Building The Human Firewall

Author: Richard Diston – Sector Manager for Security, Risk and Resilience @ Industry Qualifications 

We live in what has been described as ‘the hybrid age’, a period where we are only just learning to live and work with the rapidly developing technologies that we have created over the last twenty years. Technology has changed everything, from the ways that we work to the ways that we socialise, and the lines between our professional and personal online lives are blurring. It is common to log into social media and see people sharing information and opinions that may be conceivably used against them. We can find a story about someone falling victim to an online scam nearly every day. These instances are the result of a permissive attitude to online interactions, which can present a significant risk to employers if it is applied in the workplace.

Hackers are known to spend significant time on reconnaissance, targeting individuals within organisations to gather information. This makes their eventual attacks easier and, the better their intelligence about their target, the better the chance that they will escape undetected. They recognise that it is easier to hack a person than a network. Since 95% of all successful reported hacks were linked to human error (according to IBM), it is well worth focussing attention on building a human firewall within the organisation.

Organisations rely more than ever on information to do business, and protecting it is essential to their success. The best method is to introduce an Information Security Management System (ISMS) which details the risks to information and the methods that can be used to protect it, including helping staff to become more information security aware.

In order to create meaningful behavioural change, it is essential to align staff to the importance of information security to them personally. When staff have a personal investment in protecting their own personal information, it may be easier to align them with organisational objectives for information security.

Another area worthy of discussion is that of ethical worldviews. It has been suggested that younger workers have a different perspective on the work that they perform, to the extent that they openly admit that if they worked on a project for their employer, that they feel entitled to take it with them when they leave. This is made even easier where employees use their own devices, creating even more risk as they may connect to them to insecure public networks, inadvertently sharing company data in the process.

Organisations that have a robust Information Security Management System, training that focusses on the needs of the individual, effective exit procedures and clear rules on personal device use are more likely to see improvements in their information security.

To reassure clients, there even exists an international standard for assessing that an ISMS is effective – the ISO27001.

An announcement about cyber security will be coming soon…. 

*