One of the biggest problems any company faces is stressing the importance of cybersecurity to its employees. However, it turns out that even when they do, they may not see a significant reduction in employee error.

The National Cyber Security Centre’s free resources, designed to help businesses with security awareness training, is a good resource, however many companies are putting themselves at risk by taking a one-and-done approach to awareness training, or worse, not acting at all.

Let’s take a look at why you need to seriously consider your company’s cybersecurity awareness program – and what you can do to plug those holes in your defences.

The Human Firewall

If you’re reading this, then hopefully, you’re already familiar with the concept of the human firewall, essentially the idea that by training your employees well enough to spot security threats before they can enter your network, you can effectively create a second barrier around your network.

And that security awareness training is a vital part of building a human firewall.

Unfortunately, it’s not enough to train employees to not fall for phishing scams or malware once or twice a year; they need to be able to identify and avoid new threats as an ongoing discipline.

However, this is what many UK companies do today, leading to an ineffective human firewall, explaining why user error is still the leading cause of security breaches.

Let’s consider the impact…

The Impact of User Error

it really can’t be underestimated how important improving the capability of your employees to protect your business. From misdelivery of emails, failing to update software, to falling for phishing scams, human error accounted for 90% of data breaches in 2019 alone.

Phishing remains one of the most common attack tactics, with 85% of businesses reporting being targeted by a phishing attack. Unfortunately, it’s likely to remain a common tactic, given that 23% of users will open a phishing email, and 11% of those users will click on the malicious link or download an attachment. Although this is only an estimated total of 2% of users, that’s still a significant number, particularly in large companies.

Humans as The Weakest Cybersecurity Link

Humans are inherently flawed creatures, and cybercriminals are well aware of this. The reason why phishing attacks still work, despite all of the free information available about how to spot a phishing attempt, is because we’re emotional creatures.

For example, let’s say you get to work and the first thing you see is an email with the subject line “URGENT: Your credit card details have been stolen”. How do you react? If your heart has already started beating faster and you’re at least a little panicky, then congratulations, that’s a fairly standard response to reading something like this.

Phishing attacks are designed to play on your emotions in a way that guides you to take immediate action without thinking too hard about what you’re doing. Cybercriminals know that if someone is panicked enough, they’ll switch to autopilot.

This is why a company’s human firewall, like it’s technical equivalent, needs to be a Next Generation Human Firewall and capable of deep inspection.

The Next Generation Human Firewall

Security awareness training isn’t a one-and-done thing. Cybercrime moves fast, and the moment that attacks lose their effectiveness, criminals will move onto a new tactic. It’s perhaps the biggest reason why phishing still works, despite the fact that many people are aware that they shouldn’t click on links from unknown sources.

That’s also why security awareness needs to be a continuous activity, take into account someone’s job role, individual user behaviour, and what data they have access to. These are the elements of a Next Generation Human Firewall. Your training should look different when you’re briefing caretakers versus receptionists or board members.

Beyond employee training, if you’ve ever wondered how to turn people into your biggest asset, we cover all this, and more, in our “People Inspired Cyber Resilience” whitepaper.

Want help building your human firewall? contact us here.