Your organization may be guilty of a common misconception, that cybersecurity and risk management are the sole purview of the IT Department. Or that the best way to combat the risk of attack is through the use of technology and tools. And while both IT staff and cybersecurity tools are absolutely critical, it is the human firewall made up of everyone at your organization that is by far the best way to keep the bad guys at bay.
Build that wall!
No, not THAT wall. (Insert eyeroll emoji here.) A human firewall refers to a nearly impenetrable line of defense that utilizes your trained and knowledgeable staff. Here’s why this is so important: 95% of breaches are the result of human error. Yes, that’s right. In other words, had human error not been a factor, the chances are that 19 out of 20 breaches would have never happened! But while your employees – your “humans” — may be the greatest threat to your data security, they could also be your greatest asset. Look at it this way: While all the technology you employ (email filters, firewalls, data loss prevention) alleviate the symptoms of a threat, they do nothing to address the actual cause. Again, that’s us humans and our imperfect behavior. Until you directly address that root cause and do something to prevent it, you’re left triaging the inevitable damage.
From zero to hero
It’s time to turn your weakest link into the building blocks for a strong, unbreakable human firewall. When trained properly and surrounded by a robust cybersecurity culture, your staff – your humans – can be the bricks in that wall. Start their cybersecurity awareness journey during onboarding and follow it up with regular “refresher” training, at least 2-3 times a year.
Be alert to the threats
Your staff should be made aware of the biggest threats to the human firewall:
- Phishing and social engineering via email, texts and phone calls
- The use of weak passwords, as well as re-using the same passwords
- Sharing password/account information
- Loss or theft of devices and/or information (physical theft – whether straight from someone’s desk or out of their car, or the stealing of info from insecure networks). This can include laptops, desktops, smartphones, tablets, hard drives, thumb drives.
- Not installing patches or updates in a timely manner
Ways to strengthen your human firewall
Knowing what the threats are means you need to strengthen your firewall to keep them from breaking through. You do this through:
Cybersecurity awareness training
Yes, I sound like a broken record, but it really is the number one way to get employees to understand how their behavior can tear down that wall. Teach them the signs of phishing and social engineering, particularly in email. Make sure they understand what and what NOT to do if they are at all suspicious of a message. Emphasize (and then re-emphasize) the importance of using complex and unique passwords with every account and keeping them private.
Utilize MFA or 2FA
Multi-Factor or 2-Factor Authentication as account access methods are helpful in strengthening the human firewall and giving individuals another layer of protection. MFA/2FA calls for individuals to secure their accounts by requiring two things, something they know (e.g., a password) and something they have (e.g., a phone, where they will be sent a one-time code). Only this combination of existing password and new, unique code will grant them access.
Managing personal devices used for work
With work-from-home and hybrid work situations exploding since the start of the pandemic, using personal devices for official work is becoming increasingly common. Personal devices might be more susceptible to malware and cyber-attacks, as they may not be outfitted with the necessary security tools. So, if you are allowing employees to use their own devices for work, it is critical that you have strict guidelines in place to secure your organization’s data. Clearly there is a benefit to your organization issuing devices to staff: It is easier to install the necessary software and security tools AND keep them updated. But if that’s just not possible, make sure you have clear policies in place that require your staff to update their devices immediately, whenever available.
By following these guidelines, there’s no reason why your organization’s human firewall can’t be a sturdy and reliable guard against the vast landscape of impending threats on the other side.