Backing the human firewall for better protection

Issue 7 2021 Security Services & Risk Management

Despite the easing of lockdown regulations, working from home remains a business necessity for many people. And this continues to present companies with new forms of cybersecurity risks that take advantage of ongoing market fluxes and uncertainty. This is where the concept of the human firewall becomes critically important.

At its most basic, a firewall is a computer network security system that restricts Internet traffic in, out, or within a private network. A human firewall, on the other hand, combines security awareness and training solutions to deliver a comprehensive way for organisations to protect all levels of their structure, regardless of where people are working from. Essentially, this concept centres on continued employee awareness training to ensure that remote workers understand best practice when it comes to cybersecurity.

This training is not a once-off process but reflects evolving attack perimeters, especially given how a distributed work environment has created new vectors which malicious users can exploit. So, beyond investing in comprehensive anti-virus and endpoint protection software, creating awareness about keeping family members away from work devices and ensuring the organisational virtual private network (VPN) used is as strong as possible, companies must commit to user education across all levels of the business, to minimise their employees posing unnecessary cyber-related risks to the business. Whether it is C-suite executives, a salesperson, an administrative staff member, or the receptionist, consistent training must form an integral part of any company’s cybersecurity strategy.

A security aware culture

At a time when artificial intelligence (AI), machine learning (ML) and robotic process automation (RPA) are becoming part of the norm with employees reskilling and upskilling themselves for a digitally-led environment, so too must this skill set expand to incorporate cybersecurity. It is all about minimising human error, understanding how malware such as ransomware and phishing attacks perpetrate the company network and being vigilant of social engineering tactics when using remote devices.

After all, the best cybersecurity solutions in the world mean little if an employee still clicks on a malicious email, submits sensitive data on a spoofed website and the like. Training must also be adapted to the skill set, knowledge and responsibilities of individual employees.

The content must reflect the current threat landscape and provide guidance on likely future scenarios. It is especially important for smaller businesses to create a security aware culture when employees are working from home and not inside the relative safety of the corporate network. These companies can ill-afford a data breach which could potentially result in significant financial damage and possibly even business closure.

Even though cybersecurity policies must be updated as a matter of course, the reality is that employees must practically understand what they can and cannot do especially when working remotely. Theory is important, but the rapidly evolving threat landscape means that there should be ongoing updates to knowledge bases that include documentation, online materials, email updates and the like.

The new normal is here to stay for the foreseeable future. It is up to the companies themselves to maintain their cybersecurity awareness to safeguard their most important assets.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SMARTpod talks to The Risk Management Forum
SMART Security Solutions Editor's Choice News & Events Security Services & Risk Management Videos Training & Education
SMART Security Solutions recently released its first SMARTpod podcast, discussing the upcoming Risk Management Forum Conference 2024, which will be held on 26 September 2024 at the Indaba Conference Centre in Fourways, Johannesburg.

Read more...
There is a SaaS for everything, but at what cost, especially to SMEs?
Editor's Choice Information Security Security Services & Risk Management
Relying on SaaS platforms presents significant cybersecurity risks as the number of providers in your landscape increases, expanding your attack surface. It is important to assess the strength of the SaaS providers in your chain.

Read more...
Unlocking new efficiencies in private security
Security Services & Risk Management Transport (Industry) Smart Home Automation Logistics (Industry)
Justin Manson, Sales Director at Webfleet, discusses how the urgent need to protect life, and to do so more efficiently, is driving continuous innovation in holistic home and residential security services in South Africa.

Read more...
Innovation and security go hand in hand
Technews Publishing Facilities & Building Management Security Services & Risk Management
In a world where the demand for tech innovation is matched only by the acceleration of cybersecurity threats, businesses face the challenge of balancing new product development and robust security measures.

Read more...
Bomb threat landscape in South Africa
Editor's Choice Security Services & Risk Management
Over the past 25 years, South Africa has faced thousands of bomb threats and explosive incidents annually, imposing a significant economic burden on the nation, costing billions of rand.

Read more...
Natural catastrophes and fire risks top concerns
Security Services & Risk Management Asset Management Residential Estate (Industry)
Natural disasters are the highest risk in the real estate industry, followed by fire and explosions, and then business interruption. Estates must prioritise risk management and take proactive measures to safeguard their assets, employees, and reputation.

Read more...
Building a solid foundation
Alwinco Security Services & Risk Management Asset Management Residential Estate (Industry)
Understanding the roles of a Risk Assessor and a Risk Manager is like building a solid and secure foundation in the security world. Andre Mundell makes it easy to understand.

Read more...
SA firms take nine months to detect data breaches
Information Security Security Services & Risk Management
A human being can be conceived and brought into the world at roughly the same time a South African small and medium-sized enterprise (SME) becomes aware of and reports a data breach.

Read more...
Be wary of these scams this tax season
News & Events Security Services & Risk Management
As we approach the end of August, millions of South Africans will log onto the SARS eFiling website or visit their closest branch to complete their tax returns, but scammers are also waiting to defraud with tax-related scams.

Read more...
Businesses battle for long-term sustainability
Security Services & Risk Management News & Events
KPMG International’s report reveals the three key risks to growth in 2024 and beyond: geopolitical uncertainty, trade restrictions, and divergence on AI. The energy and natural resources sector is the ‘most exposed’ industry group in 2024.

Read more...