Policies first

Employees as the first line of defense against threats: How to develop a human firewall

6 minutes reading

Many people highlight digital security's technical aspects: endpoint security, password managers, and encryption. While all of these are essential to building your company’s security, the staff stand on the front lines and are the most susceptible to becoming both targets and tools of cyber threats. The concept of a human firewall works with this premise. What is a human firewall? And how can you develop one?

The meaning behind a human firewall

As the digital world continues to develop, companies are working with more significant amounts of sensitive data. If the sensitive digital information were to find its way into the wrong hands somehow, the entire business, as well as the security of its partners or clients, could be endangered. Many companies try to protect themselves from such an outcome with progressive technologies and developed solutions, but in some cases, they need to remember one key factor: human error. Such errors are the leading cause of data breaches.

The term “human firewall” represents a group of people protecting their company from cyber threats by demonstrating digitally secure behaviour, showing sensitivity to cyber dangers, and communicating with the IT department whenever they encounter any issues.

By developing a human firewall, businesses can counteract cybercriminals’ attempts, who often use employees as a gateway into the company’s systems. Operating under the premise that people are likely to make mistakes, cybercriminals target employees with various social engineering techniques and other attacks.

What are some of them?


Phishing attacks take advantage of the employees’ trust, busyness, or occasional inattention. To exploit the human factor, even more, phishing attacks often include a sense of urgency, or a reward, especially during holiday periods, when companies are known to give bonuses to employees.

Phishing attacks encourage employees to click on a link quickly or to immediately change their password unless they want to face unpleasant consequences, such as losing access to an indispensable app.

Picture explaining the meaning of whaling phishing attack

Cyber blackmail

While phishing depends on the idea that a typical employee is too busy or inattentive to spot a threat, cyber blackmailers attempt to scare people into paying money out of fear of exposing their data. The blackmailer may, for instance, claim that they have stalked the recipient via webcam and will share images they have taken unless they receive a ransom. In these cases, the recipient should not panic. Often, the threats of the criminals are fake, and paying the requested sum will not solve the issue.

Lost or stolen devices

Cybercriminals are continuously searching for poorly secured work devices – both digitally and physically. You may protect your system with various security solutions in the digital world. Still, in the real world, it is mainly responsible behaviour that stops criminals from stealing laptops and peeking into someone’s computer.

A picture explaining shoulder surfing

Attacks in disguise

Cybercriminals may try to trick employees by disguising themselves as someone else – not just online but also in person. They may, for instance, come to your office building and pose as an employee who has just forgotten their entrance card. Unless the employees are cautious, they may let the intruder get into the building and the company’s sensitive data. Read how Jake Moore, ESET’s expert, managed to “hack” a golf club while posing as a TV assistant producer.

A picture explaining war mumbling technique

Malicious links

Hidden in various websites or pop-up windows, malicious links may try to entice employees with an exciting offer or urge them to update their apps or software.

Malicious documents

Threat actors also often include malicious files as email attachments; after users open the file, their computers get infected with malware. An infected file can look as innocent as a regular Excel document. But it can contain a malicious macro that will run automatically once the document is opened.

Build your protective human firewall

The complete list of threats that target employees is considerably longer, so developing a functional human firewall has become an essential aspect of being digitally secure. How can you construct and uphold a human firewall in your business?

1. Educate your employees. They need to know how to detect threats and react to them safely. Continuously develop your employees’ knowledge. Ideally, start from the first day and make security education part of your onboarding – and perhaps consider the level of a candidate’s security awareness even while recruiting. Look for interactive ways to make security training fun, engaging, and memorable.

2. The simple way is the best. Create policies that are easy to understand and stick to them. Don’t overburden or stress your employees with too much information, but ensure every employee knows what to do and how to remain digitally secure. Don’t overlook the basics, and make it known that your employees should:

  • use secure passwords and have a separate password for each account
  • never click on unknown links or pop-up windows or open attachments from unknown sources
  • contact the IT team whenever a new update of an app is available and follow their instructions
  • always log off and lock screens when leaving a device unattended
  • only discuss sensitive work-related information in private spaces, and use headphones in online meetings
  • use multifactor authentication (MFA)

3. Include everyone. Anyone can become the target of cybercriminals – including receptionists. Don’t leave any employees out, and make sure everyone knows the possible issues they may encounter in their position.

4. Be there for your employees. Detecting a threat is just one part of acting as a human firewall – reporting it is another and is equally important. If you want the system to function, your employees should feel like they can always talk to the IT team and discuss any worries they may have.

5. Evaluate progress. You can go as far as testing your employees’ awareness with phishing simulations. Still, it also helps to consider whether the employees are sticking to the basic policies and whether they communicate with the IT team effectively (such as by letting the IT team know about any new “necessary” updates or reporting any unusual occurrences).

6. Reward your employees. Suppose you see that your employees are communicating with IT. In that case, they are maintaining digitally safe working habits and willing to learn more and progress in their knowledge of digital security; pick a reward of your choice and offer it to those who’ve earned it.

7. Combine your human firewall with functional software solutions. Use endpoint protection, 2FA, VPN, and firewalls, and perform regular updates. Remember that employing technical security measures and a human firewall must always go hand in hand.