Building a Human Firewall to Protect Your Business

June 9, 2017

It seems like almost every week across the world, there’s a major online security breach that puts the data of individuals and businesses at risk. Cybercrime is a growing concern and the threats and attacks aren’t always obvious to the untrained eye.

two hands in front of computer screen with data

Social engineering has as many names as it has disguises: Phishing, vishing or voice phishing, smishing or SMS text phishing; Malware (Malicious software, such as keyloggers, computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware). These are all terms to describe the methods or types of digital attacks propagating across the internet today.

Technology, both software and hardware, has traditionally been the primary toolset to help protect businesses and home users from the internet “bad guys,” but as we put up one roadblock, they develop a way around it.

At work and at home, firewalls, antivirus and spam filtering provide the first line of defense against malware.

Business grade tools, such as Exchange Online Protection and Advance Threat Protection, help us prevent some of the malware entering the network via email. Each of these tools provide a level of security that can, and are, being defeated over time.

The next weapon in the malware and social engineering arsenal is the “Human Firewall.”

The Human Firewall is a proactive method of arming the internet user community (that would be you!) with the education and knowledge to recognize attacks and prevent them.

Human Firewall 6 Rules of Thumb

Here are some simple and effective ways you can protect yourself and your business against cybercrime.

  1. If you receive an email with links, hover over the links to see where the link will take you. If it’s a phishing link, the description of the link will be different than the actual link displayed.
  2. Be suspicious of emails you receive at unusual times during the day from known contacts (e.g., at 3 am). Is your contact really up at that time sending you emails?
  3. If you receive a “valid” looking email from a reliable source, but you weren’t expecting it and it has attachments or links, call the person or organization that sent it to you using the contact information you have for them and not information from the email. It’s quite possible the user’s account was compromised and hacker is sending email on their behalf.
  4. Never send personally identifiable information via email (e.g., date of birth, credit card numbers, social insurance number).
  5. Never open attachments from a suspicious email.
  6. If you’re unsure what to do, report the incident to your Information Technology team, your internet service provider or the person/company who sent the email (see 3 above), so they can investigate.

The more you know about cyber threat tactics, the more likely you are to not fall victim to the traps. We’re educating our employees about cybersecurity through an online Internet Security Awareness training series, which offers useful tips and videos with cybercrime experts. Something as simple as checking the link in an email before you click on it can mean the difference between your account getting hacked or not.

A proactive approach to cybersecurity means upgrading user behaviour, so that the threat is identified before it becomes a problem. Building a human firewall is not a one-time training session – it’s an ongoing collaborative effort to teach employees to think securely, at all times, in all places.

Useful Terminology: Cybersecurity 101

Social Engineering

  • Phishing – email scams
  • Vishing – phone call scams
  • Smishing – SMS or text-based scams

Malware (Malicious Software)

  • Keyloggers – records keystrokes on a keyboard
  • Worms – propagate from one computer to the next
  • Trojan Horses – backdoor into a computer or network
  • Ransomware – files are encrypted and you must pay a fee to unencrypt them
  • Spyware – monitors where you go on the internet