At Lookout, we’ve always spent a lot of time talking about how best to secure tablets and smartphones. That’s because they dominate our lives.
In the wake of the pandemic, Chromebooks in particular became an essential, cost-effective tool for schools and other organizations. Students use them to receive instruction and do homework, and remote and hybrid employees use them to stay productive from anywhere. Because Chromebooks are so affordable, organizations can issue these devices to help with productivity, implement proper security, and still save money in the long run.
Just remember, ChromeOS is a modern endpoint device, so it faces the same security challenges as mobile devices.
Doesn’t ChromeOS have security built-in?
ChromeOS, much like Android and iOS, is more secure than legacy operating systems (OSs) in two ways.
First, ChromeOS, unlike Windows, doesn’t allow access to its kernel — the core part of an operating system. This means under normal circumstances, it's very difficult to compromise ChromeOS. In addition, Chromebooks automatically receive regular updates that patch vulnerabilities.
Second, the apps on ChromeOS are sandboxed. This means a problem with one can’t affect any others.
While these features make ChromeOS more secure than an OS like Windows, they don’t address important requirements such as anti-phishing and antivirus capabilities. According to data from our install base, those are two of the most common threats facing Chromebook users.
Can I use regular desktop security for my Chromebook?
Traditionally, security tools for desktops and laptops require kernel access and elevated privilege to scan the apps on the device. That’s not possible in ChromeOS.
What threats do I need to secure my Chromebooks against?
As is the case with phones and tablets, there are countless ways malicious phishing links can be delivered to a Chromebook. Users can receive phishing messages on any app, ranging from Google Hangout and WhatsApp to Facebook Messenger. Once you click on the link, attackers can steal your credentials or trick you into installing malicious Android or Chrome apps.
It’s critical to use an anti-phishing solution that will protect Chromebook users from clicking on malicious links, regardless of the apps in which the links are sent.
It’s equally important to teach users about the dangers of social engineering. They need to understand that phishing is one of the most common ways they can be compromised, and that such attacks are no longer launched strictly via email.
Apps for ChromeOS, as well as Android apps that work on Chromebooks, are just as susceptible to malware as apps for any other operating systems. Without elevated privilege to scan apps, antivirus for Chromebooks must look for threat-like behaviors. By analyzing a large dataset of ChromeOS devices and apps, modern antivirus solutions can detect threats in new versions of apps and protect you from new viruses.
The last thing I would recommend is setting appropriate policies. There are malicious Chrome extensions out there. For example, Cursed Chrome can take full control of your browser. To protect against these threats, put together a list of pre-approved extensions that you allow your Chromebooks to install. That way, your users will be much less likely to accidentally install malware.
A modern device requires a modern solution
ChromeOS devices are great options to help students and working professionals stay on top of their work and their lives. They’re also affordable, so you have money left over to deploy security.
As you consider providing Chromebooks to your students or workers, understand that they are not laptops or desktops. They are modern endpoint devices that require a modern security solution, much like your smartphone or tablet.
Check out this one pager to learn more about how you can secure your organization’s Chromebooks. And don’t miss this document outlining how Lookout can help educators protect their students.