The human firewall concept
The Human Firewall is the idea that your staff and their knowledge of cyber attacks is one the most important elements of your cyber security strategy. As technology has advanced to better understand the threat landscape, criminals have had to seek other methods of getting what they want. That’s why 98% of cyber attacks now rely on social engineering. Criminals have adapted their techniques to require human intervention in order for their attacks to be successful.
There is a saying that has developed in recent years: amateurs hack technology and professionals hack humans.
But aren’t humans too clever? Too alert to phony attacks? The truth is – no. In fact, we’re more susceptible than ever. That’s because cyber criminals are investing more time and effort to shape their attacks so they appear more credible than ever before.
Taking advantage of weakness
The criminals often play on our human need to please people, in particular our managers or business owners. When this happens, staff are often too hesitant to question legitimacy & comply with attack instructions. These attacks are now so realistic and well timed, they overcome the human element of doubt. And the criminals are raking it in because of it.
Over the last year, social engineering attacks have risen significantly by 23%, yet staff training on cyber security is still an after thought for many businesses. So if the criminals haven’t taken advantage of any staff weakness in your business yet, they’re likely to do so soon.
The good news is, if you invest in the Human Firewall and train your staff, you are less likely to be compromised as a result of social engineering. And it’s more effective than relying on technology alone. But how do you create a successful and robust Human Firewall? Here’s some of my top tips …
1. empower staff suspicion
Make it very clear in the business that everyone has the right to question anyone if they suspect foul play – no matter how small.
Everything should be treated with an air of suspicion and you should never rely on your technology to make the final choice between whether something is suspicious or not.
Ensure that your staff know that if they were coerced into clicking a link or responding to an email it wouldn’t have severe repercussions for them. Have a very open and honest policy relating to what people do and how they act, so no-one feels they can’t speak up.
2. Education, Education, Education
Provide your staff with online learning platforms like Cybsafe, to ensure they are fully up-to-date on the threat landscape. This will also help them to understand the techniques criminals are using to target victims.
Education on this topic does not have an end. It is constantly evolving landscape and your staff need to be aware of the latest techniques. Once they have a good understanding of these, they’re more likely to be able to spot a cyber attack and avoid being duped when one comes along.
It is also important that you continually check their knowledge and bridge any gaps with common sense advice. There is a wealth of knowledge on cyber crime out there – use it!
3. Test & test often
Test your staff on their cyber knowledge. It doesn’t have to be like exams at school – most online staff training portals will provide you with a platform to test your staff with real-world examples. And you’d be surprised how engaging, interactive and fun they are.
Perform these testing phases regularly and keep a log of the areas of weakness your staff have, taking time to address them. Most platforms have a dashboard that will supply a real-world mark as to where your business is at. Constantly review the dashboard results and make the necessary adjustments to your internal cyber security processes.
4. Put it on the agenda
Finally, make sure you put the cyber threat topic on all meeting agendas. The more you talk about it throughout the company, the more engaged and invested your people will be.
Discuss the latest threats and have open conversations around what they are, how they work and even any possible cyber attempts that you’ve recently experienced. Talk about what happened and how it was prevented- or not. Don’t forget to praise those who spot these attempts too!
You could even task a member of staff a month to deliver a short presentation on an unusual cyber threat they find or the latest high profile breaches.
Get together regularly and discuss it as much as you can to create an open and honest culture on cyber security – so it is always at the forefront of everyone’s mind.
A good place to start
One way to build the foundations of a great Human Firewall is to ensure good-quality staff training. Cybsafe is a good place to start. Cybsafe deals with the human element of cyber security and identifies ways to change human behaviour to reduce cyber risk.
The cloud-based platform trains staff so they have the knowledge, ability and confidence to spot, challenge and avoid the many cyber threats. This involves tactics that focus on changing the psychology of how your staff think and feel about cyber security so they adopt new behaviours.
Cybsafe is always up to date with the latest threats and trends, taking employees through real-life scenarios to test what they’ve learnt. It also sends regular, automated mock cyber attacks that identify your company’s weak points and notifies staff to retake knowledge modules in those areas.
get started on your human firewall
Putting the right measures in place to ensure your staff feel confident and aware of cyber security threats is easier than you think. Contact the PCS security team to help get you started with CybSafe – our online staff training solution for businesses of all sizes. Fill in the form below for more information or to book a FREE demo.