The Human Firewall
WTF is a Human Firewall?
Yes I did get that exact question. It is NOT a barrier around yourself to prevent being burned. It is not the steel barrier between the passenger compartment and engine of a vehicle either.
The Human Firewall is the best defense a company can develop to protect against cyber crime. The Human Firewall are your well trained employees who realize the importance of your systems and the necessity of keeping them secure. It doesn’t happen over night. It requires training and C-level buy-in. It requires procedures and policies that are followed and enforced from the top down.
Among the first steps, after policies and procedures are adopted is making it clear WHY it is necessary. The way things are now transparency is a must and is also easy to provide regarding cybersecurity programs. One of the largest retailers in the USA has even gone as far as renaming its headquarters to Associate Support Center and actively implementing an open door policy that is not just lip service. Just going in and expecting people to follow these new rules is unrealistic.
Ya gotta give ’em a reason.
That reason needs to connect to them personally. When you do that they will become your Cybersecurity Champions – Your Human Firewall!
By explaining it the right way you show employees security is not just to protect the company but their families are important to your company also.
A lot of companies just have a hard time getting their employees to get on board. A couple reasons for this are the way the program is presented to the employees. Often it is presented and perceived as an authoritarian directive. This will often be met with strong push back and resistance and often non-compliance. The second biggest reason is that upper level management are viewed as being exempt. When management walks the walk FIRST, it demonstrates to the employees that you are leading by example and there are no exceptions to implementation. This must come from the highest levels in the organization.
You must be aware that cybersecurity is NEVER a one-and-done activity. Implementing and maintaining a solid cybersecurity program is also an ongoing and rewarding process both for the company and the employee as well.