Building a Human Firewall
Network and computer security has evolved, as have the threats. A human firewall is necessary to protect your users and organization from data breaches, identity theft, and costly downtime. Relying on antivirus on every computer as your only security simply doesn’t work. Users are the weakest link to network security. But, with proper training they can become your strongest defense as a human firewall!
A report based on interviews with hackers at the 2016 Black Hat conference found that 81% of hackers are confident they can get access to your data within 12 hours. Over 75% of the report respondents study security and technology news at least 1-10 hours a week. Over 50% of these same folks stated that employee education was an “extremely important countermeasure”. If your team isn’t being educated and you don’t have a trusted Managed Security Services partner keeping eyes on things, it’s safe to say someone else’s eyes are, or easily can be, on your data.
Baseline Testing
Most firms, especially small businesses, have no formal process in place to test staff knowledge of security threats. They don’t monitor threats coming into the network from email, website browsing, and more.
In February of 2017 Google released findings from analyzing over a billion emails. Business email receives 6.2X the amount of phishing attacks, 4.3X more malware, and 0.4X more spam than personal email accounts. Seeing as a lot of staff use their work email as their personal email, it’s safe to say this is a huge threat.
Baseline testing addresses this by sending mock threats and attacks to users and tracking how they respond. For example, simulated phishing attacks will email users with “free pizza” and “IRS tax credit” offers they can click over to and/or download forms for. At BCC we also do USB drop tests by placing trackable USB thumb drives with files that report back home when opened throughout the office.
All user responses (or non-responses) are tracked and recorded to discuss who might need more extensive training. Post training, another test is run to confirm the effectiveness of your new human firewall.
Initial and On Demand Training
After seeing the results of a baseline test, most firms quickly see the reason why they need to train users and the potential value. In person training should be completed but on demand solutions are also needed.
For example, a video training library can be made available. We recommend chopped up clips and videos containing small topics that can be quickly consumed on the go, or as needed. If a user hears about Ransomware in the news, they should be able to quickly pull up info on it from this reliable source.
A well trained soldier will always be much more effective as part of your human firewall.
Ongoing Education
As mentioned earlier, threats are always evolving. Users need to be informed of new threats and human engineering schemes as they come to light and start spreading. A knowledgeable contact within your organization (or your trusted IT partner) should provide regular communication on these items.
At Blue Collar Computing we send out monthly newsletters with the latest threats and simple user tips to our Managed Security Services clients. Our on-demand training library is also regularly updated.
Proactive Threat Tracking
User education is only one half of the equation, unfortunately. Having a knowledgeable staff gives you the human firewall that complements your network firewalls and systems. Antivirus, proper patching, and network access control are still important. Furthermore, we recommend going the extra step and having an advanced, unified threat management (UTM) and SIEM in place.
If you have a Managed Security Services partner you’ll want to make sure they’re using advanced heuristics to track potential attacks. They should be spotting attack patterns from the outside as well as detecting network traffic that looks like a compromise or data leak on the inside. We combine the end user training with advanced threat detection and incident response at BCC. It’s a must have for industries needing compliance.
If your firm needs a partner to help build out your human firewall, give us a call or send us an email at Blue Collar Computing. I personally love talking about security and training users!