With today’s threat landscape changing fast, cybersecurity is increasingly important to organisations with an online presence, or who run any facet of their business online. This week we look at how by creating a human firewall within your business you can prevent harm by empowering your staff with the knowledge of knowing what to do when exposed to malicious activity.
What is a firewall?
We will start by explaining what a firewall is by looking at a definition from Okta, identity and access management specialists:
When functioning properly, a firewall blocks some kinds of harmful traffic while allowing the good work to move forward unimpeded.
Okta go on to explain that a firewall should be able to:
Inspect. Traffic both entering and exiting your system should be closely examined, byte by byte.
Decide. You define a set of actions or characteristics you'll allow. The traffic is compared to your rules.
Act. If the traffic adheres to your rules, it's allowed. If not, it's rejected.
Okta reveals that a firewall can help to protect your organisation’s servers, datasets and resources and is an important part of offering safety to your company. However, as they also point out, firewalls aren’t bulletproof. This is why the team at Identity Digital Australia believe it is important to heighten staff awareness, and work towards the creation of your very own human firewall.
Creating a human firewall
SK Farhan Tanvir, Cyber Security Specialist at Identity Digital Australia explains that a human firewall is a crucial strategy for a business to deploy.
“Humans, susceptible to phishing and spear phishing attacks, are the first point of contact for attackers to gain entry into an organisation's environment. As employees, we have to keep vigilant for potential threats and mitigate them by following proper reporting and containment processes”.
SK shares some steps to follow in doing this:
- Do not share company information on social media, and be mindful of what you are sharing about yourself;
- Be alert of suspicious emails, text messages or phone calls;
- Ensure strong, unique passwords for different websites and applications;
- Ensure multi-factor authentication (MFA) wherever possible;
- Do not let unexpected visitors into your office;
- If you see something suspicious or violating company policy, report it.
As the primary entry point to internal systems, ensuring high employee awareness is essential, so it is a good idea to empower them with the knowledge that they need to minimise any risks. SK reminds us that the first step towards achieving this is by ensuring staff are vigilant and aware of current cyber security threats, from phishing, smishing, tailgating, malware and/or ransomware, to social engineering.
It is also important to make it easy for staff to report suspicious activity to a central place, where security team members can review and investigate. By training staff and ensuring they remain informed of threats, an organisation's human firewall becomes stronger and increases its likelihood of detecting and disrupting malicious activity attempts.
For more information visit the Australian Cyber Security Centre’s website, where they have published a number of helpful resources including a cyber security guide for small businesses, as well as strategies for larger organisations and critical infrastructure.
Have a question, comment or want to get in touch? Email us at firstname.lastname@example.org