Skip to content

Posts

Strengthening the Human Firewall: Steps to Improve Employee Security Training


By: Dataprise

Strengthening the Human Firewall

Table of content

To err is human, but in the cybersecurity realm, a simple click in the wrong place can cost your business immensely. Reports such as Verizon’s Data Breach Investigations Report consistently name human error as the main cause of security incidents, with this year’s report sharing that 82% of breaches involved the human element.

But what can your organization do to combat this trend? The answer involves assessing current cybersecurity posture, detecting security vulnerabilities, and responding with continuous vulnerability management.

Questions to Help Develop Your Human Firewall Protection

Here are a few questions to ask yourself to determine if the human firewall protection in your organization needs a boost: 

Questions to Improve Employee Security Training

Are you educating and training your users?

If No…

Your employees are the most valuable asset to your business, but they are also the most vulnerable.  End users represent the largest attack surface in your organization, and ensuring they are properly trained to identify potential security threats is the easiest way to strengthen and boost your business’ security posture.

Training can be provided in-person, through interactive computer-based modules, and/or with continual education campaigns. Interactive training (e.g., malicious email identification, phishing campaigns) not only arm users with the information they need to spot malicious behavior but also test their knowledge. All employees from the summer intern to the CEO should receive regular security training. 

If Yes…

Understanding the importance of employee security education is critical to your organization and its information security efforts, but there is always more that your organization can do.

  • How often are you holding security trainings?
  • Are you implementing different training methods to accommodate different learning styles?

Continual education is necessary to keep up with the ever-changing cyber security landscape.

Do you have security policies and procedures in place that are shared with your employees?

If No…

Training is important but having clearly defined policies and procedures that map directly to business goals and objectives is critical to ensure employees and the organization remain accountable. Policies and procedures should include sections on such topics as bring-your-own-device (BYOD) and acceptable use, file sharing best practices, restricted site access and online activity, and remote work procedures. These policies are increasingly important to have in place as remote and hybrid work continues to be prominent for many organizations and users are accessing company data outside of the corporate network.

If Yes…

  • How often do you update your policies and procedures?
  • Do they follow industry-best practices from such defining organizations as National Institute of Science and Technology (NIST), International Organization for Standardization (ISO), and Payment Card Industry (PCI)?
  • Do you know if employees follow the policies?

Having a security policies and procedures guide is a great first step, but your organization needs ensure compliance and update policies regularly to continually align with best practices. 

Do you know how your employees access company data?

If No…

Understanding how your employees access data can give your business the transparency it needs to create policies and procedures. Do they connect to company email on their phone? What happens if they lose their phone? If your workforce uses their own devices (e.g., phones, laptops, tablets), you should require users to set a secure password on those devices, have MFA in place, and consider utilizing a mobile device management solution.

If Yes…

If you have a full understanding of how and where employees access company data, are you actively taking measures to secure your data? Data access controls and knowledge lead to improved measures to protect data.  

Are you actively auditing controls and logging capabilities?

If No…

Does your business have a clear picture of who has administrative access to critical information? Administrators that can easily access multiple, critical components of information and infrastructure can create an unnecessary yet hidden risk. If their credentials are compromised, so is all the information they can access. Ensure that your organization is only giving administrative access to those that really need it and consider adopting a zero-trust framework. Additionally, train those that have extensive access on security procedures to keep your data safe with human firewall protection. 

If Yes… 

Auditing controls and logging capabilities give your organization insight to easily see and control data access permissions. Ensure that this auditing and logging happens across all systems and portals that store sensitive data, and ensure these logs are correlated and reviewed on a regular basis for anomalies.

Are you analyzing your security program and findings?

If No…

Your organization should continually review its employees’ online behavior. Are employees falling for the same attack? Are there new attack methods on which employees need to be trained? Analyze your employees’ behavior and use that information to improve security practices within your organization.

If Yes…

Cybersecurity is always changing, which means the threat landscape is changing, too. If you’re analyzing your security program, what are you doing with the information you find? Are you actively taking steps to improve the program? It is important to ensure you measure the controls in place for their continued effectiveness on a periodic basis.

Managed Security Service Provider

Does your IT security program need improvement? Is your business lacking adequate human firewall protection? Utilize a Managed Security Service Provider (MSSP) like Dataprise can help you to create security policies, educate your employees, provide 24×7 monitoring and remediation, and help you strengthen your organization’s human firewall protection.

Tags

Recent Tweets

INSIGHTS

Want the latest IT insights?

Subscribe to our blog to learn about the latest IT trends and technology best practices.