What is a “human firewall” and how does it protect my business?
In the Hardware section of Cyber Summer we discussed the vital role that your firewall has in protecting your businesses. It basically monitors traffic and makes decisions about what to allow and what not to allow. And so do your users. Every single click has the potential to unleash a cyber attack so, alongside the appropriate security software, it is important to ensure the people within your business are able to do their bit to keep your business safe.
The concept of the human firewall is that by taking the same approach with your team members as you would with your security software and keeping them fully up-to-date with the latest threats, how they work, and how to spot them, you bolster your business security in one of it’s most vulnerable areas.
So let’s take a closer look at how to get started building your human firewall.
Why do I need to build a human firewall?
“I’ve already got an expensive firewall and strong antivirus software on every device. Isn’t that enough?”
Great! You’ve taken the first and best step towards being more cyber secure as an organisation. You should never rely on a human firewall alone. The right cyber security approach will protect you against the majority of hacking attempts.
However, it’s precisely because cyber security software is so good that a human firewall approach is needed. Attackers are shifting their focus to social engineering attacks precisely because, increasingly, is easier for them to con a person into deploying your virus from within an organisation than trying to hack into it themselves.
According to ICO data, 45% of breaches in 2019 were from phishing attacks, where the human, rather than the device, is the focus of the attack.
The fact is that if your users are in the dark about what common cyber security threats look like, then your business is vulnerable to some of the most common forms of cyber-attack.
How do I build a human firewall?
At the most basic level, “human firewall” is just a catchy phrase for a structured and ongoing education of employees about the cyber security threat environment.
This can be done yourself internally, by bringing external experts into the company, or through a dedicated service such as our own Security Awareness Training platform.
We can help:
Use Security Awareness Training alongside Total Email Protection for a complete phishing protection solution.
However you choose to do it though, the most important thing is that you keep it going. Just like your hardware firewall, if you don’t manage it properly and let the updates slip, it quickly becomes less effective.
1. Make it easy
Don’t overwhelm people with too much information at once. Make adoption easier by strengthening a few weaknesses at a time.
2. Keep education ongoing
Ad hoc or a few times a year is simple not enough for such an evolving threat landscape. Human firewall education should be structured and continuous, including updates about new threats arise.
3. Give incentives
Encouraging participation in the human firewall can be as simple as giving each member special recognition for doing things like catching phishing emails. Studies indicate that public attribution and validation were strong motivating factors in participation.
4. Include all departments
People shouldn’t feel intimidated or that they aren’t tech-savvy enough to be a part of the human firewall. In fact, it’s essential everyone is encouraged to join. Attacks can be targeted at anyone, from your entry level positions to your highest level executive
5. Keep it human
Those that participate should do their best to help others with cybersecurity concerns, thereby helping change culture and behaviour. Avoid treating people like cogs in a machine.
6. Monitor vigilance
Use phishing simulation programs (such as the one included in our Security Awareness Training offering) to send phony emails to unsuspecting employees and see if any links are clicked. This provides an excellent benchmark for how your business is performing.
7. Always be evolving
The human firewall should be on constant alert for new threats, reporting any suspicious activity. As their tactics change, so must the team incorporate new best practices into their system.
I now understand…
- What a human firewall is.
- How a human firewall approach can help protect my business.
Request for your
Cyber Summmer FREEBIES
Natasha, W Academy
Friendly staff who are very helpful.
Kevin Wood, IT Consultant
The service from Jack has been 110% throughout in line with the excellent service I’ve received since discovering One2Call. Thanks Jack and all.
John Cardy, Farmstar
Ryan was very helpful, I felt that I had wasted his time but he was very understanding.