Quick guide to Data Loss Prevention for Google Chrome

Why is Data Loss Prevention for Google Chrome important — and how can admins get it right?

In a browser-centric world of perpetual data sharing, user browsers get loaded with sensitive information that hackers would love to get their hands on.

That’s why taking the right precautions to protect sensitive information from accidentally or intentionally slipping outside your organisation via the browser is paramount.

This is especially important when employees deal with protected data (like Personally Identifiable Information (PII), health records, banking details, etc.) that requires extra vigilance. 

 If Google Chrome is the primary work environment for your organisation’s everyday cloud operations, then this guide is for You.

Google Chrome DLP scenarios

Data loss and leakage can happen in various ways. Some are intentional and some accidental. Let’s take a look at a few common scenarios.

• Accidental data sharing
  Human error is one of the most common causes behind data breaches. Accidental exposure could be as simple as an employee entering company credit card details on an unsafe website.

• Malicious insider
  Intentional data loss and leakage don’t always come from the outside. Sometimes employees deliberately leak out data too.
  That can happen using cut/paste activities of sensitive data into any other web page the user is logged into on their browser.

• Risky Chrome Extensions
  Unfortunately, among the thousands of Chrome extensions out there, some are malicious and infect users’ browsers to exfiltrate data.
  While these extensions may first appear to be perfectly legitimate, they put your organisation’s information at risk.

• Session hijacking
  Hackers exploit browser vulnerabilities to download and execute malicious code. From there they can hijack the session for their own purposes and steal sensitive data.

For example, after a user starts a session and logs into a banking website, an attacker will hijack it.

6 Ways to ensure Data Loss Prevention for Google Chrome

1.Use a Real-time Chrome DLP extension

Force installing a Chrome DLP extension on all of your users’ browsers (or ChromeOS devices) is one of the most powerful ways  to set up content inspection and DLP policy enforcement.

The extension would essentially look for sensitive data typed in the browser, alert the admin and take prompt action to protect it.

Action can vary from displaying a warning message to alerting users, closing the browsing tab, or even taking a screen capture where the alert is triggered.

2.Run Chrome Extension risk assessments

Manage the Chrome extensions users install based on the access permissions they require. Make sure their risk levels align with your organisation’s data protection policies.

Extension auditing is the best way to start here. From there you can determine how users can use certain extensions, and which extensions simply need to go.

3.Deploy Multi-factor Authentication for Chrome

Multi-factor authentication (MFA) ensures that, even if users’ login credentials are compromised through the browser, hackers still can’t log in.

Zero-trust authentication tools, like ActiveID, are ideal as they make the user identity verification process constant, as users work in the browser, rather than a single event at log in.

SEE: Google’s resource on forcing users to sign in using 2-Step or MFA.

4. Keep Chrome browsers up to date

Make sure users always have the latest Chrome updates installed.

Many browser updates are issued to include security patches which protect users from identity theft, phishing, and browser malware that could give hackers access to their data.

5. Manage users’ Chrome downloads

Stop and report on unsafe downloads by users across your domain.

As an admin, you can use the DownloadRestrictions policy to prevent users from downloading dangerous files, such as malware or infected files.

You can also use a third party tool like GAT Shield to see all files downloaded by your users via their Chrome browsers. 

This will also help you spot internal DLP risks associated with users downloading sensitive Drive files, for example.

6. Set up Chrome URL management

Allow or block access to websites to protect users from visiting unsafe websites that may steal their data or credentials.

Use the blocklist and allow list in the admin console for basic URL management, read more here. 

You can also use a third party Chrome extension for more granular site access control.

Closing thoughts

Chrome is the most popular browser in the world today. That makes it a top target for hackers looking to steal sensitive data or achieve financial gain.

As employees spend more time working there, preventing data loss via the browser is more important than ever.

Admins can achieve that by taking the right protective measures to secure data in the Google Chrome browser. 

That way your users can work and collaborate more securely on the web everyday.

What to read next? — See Increase Google Chrome Browser Security for your Users in 8 Ways.