Inside The Anatomy Of The Human Firewall

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Each year, around 61% of small businesses become the victims of a malware attack. While many small businesses may think no one would ever come after them because of their size, know that over half of the total global attacks hit small businesses and, for thieves, getting access to your systems is becoming increasingly lucrative.

Companies collect more about customers than ever before: medical history, financial records, consumer preferences, payment information, and other confidential information.

Some of this information could be used in malicious ways to either harm your business or directly harm the customers, so we all understand that we must protect it from cyberattacks.

Creating a human firewall is the best way to keep your system and data safe, but what exactly is a human firewall, why do you need one, and how can you build one? Let’s take a look!

What’s a human firewall?
You already know about a “normal“ firewall that acts as a technology shield, protecting your primary systems and sensitive customer data from outside threats like viruses, malware, ransomware, and the like.

Protecting your systems with a technology firewall is an important major step to protect your business and customers, but even the most advanced firewalls can be breached because people you trust, your employees, need access to that data in some capacity, putting customer data at risk.

For a timely example, we can look the public relations nightmare that Facebook has endured over the past two years with scandal after scandal related to how they protect the massive amounts of data they collect on users.

In some cases, the data breaches have been related to flaws in the technology; in other cases, people who were in positions to legally access that data made what some consider poor decisions that put Facebook user data at risk.

A human firewall addresses the second part of this. It focuses on risk awareness, training, and monitoring among employees.

It ensures that people and technology effectively work together to safeguard critical systems and consumer data.

How do humans increase your risk?
If you have a firewall, you may be wondering, how can your employees put data protected by a firewall at risk?

Several types of malicious hackers exploit the weakest link in these scenarios and the weakest link, in this case, is the human.

They employ strategies that innocuously coax employees into helping them breach your firewall.

How do they do it? Let’s look at two common strategies.

Scenario one: basic phishing scam
You get an email that appears to be from your boss’ boss and it sounds urgent. They say that your boss is not available to help them and they ask you to click on a link and log into a work program that gives you access to customer information. You click the link and it takes you to a page that looks exactly like your workstation login page.

An employee is caught between a rock and a hard place. It sounds urgent and they could be fired if they don’t help their boss’ boss.

Because they’ve been told their own boss is not available, they can’t check this out. How many of your employees do you think would comply to avoid getting in trouble? That’s exactly why this scheme or something similar to it is so effective.

Scenario two: Spear phishing scam
You get an email that says, “Hi, {your name}, here’s the file I promised I’d send you earlier this month. I know you’ll find these reports invaluable as a {Job Title}. Let me know how they work for you.“. It comes from someone who appears to work in your company or a company that your department often works with, making the email seem valid and trustworthy.

Do you open the file? If you decided to open the file, it just downloaded malicious key-tracking software onto your computer which can now see everything you type, including all of your passwords or it may go further, infecting your computer and those of your co-workers, overtaking your network and stealing data.