Employees as the first line of defense against threats: How to develop a human firewall

6 minutes reading

When speaking of digital security, many people tend to highlight the technological aspects: endpoint security, password managers, and encryption. While all of these are essential parts of building your company’s security, it's your employees who stand on the front lines. They are the most susceptible to becoming both targets of cyberthreats and tools for cybercriminals. The concept of a human firewall works with this premise. What is a human firewall? And how can you develop one?

The meaning behind a human firewall

As the digital world continues to develop, companies are working with progressively larger amounts of sensitive data. If the sensitive digital information were to somehow find its way into the wrong hands, the entire business, as well as the security of its partners or clients, could be endangered. Many companies try to protect themselves from such an outcome with progressive technologies and developed solutions, but in some cases, they fail to remember one key factor: human error. Such errors are the main cause of data breaches.

The term “human firewall” represents a group of people who are protecting their company from cyberthreats, for instance by demonstrating digitally secure behavior, showing sensitivity to cyber dangers, and communicating with the IT department whenever they encounter any issues.

By developing a human firewall, businesses can counteract the attempts of cybercriminals, who often use employees as a gateway into the company’s systems. Operating under the premise that people are likely to make mistakes, cybercriminals target employees with various forms of social engineering techniques as well as other forms of attacks.

Here are some common types of attacks and threats:


Phishing attacks take advantage of the employees’ trust, busy work day or occasional inattention. To exploit the human factor even more, phishing attacks often include a sense of urgency, or a reward, especially during holiday periods, when companies are known to give bonuses to employees.

Phishing attacks encourage employees to quickly click on a link or to immediately change their password unless they want to face unpleasant consequences, such as losing access to an indispensable app.

Picture explaining the meaning of whaling phishing attack

Cyber blackmail

While phishing depends on the idea that a common employee is too busy or inattentive to spot a threat, cyber blackmailers attempt to scare people into paying money out of fear of having their data exposed. The blackmailer may, for instance, claim that they have stalked the recipient via webcam and will share images they have taken unless they receive a ransom. In these cases, the recipient should not panic. Oftentimes, the threats of the criminals are fake, and paying the requested sum will not solve the issue.

Lost or stolen devices

Cybercriminals are continuously searching for poorly secured work devices – both digitally and physically. In the digital world, you may protect your system with various security solutions, but in the real world, it is mainly responsible behavior that stops criminals from stealing laptops and peeking into someone’s computer.

A picture explaining shoulder surfing

Attacks in disguise

Cybercriminals may try to trick employees by disguising themselves as someone else – not just online, but also in person. They may, for instance, come to your office building and pose as an employee who has just forgotten their entrance card. Unless the employees are cautious, they may let the intruder get into the building – and get access to the company’s sensitive data. Read the story of how Jake Moore, ESET’s expert, managed to “hack” a golf club while posing as a TV assistant producer.

A picture explaining war mumbling technique

Malicious links

Hidden in various websites or pop-up windows, malicious links may try to entice employees with an interesting offer or urge them to update their apps or software.

Malicious documents

Threat actors also often include malicious files as email attachments, and after users open the file, their computers get infected with malware. An infected file can look as innocent as a regular Excel document. But it can contain a malicious macro that will run automatically once the document is opened.

Build your protective human firewall

The full list of threats that target employees is considerably longer, so developing a functional human firewall has become an essential aspect of being digitally secure. How can you construct and uphold a human firewall in your business?

1. Educate your employees. They need to know how to detect different threats and how to react to them safely. Continuously develop your employees’ knowledge. Ideally, start from the first day and make security education part of your onboarding – and perhaps consider the level of a candidate’s security awareness even while recruiting. Look for interactive ways to make security training fun, interesting, and memorable.

2. The simple way is the best way. Create policies that are easy to understand and stick to them. Don’t overburden or stress your employees with too much information, but make sure every employee knows what to do and how to remain digitally secure. Don’t overlook the basics, and make it known that your employees should:

  • Use secure passwords and have a separate password for each account
  • Never click on unknown links or pop-up windows or open attachments from unknown sources
  • Contact the IT team whenever a new update of an app is available and follow their instructions
  • Always log off and lock screens when leaving a device unattended
  • Only discuss sensitive work-related information in private spaces, and use headphones in online meetings
  • Use multifactor authentication (MFA)

3. Include everyone. Anyone can become the target of cybercriminals – from receptionists to CEOs. Don’t leave any employees out, and make sure everyone knows the possible issues they may encounter in their position.

4. Be there for your employees. Detecting a threat is just one part of acting as a human firewall – reporting it is another and is equally important. If you want the system to function, your employees should feel like they can always talk to the IT team and discuss any worries they may have.

5. Evaluate progress. You can go as far as testing your employees’ awareness with phishing simulations, but it also helps to take into consideration whether the employees are sticking to the basic policies and whether they communicate with the IT team effectively (such as by letting the IT team know about any new “necessary” updates or reporting any unusual occurrences).

6. Reward your employees. If you see that your employees are communicating with IT, they are maintaining digitally safe working habits, and they are willing to learn more and progress in their knowledge of digital security, pick a reward of your choice and offer it to those who’ve earned it.

7. Combine your human firewall with functional software solutions. Use endpoint protection, 2FA, VPN, and firewalls, and perform regular updates. Remember that employing technical security measures and a human firewall must always go hand in hand.