What is a Human Firewall and How Can You Strengthen It?
You know those team building exercises and motivational posters that make you aware that the company can’t function without YOU! Building a human firewall, can feel very similar. The company’s network security relies on YOU! Helping your employees understand their importance in strengthening the human firewall in your company is essential in your cyber security plan, and should be included in your IT services.
What is a Human Firewall?
Typically when your managed IT support provider talks to you about your firewall, it has to do with a hardware device, or some software on your computer. A regular firewall is a device or software that blocks certain types of traffic from entering your network. Most internet traffic, which is when a user visits a website, passes through the firewall on a specific port, or assigned number for that traffic. Emails coming in and out of your network travel on a different port, or number. You want to block ports that aren’t in use by a program on your network to lock the doors to your network. You typically will do this through your firewall. It’s basically a security device that helps keep the good traffic flowing, and the keeps the bad traffic out.
Recently a lot of focus has gone into creating a human firewall. What people are really meaning when talking about a human firewall is the ability to train employees well enough, that they help secure the network. Much like the regular firewall is protecting the network, a team of well trained employees will also protect your business network. The majority of major attacks on corporate networks recently were due to some form of employee negligence. The most recent being the latest Twitter hack that affected many verified accounts. The human firewall is, by far, the weakest link in a companies cyber security solution.
Building a human firewall requires a lot of training, and a lot of practice. It’s so easy to fall for some of these recent scams. If you aren’t vigilant, you could get sucked in easily since the attacks are becoming more and more convincing. There are a few areas you should concentrate on with your employees to build a fantastic human firewall.
Top areas of weakness to the human firewall
Phishing Attacks are probably one of the most common ways someone will fall for a scam. We’ve seen several smart employees recently fall for an email informing them that their Facebook page will be disabled. Understanding which phishing scams are currently in circulation can really help to avoid falling for them. As you become aware of the currently circulating phishing scams, your radar for identifying new ones will increase. Additionally, spear phishing attacks have also been climbing. These are more targeted attacks that use social engineering to find out details about a person to make their attack appear more legitimate. Spear phishing attacks are highly dangerous, and employees need to be made aware of some of the signs of an attack such as urgency and requests to do things outside the norm.
Malware is typically installed when you are browsing a compromised website. Even a site you visit frequently can fall victim to a hack, leaving you vulnerable to attack when you visit. Pop-ups that inform you of an infection can often scare a user into downloading and installing malware. Training employees on how malware works, and the tricks they use to get you to install it, can go a long way to fight this type of vulnerability.
The last area that most commonly opens your company up to malicious attacks is theft or loss of devices. Bringing your own device to work has become extremely commonplace, especially now that many people have started working from home on personal devices. Often the employee doesn’t have the right kinds of anti-theft protection on their device, or isn’t securing their device properly. A cell phone with access to company files and emails needs to have a secure way to access it. So many high end phones now have fingerprint readers, or even the ability to scan your face to grant access to the device. Utilizing the security measures already in place on these devices will help protect your company in the event of loss or theft.
How to strengthen the human firewall
A little bit of education can go a really long way when building your human firewall. Get the employees at your company on board with protecting your companies network. It is really in their hands, and they should understand that fact. Enforcing ongoing security training is a great step in the right direction here. Security training can’t just be a one and done thing. It needs to be ongoing and should test the employees ability to spot a scam. Many programs, like the one we utilize for our clients, will send regular phishing emails to test an employees skills at recognizing them. If the link in the email is clicked, they are brought to a training page to help them understand what their mistakes were.
2FA or MFA
2-Factor or Multi-Factor Authentication has become extremely important in helping to strengthen the human firewall. This gives employees an extra layer of security for when they do fall for an attack. Multi-Factor Authentication requires two things in order to gain access to the employees accounts, something they know and something they have. Something they know is generally their password. Something they have is typically their phone or a one-time passcode device. When accessing their account they need to enter their password and then enter the one-time code displayed on their phone or device or texted to them. While having this in place will prevent most of the malicious attempts to login to the employees account, it is not fool proof. As MFA rises in popularity, attackers are now smart enough to ask for the code as soon as the employee is handing them their credentials so they can use the code that is sent right away to gain access.
Company issued devices
With so many people working from home now, using a personal device is becoming more prevalent. These devices could already have malware on them, and might not have the proper security in place to access sensitive company data. Issuing devices to remote employees can really improve the entire security of your company. Not only will you be able to install the necessary security tools needed to keep the device secure, you will also be able to install other management and maintenance tools to make sure the devices remain up to date to prevent a malicious attack on your company data.
If you are located in the Salt Lake City area, and would like to learn more about how to protect your human firewall, or would like to have an assessment of your network security please contact us today to set up an appointment! Phone number: 801.290.0388 or email us at [email protected]
Click here to find out more about Protek Support’s IT Services in Utah
Eric is the owner and CEO of Protek Support and is a CISSP (Certified Information Systems Security Professional). He graduated from Utah State University with a Bachelors of Science degree in Business with an emphasis in Information Technology (IT). He is an IT Services expert in a variety of technology related fields. Some of these fields include document management software/hardware, enterprise level networking and VoIP phone systems, as well as large scale software implementation projects and the setup of small business networks.