What is a Human Firewall?
Human Firewalls are comprised of a group of people from your organization with a mission to detect scams such as ransomware or phishing attacks that sometimes bypass your computer security systems. These attacks need a human to properly handle them in order to protect your company from loss. Human firewalls are extremely important as they are frequently your best and last line of defense from cyberattacks, which are becoming more and more sophisticated all the time.
Security Best Practices
How do you make sure that your organization is following best security practices in order to keep your IT environment as safe and secure as possible?
Your company needs to be using the right systems that can be properly secured using industry best practices. It is important that these systems are kept up-to-date with the latest security patches. Even if you have all of your systems fully patched and up-to-date with the latest software, is your organization safe from any/all technical exploits? The answer is still "no". This is why the need for a human firewall is so strong.
Developing Human Firewalls
How do you get your employees interested in becoming a Human Firewall?
First you need to communicate the importance of the question: why are firewalls important? A human firewall is extremely important to the company's security and overall well-being. It would be great to supply some real-life examples such as an organization’s files being encrypted and the attacker requesting payment to unencrypt or a phishing attack coming from a known person asking you to wire money. Both of these examples can be detrimental to your company’s reputation and success. Employees need to understand why the human firewall is important, so then they will feel the need to be a part of the solution used to help the entire organization strengthen their security. Employees at a company with a great culture will be more diligent when it comes to protecting their company's security than those working at a company that is lacking in a great/good culture. The better your company trains and treats its employees, the more likely those employees will care and want the company to thrive. Therefore, they have the potential to be a great human firewall.
Training Your Human Firewall
Training to be a human firewall is not a one-time thing. Once a single training is completed, you don’t magically now have a hardened firewall. The training needs to organically grow and be an ongoing part of your company's cyber awareness. The reason for this is so that users continually learn about current and new exploits, as well ensuring they are diligent in identifying and fighting ongoing security breaches.
As many learners are visual learners, it would be advisable to go through visual training with real life examples. You need to train employees so they can learn how to spot possible phishing/ransomware attacks on their own. This is crucial as people will frequently receive these possible breaches to their corporate email box, for example. If handled improperly they can open the entire network/organization up to problems.
One good thing to do after educating your human firewall on how to spot phishing attacks is to put some phishing testing software in place, so you can see and track how your employees are handling messages that may be phishing attacks. This type of software is great because you can create the messages in a way that attempts to trick your employees. Any action they take such as clicking on a link will not actually cause any real-world damage but will give reports to the administrator so they can easily see where more training is needed. Continuous improvement here is the goal.
Human Firewall Guidelines
A basic guideline for your human firewall would be to discourage opening emails from anyone you do not know and are not expecting an email from. These types of emails could potentially contain a virus, ransomware or a phishing exploit. Users should always be wary of emails that have a link to click to update your credentials. It is always a good idea to check the from address of any email. Often times the name is spoofed such as from Apple, but the email is a personal gmail address - this is a great example of a problem email.
Finally, once you have a good core group for your human firewall, you will want to continually grow the membership. Really, the goal is really for every single person in the entire organization to be a part of the firewall. As a chain is only as strong as its weakest link, you don’t want to have any weak links in your chain, so full cooperation and understanding by all in this program is a must for any successful organization. One way to ensure coordination is to participate in any firewall security courses available.