The concept of the “Human Firewall” is essentially the people aspect of cybersecurity. While spam filters can block many of the threatening emails you receive, and strong endpoint detection solutions can help stop malware attacks in progress, at the end of the day your security’s greatest strength or biggest vulnerability is the people behind it.
As technology and society have evolved, especially with the rise in Work from Home and Bring Your Own Device, the ideas and practices behind establishing a strong human firewall that works with your security technology instead of against it have shifted.
Read on to learn about some areas of weakness to the Human Firewall and ways you can strengthen it to bring rock solid cybersecurity to your organization.
Phishing Testing and Security Awareness
You can’t expect your people to act cyber-safe unless you take the time to educate them on the current security landscape.
A Security Awareness Program should have modest goals. Your team probably doesn’t have to worry about understanding encryption protocols or how to perform vulnerability assessments. However, it is important that your staff understand:
- What fake emails look like
- What the typical signs of malware or ransomware are
- A basic understanding of cyber hygiene to maintain personal and work devices
Nowadays, many workers use devices such as their own smartphone to access company email or files. And with the rise of Software as a Service (SaaS) and cloud-based environments, people can typically access company applications and data from any device.
Now that many traditionally office-based employees are at least working part of the time from home since the pandemic, we need to acknowledge that for many of these staff members, the line between work and personal devices has blurred significantly.
As a result, the “threat footprint” has risen for most organizations.
Instead of focusing on an office environment with devices that were sourced by the company and managed by an IT department or service provider, things now are a bit more vague.
Not only do you have to protect your office environment, but you also need make sure other devices touching your data have security and management so they aren’t the weak links in your security chain.
How confident are you that your staff and IT managers are taking care of the devices that aren’t owned by the company? A good way to get started is:
- Know what devices every staff member is using.
- Make sure that your IT people (or your staff themselves) are staying on top of patches, updates, malware protection, and security settings.
- Be sure to avoid using devices that are no longer supported by the original manufacturer.
Policy and Process Management
Organizations that have a good culture of following processes will find their Human Firewall to be much stronger. Whereas groups whose staff get little direction from management tend to have more serious issues when experiencing challenges such as a ransomware attack.
We put a lot of trust in our staff when we give them access to company devices and information.
It’s pretty much the same as giving the family car keys to your kid who just got their driver’s license. The car has seat belts, air bags, collision detection…you name the safety feature, and this car has it. But when all is said and done, it’s your kid behind the wheel, and they will control what happens with the car. Does the seat belt even matter if they don’t use it? Will the safety features matter if your child drives poorly?
The way we address this with a car is by heavily educating drivers up front and making sure everyone knows the rules of the road BEFORE we trust them with a car. We know that once we give them control, we lose control, so our goal is to be confident before we exercise that kind of trust.
You can implement these same concepts when it comes to your employees’ access to work technology and data.
Before you hand over the “keys to the car”, your staff needs to know the risks they are taking. They should understand:
- The value of the data they control
- The threat landscape
- What types of usage is and is not allowed
- How to respond to certain situations
Organizations that have a good culture of following processes will find their Human Firewall to be much stronger. Whereas groups whose staff does whatever they want and get little direction from management tend to have more serious issues when experiencing challenges such as a ransomware attack.
These organizations are often left struggling to figure out locations of important data, or identifying who had access to specific information, or where passwords are shared among multiple people.
Your Human Firewall will be much stronger if you keep a basic security discipline in place.
So how does your Human Firewall stack up? Do you think your team is careful about what they do with their computing devices and know how to respond to threats?
Remember these tips to building a successful human firewall:
- Strong and consistent communication from management about expectations and how staff can help improve security.
- Make it simple for staff to learn and implement security best practices.
- Implement and follow a security process across all departments.
- Perform security awareness training sessions on a regular basis.
- Continually test and monitor your staff’s vigilance.
Unlike sophisticated technical security solutions, the Human Firewall can fit in the budget of any business or individual who cares about protecting their assets from theft or loss.
One thing is for certain, there’s never going to be a better time to improve your security posture.
If you would like to learn more about how to improve your security, reach out to us today!