Image: Jack Wallen

I can’t believe I’m about to say this, but it’s almost the end of the year. That means gifts will be purchased and budgets will be spent. That translates to new tech. You, or someone for which you serve as an admin, might wind up with a shiny new Chromebook. Guess what? You’ll be the one responsible for making sure that new laptop is secure.

What do you do? After all, it is running Chrome OS, which means there’s very little you need to do. Right? Well, sort of. Certainly, out of the box, Chrome OS is more secure than say, Windows 10. But, that doesn’t mean it can’t be given a bit of help.

Let’s take a look at a few tips and tricks you can employ to make sure those Chromebooks are as secure as possible.

SEE: Windows 10 security: A guide for business leaders (TechRepublic Premium)

1. Secure your Google account

No matter how hard you work to secure that Chromebook, the security of that device is only as strong as the password used by the account holder. Not only should the account use a very strong, very unique password, it should make use of two-factor authentication (2FA). To setup 2FA, visit your Google Account Security page and enable 2-Step Verification (Figure A).

Figure A

You will be prompted to walk through a fairly simple wizard to set this up. You will also need a 2FA mobile app such as Authy or the Google Authenticator.

While you’re on the Google Account Security page, you should also make use of the Secure account tool. This will find any issues with your devices (which actually only allows you to remove access to your account from devices you might no longer use), allow you to review third-party access (which allows you to revoke app passwords), view recent security events, enable/disable 2FA, and check your saved passwords.

However, the single most important thing you can do with your Google account is to simply use a strong password.

2. Configure Chrome

The Chrome browser offers settings apart from Chrome OS. Considering you’ll be spending the vast majority of your time on Chrome OS within the browser, you’ll want to make sure to change a few of the default settings. To do this, open Chrome and click the menu button. From the drop-down, click Settings. In the Privacy And Security section, disable the following:

  • Use A Prediction Service To Load Pages More Quickly
  • Allow Sites To Check If You Have Payment Methods Saved

Next, make sure the following are enabled:

  • Send A “Do Not Track” Request With Your Browsing Traffic
  • Safe Browsing

Next we want to prevent your browsing history from syncing to your Google account. To do that, type chrome://settings/syncSetup in the Chrome address bar. In the resulting page (Figure B), disable the entry for History.

Figure B

While you’re there, you might as well disable the entry for Payment Methods and Addresses using Google Pay.

3. Ensure your Chrome OS is up-to-date

It never ceases to amaze me how often I find users simply don’t bother applying updates. With each upgrade released for Chrome OS (or any OS, for that matter), vulnerabilities are patched and new features are added. When an operating system is left to its own devices, it won’t upgrade. That leaves you (or your Chromebook user) vulnerable.

It is imperative that updates be applied as soon as possible. Because this is Chrome OS, updates generally don’t take long to complete (less than 2-5 minutes tops). So every time you see an update available, apply it.

If you’re not sure if an update is available or what build you’re currently running, go to Settings | About Chrome OS. You will find a Check For Updates button (Figure C) and your current build number.

Figure C

4. Install Google Find My Device

If your Chromebook has access to the Google Play Store (which most new Chromebooks do), you’ll want to install the Google Find My Device service. To do that, go to Settings | Google Play Store | Manage Android Preferences | Google | Security | Find My Device, and you’ll be prompted to install the service (Figure D).

Figure D

Once installed, open the app and, when prompted, select the Google account to be used. You will be prompted for your Google account password. Once you’ve successfully authenticated, you’ll be required to give Find My Device permission to access the device’s location (Figure E).

Figure E

Click Allow and the on-screen map should immediately locate the device in question. Now, should you lose your device you can go to the Find My Device site and locate that Chromebook. If it doesn’t show up immediately, give it a moment and it should appear.

5. Use caution with Chrome extensions

People tend to get a bit overzealous when it comes to extensions. I’ve seen users with a staggering number of installed extensions. Don’t be that user. Why? We’ve seen too many extensions that have compromised the security of user data. Some of these extensions are even from well established companies. Back in June 2019, it was discovered that the Evernote Chrome extension allowed attackers to steal data from over four million users (see: Evernote Chrome extension vulnerability allowed attackers to steal 4.6M users’ data).

Because of this, you should be adamant about not installing extensions. Only install those extensions you must use for work or other productivity purposes. Even then, vet those tools to the best of your ability … otherwise you risk compromise.

6. Enable sleep locking on a Chromebook

On option you might not know about is sleep locking. After using your Chromebook you close the lid, assuming it’s safe from prying eyes. That’s not always the case. If you lift that lid back up, you’ll notice you are right back in, no password required. This isn’t always the safest route to go. Instead, you’ll want to enable the Show Lock Screen Waking From Sleep option.

This option is tucked away from sight, so you have to know where it is. The location is Settings | People | Screen Lock | Show Lock Screen When Waking From Sleep (Figure F).

Figure E

After tapping or clicking Screen Lock, you’ll be prompted to enter your Google account password. Once you’ve done that, click to enable Show Lock Screen When Waking From Sleep and the next time you open the lid to your Chromebook, you’ll have to type your password to gain access.

Use wisely

And there you have it–six easy-to-use tips to help make your Chromebook as secure as possible. Don’t assume that just because that Chromebook is powered by Chrome OS, that your laptop is 100% safe. It takes a bit of work, but anyone can enjoy far more security than the out of box experience.

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Subscribe to the Cybersecurity Insider Newsletter

Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday