Security and best possible protection
As our customers have long known and appreciated, we at TSI consistently focus on security and the best possible protection of your data. Our development team therefore frequently experiments and implements new features to improve security.
Often this happens in the background and innovations are successively released and activated. Last year, for example, we consistently removed functions to support outdated browsers such as Microsoft Internet Explorer.
This not only streamlines and speeds up the code and, hence, the perceived performance for you as a user in the portal, but also removes weak and outdated implementations that are not yet a security problem at present, but could possibly represent vulnerabilities for future attacks, especially since Internet Explorer is no longer receiving any security updates from Microsoft on a regular basis either and thus potentially becomes a virus magnet.
We therefore constantly plan ahead and ideally protect long before vulnerabilities grow into problems.
We protect long before vulnerabilities grow into problems
As we move into 2022, we are also putting another new security feature into general operation. The HTML-Content-Security-Policy – a policy that tells the browser which script files are original, trusted and from a known source – will go into production on 1 January of the New Year.
This technology has been tested for almost 12 months without any problems and promises a further boost in protection for your data. With this feature enabled, it becomes much more difficult for malicious code to extract sensitive data from your browser.
We at TSI consider this step to be important, as we have noticed an increasing number of suspicious incidents in the past months, such as browser extensions interfering with the displayed information in TSI Monitor.
Unfortunately, the free open-source web browser Firefox is also a negative example, and we have received an increasing number of problem reports. Not only is Firefox increasingly a problem because it allows for central administration via the company's IT, which sadly also frequently leads to the deactivation of automatic updates. Consequently, we often have to deal with sometimes severely outdated versions that also impair functionality. Regrettably, data protection also suffers because, according to our logs, there are numerous extensions that interfere with the displayed website content, and that includes TSI Monitor. Ideally, this would only concern ad blockers, which, when TSI Monitor is opened, should simply have nothing to do, because we naturally never display any advertising in the portal. However, these extensions often include the opposite, i.e., such that specifically add additional advertising or, in the worst case, even steal secret or personal data.
So far, we have only been able to regularly and repeatedly advise our customers to keep their browsers up to date and regularly install all updates for their operating systems as soon as possible. Based on our latest findings, this is apparently only moderately satisfactory, because – as is so often the case – more pressing matters come first.
With the new content-security-policy, we now for the first time have the possibility to clearly inform your browser which parts actually originate from trustworthy sources by TSI and can thus automatically block unauthorised programmes and extensions.
Of course, the creators of these extensions will also go to great lengths to circumvent any protective measures.
Therefore, nevertheless: Keep your browser and your systems up to date!