The Human Firewall:
When most people think about information security, they think about all of the hardware and software that protects the data from outside eyes. The greatest access point to this data is often overlooked: the employees of the company. Simply put, building a human firewall is the practice of developing a security conscious mindset for all employees with access to sensitive information. Reluctance to train employees this way is the reason why phishing remains the most common and successful tactic for attacking small businesses.
The humans at a company are a much more common target than the system itself. Sensitive information is only as secure as the least secure human who has access. This is why it is important to build a culture in the workplace around security awareness and to think twice before distributing information.
Simple steps and tasks can contribute plenty to building a human firewall. Things such as training employees to identify phishing attacks could very likely save an employee from being a phishing victim. Another important step is to evaluate who has access to what data. Blocking outdated access points is very important. If former employees or consultants still have access to information which is no longer relevant to them, they should be removed from the system as they could be a vulnerability (Read more about Cyber Awareness Training).
It is also good practice to train employees to separate their work and personal lives. Countless of hacks have stemmed from large data breaches where company employees signed up for personal accounts using their work email. Dropbox's 68 million account breach was a result of their employees using work emails for Linkedin, which suffered a 117 million account breach just months prior. This type of linked hack is much easier when targeting small to medium sized businesses. Monitoring the use of unsanctioned applications (shadow IT) helps establish a human firewall.
Phishing, Malvertising, Shadow IT, and Digital Footprint are all key components of the human firewall. If you are interested in developing these areas for your company, please follow this linkor contact us to learn more.
Keywords: cyber security awareness, cyber awareness training, offensive security, security training, human element