Backing the human firewall for better protection

Issue 7 2021 Security Services & Risk Management

Despite the easing of lockdown regulations, working from home remains a business necessity for many people. And this continues to present companies with new forms of cybersecurity risks that take advantage of ongoing market fluxes and uncertainty. This is where the concept of the human firewall becomes critically important.

At its most basic, a firewall is a computer network security system that restricts Internet traffic in, out, or within a private network. A human firewall, on the other hand, combines security awareness and training solutions to deliver a comprehensive way for organisations to protect all levels of their structure, regardless of where people are working from. Essentially, this concept centres on continued employee awareness training to ensure that remote workers understand best practice when it comes to cybersecurity.

This training is not a once-off process but reflects evolving attack perimeters, especially given how a distributed work environment has created new vectors which malicious users can exploit. So, beyond investing in comprehensive anti-virus and endpoint protection software, creating awareness about keeping family members away from work devices and ensuring the organisational virtual private network (VPN) used is as strong as possible, companies must commit to user education across all levels of the business, to minimise their employees posing unnecessary cyber-related risks to the business. Whether it is C-suite executives, a salesperson, an administrative staff member, or the receptionist, consistent training must form an integral part of any company’s cybersecurity strategy.

A security aware culture

At a time when artificial intelligence (AI), machine learning (ML) and robotic process automation (RPA) are becoming part of the norm with employees reskilling and upskilling themselves for a digitally-led environment, so too must this skill set expand to incorporate cybersecurity. It is all about minimising human error, understanding how malware such as ransomware and phishing attacks perpetrate the company network and being vigilant of social engineering tactics when using remote devices.

After all, the best cybersecurity solutions in the world mean little if an employee still clicks on a malicious email, submits sensitive data on a spoofed website and the like. Training must also be adapted to the skill set, knowledge and responsibilities of individual employees.

The content must reflect the current threat landscape and provide guidance on likely future scenarios. It is especially important for smaller businesses to create a security aware culture when employees are working from home and not inside the relative safety of the corporate network. These companies can ill-afford a data breach which could potentially result in significant financial damage and possibly even business closure.

Even though cybersecurity policies must be updated as a matter of course, the reality is that employees must practically understand what they can and cannot do especially when working remotely. Theory is important, but the rapidly evolving threat landscape means that there should be ongoing updates to knowledge bases that include documentation, online materials, email updates and the like.

The new normal is here to stay for the foreseeable future. It is up to the companies themselves to maintain their cybersecurity awareness to safeguard their most important assets.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...
Risk management and compliance enforcement
Security Services & Risk Management
Having a risk management and compliance programme (RMCP) is not just a procedural formality; it is a legal requirement under Section 42 of the Financial Intelligence Centre Act (FICA).

Read more...
The dangers of poor-quality solar cables
Security Services & Risk Management Smart Home Automation
Reports indicate that one in six fires attended by South African firefighters is linked to substandard solar installations, often due to faulty wiring or incompatible components.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it is a gamble.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it’s a gamble.

Read more...
Managing mining physical security risks
Zulu Consulting Security Services & Risk Management Mining (Industry) Facilities & Building Management
[Sponsored] Risk-IO, a web app from Zulu Consulting, is designed to assist risk managers in automating and streamlining enterprise risk management processes, ensuring no steps are skipped and everything is securely documented.

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...