Understanding the Human Firewall: IT Security
Lewis Stewart of Forfusion takes a look at IT Security and understanding the Human Firewall
"The human element is the most common vector for an attacker, an educated or trained end-user is an asset to any organisation when he or she takes proactive steps to alert security personnel." (Hummel.R, 2017)
Whether it be your employees, contractors, suppliers, customers, or prospects, your company security culture needs to include all of your stakeholders. After all, a chain is only as strong as its weakest link.
Here are 10 points to consider when thinking about IT security and your company’s cyber-security hygiene:
- IT security is often seen as a negative function, which can make employees’ lives more difficult and limit the amount of control they have over their own equipment. This mentality often leads to employees actively looking for ways to bypass security measures that are in pace.
- Employees want to try a new productivity or work-related tool, so they should be able to get helpful advice and guidance from IT. Colleagues in IT should want employees to ask them questions and recommendations as that's how you can engage and educate them.
- Staff should understand that protecting their home IT Security is just as important as protecting work IT in order to mitigate the risks of contagion via BYOD practices.
- Informative IT Security posters should be displayed where appropriate and more formal training should be provided in order to teach staff how to protect themselves.
- Social media platforms are used for both personal and business means; the line is blurred. This cross-over between personal and business can be unhealthy, and a divide needs to be created and maintained.
- Acceptable use IT Security policies are a must to protect both the user and the company. Security knowledge should not be considered common sense, each department has their own items to learn. Creating an educational environment is just as important as incorporating a culture.
- If you tell employees, they will forget. Show them how something works and they will remember. Involve them and they will understand. Take apart a phishing email and show them why it's dangerous. Just telling them that phishing emails are bad does not equip them sufficiently to identify or understand the risks involved. Running phishing assessments with instant feedback is a way of involving employees and teaching them. Cisco does this very well.
- To capture someone's attention, you need to do it in six seconds according to a new study by comScore (2017). By using the AIDA (Attention, Interest, Desire, Action) psychology model can influence a positive change in employees. A change in attitude will change their behaviour which will change their actions.
- Don’t presume to dictate to employees. They know their job better than you. Open discussions and learning groups will engage them and better yet, may reveal anomalous events or behaviour previously unknown to the organisation.
- A passphrase is a great password. A mixture of uppercase, lowercase, numbers and special characters will provide a strong but forgettable password. A memorable password is a passphrase that is engaging and connects on an emotional level. “Unhappy rabbit black jack” is a strong passphrase that is 25 characters long. The complexity of this passphrase can be increased by replacing vowels with numbers and by adding special characters. “Unhappy rabbit black jack” turns into “Unh4ppy r4bb1t bl4ck j4ck!”, a passphrase that is both highly remembered and complex enough to meet typical password requirements.
In summary, the human firewall needs to be understood in order for IT security measures to be effective. Utilisation of your most important asset in the fight against cyber-attacks (people, not technology, just in case you still haven’t gotten our point) is the best defence for your company; you just need to figure out how to turn it on.
Author: Lewis Stewart
To be featured or find out more:
e-mail us on firstname.lastname@example.org
call us on 0845 643 5375
or contact Janice on Linkedin
"Understanding the Human Firewall: IT Security" this article was originally published on www.forfusion.com