TECHNOLOGY
By Susan Robbins
Cybercrime costs victims more than $6 trillion annually, and that cost is expected to grow to more than $10 trillion by 2025. Corporations invest millions of dollars in technology to protect against these financial losses and the associated damage to their reputations, but there is a human element to data security that is at least as important.
Even with the most up-to-date security software and technology, organizations cannot guarantee that employees will not click on a malicious link or respond to a text sent by a bad actor. With employees often representing the weakest link in any security effort, the human firewall is an essential first line of defense against the theft of sensitive information or efforts to compromise your organization’s network.
Most people think of firewalls as hardware or software that protects networks and devices from unauthorized access and cyberattacks. A human firewall represents the behavior of personnel within an organization that helps to prevent cyberattacks. People who are adequately trained against these threats become an effective extension of the organization’s security protection mechanisms.
How can you determine if your team is providing that additional layer of protection for your organization? Look for and encourage the following actions or behaviors:
Provide your human firewall with up-to-date information about new cyberattack techniques and their consequences, empowering them to protect the company and themselves. It’s important to be realistic and understand that these changes won’t happen overnight. But if you are diligent, these behaviors will become your new normal.
Regular training is critical to any cybersecurity effort, because cybercriminals are constantly coming up with new ways to scam individuals and companies. But there are some ingrained habits that can make this transition difficult.
Human beings in the digital age seem hardwired to reply, click links and open attachments, especially when they appear to come from a manager, co-worker, customer or industry contact. And while this fire-ready-aim approach may demonstrate a commitment to customer service and engagement, it also opens the door to bad actors.
Some options include:
Getting employees to take cybersecurity seriously can be a challenge. Some may respond to statistics, while others find them too abstract.
Meanwhile, straightforward instruction may seem too simplistic when many employees think cybercrime is a problem primarily for the older population. The reality, however, is that people in their 30s are targeted most often by cybercriminals, and 18- to 24-year-olds are considered the most vulnerable to attacks despite their perceived higher level of digital literacy.
One option for making this instruction stick? Start with humor. Research has shown that humor and visuals aid memory retention, and a recipe light on stats, grounded in how-to and leavened with a healthy dose of situational humor works.
Organizations can and should invest in technology to guard against cybercrime, but no effort is complete without considering the human aspect of data security. By taking the time to train employees to identify and report security risks, organizations can build a human firewall that should stand against all manner of attacks.
Susan Robbins is director of training for HeartcoR Solutions. Email Susan at srobbins@heartcorsolutions.com.