prevents it from recording any passwords, form autofill data, accepting cookies, or saving other history data. This is prudent, as it prevents hackers from targeting your browser to obtain this access information. You can permanently opt into Private Browsing mode by selecting the Never Remember History option in the Privacy Panel, but the smarter move is to configure a Custom History Setting. Within the Privacy Panel’s Custom Settings For History section, deselect every option except Remember Download History. This will ensure you have a record of any items downloaded — knowingly or otherwise — but that any other history data (notably login information) won’t be saved in the browser.
3. Show the Downloads Window When Downloading Files
Some hyperlinks disguise malicious software downloads. Selecting the Show The Downloads Window option in the General Options panel ensures that nothing gets dropped on your hard drive without your knowledge.
4. Enable Security Warnings
Firefox provides a number of defenses and security warnings by default, but you should be certain these options are enabled. Under the Security Panel, select the Warn Me When Sites Try To Install Add-Ons, which will prevent any malware disguised as video player plug-ins or game features from sneaking onto your browser. Then select Block Reported Attack Sites and Block Reported Web Forgeries, which are pretty self-explanatory.
5. Disable Password Storage
Storing passwords in your browser simply makes your passwords vulnerable to browser attacks, putting your Google Apps account and domain at risk. While less convenient, you should disable the password storage option.
6. Set Alerts For Offline Website Data Storage
Some websites will try to store data locally. Most of these requests are legitimate — Google Apps can occasionally make them in relation to its Offline Mode — but you should be aware when these requests are made. Under Firefox’s Advanced Panel’s Network tab, select the Tell Me When A Website Asks To Store Data For Offline Use option to ensure no offline data is saved without your knowledge and permission.
7. Automatically Install Updates
Keeping Firefox up to date means you’ll always have the latest security patches and defenses running on your browser. Under the Advanced Panel’s Update tab, select the Automatically Install Updates option and the related Warn Me If This Will Disable Any Of My Add-Ons option. The former will keep you running the latest version of Firefox; the latter will let you know if any of your security plug-ins are incompatible with the latest Firefox update.
8. Enable Encryption
While selecting the SSL version of any website is prudent, Firefox can enforce the use of the latest and most effective Secure Sockets Layer and related encryption protocols at any HTTPS web address. Under the Advanced Panel’s Encryption tab, select the Use SSL 3.0 and Use TLS 1.0 options.
Above and beyond Firefox’s native security features, these add-ons impart some much-needed defensive measures into your browser.
9. HTTPS Everywhere
Virtually every reputable website and web application offers an SSL version to accommodate encrypted web communication, including Google Apps. This keeps any data you share with the website — especially passwords — away from prying eyes. The HTTPS Everywhere Firefox Add-On defaults you to the SSL version of any website, making sure you don’t accidentally opt for the less secure version.