Half of all cyberattacks start in your browser: 10 essential tips for staying safe

gonin/iStock/Getty Images Plus via Getty Images

Follow ZDNET: Add america arsenic a preferred source on Google.

ZDNET's cardinal takeaways

• Browser enactment is progressive successful astir fractional of each cybersecurity incidents.
• Attack vectors see malicious links, credential-harvesting scripts, and contented injection.
• Following these cardinal champion practices volition assistance you enactment harmless online.
  

Web browsers are among the apical targets for today's cybercriminals, playing a relation successful astir fractional of each information incidents, caller probe reveals.  

According to Palo Alto Networks' 2026 Global Incident Response report, an investigation of 750 large cyber incidents recorded past twelvemonth crossed 50 countries recovered that, successful total, 48% of cybercrime events progressive browser activity. 

Individuals trying to link to the web, including concern employees, are exposed to cyberthreats connected a regular basis, and it lone takes 1 palmy intrusion oregon malicious download to pb to superior consequences, specified arsenic surveillance, information theft, ransomware infection, oregon fiscal damage. 

Also: Are AI browsers worthy the information risk? Why experts are worried

Palo Alto Networks information researchers listed immoderate of the astir communal threats we look done our browsers contiguous -- phishing and malicious links, credential-harvesting pages, spoofed websites, and adjacent Clickfix, a covert archetypal entree method that lures you into accidentally performing malicious actions done fake online instructions oregon alerts. 

As our browsers -- these ubiquitous applications for accessing the net -- person go information minefields, it's a bully clip to reappraisal immoderate champion practices for staying harmless online -- arsenic good arsenic different measures you tin instrumentality to trim the hazard of becoming a cyber victim. 

Here are 10 things you tin bash to support yourself.

1. Keep your browser updated

It whitethorn look similar basal advice, but however galore times person we each thought, "Oh, I'll judge the update later," and past ne'er do? Still, accepting bundle updates is your archetypal and astir important enactment of defence against intrusion oregon your browser being compromised by malware. Accept updates arsenic soon arsenic they are available, arsenic they volition astir ever see fixes for vulnerabilities and bugs. 

2. Check URLs and look for padlocks

If a website is HTTP-only alternatively than HTTPS, connection betwixt your browser and the website isn't unafraid oregon encrypted, enabling anyone to work and analyse postulation and perchance insert themselves via a man-in-the-middle attack.

If you browse these domains, you whitethorn hazard malware, scams, and malvertising, and you whitethorn suffer your information if you are performing tasks specified arsenic submitting idiosyncratic accusation oregon attempting to marque a purchase. While HTTP-only websites are harmless capable conscionable to browse and presumption -- and immoderate browsers volition present effort to automatically upgrade HTTP to HTTPs erstwhile imaginable -- you should ne'er springiness them immoderate idiosyncratic accusation oregon fiscal data. 

Also: Your location Wi-Fi isn't astir arsenic backstage arsenic it should beryllium - 6 escaped ways to fastener it down

If you are visiting a caller website, look for a padlock successful your code barroom and the HTTPS successful the website address. On immoderate browsers, you mightiness not spot a padlock, and URLs mightiness beryllium shortened, but you volition inactive beryllium warned erstwhile you are visiting an insecure site. 

If your browser supports DNS-over-HTTPS, you should besides see enabling it erstwhile available, arsenic it masks your enactment from ISPs. This whitethorn look successful your browser settings arsenic Secure DNS, specified arsenic successful Google Chrome.

3. Sign up for a password manager

When possible, debar in-browser password managers and opt for a standalone password and credential absorption service instead. 

Why? Because if your browser is compromised, truthful mightiness beryllium your full vault. Not lone this, but credential absorption is often conscionable a bolt-on, whereas a standalone password manager is conscionable that -- and its estimation relies upon being secure, encrypted, and defended against the latest threats. 

Also: The champion password managers of 2026: Expert tested

4. Use an advertisement blocker

To trim tracking and perchance pop-ups that could service you malware oregon Clickfix scripts, research advertisement blockers to bolster your browser security. They tin importantly amended your browsing experience, velocity up leafage loading times, and trim website fingerprinting. We person a usher connected the best advertisement blockers available; 1 of my existent favorites is Ghostery.

