What is a “human firewall”? It sounds a bit scary but it’s a term I learned earlier this week. It aptly describes the role that users play in organizational security strategies. My thanks to KnowBe4 for teaching me the term. Allow me to elaborate a bit …
Like many others, my company is concerned about our users falling prey to phishing, malware, social engineering and other attacks. We do our best to put technology in place to blunt attacks. But the fact of the matter is that humans are still the most vulnerable piece of the puzzle. Anything we can do to help users recognize and evade an attack is definitely something we want to do. So I went searching for some tools to help us out and that’s where KnowBe4 comes in. They provide a suite of tools to both test and train users against all manner of attacks. The idea is that through training and repeated testing users become “human firewalls”. Your security system becomes an amalgam of hardware, software and “wetware” (humans) with every piece having equal importance. Ergo, “human firewall”.
I’m not saying that KnowBe4 is the only company involved in this marketplace as there are many others. Their program fits us and we are going to leverage it to the max. What I am saying is that any organization’s security is only as good as the weakest link. And in almost all cases the weakest link is human. Anything that you can do to “amp up” your users security awareness and skills is just as important as any technology you can implement. This may even be more important for non-profits and small businesses as technology budgets are usually super tight. In some cases this kind of program is a better spend than actual technology!
Our own initial test was not too surprising. We had a small but predictable number of users “fall” for the phish. Our numbers were a bit better than the average for most businesses. But even one “fail” is too many! That single fail could be the bridgehead for something really bad. So we are going to follow the program. Train. Test. Evaluate. Train. Test again. Train. Test repeatedly. Our goal is to reach a zero fail count on numerous, sequential tests. Is it possible? I think so and I’ll touch on our progress in future posts.