Unlocking the power of the human firewall

Organisations must prioritise the human firewall and make sure it’s an effective first line of defence in the hybrid working world.

Unlocking the power of the human firewall

Organisations must prioritise the human firewall and make sure it’s an effective first line of defence in the hybrid working world.

Tris Morgan
Tris MorganDirector Security Advisory Services, Business

Hybrid working has changed how people approach cyber security. Many organisations over the past few years have turned to hybrid working arrangements to stay productive. As their work styles change and adapt, so must their cyber security strategies to make sure they’re equally responsive.

Moving away from the office often means moving away from stringent cyber processes and security. In the ‘old’ settled ways of the physical office, employees typically used a small range of company-branded tools. Now, organisations are using a myriad of partnerships to support hybrid ways of working and employees are turning to a range of collaboration tools to complete tasks throughout the day.

Although great for productivity, these tools often lack company branding – making it harder for employees to detect “Indicators of Fraud” and easier for cyber attackers to infiltrate the organisation. 

Facilitating working from anywhere has meant removing some security prohibitions, weakening an organisation’s security posture. Compounding all of this, departments have often had to embrace new technologies and tools quickly, with no time for meaningful training or security checks.

One thing that hasn’t changed is the presence of malicious threat actors looking for an opportunity to exploit an organisation’s cyber vulnerabilities. Cyber criminals are still trying to gain access to cash, data, intellectual property, and sensitive information that they can leverage for geo-political influence or commercial gain.

The attack surface is constantly widening to include all the communication channels we use in our day-to-day lives – and that means the volume of attacks is increasing. Attacks like phishing, insider threats, Ransom Denial of Service (RDoS), exploiting poor network security, and targeting employees to gain network access remain the most common.

Strengthening the human firewall

Defending your organisation against attack requires all team members to be vigilant and to continuously practice good cyber hygiene. This helps to create the first line of defence at the edge of your network: the human firewall.

The best way to help implement a strong human firewall is through training and awareness. Start by making poor security practice harder by putting guard rails on your system. Use filters for web searches and email click-throughs that block access to risky sites. Then, follow this up with training and coaching that helps your teams to behave safely online. From here, make sure everyone is up to speed on your cyber security policies and procedures, with regular refresher sessions where possible.

Empowering your team

It’s also important to create a working environment that recognises people are busy, juggling multiple tasks and devices at any one time, and that this inevitably means it’s easy to make mistakes. 

It’s something the cyber criminals are banking on and you must make your people feel comfortable to flag anything they’re concerned about – including where they might have inadvertently introduced a risk to the organisation. Flagging mistakes early is the best way to help IT teams contain the threat.

Three pillars the human firewall must know

As part of your training, it’s vital employees learn to assume nothing, question everything, and verify all. Before clicking, opening, or downloading – everyone on the team needs to:

  1. Pause
  2. Think
  3. Protect


From emails to last-minute schedule changes, meeting reminders, and programme updates – no matter how legitimate or urgent – employees should pause and ask: ‘Is what I’m being asked to do normal?’ and ‘Is there anything strange about this communication?’.

Teams should receive training in how to practice good cyber hygiene in their physical environment, too. Keeping laptops and devices in safe places at home, setting screens to ‘sleep’ when walking away from a workspace, and making sure that there’s no sensitive information that could be ‘on camera’ in the background of video calls are all key learnings.

Your employees can be your biggest asset – or your biggest liability. With the right culture, awareness, and training, they will become your greatest defence against cyber attacks.