Also: The champion advertisement blockers: Clean up your browsing experience

5. Try backstage oregon incognito mode

Most browsers volition connection a backstage oregon incognito mode. These optional browser windows purpose to trim your susceptibility to tracking by not redeeming your website sojourn logs oregon searches made successful your browser, which tin trim targeted advertizing rates and tin amended your privacy, particularly if you are connected a shared computer. 

They are a insignificant improvement, not a information miracle. These windows lone forestall information from being saved locally, and they won't halt different parties -- specified arsenic your ISP -- from seeing what you've been doing online. Still, you should cognize they exist. 

6. Switch to an anonymous hunt engine

A fashionable hunt motor alternative to Google oregon Bing is DuckDuckGo, which bills itself arsenic a privacy-first service. DuckDuckGo does not cod idiosyncratic information oregon way users crossed the web, nor volition it prevention your hunt past oregon merchantability your activities to marketers, each of which tin pb to targeted advertising. Cookie pop-ups and trackers are blocked by default, too.

It's fashionable capable to person expanded into a full-fledged browser, and you should see utilizing it to support your queries retired of 3rd parties' hands. 

Also: If you're into online privacy, effort this fashionable Google alternative

An casual tweak to your existing browser acquisition is to sojourn this work and acceptable it arsenic your default hunt engine. I've done truthful and urge you bash the same. 

7. Install a VPN

A virtual backstage web (VPN) is bundle that encrypts your online communications, disguising your IP code and hiding your online activity. 

VPNs tin beryllium utilized for a assortment of purposes, including unblocking geo-locked contented and avoiding ISP-based throttling, but their main payment is arsenic a privateness instrumentality erstwhile browsing the web. Through encryption, VPNs assistance forestall third-party profiling and eavesdropping and are important if you person to usage an untrusted nationalist Wi-Fi hotspot.

Also: Best VPN services 2026: Expert tested and recommended

Some of the best VPNs available include NordVPN, ExpressVPN, and Surfshark.

8. Use a much unafraid browser

To debar tracking, surveillance, information collection, and information vulnerabilities, modulation to a browser known for its beardown security.

Secure browsers spot a precocious accent connected idiosyncratic information and privacy. They are built by developers who actively effort to halt attempts to way you by utilizing methods including default anonymous hunt motor integration, blocking third-party trackers, strict cooky policies, upgrading unsecured HTTPS connections, utilizing IP-masking server relays, and preventing browser fingerprinting. 

Our top picks close present see Brave, Tor, and DuckDuckGo.

Also: Stay anonymous online with these anti-tracking browsers

9. Use Tor to enactment hidden

The Tor browser uses the bulb web to disguise traffic, rerouting your requests done nodes that disguise your IP code and marque tracking precise difficult. 

Since your postulation is routed done middleman nodes, it won't beryllium arsenic accelerated arsenic successful a emblematic web browser. Furthermore, its precocious level of information and anti-tracking technologies means that immoderate websites whitethorn not show correctly, particularly if they are laden with scripts. 

Also: Why the astir backstage mode to browse the web isn't incognito mode (but this instead)

These issues aside, Tor is an fantabulous mode to browse the web without exposing yourself oregon your data. You'll request to usage a VPN, download the software, and connect. If you privation to sojourn a circumstantial website, you whitethorn request to cognize its .onion address. 

10. Be wary of AI browsers

Finally, stay wary of immoderate browser focused connected AI. AI browsers specified arsenic Atlas and Comet are almighty and person a batch of potential, but they person besides created a caller onslaught aboveground for cybercriminals to exploit. 

One of the main issues close present that impacts AI browsers -- and without a wide solution beyond ample connection exemplary (LLM) hardening -- is punctual injection attacks. These attacks, whether nonstop oregon indirect, unit an LLM to enactment successful a malicious way. For example, a hidden acquisition buried successful a web leafage oregon URL could marque its mode into an AI browser chat assistant, starring to the vulnerability oregon theft of your data.

Also: I've been investigating the apical AI browsers - here's which ones really impressed me

If you are utilizing one, support idiosyncratic information sharing to a minimum. AI chatbots are useful, but it doesn't mean they are secure.