Backing the human firewall for better protection

Issue 7 2021 Security Services & Risk Management

Despite the easing of lockdown regulations, working from home remains a business necessity for many people. And this continues to present companies with new forms of cybersecurity risks that take advantage of ongoing market fluxes and uncertainty. This is where the concept of the human firewall becomes critically important.

At its most basic, a firewall is a computer network security system that restricts Internet traffic in, out, or within a private network. A human firewall, on the other hand, combines security awareness and training solutions to deliver a comprehensive way for organisations to protect all levels of their structure, regardless of where people are working from. Essentially, this concept centres on continued employee awareness training to ensure that remote workers understand best practice when it comes to cybersecurity.

This training is not a once-off process but reflects evolving attack perimeters, especially given how a distributed work environment has created new vectors which malicious users can exploit. So, beyond investing in comprehensive anti-virus and endpoint protection software, creating awareness about keeping family members away from work devices and ensuring the organisational virtual private network (VPN) used is as strong as possible, companies must commit to user education across all levels of the business, to minimise their employees posing unnecessary cyber-related risks to the business. Whether it is C-suite executives, a salesperson, an administrative staff member, or the receptionist, consistent training must form an integral part of any company’s cybersecurity strategy.

A security aware culture

At a time when artificial intelligence (AI), machine learning (ML) and robotic process automation (RPA) are becoming part of the norm with employees reskilling and upskilling themselves for a digitally-led environment, so too must this skill set expand to incorporate cybersecurity. It is all about minimising human error, understanding how malware such as ransomware and phishing attacks perpetrate the company network and being vigilant of social engineering tactics when using remote devices.

After all, the best cybersecurity solutions in the world mean little if an employee still clicks on a malicious email, submits sensitive data on a spoofed website and the like. Training must also be adapted to the skill set, knowledge and responsibilities of individual employees.

The content must reflect the current threat landscape and provide guidance on likely future scenarios. It is especially important for smaller businesses to create a security aware culture when employees are working from home and not inside the relative safety of the corporate network. These companies can ill-afford a data breach which could potentially result in significant financial damage and possibly even business closure.

Even though cybersecurity policies must be updated as a matter of course, the reality is that employees must practically understand what they can and cannot do especially when working remotely. Theory is important, but the rapidly evolving threat landscape means that there should be ongoing updates to knowledge bases that include documentation, online materials, email updates and the like.

The new normal is here to stay for the foreseeable future. It is up to the companies themselves to maintain their cybersecurity awareness to safeguard their most important assets.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Sustainability School opens for enrolment
Education (Industry) News Security Services & Risk Management
Three-part programme, first developed for Schneider Electric employees, is now available for free for companies worldwide. Attendees learn how to future-proof their businesses and accelerate their decarbonisation journeys.

Success in business process best practices
Technews Publishing Kleyn Change Management Editor's Choice Integrated Solutions Security Services & Risk Management
This month we commandeer time with the woman who is spearheading our national conversation on Women in Security, Lesley-Anne Kleyn, to get to know the lady herself a little better.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Technology to thwart solar panel thieves
Asset Management, EAS, RFID Security Services & Risk Management Products
A highly efficient industrial network is coming to the rescue of the solar industry, as solar panels, inverters and batteries are being targeted by thieves and threaten to destabilise the industry.

Banking the unbanked comes with security risks
Financial (Industry) Security Services & Risk Management
As grim as it was, the pandemic of recent years and its resultant global economic crisis were a prime catalyst for record number of first-time bank users, the previously unbanked.

Security is like infinity
Alwinco Security Services & Risk Management
Security needs constant attention, dedication and input. The scary thing is that most people think that security is something that you buy, install, and then forget about.

Vulnerabilities in industrial cellular routers’ cloud management platforms
Industrial (Industry) Cyber Security Security Services & Risk Management
Research from OTORIO, a provider of operational technology cyber and digital risk management solutions, unveils cyber risks in M2M protocols and asset registration that expose hundreds of thousands of devices and OT networks to attack

SAFPS to launch a platform to combat fraud
Editor's Choice News Security Services & Risk Management
In response to the growing need for a proactive approach to fraud prevention, the SAFPS is developing a product called Yima, which will be a one-stop-shop for South Africans to report scams, secure their identity, and scan any website for vulnerabilities.

End the scourge of solar panel theft
Guardian Eye IT infrastructure Security Services & Risk Management
Modern solar installations are designed so they can be put together very quickly, but this means they can also be dismantled very quickly, and so there has been a massive spike in the theft of solar panels from roofs.

Troye and Arctic Wolf join forces
News Cyber Security Security Services & Risk Management
Troye has announced a strategic partnership with Arctic Wolf to enable Troye to provide customers with enhanced cybersecurity solutions and services that help protect their businesses from advanced cyber threats.